Oracle Errata System Oracle Linux 5.11 2024-09-21T19:01:33 Oracle Linux 6 [1.0.5-7] - Resolves: #632268 integer overflow flaw in BZ2_decompress - CVE-2010-0405 (upstream patch) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-0405 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [0.12.4-3.el6.1] - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639859 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-3703 CVE-2010-3702 CVE-2010-3704 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [3.5.4-68.1] - Security Release, fixes CVE-2010-3069 - resolves: #632264 CRITICAL Copyright 2011 Oracle, Inc. CVE-2010-3069 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 nss: [3.12.8-1.0.1.el6] - Update expired PayPalEE.cert to fix build failure - Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2 [3.12.8-1] - Update to 3.12.8 nss-softokn: [3.12.8-1] - Update to 3.12.8 nss-util: [3.12.7-1] - Update to 3.12.7 LOW Copyright 2011 Oracle, Inc. CVE-2010-3170 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1:1.4.2-35:.1] - Applied patch to fix cupsd memory corruption vulnerability (CVE-2010-2941, STR #3648, bug #624438). IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-2941 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.12-1.7.el6_0.3] - Require suid bit on audit objects in privileged programs (#645679, CVE-2010-3856) [2.12-1.7.el6_0.2] - Never expand in privileged programs (#643821) [2.12-1.7.el6_0.1] - Fix bug in generic strstr/memmem implementation handling certain repeated patterns (#643341) - Correctly align TCB for AVX (#643343) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-3847 CVE-2010-3856 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.3.11-6.el6_0.2] - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid runcnt values.) - Resolves: #651761 [2.3.11-6.el6_0.1] - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Dont seek behind end of stream.) - Resolves: #638838 IMPORTANT Copyright 2010 Oracle, Inc. CVE-2010-2805 CVE-2010-3855 CVE-2010-2806 CVE-2010-3311 CVE-2010-2808 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.6-6.el6] - Add patch for CVE-2010-3711 (RH bug #645413). MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3711 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.1.1-4.1] - fix insecure dropping of priviledges in pam_xauth, pam_env, and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335) - fix insecure executing of scripts with user supplied environment variables in pam_namespace - CVE-2010-3853 (#643043) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4708 CVE-2010-3435 CVE-2010-3316 CVE-2010-3853 CVE-2010-4707 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.24-8.1] Resolves: #635058 CVE-2010-3302 CVE-2010-3308 CVE-2010-2752 CVE-2010-3753 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3308 CVE-2010-3753 CVE-2010-3752 CVE-2010-3302 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.2-11.0.1.el6_0] - rebuild without docs - remove doc/SystemTap_Beginners_Guide/en-US in tarball [1.2-11] - CVE-2010-4170 - CVE-2010-4171 IMPORTANT Copyright 2010 Oracle, Inc. CVE-2010-4171 CVE-2010-4170 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.11.23-11.el6_0.1] - Fix CVE-2010-3846 (Resolves: #644813) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3846 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [12:4.1.1-12.P1.1] - CVE-2010-3611: NULL pointer dereference crash via crafted DHCPv6 packet (#651913) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3611 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.99.15-5_el6_0.1] - Resolves: #644830 - CVE-2010-2948 CVE-2010-2949 quagga various flaws MODERATE Copyright 2011 Oracle, Inc. CVE-2010-2948 CVE-2010-2949 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.3.9-3.1] - add security fix for CVE-2010-1623 (#659253) MODERATE Copyright 2010 Oracle, Inc. CVE-2010-1623 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 firefox: [3.6.13-1.0.1.el6_0] - Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js [bugz 11762] [3.6.13-2] - Update to 3.6.13 build3 [3.6.13-1] - Update to 3.6.13 [3.6.12-1] - Update to 3.6.12 [3.6.11-1] - Update to 3.6.11 xulrunner: [1.9.2.13-3.0.1.el6_0] - Added xulrunner-oracle-default-prefs.js and removed the corresponding RedHat one. Bug#11487 [1.9.2.13-3] - Update to 1.9.2.13 build3 [1.9.2.13-2] - Update to 1.9.2.13 build2 [1.9.2.13-1] - Update to 1.9.2.13 [1.9.2.12-1] - Update to 1.9.2.12 [1.9.2.11-1] - Update to 1.9.2.1 CRITICAL Copyright 2010 Oracle, Inc. CVE-2010-3768 CVE-2010-3776 CVE-2010-3766 CVE-2010-3773 CVE-2010-3771 CVE-2010-3772 CVE-2010-3774 CVE-2010-3775 CVE-2010-3767 CVE-2010-3770 CVE-2010-3777 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.7-3.0.1.el6] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [3.1.7-3] - Update to 3.1.7 build3 [3.1.7-2] - Update to 3.1.7 build2 [3.1.7-1] - Update to 3.1.7 [3.1.6-1] - Update to 3.1.6 [3.1.5-1] - Update to 3.1.5 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3768 CVE-2010-3776 CVE-2010-3777 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [32:9.7.0-5.P2.1] - fix CVE-2010-3613 and CVE-2010-3614 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-3613 CVE-2010-3614 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.0.0-4.2] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-4.1] - fix race in extension parsing code - CVE-2010-3864 (#649304) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4180 CVE-2010-3864 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.9.0-8] - Fix CVE-2010-4203 Resolves: rhbz#652440 [0.9.0-7] - Import 0.9.0-6 package from Fedora - Add patch porting yasm syntax to gas Related: rhbz#603113 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4203 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1:3.0.0-11.1] - add security fix for CVE-2008-2384 (#663617) MODERATE Copyright 2011 Oracle, Inc. CVE-2008-2384 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.7.1-2.1] - fix CVE-2010-3906 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3906 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-71.14.1.0.1.el6] - replace Red Hat with Oracle in files genkey and kernel.spec [2.6.32-71.14.1.el6] - [kvm] x86: zero kvm_vcpu_events->interrupt.pad (Marcelo Tosatti) [665471 665409] {CVE-2010-4525} [2.6.32-71.13.1.el6] email_6.RHSA-2011-0007 178L, 11970C written - [scsi] lpfc: Fixed crashes for NULL pnode dereference (Rob Evers) [660589 635733] [2.6.32-71.12.1.el6] - [netdrv] igb: only use vlan_gro_receive if vlans are registered (Stefan Assmann) [652804 660192] {CVE-2010-4263} - [net] core: neighbour update Oops (Jiri Pirko) [660591 658518] - [scsi] lpfc: Set heartbeat timer off by default (Rob Evers) [660244 655935] - [scsi] lpfc: Fixed crashes for BUG_ONs hit in the lpfc_abort_handler (Rob Evers) [659611 645882] [2.6.32-71.11.1.el6] - [kernel] posix-cpu-timers: workaround to suppress the problems with mt exec (Oleg Nesterov) [656267 656268] {CVE-2010-4248} - [fs] bio: take care not overflow page count when mapping/copying user data (Danny Feng) [652530 652531] {CVE-2010-4162} - [net] can-bcm: fix minor heap overflow (Danny Feng) [651846 651847] {CVE-2010-3874} - [net] filter: make sure filters dont read uninitialized memory (Jiri Pirko) [651704 651705] {CVE-2010-4158} - [net] inet_diag: Make sure we actually run the same bytecode we audited (Jiri Pirko) [651268 651269] {CVE-2010-3880} - [v4l] ivtvfb: prevent reading uninitialized stack memory (Mauro Carvalho Chehab) [648832 648833] {CVE-2010-4079} - [drm] via/ioctl.c: prevent reading uninitialized stack memory (Dave Airlie) [648718 648719] {CVE-2010-4082} - [char] nozomi: clear data before returning to userspace on TIOCGICOUNT (Mauro Carvalho Chehab) [648705 648706] {CVE-2010-4077} - [serial] clean data before filling it on TIOCGICOUNT (Mauro Carvalho Chehab) [648702 648703] {CVE-2010-4075} - [net] af_unix: limit unix_tot_inflight (Neil Horman) [656761 656762] {CVE-2010-4249} - [block] check for proper length of iov entries in blk_rq_map_user_iov() (Danny Feng) [652958 652959] {CVE-2010-4163} - [net] Limit sendto()/recvfrom()/iovec total length to INT_MAX (Jiri Pirko) [651894 651895] {CVE-2010-4160} - [netdrv] mlx4: Add OFED-1.5.2 patch to increase log_mtts_per_seg (Jay Fenlason) [643815 637284] - [kernel] kbuild: fix external module compiling (Aristeu Rozanski) [658879 655231] - [net] bluetooth: Fix missing NULL check (Jarod Wilson) [655667 655668] {CVE-2010-4242} - [kernel] ipc: initialize structure memory to zero for compat functions (Danny Feng) [648694 648695] {CVE-2010-4073} - [kernel] shm: fix information leak to userland (Danny Feng) [648688 648689] {CVE-2010-4072} - [md] dm: remove extra locking when changing device size (Mike Snitzer) [653900 644380] - [block] read i_size with i_size_read() (Mike Snitzer) [653900 644380] - [kbuild] don't sign out-of-tree modules (Aristeu Rozanski) [655122 653507] [2.6.32-71.10.1.el6] - [fs] xfs: prevent reading uninitialized stack memory (Dave Chinner) [630808 630809] {CVE-2010-3078} - [net] fix rds_iovec page count overflow (Jiri Pirko) [647423 647424] {CVE-2010-3865} - [scsi] Fix megaraid_sas driver SLAB memory leak detected with CONFIG_DEBUG_SLAB (Shyam Iyer) [649436 633836] - [usb] serial/mos*: prevent reading uninitialized stack memory (Don Zickus) [648697 648698] {CVE-2010-4074} - [kernel] ecryptfs_uid_hash() buffer overflow (Jerome Marchand) [626320 611388] {CVE-2010-2492} - [sound] seq/oss - Fix double-free at error path of snd_seq_oss_open() (Jaroslav Kysela) [630554 630555] {CVE-2010-3080} - [virt] virtio-net: init link state correctly (Jason Wang) [653340 646369] - [netdrv] prevent reading uninitialized memory in hso driver (Thomas Graf) [633143 633144] {CVE-2010-3298} [2.6.32-71.9.1.el6] - [fs] Do not mix FMODE_ and O_ flags with break_lease() and may_open() (Harshula Jayasuriya) [648408 642677] - [fs] aio: check for multiplication overflow in do_io_submit (Jeff Moyer) [629450 629451] {CVE-2010-3067} - [net] fix info leak from kernel in ethtool operation (Neil Horman) [646727 646728] {CVE-2010-3861} - [net] packet: fix information leak to userland (Jiri Pirko) [649899 649900] {CVE-2010-3876} - [net] clean up info leak in act_police (Neil Horman) [636393 636394] {CVE-2010-3477} - [mm] Prevent Out Of Memory when changing cpuset's mems on NUMA (Larry Woodman) [651996 597127] [2.6.32-71.8.1.el6] - [mm] remove false positive THP pmd_present BUG_ON (Andrea Arcangeli) [647391 646384] [2.6.32-71.7.1.el6] - [drm] ttm: fix regression introduced in dfb4a4250168008c5ac61e90ab2b86f074a83a6c (Dave Airlie) [646994 644896] [2.6.32-71.6.1.el6] - [block] fix a potential oops for callers of elevator_change (Jeff Moyer) [644926 641408] [2.6.32-71.5.1.el6] - [security] IMA: require command line option to enabled (Eric Paris) [644636 643667] - [net] Fix priv escalation in rds protocol (Neil Horman) [642899 642900] {CVE-2010-3904} - [v4l] Remove compat code for VIDIOCSMICROCODE (Mauro Carvalho Chehab) [642472 642473] {CVE-2010-2963} - [kernel] tracing: do not allow llseek to set_ftrace_filter (Jiri Olsa) [631625 631626] {CVE-2010-3079} - [virt] xen: hold mm->page_table_lock in vmalloc_sync (Andrew Jones) [644038 643371] - [fs] xfs: properly account for reclaimed inodes (Dave Chinner) [642680 641764] - [drm] fix ioctls infoleak (Danny Feng) [626319 621437] {CVE-2010-2803} - [netdrv] wireless extensions: fix kernel heap content leak (John Linville) [628437 628438] {CVE-2010-2955} - [netdrv] niu: buffer overflow for ETHTOOL_GRXCLSRLALL (Danny Feng) [632071 632072] {CVE-2010-3084} - [mm] add debug checks for mapcount related invariants (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] move VM_BUG_ON inside the page_table_lock of zap_huge_pmd (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] compaction: handle active and inactive fairly in too_many_isolated (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] start_khugepaged after setting transparent_hugepage_flags (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] fix hibernate memory corruption (Andrea Arcangeli) [644037 642570] - [mm] ksmd wait_event_freezable (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] khugepaged wait_event_freezable (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] unlink_anon_vmas in __split_vma in case of error (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] fix memleak in copy_huge_pmd (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] fix hang on anon_vma->root->lock (Andrea Arcangeli) [642679 622327 644037 642570] - [mm] avoid breaking huge pmd invariants in case of vma_adjust failures (Andrea Arcangeli) [642679 622327 644037 642570] [2.6.32-71.4.1.el6] - [scsi] fcoe: set default FIP mode as FIP_MODE_FABRIC (Mike Christie) [641457 636233] - [virt] KVM: Fix fs/gs reload oops with invalid ldt (Avi Kivity) [639884 639885] {CVE-2010-3698} - [drm] i915: prevent arbitrary kernel memory write (Jerome Marchand) [637690 637691] {CVE-2010-2962} - [scsi] libfc: adds flogi retry in case DID is zero in RJT (Mike Christie) [641456 633907] - [kernel] prevent heap corruption in snd_ctl_new() (Jerome Marchand) [638485 638486] {CVE-2010-3442} - [scsi] lpfc: lpfc driver oops during rhel6 installation with snapshot 12/13 and emulex FC (Rob Evers) [641907 634703] - [fs] ext4: Always journal quota file modifications (Eric Sandeen) [641454 624909] - [mm] fix split_huge_page error like mapcount 3 page_mapcount 2 (Andrea Arcangeli) [641258 640611] - [block] Fix pktcdvd ioctl dev_minor range check (Jerome Marchand) [638088 638089] {CVE-2010-3437} - [drm] ttm: Fix two race conditions + fix busy codepaths (Dave Airlie) [642045 640871] - [drm] Prune GEM vma entries (Dave Airlie) [642043 640870] - [virt] ksm: fix bad user data when swapping (Andrea Arcangeli) [641459 640579] - [virt] ksm: fix page_address_in_vma anon_vma oops (Andrea Arcangeli) [641460 640576] - [net] sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (Jiri Pirko) [640461 640462] {CVE-2010-3705} - [mm] Move vma_stack_continue into mm.h (Mike Snitzer) [641483 638525] - [net] sctp: Do not reset the packet during sctp_packet_config() (Jiri Pirko) [637681 637682] {CVE-2010-3432} - [mm] vmstat incorrectly reports disk IO as swap in (Steve Best) [641458 636978] - [scsi] fcoe: Fix NPIV (Neil Horman) [641455 631246] [2.6.32-71.3.1.el6] - [block] prevent merges of discard and write requests (Mike Snitzer) [639412 637805] - [drm] nouveau: correct INIT_DP_CONDITION subcondition 5 (Ben Skeggs) [638973 636678] - [drm] nouveau: enable enhanced framing only if DP display supports it (Ben Skeggs) [638973 636678] - [drm] nouveau: fix required mode bandwidth calculation for DP (Ben Skeggs) [638973 636678] - [drm] nouveau: disable hotplug detect around DP link training (Ben Skeggs) [638973 636678] - [drm] nouveau: set DP display power state during DPMS (Ben Skeggs) [638973 636678] - [mm] remove madvise from possible /sys/kernel/mm/redhat_transparent_hugepage/enabled options (Larry Woodman) [636116 634500] - [netdrv] cxgb3: don't flush the workqueue if we are called from the workqueue (Doug Ledford) [634973 631547] - [netdrv] cxgb3: deal with fatal parity error status in interrupt handler (Doug Ledford) [634973 631547] - [netdrv] cxgb3: now that we define fatal parity errors, make sure they are cleared (Doug Ledford) [634973 631547] - [netdrv] cxgb3: Add define for fatal parity error bit manipulation (Doug Ledford) [634973 631547] - [virt] Emulate MSR_EBC_FREQUENCY_ID (Jes Sorensen) [633966 629836] - [virt] Define MSR_EBC_FREQUENCY_ID (Jes Sorensen) [633966 629836] - [kernel] initramfs: Fix initramfs size calculation (Hendrik Brueckner) [637087 626956] - [kernel] initramfs: Generalize initramfs_data.xxx.S variants (Hendrik Brueckner) [637087 626956] - [drm] radeon/kms: fix sideport detection on newer rs880 boards (Dave Airlie) [634984 626454] - [block] switch s390 tape_block and mg_disk to elevator_change() (Mike Snitzer) [633864 632631] - [block] add function call to switch the IO scheduler from a driver (Mike Snitzer) [633864 632631] [2.6.32-71.2.1.el6] - [misc] make compat_alloc_user_space() incorporate the access_ok() (Xiaotian Feng) [634465 634466] {CVE-2010-3081} - [x86] kernel: fix IA32 System Call Entry Point Vulnerability (Xiaotian Feng) [634451 634452] {CVE-2010-3301} [2.6.32-71.1.1.el6] - [security] Make kernel panic in FIPS mode if modsign check fails (David Howells) [633865 625914] - [virt] Guests on AMD with CPU type 6 and model >= 8 trigger errata read of MSR_K7_CLK_CTL (Jes Sorensen) [632292 629066] - [x86] UV: use virtual efi on SGI systems (George Beshers) [633964 627653] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-2492 CVE-2010-3067 CVE-2010-3477 CVE-2010-4073 CVE-2010-4077 CVE-2010-4079 CVE-2010-4080 CVE-2010-4082 CVE-2010-4083 CVE-2010-4160 CVE-2010-4249 CVE-2010-2803 CVE-2010-2955 CVE-2010-3442 CVE-2010-3904 CVE-2010-3865 CVE-2010-3079 CVE-2010-3298 CVE-2010-4074 CVE-2010-3437 CVE-2010-3861 CVE-2010-3874 CVE-2010-3876 CVE-2010-4158 CVE-2010-4162 CVE-2010-4242 CVE-2010-2962 CVE-2010-3698 CVE-2010-3078 CVE-2010-3080 CVE-2010-4668 CVE-2010-3432 CVE-2010-3880 CVE-2010-4072 CVE-2010-4075 CVE-2010-4081 CVE-2010-4163 CVE-2010-3084 CVE-2010-4248 CVE-2010-4263 CVE-2010-4525 CVE-2010-3081 CVE-2010-3301 CVE-2010-3705 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.28.2-14.el6_0.1] - Fixes CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 - Resolves: #666323 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-2641 CVE-2010-2640 CVE-2010-2642 CVE-2010-2643 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 [1.2.13-1.0.1.el6_0.2] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect packets bug#11486 [1.2.13-1.1] - fix buffer overflow in ENTTEC dissector - Resolves: #667337 [1.2.13-1] - upgrade to 1.2.13 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.11.html - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.12.html - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html - Resolves: #657534 (CVE-2010-4300 CVE-2010-3445) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3445 CVE-2010-4300 CVE-2010-4538 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [3.9.8-33:.1] - Applied patch to fix CVE-2010-4267, remote stack overflow vulnerability (bug #662740). MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4267 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 6 [5.1.52-1.1] - Update to MySQL 5.1.52, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html including numerous small security issues Resolves: #652553 - Sync with current Fedora package; this includes: - Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and -embedded subpackages, to ensure they are available when any subset of mysql RPMs are installed, per revised packaging guidelines - Allow init script's STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3683 CVE-2010-3839 CVE-2010-3836 CVE-2010-3679 CVE-2010-3680 CVE-2010-3833 CVE-2010-3835 CVE-2010-3837 CVE-2010-3838 CVE-2010-3678 CVE-2010-3677 CVE-2010-3681 CVE-2010-3682 CVE-2010-3840 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:2:base Oracle Linux 5 Oracle Linux 6 [0.56.13-4] - Correctly mark the LDAP default password value as encrypted (CVE-2011-0002) Resolves: #668020 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0002 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:linux:5:6:patch Oracle Linux 6 [1.2.6-2] - Added fix for js regression [1.2.6-1] - Update to 1.2.6 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-1793 CVE-2010-3113 CVE-2010-3813 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-3116 CVE-2010-3255 CVE-2010-3259 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1786 CVE-2010-1787 CVE-2010-1790 CVE-2010-1814 CVE-2010-3812 CVE-2010-4577 CVE-2010-1788 CVE-2010-1807 CVE-2010-1792 CVE-2010-3114 CVE-2010-3257 CVE-2010-1785 CVE-2010-3119 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.28.1-3.el6_0.3] - Fix a division by zero found in testing [1.28.1-3.el6_0.2] - Use -fno-strict-aliasing for C++, too - Escape macros in %changelog [1.28.1-3.el6_0.1] - Prevent heap corruption with malformed fonts. (CVE-2011-0020) - Resolves: #671529 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0020 cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.2.1-19.3.0.1.el6_0.5] - Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp., and the filename redhat.soc with oracle.soc in specfile bug#10911 [1:3.2.1-19.6.5] - Related: rhbz#671087 set right file permissions [1:3.2.1-19.6.4] - Resolves: rhbz#671087 file locks are not created with gvfs-sftp volumes with OpenOffice.org [1:3.2.1-19.6.3] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-4643 heap based buffer overflow when parsing TGA files [1:3.2.1-19.6.2] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-4253 heap based buffer overflow in PPT import [1:3.2.1-19.6.1] - Resolves: rhbz#642200 openoffice.org various flaws - CVE-2010-3450 directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files - CVE-2010-3451 Array index error by insecure parsing of broken rtf tables - CVE-2010-3452 Integer signedness error (crash) by processing certain RTF tags - CVE-2010-3453 Heap-based buffer overflow by processing *.doc files with WW8 list styles with specially-crafted count of list levels - CVE-2010-3454 Array index error by scanning document typography information of certain *.doc files - CVE-2010-3689 soffice insecure LD_LIBRARY_PATH setting IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-3450 CVE-2010-4253 CVE-2010-3453 CVE-2010-3451 CVE-2010-3452 CVE-2010-3454 CVE-2010-4643 CVE-2010-3689 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [5.3.2-6.1] - add security fixes for CVE-2010-3709, CVE-2010-3870, CVE-2009-5016, CVE-2010-4645 (#670461) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3870 CVE-2010-4645 CVE-2010-3709 CVE-2009-5016 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [8.4.7-1.el6_0.1] - Update to PostgreSQL 8.4.7, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-7.html http://www.postgresql.org/docs/8.4/static/release-8-4-6.html including the fix for CVE-2010-4015 Resolves: #672634 [8.4.5-1.el6_0.2] - Ensure we don't package any .gitignore files from the source tarball (650913) [8.4.5-1.el6_0.1] - Update to PostgreSQL 8.4.5, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-5.html including the fix for CVE-2010-3433 Resolves: #640069 - Duplicate COPYRIGHT in -libs subpackage, per revised packaging guidelines MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4015 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:5:7:base Oracle Linux 6 [1.8.2-3.4] - add upstream patches to fix standalone kpropd exiting if the per-client child process exits with an error, and hang or crash in the KDC when using the LDAP kdb backend (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, #671101) [1.8.2-3.3] - pull up crypto changes made between 1.8.2 and 1.8.3 to fix upstream #6751, assumed to already be there for the next fix - incorporate candidate patch to fix various issues from MITKRB5-SA-2010-007 (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, #651962) [1.8.2-3.2] - fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #644825, RT#6775) - fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #644825, RT#6774) [1.8.2-3.1] - incorporate candidate patch to fix uninitialized pointer crash in the KDC (CVE-2010-1322, #636336) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0282 CVE-2011-0281 CVE-2010-1322 CVE-2010-4020 CVE-2010-1324 CVE-2010-4022 CVE-2010-1323 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4476 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [12:4.1.1-12.P1.2] - CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672994) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0413 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.6.11-2.2] - add security fixes for CVE-2010-4644, CVE-2010-4539 (#672678) [1.6.11-2.1] - add security fix for CVE-2010-3315 (#640322) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.6.0.0-1.39.b17] - respin of IcedTea6 1.7.10 - Resolves: rhbz#676276 [1.6.0.0-1.37.b17] - Updated to IcedTea6 1.7.10 - Resolves: rhbz#676276 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-4469 CVE-2010-4472 CVE-2010-4470 CVE-2010-4465 CVE-2010-4448 CVE-2010-4450 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-71.18.1.el6] - [netdrv] ixgbe: make sure FCoE DDP user buffers are really released by the HW (Frantisek Hrbata) [674002 617193] - [netdrv] ixgbe: invalidate FCoE DDP context when no error status is available (Frantisek Hrbata) [674002 617193] - [netdrv] ixgbe: avoid doing FCoE DDP when adapter is DOWN or RESETTING (Frantisek Hrbata) [674002 617193] - [fcoe] libfc: remove tgt_flags from fc_fcp_pkt struct (Mike Christie) [666797 633915] - [fcoe] libfc: use rport timeout values for fcp recovery (Frantisek Hrbata) [666797 633915] - [fcoe] libfc: incorrect scsi host byte codes returned to scsi-ml (Mike Christie) [666797 633915] - [scsi] scsi_dh_alua: fix overflow in alua_rtpg port group id check (Mike Snitzer) [673978 670572] [2.6.32-71.17.1.el6] - [s390x] kdump: allow zfcpdump to mount and write to ext4 file systems (Amerigo Wang) [661667 628676] - [scsi] qla2xxx: Properly set the return value in function qla2xxx_eh_abort (Chad Dupuis) [664398 635710] - [scsi] qla2xxx: Drop srb reference before waiting for completion (Chad Dupuis) [664398 635710] - [virt] KVM: VMX: Really clear cr0.ts when giving the guest ownership of the fpu (Avi Kivity) [658891 645898] - [virt] KVM: SVM: Initialize fpu_active in init_vmcb() (Avi Kivity) [658891 645898] - [virt] KVM: x86: Use unlazy_fpu() for host FPU (Avi Kivity) [658891 645898] - [virt] KVM: Set cr0.et when the guest writes cr0 (Avi Kivity) [658891 645898] - [virt] KVM: VMX: Give the guest ownership of cr0.ts when the fpu is active (Avi Kivity) [658891 645898] - [virt] KVM: Lazify fpu activation and deactivation (Avi Kivity) [658891 645898] - [virt] KVM: VMX: Allow the guest to own some cr0 bits (Avi Kivity) [658891 645898] - [virt] KVM: Replace read accesses of vcpu->arch.cr0 by an accessor (Avi Kivity) [658891 645898] - [virt] KVM: VMX: trace clts and lmsw instructions as cr accesses (Avi Kivity) [658891 645898] [2.6.32-71.16.1.el6] - [net] ipsec: fragment locally generated tunnel-mode IPSec6 packets as needed (Herbert Xu) [670421 661113] - [net] tcp: Increase TCP_MAXSEG socket option minimum to TCP_MIN_MSS (Frantisek Hrbata) [652510 652511] {CVE-2010-4165} - [perf] perf_events: Fix perf_counter_mmap() hook in mprotect() (Oleg Nesterov) [651672 651673] {CVE-2010-4169} - [md] dm mpath: revert 'dm: Call blk_abort_queue on failed paths' (Mike Snitzer) [658854 636771] - [x86] UV: Address interrupt/IO port operation conflict (George Beshers) [662921 659480] - [mm] guard page for stacks that grow upwards (Johannes Weiner) [666796 630562] - [scsi] enable state transistions from OFFLINE to RUNNING (Mike Christie) [660590 643237] - [scsi] set queue limits no_cluster for stacked devices (Mike Snitzer) [662050 658293] - [mm] Out-of-memory under memory cgroup can call both of oom-killer-for-memcg and oom-killer-for-page-fault (Larry Woodman) [661732 592879] - [scsi] libfc: possible race could panic system due to NULL fsp->cmd (Mike Christie) [662049 638297] - [kernel] exec: copy-and-paste the fixes into compat_do_execve() paths (Oleg Nesterov) [627811 625695] {CVE-2010-4243} - [kernel] exec: make argv/envp memory visible to oom-killer (Oleg Nesterov) [627811 625695] {CVE-2010-4243} - [virt] virtio: console: Send SIGIO in case of port unplug (Amit Shah) [652720 624628] - [virt] virtio: console: Send SIGIO on new data arrival on ports (Amit Shah) [652720 624628] - [virt] virtio: console: Send SIGIO to processes that request it for host events (Amit Shah) [652720 624628] - [virt] virtio: console: Reference counting portdev structs is not needed (Amit Shah) [662721 628805] - [virt] virtio: console: Add reference counting for port struct (Amit Shah) [662721 628805] - [virt] virtio: console: Use cdev_alloc() instead of cdev_init() (Amit Shah) [662721 628805] - [virt] virtio: console: Add a find_port_by_devt() function (Amit Shah) [662721 628805] - [virt] virtio: console: Add a list of portdevs that are active (Amit Shah) [662721 628805] - [virt] virtio: console: open: Use a common path for error handling (Amit Shah) [662721 628805] - [virt] virtio: console: remove_port() should return void (Amit Shah) [662721 628805] - [virt] virtio: console: Make write() return -ENODEV on hot-unplug (Amit Shah) [662721 628805] - [virt] virtio: console: Make read() return -ENODEV on hot-unplug (Amit Shah) [662721 628805] - [virt] virtio: console: Unblock poll on port hot-unplug (Amit Shah) [662721 628805] - [virt] virtio: console: Un-block reads on chardev close (Amit Shah) [662721 628805] - [virt] virtio: console: Check if portdev is valid in send_control_msg() (Amit Shah) [662721 628805] - [virt] virtio: console: Remove control vq data only if using multiport support (Amit Shah) [662721 628805] - [virt] virtio: console: Reset vdev before removing device (Amit Shah) [662721 628805] - [fs] Fix nfsv4 client lock reclaim behaviour (Sachin Prabhu) [661730 638269] - [scsi] scsi_dh_alua: Handle all states correctly (Mike Snitzer) [659610 636994] - [kernel] execve: improve interactivity and respond to SIGKILL with large arguments (Dave Anderson) [661731 629178] - [virt] xen: handle events as edge-triggered (Andrew Jones) [661737 550724] - [virt] xen: use percpu interrupts for IPIs and VIRQs (Andrew Jones) [661737 550724] [2.6.32-71.15.1.el6] - [net] bonding: prevent oopsing on calling pskb_may_pull on shared skb (Andy Gospodarek) [671342 665110] MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4165 CVE-2010-4169 CVE-2010-4243 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [3.5.4-68.2] - Security Release, fixes CVE-2011-0719 - resolves: #678334 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0719 cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3:2.1.12-14.2] - fix #677848 - fixed build problem without brew [3:2.1.12-14.1] - fix #677848 - fixed CVE-2010-3089 and CVE-2011-0707 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3089 CVE-2011-0707 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 6 [1.28.1-3.el6_0.5] - Prevent an integer overflow in hb_buffer_ensure() Related: #679693 [1.28.1-3.el6_0.4] - Check for realloc failures in hb_buffer_ensure() (CVE-2011-0064) CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0064 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base Oracle Linux 5 Oracle Linux 6 firefox: [3.6.14-4.0.1.el6_0] - Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js [3.6.14-4] - Update to build3 [3.6.14-3] - Update to build2 [3.6.14-2] - Update to 3.6.14 xulrunner: [1.9.2.14-3.0.1.el6_0] - Added xulrunner-oracle-default-prefs.js and removed the corresponding RedHat one. Bug#11487 [1.9.2.14-3] - Update to build3 [1.9.2.14-2] - Update to build2 [1.9.2.14-1] - Update to 1.9.2.14 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0058 CVE-2011-0059 CVE-2010-1585 CVE-2011-0053 CVE-2011-0054 CVE-2011-0056 CVE-2011-0062 CVE-2011-0051 CVE-2011-0055 CVE-2011-0057 CVE-2011-0061 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.8-4.0.2.el6_0] - Replace clean.gif in tarball [3.1.8-4.0.1.el6_0] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [3.1.8-4] - Update to build3 [3.1.8-3] - Update to build2 [3.1.8-2] - Update to 3.1.8 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0061 CVE-2010-1585 CVE-2011-0053 CVE-2011-0062 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [3.9.4-1.el6_0.1] - Add fix for CVE-2011-0192 Resolves: #679298 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0192 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0.36-6.1] - Fixed buffer overflow when parsing cgexec command line parameters. - Added checking of source of netlink messages to cgrulesengd daemon. - Resolves: CVE-2011-1006 CVE-2011-1022 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1006 CVE-2011-1022 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [7.3.6-49] - Added fix for CVE-2011-1018: Privilege escalation due improper sanitization of special characters in log file names Resolves: #680304 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1018 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:linux:5:6:patch Oracle Linux 6 [1.6.11-2.3] - add security fix for CVE-2011-0715 (#681173) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0715 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 6 [2.6.32-71.18.2.el6] - [fs] sunrpc: Correct a misapplied patch (J. Bruce Fields) [678094 678146] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0714 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [1.0.4-3.1] - fix the buffer overflow bug before iscsi login (CVE-2011-0001) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0001 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0:6.0.24-24] - Resolves: rhbz#674601 - Removed wildcard in main %files that caused duplicate ownership - of log4j.properties [0:6.0.24-23] - Resolves: rhbz#674601 - Reverse - tomcat user requires login shell - Reverse - rhbz 611244 tomcat-juli missing symlink - PM/QE decision to include only the security fixes. The rhbzs - will be taken care of during the rebase to 6.0.33. - Did not Reverse - rhbz 676922 - additionally instancs of tomcat are broken - Too many users depend upon it. [0:6.0.24-22] - Resolves - tomcat user requires login shell [0:6.0.24-21] - Resolves: 676922 - additionally created instances of tomcat - are broken [0:6.0.24-20] - Resolves: rbz# 676922 - Resolves: init script LSB compliance - Resolves: multiple instances of tomcat. - Resolves: tomcat-juli missing symlink [0:6.0.24-18] - Resolves directory permission problems [0:6.0.24-17] - Resolves: CVE-2011-0534 rhbz#674601 [0:6.0.24-16] - Resolves rhbz#674601 JDK Double.parseDouble DoS IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0534 CVE-2010-4476 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.2.2-6.el6_0.1] - Resolves: #681891 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0762 cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [qemu-kvm-0.12.1.2-2.113.el6_0.8] - kvm-Revert-blockdev-Fix-drive_del-not-to-crash-when-driv.patch [bz#677170] - kvm-Revert-blockdev-check-dinfo-ptr-before-using-v2.patch [bz#677170] - kvm-Revert-Implement-drive_del-to-decouple-block-removal.patch [bz#677170] - kvm-Revert-block-Catch-attempt-to-attach-multiple-device.patch [bz#677170] - kvm-Revert-qdev-Decouple-qdev_prop_drive-from-DriveInfo-.patch [bz#677170] - kvm-Revert-blockdev-Clean-up-automatic-drive-deletion-v2.patch [bz#677170] - kvm-Revert-blockdev-New-drive_get_by_blockdev-v2.patch [bz#677170] - kvm-Revert-qdev-Don-t-leak-string-property-value-on-hot-.patch [bz#677170] - kvm-Revert-ide-Split-non-qdev-code-off-ide_init2.patch [bz#677170] - kvm-Revert-ide-Change-ide_init_drive-to-require-valid-di.patch [bz#677170] - kvm-Revert-ide-Split-ide_init1-off-ide_init2-v2.patch [bz#677170] - kvm-Revert-ide-Remove-redundant-IDEState-member-conf.patch [bz#677170] - Related: bz#677170 (drive_del command to let libvirt safely remove block device from guest) [qemu-kvm-0.12.1.2-2.113.el6_0.7] - kvm-ide-Remove-redundant-IDEState-member-conf.patch [bz#677170] - kvm-ide-Split-ide_init1-off-ide_init2-v2.patch [bz#677170] - kvm-ide-Change-ide_init_drive-to-require-valid-dinfo-arg.patch [bz#677170] - kvm-ide-Split-non-qdev-code-off-ide_init2.patch [bz#677170] - kvm-qdev-Don-t-leak-string-property-value-on-hot-unplug.patch [bz#677170] - kvm-blockdev-New-drive_get_by_blockdev-v2.patch [bz#677170] - kvm-blockdev-Clean-up-automatic-drive-deletion-v2.patch [bz#677170] - kvm-qdev-Decouple-qdev_prop_drive-from-DriveInfo-v2.patch [bz#677170] - kvm-block-Catch-attempt-to-attach-multiple-devices-to-a-.patch [bz#677170] - kvm-Implement-drive_del-to-decouple-block-removal-from-d.patch [bz#677170] - kvm-blockdev-check-dinfo-ptr-before-using-v2.patch [bz#677170] - kvm-blockdev-Fix-drive_del-not-to-crash-when-drive-is-no.patch [bz#677170] - kvm-Fix-CVE-2011-0011-qemu-kvm-Setting-VNC-password-to-e.patch [bz#668598] - Resolves: bz#668598 (CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication [rhel-6.0.z]) - Resolves: bz#677170 (drive_del command to let libvirt safely remove block device from guest) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0011 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.4.19-15.2] - fix: security - DoS when submitting special MODRDN request (#680975) [2.4.19-15.1] - fix: CVE-2011-1024 ppolicy forwarded bind failure messages cause success - fix: CVE-2011-1025 rootpw is not verified for ndb backend MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1024 CVE-2011-1025 CVE-2011-1081 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.8.2-3.6] - add revised upstream patch to fix double-free in KDC while returning typed-data with errors (CVE-2011-0284, #681564) [1.8.2-3.5] - add upstream patches to fix double-free in KDC while returning typed-data with errors (CVE-2011-0284, #681564) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0284 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.2.15-1.0.1.el6_0.1] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.2.15-1] - upgrade to 1.2.15 - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.14.html - see http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html - Resolves: CVE-2011-0444 CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141 CVE-2011-1143 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0444 CVE-2011-1139 CVE-2011-0538 CVE-2011-0713 CVE-2011-1140 CVE-2011-1141 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 5 Oracle Linux 6 [1.9.2.15-2.0.1.el6_0] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.15-2] - Fixed mozbz#642395 IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.9-3.0.1.el6_0] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.9-3] - Added fixes for mozbz#642395 - ignore bogus Comodo certificates [3.1.9-2] - Update to 3.1.9 IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 5 Oracle Linux 6 [1:1.2.24-4] - Apply patch for CVE-2010-4352 - Resolves: #684852 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4352 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [3.0.6-5.1] - Add upstream patch to fix CVE-2011-1097 - Incremental file-list corruption due to temporary file_extra_cnt increments Resolves: #684932 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1097 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:2:base Oracle Linux 6 Oracle Linux 5 [0.8.1-27.0.1.el6_0.5] - Replace docs/et.png in tarball with blank image [0.8.1-27.el6_0.5] - Properly report error in virConnectDomainXMLToNative (CVE-2011-1146) [0.8.1-27.el6_0.4] - Add missing checks for read-only connections (CVE-2011-1146) [0.8.1-27.el6_0.3] - Remove patches not suitable for proper Z-stream: - Export host information through SMBIOS to guests (rhbz#652678) - Support forcing a CDROM eject (rhbz#658147) - Plug several memory leaks (rhbz#672549) - Avoid memory overhead of matchpathcon (rhbz#672554) - Do not start libvirt-guests if that service is off (rhbz#668694) [0.8.1-27.el6_0.2] - spec file cleanups (rhbz#662045) - Fix deadlock on concurrent multiple bidirectional migration (rhbz#662043) - Fix off-by-one error in clock-variable (rhbz#662046) - Export host information through SMBIOS to guests (rhbz#652678) - Ensure device is deleted from guest after unplug (rhbz#662041) - Distinguish between QEMU domain shutdown and crash (rhbz#662042) [0.8.1-27.el6_0.1] - Fix JSON migrate_set_downtime command (rhbz#658143) - Make SASL work over UNIX domain sockets (rhbz#658144) - Let qemu group look below /var/lib/libvirt/qemu/ (rhbz#656972) - Fix save/restore on root_squashed NFS (rhbz#656355) - Fix race on multiple migration (rhbz#658141) - Export host information through SMBIOS to guests (rhbz#652678) - Support forcing a CDROM eject (rhbz#658147) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1146 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [3.9.4-1.el6_0.2] - Fix incorrect fix for CVE-2011-0192 Resolves: #688829 - Add fix for CVE-2011-1167 Resolves: #688742 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1167 cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch Oracle Linux 6 [2.30.4-21.0.2.el6_0.1] - Added oracle-enterprise.patch to show oracle-release contents. [2.30.4-21.1] - Fix CVE-2011-0727 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0727 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 6 [0.99.15-5_el6_0.2] - Resolves: #684750 - CVE-2010-1674 CVE-2010-1675 quagga various flaws MODERATE Copyright 2011 Oracle, Inc. CVE-2010-1674 CVE-2010-1675 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [3.7.8-12.1] - fix #688518 - fixed CVE-2011-1154, CVE-2011-1155 and CVE-2011-1098 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.12-1.7.el6_0.5] - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071) - Properly quote output of locale (#625893, CVE-2011-1095) - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of when privileged (#667974, CVE-2011-0536) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659 CVE-2011-0536 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 policycoreutils: [2.0.83-19.8] - Fix seunshare to work with /tmp content when SELinux context is not provided Resolves: #679689 [2.0.83-19.7] - put back correct chcon - Latest fixes for seunshare [2.0.83-19.6] - Fix rsync command to work if the directory is old. - Fix all tests Resolves: #679689 [2.0.83-19.5] - Add requires rsync and fix man page for seunshare [2.0.83-19.4] - fix to sandbox - Fix seunshare to use more secure handling of /tmp - Rewrite seunshare to make sure /tmp is mounted stickybit owned by root - Change to allow sandbox to run on nfs homedirs, add start python script - change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_* - Move seunshare to sandbox package - Fix sandbox to show correct types in usage statement selinux-policy: [3.7.19-54.0.1.el6_0.5] - Allow ocfs2 to be mounted with file_t type. [3.7.19-54.el6_0.5] - seunshare needs to be able to mounton nfs/cifs/fusefs homedirs Resolves: #684918 [3.7.19-54.el6_0.4] - Fix to sandbox * selinux-policy fixes for policycoreutils sandbox changes - Fix seunshare to use more secure handling of /tmp - Change to allow sandbox to run on nfs homedirs, add start python script IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1011 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 6 [2.6.32-71.24.1.el6] - [fs] Revert '[fs] inotify: stop kernel memory leak on file creation failure' (Eric Paris) [656831 656832] {CVE-2010-4250} [2.6.32-71.23.1.el6] - [x86] Revert '[x86] mtrr: Assume SYS_CFG[Tom2ForceMemTypeWB] exists on all future AMD CPUs' (Frank Arnold) [683813 652208] [2.6.32-71.22.1.el6] - rebuild [2.6.32-71.21.1.el6] - [netdrv] ixgbe: limit VF access to network traffic (Frantisek Hrbata) [684129 678717] - [netdrv] ixgbe: work around for DDP last buffer size (Frantisek Hrbata) [684129 678717] - [net] gro: reset dev and skb_iff on skb reuse (Andy Gospodarek) [688311 681970] - [x86] mtrr: Assume SYS_CFG[Tom2ForceMemTypeWB] exists on all future AMD CPUs (Frank Arnold) [683813 652208] - [virt] virtio_net: Add schedule check to napi_enable call (Michael S. Tsirkin) [684268 676579] - [s390x] mm: add devmem_is_allowed() for STRICT_DEVMEM checking (Hendrik Brueckner) [684267 647365] - [powerpc] Don't use kernel stack with translation off (Steve Best) [684266 628951] - [powerpc] Initialise paca->kstack before early_setup_secondary (Steve Best) [684266 628951] [2.6.32-71.20.1.el6] - [dvb] kernel: av7110 negative array offset (Mauro Carvalho Chehab) [672403 672404] {CVE-2011-0521} - [fs] sunrpc: Correct a misapplied patch (J. Bruce Fields) [678094 678146] {CVE-2011-0714} - [netdrv] orinoco: fix TKIP countermeasure behaviour (Stanislaw Gruszka) [667908 667909] {CVE-2010-4648} - [kernel] /proc/vmcore: speed up access to vmcore file (Neil Horman) [683442 672937] - [netdrv] cnic: Fix big endian bug (Steve Best) [678484 676640] - [scsi] fcoe: drop FCoE LOGO in FIP mode (Mike Christie) [683814 668114] - [s390x] remove task_show_regs (Danny Feng) [677854 677855] {CVE-2011-0710} - [ib] cm: Bump reference count on cm_id before invoking callback (Doug Ledford) [676190 676191] {CVE-2011-0695} - [rdma] cm: Fix crash in request handlers (Doug Ledford) [676190 676191] {CVE-2011-0695} - [net] bridge: Fix mglist corruption that leads to memory corruption (Herbert Xu) [678172 659421] {CVE-2011-0716} - [netdrv] r8169: use RxFIFO overflow workaround and prevent RxFIFO induced infinite loops (Ivan Vecera) [680080 630810] - [s390x] kernel: nohz vs cpu hotplug system hang (Hendrik Brueckner) [683815 668470] - [netdrv] cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory (Doug Ledford) [633156 633157] {CVE-2010-3296} - [configs] redhat: added CONFIG_SECURITY_DMESG_RESTRICT option (Frantisek Hrbata) [683822 653245] - [kernel] restrict unprivileged access to kernel syslog (Frantisek Hrbata) [683822 653245] - [fs] cifs: allow matching of tcp sessions in CifsNew state (Jeff Layton) [683812 629085] - [fs] cifs: fix potential double put of TCP session reference (Jeff Layton) [683812 629085] - [fs] cifs: prevent possible memory corruption in cifs_demultiplex_thread (Jeff Layton) [683812 629085] - [fs] cifs: eliminate some more premature cifsd exits (Jeff Layton) [683812 629085] - [fs] cifs: prevent cifsd from exiting prematurely (Jeff Layton) [683812 629085] - [fs] CIFS: Make cifs_convert_address() take a const src pointer and a length (Jeff Layton) [683812 629085] - [kdump] kexec: accelerate vmcore copies by marking oldmem in /proc/vmcore as cached (Neil Horman) [683445 641315] - [virt] KVM: VMX: Disallow NMI while blocked by STI (Avi Kivity) [683783 616296] - [virt] kvm: write protect memory after slot swap (Michael S. Tsirkin) [683781 647367] [2.6.32-71.19.1.el6] - [crypto] sha-s390: Reset index after processing partial block (Herbert Xu) [678996 626515] - [net] clear heap allocations for privileged ethtool actions (Jiri Pirko) [672434 672435] {CVE-2010-4655} - [usb] iowarrior: don't trust report_size for buffer size (Don Zickus) [672421 672422] {CVE-2010-4656} - [virt] virtio: console: Wake up outvq on host notifications (Amit Shah) [678558 643750] - [fs] inotify: stop kernel memory leak on file creation failure (Eric Paris) [656831 656832] {CVE-2010-4250} - [net] sctp: fix kernel panic resulting from mishandling of icmp dest unreachable msg (Neil Horman) [667028 667029] {CVE-2010-4526} - [mm] install_special_mapping skips security_file_mmap check (Frantisek Hrbata) [662198 662199] {CVE-2010-4346} - [kdump] vt-d: Handle previous faults after enabling fault handling (Takao Indoh) [678485 617137] - [kdump] Enable the intr-remap fault handling after local apic setup (Takao Indoh) [678485 617137] - [kdump] vt-d: Fix the vt-d fault handling irq migration in the x2apic mode (Takao Indoh) [678485 617137] - [kdump] vt-d: Quirk for masking vtd spec errors to platform error handling logic (Takao Indoh) [678485 617137] - [virt] virtio: console: Don't block entire guest if host doesn't read data (Amit Shah) [678562 643751] - [virt] virtio: console: Prevent userspace from submitting NULL buffers (Amit Shah) [678559 635535] - [virt] virtio: console: Fix poll blocking even though there is data to read (Amit Shah) [678561 634232] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-4526 CVE-2011-0521 CVE-2011-0716 CVE-2010-4656 CVE-2011-0710 CVE-2010-4346 CVE-2010-4648 CVE-2011-0695 CVE-2011-1478 CVE-2010-4655 CVE-2010-3296 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2:2.6.6-2.1] - fix CVE-2011-0411 (#682978) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0411 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 6 [2.4-1.el6_0.2] - Fix security vulnerability CVE-2011-0012 (rhbz#639869) Resolves: rhbz#639870 [2.4-1.el6_0.1] - Fix security vulnerability CVE-2011-1179 (rhbz#689931) Resolves: rhbz#689932 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0012 CVE-2011-1179 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [12:4.1.1-12.P1.4] - Better fix for CVE-2011-0997: making domain-name check more lenient (#690578) [12:4.1.1-12.P1.3] - dhclient: insufficient sanitization of certain DHCP response values (CVE-2011-0997, #690578) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0997 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [7.4-15.el6_0.1] - cve-2011-0465: Sanitize cpp macro expansion. (CVE 2011-0465) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0465 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.8.2-3.7] - kadmind: add upstream patch to fix free() on an invalid pointer (#696341, MITKRB5-SA-2011-004, CVE-2011-0285) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0285 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [3.9.4-1.el6_0.3] - Add fix for CVE-2009-5022 Resolves: #696143 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2009-5022 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [0.96-2.el6_0.1] - Include fixes for CVE-2011-1485 - Resolves: #692941 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1485 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [6:4.3.4-11.2] - rebase the fix for CVE-2011-1094 [6:4.3.4-11.1] - fixes CVE-2011-1094, CVE-2011-1168 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1168 CVE-2011-1094 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch Oracle Linux 6 [7:4.3.4-11.1] - CVE-2010-1000, improper sanitization of metalink attribute for downloading files IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1586 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 firefox: [3.6.17-1.0.1.el6_0] - Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js [3.6.17-1] - Update to 3.6.17 xulrunner: [1.9.2.17-4.0.1.el6_0] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.17-4] - Rebuild [1.9.2.17-3] - Update to 1.9.2.17 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0069 CVE-2011-0070 CVE-2011-0077 CVE-2011-0066 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0078 CVE-2011-0067 CVE-2011-0081 CVE-2011-1202 CVE-2011-0072 CVE-2011-0065 CVE-2011-0080 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [3.12.8-3.0.1.el6_0] - Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2 - Update expired PayPalEE.cert to fix build failure [3.12.8-3] - Update builtin certs to NSS_3.12.9_WITH_CKBI_1_82_RTM via a patch [3.12.8-2] - Update to builtin certs from NSS_3.12.9_WITH_CKBI_1_82_RTM IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.10-1.0.1.el6_0] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.10-1] - Update to 3.1.10 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0078 CVE-2011-0081 CVE-2011-0071 CVE-2011-0073 CVE-2011-0077 CVE-2011-0074 CVE-2011-0080 CVE-2011-0075 CVE-2011-0070 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.8.1-27.0.1.el6_0.6] - Replace docs/et.png in tarball with blank image [0.8.1-27.el6_0.6] - Properly initialize supplementary groups for qemu process (rhbz#668692) - Make error reporting in libvirtd thread safe (CVE-2011-1486) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1486 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-71.29.1.el6] - [mm] Revert '[mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode' (Larry Woodman) [695256 691310] [2.6.32-71.28.1.el6] - [net] bonding: fix jiffy comparison issues (Andy Gospodarek) [698109 696337] - [drm] radeon/kms: check AA resolve registers on r300 + regression fix (Dave Airlie) [680001 680002] {CVE-2011-1016} - [infiniband] uverbs: Handle large number of entries in poll CQ (Eugene Teo) [688429 696137] {CVE-2011-1044 CVE-2010-4649} - [net] sctp: fix the INIT/INIT-ACK chunk length calculation (Thomas Graf) [695386 690743] {CVE-2011-1573} - [net] CAN: Use inode instead of kernel address for /proc file (Danny Feng) [664560 664561] {CVE-2010-4565} - [fs] inotify: fix double free/corruption of stuct user (Eric Paris) [656831 656832] {CVE-2010-4250} - [net] netfilter: ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko) [689341 689342] - [net] bonding: change test for presence of VLANs (Jiri Pirko) [696487 683496] - [scsi] scsi_dh: fix reference counting in scsi_dh_activate error path (Mike Snitzer) [696889 680140] - [net] enable VLAN NULL tagging (Neil Horman) [683810 633571] - [scsi] scsi_dh: propagate SCSI device deletion (Mike Snitzer) [698114 669411] - [fs] inotify: stop kernel memory leak on file creation failure (Eric Paris) [656831 656832] {CVE-2010-4250} [2.6.32-71.27.1.el6] - [scsi] megaraid: give FW more time to recover from reset (Tomas Henzl) [695322 692673] - [netdrv] ixgbe: fix for 82599 erratum on Header Splitting (Andy Gospodarek) [683820 669231] - [sound] ALSA: hda - nvhdmi: Add missing codec IDs, unify names (Jaroslav Kysela) [683817 636922] - [mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Larry Woodman) [695256 691310] - [net] fix ebtables stack infoleak (Eugene Teo) [681322 681323] {CVE-2011-1080} - [drm] fix unsigned vs signed comparison issue in modeset ctl ioctl (Don Howard) [679927 679928] {CVE-2011-1013} - [pci] Enable ASPM state clearing regardless of policy (Alex Williamson) [694073 681017] - [pci] Disable ASPM if BIOS asks us to (Alex Williamson) [694073 681017] - [mm] do not keep kswapd awake for an unreclaimable zone (Johannes Weiner) [694186 633825] [2.6.32-71.26.1.el6] - [net] bnep: fix buffer overflow (Don Howard) [681315 681316] {CVE-2011-1079} - [scsi] aic94xx: world-writable sysfs update_bios file (Don Howard) [679306 679307] - [x86] tc1100-wmi: world-writable sysfs wireless and jogdial files (Don Howard) [679306 679307] - [x86] acer-wmi: world-writable sysfs threeg file (Don Howard) [679306 679307] - [mfd] ab3100: world-writable debugfs *_priv files (Don Howard) [679306 679307] - [v4l] sn9c102: world-wirtable sysfs files (Don Howard) [679306 679307] - [x86] Fix EFI pagetable to map whole memory (Takao Indoh) [670850 664364] - [kernel] CAP_SYS_MODULE bypass via CAP_NET_ADMIN (Phillip Lougher) [681772 681773] {CVE-2011-1019} - [kernel] failure to revert address limit override in OOPS error path (Dave Anderson) [659572 659573] {CVE-2010-4258} - [fs] xfs: zero proper structure size for geometry calls (Phillip Lougher) [677267 677268] {CVE-2011-0711} - [fs] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 (Phillip Lougher) [677267 677268] {CVE-2011-0711} - [tty] tty_audit: fix tty_audit_add_data live lock on audit disabled (Danny Feng) [684275 680126] - [kernel] proc: protect mm start_code/end_code in /proc/pid/stat (Eugene Teo) [684572 684573] {CVE-2011-0726} - [net] dccp oops (Eugene Teo) [682957 682958] {CVE-2011-1093} - [firmware] dcdbas: force SMI to happen when expected (Shyam Iyer) [683440 664832] - [security] ima: fix add LSM rule bug (Eric Paris) [667914 667915] {CVE-2011-0006} - [sound] caiaq: Fix possible string buffer overflow (Jaroslav Kysela) [678475 678476] {CVE-2011-0712} - [net] ixgbe: add option to control interrupt mode (Andy Gospodarek) [670114 670110 622640 637332] [2.6.32-71.25.1.el6] - [net] bridge: do not learn from exact matches (Jiri Pirko) [691777 623199] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-4649 CVE-2011-0712 CVE-2011-0726 CVE-2011-1080 CVE-2011-1016 CVE-2011-1573 CVE-2011-0006 CVE-2011-0711 CVE-2011-1093 CVE-2011-1013 CVE-2010-4250 CVE-2010-4565 CVE-2011-1019 CVE-2011-1044 CVE-2011-1079 cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.6.0-8.1] - Prevent remote file access (#676252) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1595 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [1.3.9-3.1] - add fix for CVE-2011-0419 (#703520) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0419 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [qemu-kvm-0.12.1.2-2.160.el6] - kvm-virtio-blk-fail-unaligned-requests.patch [bz#698910] - kvm-Ignore-pci-unplug-requests-for-unpluggable-devices.patch [bz#699789] - Resolves: bz#698910 (CVE-2011-1750 virtio-blk: heap buffer overflow caused by unaligned requests [rhel-6.1]) - Resolves: bz#699789 (CVE-2011-1751 acpi_piix4: missing hotplug check during device removal [rhel-6.1]) [qemu-kvm-0.12.1.2-2.159.el6] - kvm-acpi_piix4-Maintain-RHEL6.0-migration.patch [bz#694095] - Resolves: bz#694095 (Migration fails when migrate guest from RHEL6.1 host to RHEL6 host with the same libvirt version) [qemu-kvm-0.12.1.2-2.158.el6] - kvm-bz-691704-vhost-skip-VGA-memory-regions.patch [bz#691704] - kvm-ide-atapi-add-support-for-GET-EVENT-STATUS-NOTIFICAT.patch [bz#558256] - kvm-atapi-Allow-GET_EVENT_STATUS_NOTIFICATION-after-medi.patch [bz#558256] - kvm-atapi-Move-GET_EVENT_STATUS_NOTIFICATION-command-han.patch [bz#558256] - kvm-atapi-GESN-Use-structs-for-commonly-used-field-types.patch [bz#558256] - kvm-atapi-GESN-Standardise-event-response-handling-for-f.patch [bz#558256] - kvm-atapi-GESN-implement-media-subcommand.patch [bz#558256] - Resolves: bz#558256 (rhel6 disk not detected first time in install) - Resolves: bz#691704 (Failed to boot up windows guest with huge memory and cpu and vhost=on within 30 mins) [qemu-kvm-0.12.1.2-2.157.el6] - kvm-qemu-img-rebase-Fix-read-only-new-backing-file.patch [bz#693741] - kvm-floppy-save-and-restore-DIR-register.patch [bz#681777] - kvm-block-Do-not-cache-device-size-for-removable-media.patch [bz#687900] - kvm-cdrom-Allow-the-TEST_UNIT_READY-command-after-a-cdro.patch [bz#683877] - kvm-cdrom-Make-disc-change-event-visible-to-guests.patch [bz#683877] - Resolves: bz#681777 (floppy I/O error after live migration while floppy in use) - Resolves: bz#683877 (RHEL6 guests fail to update cdrom block size on media change) - Resolves: bz#687900 (qemu host cdrom support not properly updating guests on media changes at physical CD/DVD drives) - Resolves: bz#693741 (qemu-img re-base fail with read-only new backing file) [qemu-kvm-0.12.1.2-2.156.el6] - kvm-Revert-net-socket-allow-ipv6-for-net_socket_listen_i.patch [bz#680356] - kvm-Revert-Use-getaddrinfo-for-migration.patch [bz#680356] - Related: bz#680356 (Live migration failed in ipv6 environment) - Fixes bz#694196 (RHEL 6.1 qemu-kvm: Specifying ipv6 addresses breaks migration) [qemu-kvm-0.12.1.2-2.155.el6] - kvm-configure-fix-out-of-tree-build-with-enable-spice.patch [bz#641833] - kvm-ccid-card-emulated-replace-DEFINE_PROP_ENUM-with-DEF.patch [bz#641833] - kvm-Revert-qdev-properties-add-PROP_TYPE_ENUM.patch [bz#641833] - kvm-Revert-qdev-add-data-pointer-to-Property.patch [bz#641833] - kvm-Revert-qdev-add-print_options-callback.patch [bz#641833] - kvm-ccid-v18_upstream-v25-cleanup.patch [bz#641833] - kvm-libcacard-vscard_common.h-upstream-v18-v25-diff.patch [bz#641833] - kvm-ccid-card-passthru-upstream-v18-upstream-v25-diff.patch [bz#641833] - kvm-qemu-thread-add-qemu_mutex-cond_destroy-and-qemu_mut.patch [bz#641833] - kvm-adding-qemu-thread.o-to-obj-y.patch [bz#641833] - kvm-ccid-card-emulated-v18-v25.patch [bz#641833] - kvm-libcacard-v18-upstream-v25.patch [bz#641833] - Resolves: bz#641833 (Spice CAC support - qemu) [qemu-kvm-0.12.1.2-2.154.el6] - kvm-add-a-service-to-reap-zombies-use-it-in-SLIRP.patch [bz#678524] - kvm-Don-t-allow-multiwrites-against-a-block-device-witho.patch [bz#654682] - kvm-Do-not-delete-BlockDriverState-when-deleting-the-dri.patch [bz#654682] - kvm-virtio-serial-don-t-crash-on-invalid-input.patch [bz#690174] - Resolves: bz#678524 (Exec based migration randomly fails, particularly under high load) - Resolves: bz#690174 (virtio-serial qemu-kvm crash on invalid input in migration) - Resolves: bz#654682 (drive_del command to let libvirt safely remove block device from guest) [qemu-kvm-0.12.1.2-2.153.el6] - kvm-Revert-spice-qxl-locking-fix-for-qemu-kvm.patch [bz#678208] - kvm-qxl-spice-display-move-pipe-to-ssd.patch [bz#678208] - kvm-qxl-implement-get_command-in-vga-mode-without-locks.patch [bz#678208] - kvm-qxl-spice-remove-qemu_mutex_-un-lock_iothread-around.patch [bz#678208] - kvm-hw-qxl-render-drop-cursor-locks-replace-with-pipe.patch [bz#678208] - kvm-spice-qemu-char.c-add-throttling.patch [bz#672191] - kvm-spice-qemu-char.c-remove-intermediate-buffer.patch [bz#672191] - kvm-spice-qemu-char-Fix-flow-control-in-client-guest-dir.patch [bz#672191] - kvm-chardev-Allow-frontends-to-notify-backends-of-guest-.patch [bz#688572] - kvm-virtio-console-notify-backend-of-guest-open-close.patch [bz#688572] - kvm-spice-chardev-listen-to-frontend-guest-open-close.patch [bz#688572] - kvm-Fix-performance-regression-in-qemu_get_ram_ptr.patch [bz#690267] - kvm-virtio-pci-fix-bus-master-work-around-on-load.patch [bz#682243] - kvm-Use-getaddrinfo-for-migration.patch [bz#680356] - kvm-net-socket-allow-ipv6-for-net_socket_listen_init-and.patch [bz#680356] - kvm-block-Fix-serial-number-assignment.patch [bz#688058] - Resolves: bz#672191 (spicevmc: flow control on the spice agent channel is missing in both directions) - Resolves: bz#678208 (qemu-kvm hangs when installing guest with -spice option) - Resolves: bz#680356 (Live migration failed in ipv6 environment) - Resolves: bz#682243 ([KVM] pci hotplug after migration breaks virtio_net.) - Resolves: bz#688058 (Drive serial number gets truncated) - Resolves: bz#688572 (spice-server does not switch back to server mouse mode if guest spice-agent dies.) - Resolves: bz#690267 (Backport qemu_get_ram_ptr() performance improvement) - Related: bz#672191 (spicevmc: flow control on the spice agent channel is missing in both directions) [qemu-kvm-0.12.1.2-2.152.el6] - kvm-device-assignment-register-a-reset-function.patch [bz#685147] - kvm-device-assignment-Reset-device-on-system-reset.patch [bz#685147] - Resolves: bz#685147 (guest with assigned nic got kernel panic when send system_reset signal in QEMU monitor) [qemu-kvm-0.12.1.2-2.151.el6] - kvm-net-Add-the-missing-option-declaration-of-vhostforce.patch [bz#683295] - kvm-vhost-fix-dirty-page-handling.patch [bz#684076] - kvm-block-qcow2.c-rename-qcow_-functions-to-qcow2_.patch [bz#688119] - kvm-Add-proper-errno-error-return-values-to-qcow2_open.patch [bz#688119] - kvm-QCOW2-bug-fix-read-base-image-beyond-its-size.patch [bz#688147] - kvm-qcow2-Fix-error-handling-for-immediate-backing-file-.patch [bz#688146] - kvm-qcow2-Fix-error-handling-for-reading-compressed-clus.patch [bz#688146] - kvm-qerror-Add-QERR_UNKNOWN_BLOCK_FORMAT_FEATURE.patch [bz#688119] - kvm-qcow2-Report-error-for-version-2.patch [bz#688119] - kvm-qcow2-Fix-order-in-L2-table-COW.patch [bz#688146] - kvm-pci-assign-Catch-missing-KVM-support.patch [bz#688428] - Resolves: bz#683295 (qemu-kvm: Invalid parameter 'vhostforce') - Resolves: bz#684076 (Segfault occurred during migration) - Resolves: bz#688119 (qcow2: qcow2_open doesn't return useful errors) - Resolves: bz#688146 (qcow2: Some paths fail to handle I/O errors) - Resolves: bz#688147 (qcow2: Reads fail with backing file smaller than snapshot) - Resolves: bz#688428 (qemu-kvm -no-kvm segfaults on pci_add) [qemu-kvm-0.12.1.2-2.150.el6] - kvm-Improve-error-handling-in-do_snapshot_blkdev.patch [bz#676529] - Resolves: bz#676529 (core dumped when save snapshot to non-exist disk) [qemu-kvm-0.12.1.2-2.149.el6] - kvm-Fix-error-message-in-drive_init.patch [bz#607598] - kvm-block-Use-error-codes-from-lower-levels-for-error-me.patch [bz#607598] - kvm-device-assignment-Don-t-skip-closing-unmapped-resour.patch [bz#680058] - Resolves: bz#607598 (Incorrect & misleading error reporting when failing to open a drive due to block driver whitelist denial) - Resolves: bz#680058 (can't hotplug second vf successful with message 'Too many open files') [qemu-kvm-0.12.1.2-2.148.el6] - kvm-ide-Make-ide_init_drive-return-success.patch [bz#655735] - kvm-ide-Reject-readonly-drives-unless-CD-ROM.patch [bz#655735] - kvm-ide-Reject-invalid-CHS-geometry.patch [bz#655735] - kvm-Move-KVM-and-Xen-global-flags-to-vl.c.patch [bz#662701] - kvm-qemu-kvm-Switch-to-upstream-enable-kvm-semantics.patch [bz#662701] - Update BuildRequire for newer spice-server [bz#672035] - Resolves: bz#655735 (qemu-kvm (or libvirt?) permission denied errors when exporting readonly IDE disk to guest) - Resolves: bz#662701 (Option -enable-kvm should exit when KVM is unavailable) - Related: bz#672035 (spice-server: rebase to upstream 0.8 for RHEL-6.1) [qemu-kvm-0.12.1.2-2.147.el6] - kvm-e1000-clear-EOP-for-multi-buffer-descriptors.patch [bz#678338] - kvm-e1000-verify-we-have-buffers-upfront.patch [bz#678338] - kvm-tracetool-Add-optional-argument-to-specify-dtrace-pr.patch [bz#672441] - kvm-Specify-probe-prefix-to-make-dtrace-probes-use-qemu-.patch [bz#672441] - Resolves: bz#672441 (Tracetool autogenerate qemu-kvm.stp with wrong qemu-kvm path) - Resolves: bz#678338 (e1000 behaving out of spec after increasing MTU) [qemu-kvm-0.12.1.2-2.146.el6] - kvm-USB-HID-does-not-support-Set_Idle.patch [bz#665025] - kvm-add-event-queueing-to-USB-HID.patch [bz#665025] - Spec patch to reenable CONFIG_VMMOUSE and CONFIG_VMPORT [bz#616187 (the original feature-disable bug) bz#677712 bz#677712 (the new broken migration bug)] - Resolves: bz#665025 (lost double clicks on slow connections) - Resolves: bz#677712 (disabling vmware device emulation breaks old->new migration) [qemu-kvm-0.12.1.2-2.145.el6] - kvm-make-tsc-stable-over-migration-and-machine-start.patch [bz#662386] - kvm-qemu-kvm-Close-all-block-drivers-on-quit.patch [bz#635527] - kvm-net-notify-peer-about-link-status-change.patch [bz#676015] - kvm-vhost-disable-on-tap-link-down.patch [bz#676015] - kvm-Add-config-devices.h-again.patch [bz#616187] - kvm-Add-CONFIG_VMWARE_VGA-v2.patch [bz#616187] - kvm-add-CONFIG_VMMOUSE-option-v2.patch [bz#616187] - kvm-add-CONFIG_VMPORT-option-v2.patch [bz#616187] - kvm-blockdev-Fix-drive_del-not-to-crash-when-drive-is-no.patch [bz#677222] - Resolves: bz#616187 (vmware device emulation enabled but not supported) - Resolves: bz#635527 (KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk) - Resolves: bz#662386 (tsc clock breaks migration result stability) - Resolves: bz#676015 [off not working with vhost-net)] - Resolves: bz#677222 (segment fault happens after hot drive add then drive delete) - Related: bz#635527 (KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk) [qemu-kvm-0.12.1.2-2.144.el6] - kvm-V3-Bug-619259-qemu-cpu-check-enforce-should-work-eve.patch [bz#619259] - kvm-Bug-675229-Install-of-cpu-x86_64.conf-bombs-for-an-o.patch [bz#675229] - kvm-e1000-multi-buffer-packet-support.patch [bz#602205] - Resolves: bz#602205 (Could not ping guest successfully after changing e1000 MTU) - Resolves: bz#619259 (qemu '-cpu [check | enforce ]' should work even when a model name is not specified on the command line) - Resolves: bz#675229 (Install of cpu-x86_64.conf bombs for an out of tree build..) [qemu-kvm-0.12.1.2-2.143.el6] - kvm-fix-syntax-error-introduced-by-virtio-serial-Disable.patch [bz#588916] - Resolves: bz#588916 (qemu char fixes for nonblocking writes, virtio-console flow control) [qemu-kvm-0.12.1.2-2.142.el6] - kvm-ide-Remove-redundant-IDEState-member-conf.patch [bz#654682] - kvm-ide-Split-ide_init1-off-ide_init2-v2.patch [bz#654682] - kvm-ide-Change-ide_init_drive-to-require-valid-dinfo-arg.patch [bz#654682] - kvm-ide-Split-non-qdev-code-off-ide_init2.patch [bz#654682] - kvm-qdev-Don-t-leak-string-property-value-on-hot-unplug.patch [bz#654682] - kvm-blockdev-New-drive_get_by_blockdev-v2.patch [bz#654682] - kvm-blockdev-Clean-up-automatic-drive-deletion-v2.patch [bz#654682] - kvm-qdev-Decouple-qdev_prop_drive-from-DriveInfo-v2.patch [bz#654682] - kvm-block-Catch-attempt-to-attach-multiple-devices-to-a-.patch [bz#654682] - kvm-Implement-drive_del-to-decouple-block-removal-from-d.patch [bz#654682] - kvm-blockdev-check-dinfo-ptr-before-using-v2.patch [bz#654682] - kvm-qcow2-Add-full-image-preallocation-option.patch [bz#634652] - kvm-savevm-fix-corruption-in-vmstate_subsection_load.patch [bz#671100] - kvm-virtio-serial-Disable-flow-control-for-RHEL-5.0-mach.patch [bz#588916] - Resolves: bz#588916 (qemu char fixes for nonblocking writes, virtio-console flow control) - Resolves: bz#634652 ([RFE] qemu-img qcow2 'pre-allocation' should not only pre-allocate meta-data, but also data) - Resolves: bz#654682 (drive_del command to let libvirt safely remove block device from guest) - Resolves: bz#671100 (possible migration failure due to erroneous interpretation of subsection) [qemu-kvm-0.12.1.2-2.141.el6] - spec file: symlink to stdvga and vmware vgabios images [bz#638468] - Related: bz#638468 ([qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug) [qemu-kvm-0.12.1.2-2.140.el6] - spec file: require new vgabios images (stdvga and vmware) [bz#638468] - Related: bz#638468 ([qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug) [qemu-kvm-0.12.1.2-2.139.el6] - kvm-Revert-Drop-qemu_mutex_iothread-during-migration.patch [bz#643970] - Related: bz#643970 (guest migration turns failed by the end (16G + stress load)) [qemu-kvm-0.12.1.2-2.138.el6] - kvm-virtio-console-Factor-out-common-init-between-consol.patch [bz#588916] - kvm-virtio-console-Remove-unnecessary-braces.patch [bz#588916] - kvm-virtio-serial-Use-a-struct-to-pass-config-informatio.patch [bz#588916] - kvm-Fold-send_all-wrapper-unix_write-into-one-function.patch [bz#588916] - kvm-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch [bz#588916] - kvm-virtio-serial-move-out-discard-logic-in-a-separate-f.patch [bz#588916] - kvm-virtio-serial-Make-sure-virtqueue-is-ready-before-di.patch [bz#588916] - kvm-virtio-serial-Don-t-copy-over-guest-buffer-to-host.patch [bz#588916] - kvm-virtio-serial-Let-virtio-serial-bus-know-if-all-data.patch [bz#588916] - kvm-virtio-serial-Add-support-for-flow-control.patch [bz#588916] - kvm-virtio-serial-Add-rhel6.0.0-compat-property-for-flow.patch [bz#588916] - kvm-virtio-serial-save-restore-new-fields-in-port-struct.patch [bz#588916] - kvm-Convert-io-handlers-to-QLIST.patch [bz#588916] - kvm-iohandlers-Add-enable-disable_write_fd_handler-funct.patch [bz#588916] - kvm-char-Add-framework-for-a-write-unblocked-callback.patch [bz#588916] - kvm-char-Update-send_all-to-handle-nonblocking-chardev-w.patch [bz#588916] - kvm-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch [bz#588916] - kvm-char-Throttle-when-host-connection-is-down.patch [bz#588916 bz#621484] - kvm-virtio-console-Enable-port-throttling-when-chardev-i.patch [bz#588916] - kvm-Add-spent-time-to-migration.patch [bz#643970] - kvm-No-need-to-iterate-if-we-already-are-over-the-limit.patch [bz#643970] - kvm-don-t-care-about-TLB-handling.patch [bz#643970] - kvm-Only-calculate-expected_time-for-stage-2.patch [bz#643970] - kvm-Count-nanoseconds-with-uint64_t-not-doubles.patch [bz#643970] - kvm-Exit-loop-if-we-have-been-there-too-long.patch [bz#643970] - kvm-Maintaing-number-of-dirty-pages.patch [bz#643970] - kvm-Drop-qemu_mutex_iothread-during-migration.patch [bz#643970] - Resolves: bz#588916 (qemu char fixes for nonblocking writes, virtio-console flow control) - Resolves: bz#621484 (Broken pipe when working with unix socket chardev) - Resolves: bz#643970 (guest migration turns failed by the end (16G + stress load)) [qemu-kvm-0.12.1.2-2.137.el6] - kvm-Add-support-for-o-octet-bytes-format-as-monitor-para.patch [bz#515775] - kvm-block-add-block_resize-monitor-command.patch [bz#515775] - kvm-block-tell-drivers-about-an-image-resize.patch [bz#515775] - kvm-virtio-blk-tell-the-guest-about-size-changes.patch [bz#515775] - kvm-qdev-add-print_options-callback.patch [bz#641833] - kvm-qdev-add-data-pointer-to-Property.patch [bz#641833] - kvm-qdev-properties-add-PROP_TYPE_ENUM.patch [bz#641833] - kvm-usb-ccid-add-CCID-bus.patch [bz#641833] - kvm-introduce-libcacard-vscard_common.h.patch [bz#641833] - kvm-ccid-add-passthru-card-device.patch [bz#641833] - kvm-libcacard-initial-commit.patch [bz#641833] - kvm-ccid-add-ccid-card-emulated-device-v2.patch [bz#641833] - kvm-ccid-add-docs.patch [bz#641833] - kvm-ccid-configure-fix-enable-disable-flags.patch [bz#641833] - Note: smartcard spec patch applied by hand [bz#641833] - Resolves: bz#515775 ([RFE] Include support for online resizing of storage and network block devices) - Resolves: bz#641833 (Spice CAC support - qemu) [qemu-kvm-0.12.1.2-2.136.el6] - kvm-Introduce-fw_name-field-to-DeviceInfo-structure.patch [bz#643687] - kvm-Introduce-new-BusInfo-callback-get_fw_dev_path.patch [bz#643687] - kvm-Keep-track-of-ISA-ports-ISA-device-is-using-in-qdev.patch [bz#643687] - kvm-Add-get_fw_dev_path-callback-to-ISA-bus-in-qdev.patch [bz#643687] - kvm-Store-IDE-bus-id-in-IDEBus-structure-for-easy-access.patch [bz#643687] - kvm-Add-get_fw_dev_path-callback-to-IDE-bus.patch [bz#643687] - kvm-Add-get_fw_dev_path-callback-for-system-bus.patch [bz#643687] - kvm-Add-get_fw_dev_path-callback-for-pci-bus.patch [bz#643687] - kvm-Record-which-USBDevice-USBPort-belongs-too.patch [bz#643687] - kvm-Add-get_fw_dev_path-callback-for-usb-bus.patch [bz#643687] - kvm-Add-get_fw_dev_path-callback-to-scsi-bus.patch [bz#643687] - kvm-Add-bootindex-parameter-to-net-block-fd-device.patch [bz#643687] - kvm-Change-fw_cfg_add_file-to-get-full-file-path-as-a-pa.patch [bz#643687] - kvm-Add-bootindex-for-option-roms.patch [bz#643687] - kvm-Add-notifier-that-will-be-called-when-machine-is-ful.patch [bz#643687] - kvm-Pass-boot-device-list-to-firmware.patch [bz#643687] - kvm-close-all-the-block-drivers-before-the-qemu-process-.patch [bz#635527] - kvm-qemu-img-snapshot-Use-writeback-caching.patch [bz#635527] - kvm-qcow2-Add-QcowCache.patch [bz#635527] - kvm-qcow2-Use-QcowCache.patch [bz#635527] - kvm-qcow2-Batch-flushes-for-COW.patch [bz#635527] - Commited 'Remove vhost blacklisting' by hand [bz#665299] - kvm-add-bootindex-parameter-to-assigned-device.patch [bz#643687] - kvm-tap-safe-sndbuf-default.patch [bz#674539] - kvm-do-not-pass-NULL-to-strdup.patch [bz#643687] - kvm-Use-Makefile-to-install-qemu-kvm-in-correct-location.patch [bz#672441] - kvm-Fix-CVE-2011-0011-qemu-kvm-Setting-VNC-password-to-e.patch [bz#667976] - kvm-vhost-force-vhost-off-for-non-MSI-guests.patch [bz#674562] - Resolves: bz#635527 (KVM:qemu-img re-base poor performance(on local storage) when snapshot to a new disk) - Resolves: bz#643687 (Allow to specify boot order on qemu command line.) - Resolves: bz#665299 (load vhost-net by default) - Resolves: bz#667976 (CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication [rhel-6.1]) - Resolves: bz#672441 (Tracetool autogenerate qemu-kvm.stp with wrong qemu-kvm path) - Resolves: bz#674539 (slow guests block other guests on the same lan) - Resolves: bz#674562 (disable vhost-net for rhel5 and older guests) [qemu-kvm-0.12.1.2-2.135.el6] - kvm-Bug-625333-qemu-treatment-of-nodefconfig-and-readcon.patch [bz#625333] - kvm-ide-Factor-ide_flush_cache-out.patch [bz#670539] - kvm-ide-Handle-flush-failure.patch [bz#670539] - kvm-virtio-blk-Respect-werror-option-for-flushes.patch [bz#670539] - kvm-block-Allow-bdrv_flush-to-return-errors.patch [bz#670539] - kvm-ide-Handle-immediate-bdrv_aio_flush-failure.patch [bz#670539] - kvm-virtio-blk-Handle-immediate-flush-failure-properly.patch [bz#670539] - kvm-vhost-error-code.patch [bz#633394] - kvm-vhost-fix-up-irqfd-support.patch [bz#633394] - kvm-virtio-pci-mask-notifier-error-handling-fixups.patch [bz#633394] - kvm-test-for-ioeventfd-support-on-old-kernels.patch [bz#633394] - kvm-virtio-pci-Rename-bugs-field-to-flags.patch [bz#633394] - kvm-virtio-move-vmstate-change-tracking-to-core.patch [bz#633394] - kvm-virtio-pci-Use-ioeventfd-for-virtqueue-notify.patch [bz#633394] - kvm-ioeventfd-error-handling-cleanup.patch [bz#633394] - kvm-remove-redhat-disable-THP.patch [bz#635418] - kvm-PATCH-RHEL6.1-qemu-kvm-acpi_piix4-qdevfy.patch [bz#498774] - kvm-PATCH-RHEL6.1-qemu-kvm-pci-allow-devices-being-tagge.patch [bz#498774] - kvm-PATCH-RHEL6.1-qemu-kvm-piix-tag-as-not-hotpluggable.patch [bz#498774] - kvm-PATCH-RHEL6.1-qemu-kvm-vga-tag-as-not-hotplugable-v3.patch [bz#498774] - kvm-PATCH-RHEL6.1-qemu-kvm-qxl-tag-as-not-hotpluggable.patch [bz#498774] - kvm-PATCH-RHEL6.1-qemu-kvm-acpi_piix4-expose-no_hotplug-.patch [bz#498774] - kvm-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch [bz#621484] - kvm-char-mark-socket-closed-if-write-fails-with-EPIPE.patch [bz#621484] - Resolves: bz#498774 (QEMU: Too many devices are available for unplug in Windows XP (and we don't support that)) - Resolves: bz#621484 (Broken pipe when working with unix socket chardev) - Resolves: bz#625333 (qemu treatment of -nodefconfig and -readconfig problematic for debug) - Resolves: bz#633394 ([6.1 FEAT] virtio-blk ioeventfd support) - Resolves: bz#635418 (Allow enable/disable ksm per VM) - Resolves: bz#670539 (Block devices don't implement correct flush error handling) - Related: bz#635418 (Allow enable/disable ksm per VM) [qemu-kvm-0.12.1.2-2.134.el6] - kvm-switch-stdvga-to-pci-vgabios.patch [bz#638468] - kvm-switch-vmware_vga-to-pci-vgabios.patch [bz#638468] - kvm-add-rhel6.1.0-machine-type.patch [bz#638468] - kvm-vgabios-update-handle-compatibility-with-older-qemu-.patch [bz#638468] - kvm-qemu-io-Fix-error-messages.patch [bz#672187] - kvm-wdt_i6300esb-register-a-reset-function.patch [bz#637180] - kvm-Watchdog-disable-watchdog-timer-when-hard-rebooting-.patch [bz#637180] - kvm-usb-linux-increase-buffer-for-USB-control-requests.patch [bz#672720] - kvm-device-assignment-Cap-number-of-devices-we-can-have-.patch [bz#670787] - kvm-clear-vapic-after-reset.patch [bz#669268] - kvm-add-support-for-protocol-driver-create_options.patch [bz#637701] - kvm-qemu-img-avoid-calling-exit-1-to-release-resources-p.patch [bz#637701] - kvm-Use-qemu_mallocz-instead-of-calloc-in-img_convert.patch [bz#637701] - kvm-img_convert-Only-try-to-free-bs-entries-if-bs-is-val.patch [bz#637701] - kvm-Consolidate-printing-of-block-driver-options.patch [bz#637701] - kvm-Fix-formatting-and-missing-braces-in-qemu-img.c.patch [bz#637701] - kvm-Fail-if-detecting-an-unknown-option.patch [bz#637701] - kvm-Make-error-handling-more-consistent-in-img_create-an.patch [bz#637701] - kvm-qemu-img-Deprecate-obsolete-6-and-e-options.patch [bz#637701] - kvm-qemu-img-Free-option-parameter-lists-in-img_create.patch [bz#637701] - kvm-qemu-img-Fail-creation-if-backing-format-is-invalid.patch [bz#637701] - kvm-Introduce-strtosz-library-function-to-convert-a-stri.patch [bz#637701] - kvm-Introduce-strtosz_suffix.patch [bz#637701] - kvm-qemu-img.c-Clean-up-handling-of-image-size-in-img_cr.patch [bz#637701] - kvm-qemu-img.c-Re-factor-img_create.patch [bz#637701] - kvm-Introduce-do_snapshot_blkdev-and-monitor-command-to-.patch [bz#637701] - kvm-Prevent-creating-an-image-with-the-same-filename-as-.patch [bz#637701] - kvm-qemu-option-Fix-uninitialized-value-in-append_option.patch [bz#637701] - kvm-bdrv_img_create-use-proper-errno-return-values.patch [bz#637701] - kvm-block-Use-backing-format-driver-during-image-creatio.patch [bz#637701] - kvm-Make-strtosz-return-int64_t-instead-of-ssize_t.patch [bz#637701] - kvm-strtosz-use-unsigned-char-and-switch-to-qemu_isspace.patch [bz#637701] - kvm-strtosz-use-qemu_toupper-to-simplify-switch-statemen.patch [bz#637701] - kvm-strtosz-Fix-name-confusion-in-use-of-modf.patch [bz#637701] - kvm-strtosz-Use-suffix-macros-in-switch-statement.patch [bz#637701] - kvm-do_snapshot_blkdev-error-on-missing-snapshot_file-ar.patch [bz#637701] - kvm-pci-memory-leak-of-PCIDevice-rom_file.patch [bz#672229] - Resolves: bz#637180 (watchdog timer isn't reset when qemu resets) - Resolves: bz#637701 (RFE - support live snapshot of a subset of disks without RAM) - Resolves: bz#638468 ([qemu-kvm] bochs vga lfb @ 0xe0000000 causes trouble for hot-plug) - Resolves: bz#669268 (WinXP hang when reboot after setup copies files to the installation folders) - Resolves: bz#670787 (Hot plug the 14st VF to guest causes guest shut down) - Resolves: bz#672187 (Improper responsive message when shrinking qcow2 image) - Resolves: bz#672229 (romfile memory leak) - Resolves: bz#672720 (getting 'ctrl buffer too small' error on USB passthrough) [qemu-kvm-0.12.1.2-2.133.el6] - kvm-spice-rip-out-all-the-old-non-upstream-spice-bits.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-Use-display-types-for-local-display-only.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-add-pflib-PixelFormat-conversion-library.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-Add-support-for-generic-notifier-lists.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-Rewrite-mouse-handlers-to-use-QTAILQ-and-to-have-an-.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-Add-kbd_mouse_has_absolute.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-Add-notifier-for-mouse-mode-changes.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-sdl-use-mouse-mode-notifier.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-input-make-vnc-use-mouse-mode-notifiers.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-vnc-make-sure-to-send-pointer-type-change-event-on-S.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-vmmouse-adapt-to-mouse-handler-changes.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-wacom-tablet-activate-event-handlers.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-cursor-add-cursor-functions.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-use-new-cursor-struct-functions-for-vmware-vga-and-s.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-add-spice-into-the-configure-file-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-core-bits-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-keyboard-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-mouse-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-simple-display-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-tablet-support.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-tls-support-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-make-compression-configurable.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-config-options-for-channel-security.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-config-options-for-the-listening-address.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-misc-config-options.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-audio.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-add-copyright-to-spiceaudio.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-core-fix-watching-for-write-events.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-core-fix-warning-when-building-with-spice-0.6..patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-display-replace-private-lock-with-qemu-mutex.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-qxl-device-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-connection-events.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-spice-add-qmp-query-spice-and-hmp-info-spice-command.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-Revert-vnc-support-password-expire.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-vnc-auth-reject-cleanup.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-vnc-support-password-expire-again.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-vnc-spice-add-set_passwd-monitor-command.patch [bz#642131 bz#634153 bz#615947 bz#632458 bz#631832 bz#647865] - kvm-qdev-Track-runtime-machine-modifications.patch [bz#653591] - kvm-rtl8139-Use-subsection-to-restrict-migration-after-h.patch [bz#653591] - kvm-add-migration-state-change-notifiers.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-spice-vnc-client-migration.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-vnc-spice-fix-never-and-now-expire_time.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-spice-qxl-zap-spice-0.4-migration-compatibility-bits.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-spice-add-chardev-v4.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-qxl-locking-fix.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-spice-qxl-locking-fix-for-qemu-kvm.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-spice-qmp-events-restore-rhel6.0-compatibility.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - kvm-spice-monitor-commands-restore-rhel6.0-compatibility.patch [bz#615947 bz#631832 bz#632458 bz#634153 bz#642131 bz#647865] - Resolves: bz#615947 (RFE QMP: support of query spice for guest) - Resolves: bz#631832 (manpage is missing spice options) - Resolves: bz#632458 (Guest may core dump when booting with spice and qxl.) - Resolves: bz#634153 (coredumped when enable qxl without spice) - Resolves: bz#642131 (qemu-kvm aborts of 'qemu_spice_display_create_update: unhandled depth: 0 bits') - Resolves: bz#647865 (support 2560x1440 in qxl) - Resolves: bz#653591 ([RHEL6 Snap13]: Hot-unplugging issue noticed with rtl8139nic after migration of KVM guest.) [qemu-kvm-0.12.1.2-2.132.el6] - kvm-BZ-636494-cpu-check-does-not-correctly-enforce-CPUID.patch [bz#636494] - kvm-QDict-Introduce-qdict_get_qdict.patch [bz#647447] - kvm-monitor-QMP-Drop-info-hpet-query-hpet.patch [bz#647447] - kvm-QMP-Teach-basic-capability-negotiation-to-python-exa.patch [bz#647447] - kvm-QMP-Fix-python-helper-wrt-long-return-strings.patch [bz#647447] - kvm-QMP-update-query-version-documentation.patch [bz#647447] - kvm-Revert-QMP-Remove-leading-whitespace-in-package.patch [bz#647447] - kvm-QMP-monitor-update-do_info_version-to-output-broken-.patch [bz#647447] - kvm-QMP-Remove-leading-whitespace-in-package-again.patch [bz#647447] - kvm-QMP-doc-Add-Stability-Considerations-section.patch [bz#647447] - kvm-QMP-Update-README-file.patch [bz#647447] - kvm-QMP-Revamp-the-Python-class-example.patch [bz#647447] - kvm-QMP-Revamp-the-qmp-shell-script.patch [bz#647447] - kvm-QMP-Drop-vm-info-example-script.patch [bz#647447] - kvm-qemu-char-Introduce-Memory-driver.patch [bz#647447] - kvm-QMP-Introduce-Human-Monitor-passthrough-command.patch [bz#647447] - kvm-QMP-qmp-shell-Introduce-HMP-mode.patch [bz#647447] - kvm-PCI-Export-pci_map_option_rom.patch [bz#667188] - kvm-device-assignment-Allow-PCI-to-manage-the-option-ROM.patch [bz#667188] - kvm-virtio-serial-bus-bump-up-control-vq-size-to-32.patch [bz#656198] - kvm-Move-stdbool.h.patch [bz#635954] - kvm-savevm-Fix-no_migrate.patch [bz#635954] - kvm-device-assignment-Properly-terminate-vmsd.fields.patch [bz#635954] - Resolves: bz#635954 (RFE: Assigned device should block migration) - Resolves: bz#636494 (-cpu check does not correctly enforce CPUID items) - Resolves: bz#647447 (QMP: provide a hmp_passthrough command to allow execution of non-converted commands) - Resolves: bz#656198 (Can only see 16 virtio ports while assigned 30 virtio serial ports on commandLine) - Resolves: bz#667188 (device-assignment leaks option ROM memory) [qemu-kvm-0.12.1.2-2.131.el6] - fix spec file to require systemtap, or configure won't enable the systemtap tapset - Resolves: bz#632722 ([6.1 FEAT] QEMU static tracing framework) [qemu-kvm-0.12.1.2-2.130.el6] - kvm-Bug-632257-Duplicate-CPU-fea.tures-in-cpu-x86_64.con.patch [bz#632257] - kvm-BZ-647308-Support-Westmere-as-a-CPU-model-or-include.patch [bz#647308] - kvm-trace-Add-trace-events-file-for-declaring-trace-even.patch [bz#632722] - kvm-trace-Support-disabled-events-in-trace-events.patch [bz#632722] - kvm-trace-Add-user-documentation.patch [bz#632722] - kvm-trace-Trace-qemu_malloc-and-qemu_vmalloc.patch [bz#632722] - kvm-trace-Trace-virtio-blk-multiwrite-and-paio_submit.patch [bz#632722] - kvm-trace-Trace-virtqueue-operations.patch [bz#632722] - kvm-trace-Trace-port-IO.patch [bz#632722] - kvm-trace-Trace-entry-point-of-balloon-request-handler.patch [bz#632722] - kvm-trace-fix-a-typo.patch [bz#632722] - kvm-trace-fix-a-regex-portability-problem.patch [bz#632722] - kvm-trace-avoid-unnecessary-recompilation-if-nothing-cha.patch [bz#632722] - kvm-trace-Use-portable-format-strings.patch [bz#632722] - kvm-trace-Don-t-strip-lines-containing-arbitrarily.patch [bz#632722] - kvm-trace-Trace-bdrv_aio_-readv-writev.patch [bz#632722] - kvm-trace-remove-timestamp-files-when-cleaning-up.patch [bz#632722] - kvm-trace-Format-strings-must-begin-end-with-double-quot.patch [bz#632722] - kvm-apic-convert-debug-printf-statements-to-tracepoints.patch [bz#632722] - kvm-Add-a-DTrace-tracing-backend-targetted-for-SystemTAP.patch [bz#632722] - kvm-Add-support-for-generating-a-systemtap-tapset-static.patch [bz#632722] - kvm-trace-Trace-vm_start-vm_stop.patch [bz#632722] - spec file changes to enable trace support [bz#632722] - Resolves: bz#632257 (Duplicate CPU fea.tures in cpu-x86_64.conf) - Resolves: bz#632722 ([6.1 FEAT] QEMU static tracing framework) - Resolves: bz#647308 (Support Westmere as a CPU model or included within existing models..) [qemu-kvm-0.12.1.2-2.129.el6] - kvm-let-management-choose-whether-transparent-huge-pages.patch [bz#628308] - kvm-tap-generalize-code-for-different-vnet-header-len.patch [bz#616659] - kvm-tap-add-APIs-for-vnet-header-length.patch [bz#616659] - kvm-vhost_net-mergeable-buffers-support.patch [bz#616659] - kvm-vhost-Fix-address-calculation-in-vhost_dev_sync_regi.patch [bz#623552] - Resolves: bz#616659 (mrg buffers: migration breaks between systems with/without vhost) - Resolves: bz#623552 (SCP image fails from host to guest with vhost on when do migration) - Resolves: bz#628308 ([RFE] let management choose whether transparent huge pages are used) [qemu-kvm-0.12.1.2-2.128.el6] - kvm-virtio-invoke-set_status-callback-on-reset.patch [bz#623735] - kvm-virtio-net-unify-vhost-net-start-stop.patch [bz#623735] - kvm-tap-clear-vhost_net-backend-on-cleanup.patch [bz#623735] - kvm-tap-make-set_offload-a-nop-after-netdev-cleanup.patch [bz#623735] - Resolves: bz#623735 (hot unplug of vhost net virtio NIC causes qemu segfault) [qemu-kvm-0.12.1.2-2.127.el6] - kvm-pci-import-Linux-pci_regs.h.patch [bz#624790] - kvm-pci-s-PCI_SUBVENDOR_ID-PCI_SUBSYSTEM_VENDOR_ID-g.patch [bz#624790] - kvm-pci-use-pci_regs.h.patch [bz#624790] - kvm-pci-add-API-to-add-capability-at-a-known-offset.patch [bz#624790] - kvm-pci-consolidate-pci_add_capability_at_offset-into-pc.patch [bz#624790] - kvm-pci-pci_default_cap_write_config-ignores-wmask.patch [bz#624790] - kvm-pci-Remove-pci_enable_capability_support.patch [bz#624790] - kvm-device-assignment-Use-PCI-capabilities-support.patch [bz#624790] - kvm-pci-Replace-used-bitmap-with-config-byte-map.patch [bz#624790] - kvm-pci-Remove-cap.length-cap.start-cap.supported.patch [bz#624790] - kvm-device-assignment-Move-PCI-capabilities-to-match-phy.patch [bz#624790] - kvm-pci-Remove-capability-specific-handlers.patch [bz#624790] - kvm-device-assignment-Make-use-of-config_map.patch [bz#624790] - kvm-device-assignment-Fix-off-by-one-in-header-check.patch [bz#624790] - kvm-pci-Remove-PCI_CAPABILITY_CONFIG_.patch [bz#624790] - kvm-pci-Error-on-PCI-capability-collisions.patch [bz#624790] - kvm-device-assignment-Error-checking-when-adding-capabil.patch [bz#624790] - kvm-device-assignment-pass-through-and-stub-more-PCI-cap.patch [bz#624790] - Resolves: bz#624790 (pass through fails with KVM using Neterion Inc's X3100 Series 10GbE PCIe I/O Virtualized Server Adapter in Multifunction mode.) [qemu-kvm-0.12.1.2-2.126.el6] - kvm-Fix-build-problem-with-recent-compilers.patch [bz#662633] - kvm-vhost-fix-infinite-loop-on-error-path.patch [bz#628634] - Resolves: bz#628634 (vhost_net: untested error handling in vhost_net_start) - Resolves: bz#662633 (Fix build problem with recent compilers) [qemu-kvm-0.12.1.2-2.125.el6] - kvm-New-option-fake-machine.patch [bz#658288] - spec file code for --enable-fake-machine [bz#658288] - Resolves: bz#658288 (Include (disabled by default) -fake-machine patch on qemu-kvm RPM spec) [qemu-kvm-0.12.1.2-2.124.el6] - kvm-Fix-compilation-error-missing-include-statement.patch [bz#608548] - kvm-use-qemu_blockalign-consistently.patch [bz#608548] - kvm-raw-posix-handle-512-byte-alignment-correctly.patch [bz#608548] - kvm-virtio-blk-propagate-the-required-alignment.patch [bz#608548] - kvm-scsi-disk-propagate-the-required-alignment.patch [bz#608548] - kvm-ide-propagate-the-required-alignment.patch [bz#608548] - kvm-Support-marking-a-device-as-non-migratable.patch [bz#635954] - kvm-device-assignment-Register-as-un-migratable.patch [bz#635954] - Resolves: bz#608548 (QEMU doesn't respect hardware sector size of underlying block device when doing O_DIRECT) - Resolves: bz#635954 (RFE: Assigned device should block migration) [qemu-kvm-0.12.1.2-2.123.el6] - kvm-qcow2-Implement-bdrv_truncate-for-growing-images.patch [bz#613893] - kvm-qemu-img-Add-resize-command-to-grow-shrink-disk-imag.patch [bz#613893] - kvm-qemu-img-Fix-copy-paste-bug-in-documentation.patch [bz#613893] - Resolves: bz#613893 ([RFE] qemu-io enable truncate function for qcow2.) [qemu-kvm-0.12.1.2-2.122.el6] - kvm-cleanup-block-driver-option-handling-in-vl.c.patch [bz#653536] - kvm-Add-cache-unsafe-parameter-to-drive.patch [bz#653536] - kvm-move-unsafe-to-end-of-caching-modes-in-help.patch [bz#653536] - kvm-qemu-img-Eliminate-bdrv_new_open-code-duplication.patch [bz#653536] - kvm-qemu-img-Fix-BRDV_O_FLAGS-typo.patch [bz#653536] - kvm-qemu-img-convert-Use-cache-unsafe-for-output-image.patch [bz#653536] - kvm-block-Fix-virtual-media-change-for-if-none.patch [bz#625319] - kvm-Check-for-invalid-initrd-file.patch [bz#624721] - kvm-qcow-qcow2-implement-bdrv_aio_flush.patch [bz#653972] - kvm-block-Remove-unused-s-hd-in-various-drivers.patch [bz#653972] - kvm-qcow2-Remove-unnecessary-flush-after-L2-write.patch [bz#653972] - kvm-qcow2-Move-sync-out-of-write_refcount_block_entries.patch [bz#653972] - kvm-qcow2-Move-sync-out-of-update_refcount.patch [bz#653972] - kvm-qcow2-Move-sync-out-of-qcow2_alloc_clusters.patch [bz#653972] - kvm-qcow2-Get-rid-of-additional-sync-on-COW.patch [bz#653972] - kvm-cutils-qemu_iovec_copy-and-qemu_iovec_memset.patch [bz#653972] - kvm-qcow2-Avoid-bounce-buffers-for-AIO-read-requests.patch [bz#653972] - kvm-qcow2-Avoid-bounce-buffers-for-AIO-write-requests.patch [bz#653972] - kvm-kill-empty-index-on-qemu-doc.texi.patch [bz#604992] - kvm-add-VMSTATE_BOOL.patch [bz#645342] - kvm-Add-Intel-HD-Audio-support-to-qemu.patch [bz#645342] - Resolves: bz#604992 (index is empty in qemu-doc.html) - Resolves: bz#624721 ([qemu] [rhel6] bad error handling when qemu has no 'read' permissions over {kernel,initrd} files [pass boot options]) - Resolves: bz#625319 (Failed to update the media in floppy device) - Resolves: bz#645342 (Implement QEMU driver for modern sound device like Intel HDA) - Resolves: bz#653536 (qemu-img convert poor performance) - Resolves: bz#653972 (qcow2: Backport performance related patches) [qemu-kvm-0.12.1.2-2.121.el6] - kvm-monitor-Rename-argument-type-b-to-f.patch [bz#625681] - kvm-monitor-New-argument-type-b-bool.patch [bz#625681] - kvm-monitor-Use-argument-type-b-for-set_link.patch [bz#625681] - kvm-monitor-Convert-do_set_link-to-QObject-QError.patch [bz#625681] - Resolves: bz#625681 (RFE QMP: should have command to disconnect and connect network card for whql testing) [qemu-kvm-0.12.1.2-2.120.el6] - kvm-Fix-snapshot-deleting-images-on-disk-change.patch [bz#653582] - Resolves: bz#653582 (Changing media with -snapshot deletes image file) [qemu-kvm-0.12.1.2-2.119.el6] - kvm-bz-603413-e1000-secrc-support.patch [bz#603413] - kvm-net-properly-handle-illegal-fd-vhostfd-from-command-.patch [bz#581750] - kvm-Enable-non-page-boundary-BAR-device-assignment.patch [bz#647307] - kvm-Fix-build-failure-with-DEVICE_ASSIGNMENT_DEBUG.patch [bz#647307] - kvm-slow_map-minor-improvements-to-ROM-BAR-handling.patch [bz#647307] - kvm-device-assignment-Always-use-slow-mapping-for-PCI-op.patch [bz#647307] - kvm-e1000-Fix-TCP-checksum-overflow-with-TSO.patch [bz#648333] - kvm-device-assignment-Fix-slow-option-ROM-mapping.patch [bz#647307] - Resolves: bz#581750 (Vhost: Segfault when assigning a none vhostfd) - Resolves: bz#603413 (RHEL3.9 guest netdump hung with e1000) - Resolves: bz#647307 (Support slow mapping of PCI Bars) - Resolves: bz#648333 (TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS) [qemu-kvm-0.12.1.2-2.118.el6] - kvm-net-delay-freeing-peer-host-device.patch [bz#634661] - kvm-QMP-Improve-debuggability-of-the-BLOCK_IO_ERROR-even.patch [bz#624607] - Resolves: bz#624607 ([qemu] [rhel6] guest installation stop (pause) on 'eother' event over COW disks (thin-provisioning)) - Resolves: bz#634661 ([RHEL6 Snap13]: Hot-unplugging of virtio nic issue in Windows2008 KVM guest.) [qemu-kvm-0.12.1.2-2.117.el6] - kvm-savevm-Really-verify-if-a-drive-supports-snapshots.patch [bz#599307] - kvm-drop-boot-on-from-help-string.patch [bz#643681] - kvm-Fix-parameters-of-prctl.patch [bz#585910] - kvm-Ignore-SRAO-MCE-if-another-MCE-is-being-processed.patch [bz#585910] - kvm-Add-RAM-physical-addr-mapping-in-MCE-simulation.patch [bz#585910] - kvm-Add-savevm-loadvm-support-for-MCE.patch [bz#585910] - kvm-Fix-SRAO-SRAR-MCE-injecting-on-guest-without-MCG_SER.patch [bz#585910] - Resolves: bz#585910 ([Intel 6.1 Bug] SRAO MCE in guest kills QEMU-KVM (qemu-kvm component)) - Resolves: bz#599307 (info snapshot return 'bdrv_snapshot_list: error -95') - Resolves: bz#643681 (Do not advertise boot=on capability to libvirt) [qemu-kvm-0.12.1.2-2.116.el6] - ksmtuned: committed_memory of 0 qemus [bz#609016] - kvm-Fix-underflow-error-in-device-assignment-size-check.patch [bz#632054] - kvm-check-for-close-errors-on-qcow2_create.patch [bz#641127] - Resolves: bz#609016 (incorrect committed memory on idle host) - Resolves: bz#632054 ([Intel 6.0 Virt] guest bootup fail with intel 82574L NIC assigned) - Resolves: bz#641127 (qemu-img ignores close() errors) [qemu-kvm-0.12.1.2-2.115.el6] - kvm-spice-qxl-update-modes-ptr-in-post_load.patch [bz#631522] - kvm-spice-qxl-make-draw_area-and-vgafb-share-memory.patch [bz#631522] - Give a nicer message if retune is called while ksmtuned is off [bz#637976] - Resolves: bz#631522 (spice: prepare qxl for 6.1 update.) - Resolves: bz#637976 (ksmtuned: give a nicer message if retune is called while ksmtuned is off) [qemu-kvm-0.12.1.2-2.114.el6] - fix ksmd.init 'status' [bz#570467] - kvm-virtio-net-Make-tx_timer-timeout-configurable.patch [bz#624767] - kvm-virtio-net-Limit-number-of-packets-sent-per-TX-flush.patch [bz#624767] - kvm-virtio-net-Rename-tx_timer_active-to-tx_waiting.patch [bz#624767] - kvm-virtio-net-Introduce-a-new-bottom-half-packet-TX.patch [bz#624767] - kvm-spice-qxl-enable-some-highres-modes.patch [bz#482427] - kvm-add-MADV_DONTFORK-to-guest-physical-memory-v2.patch [bz#633699] - kvm-virtio-serial-Check-if-virtio-queue-is-ready-before-.patch [bz#596610] - kvm-virtio-serial-Assert-for-virtio-queue-ready-before-v.patch [bz#596610] - kvm-virtio-serial-Check-if-more-max_ports-specified-than.patch [bz#616703] - kvm-virtio-serial-Cleanup-on-device-hot-unplug.patch [bz#624396] - kvm-block-Fix-image-re-open-in-bdrv_commit.patch [bz#635354] - kvm-qxl-clear-dirty-rectangle-on-resize.patch [bz#617119] - kvm-VGA-Don-t-register-deprecated-VBE-range.patch [bz#625948] - kvm-BZ-619168-qemu-should-more-clearly-indicate-internal.patch [bz#619168] - kvm-fix-and-on-russian-keymap.patch [bz#639437] - Resolves: bz#482427 (support high resolutions) - Resolves: bz#570467 ([RHEL 6] Initscripts improvement for ksm and ksmtuned) - Resolves: bz#596610 ('Guest moved used index from 0 to 61440' if remove virtio serial device before virtserialport) - Resolves: bz#616703 (qemu-kvm core dump with virtio-serial-pci max-port greater than 31) - Resolves: bz#617119 (Qemu becomes unresponsive during unattended_installation) - Resolves: bz#619168 (qemu should more clearly indicate internal detection of this host out-of-memory condition at startup..) - Resolves: bz#624396 (migration failed after hot-unplug virtserialport - Unknown savevm section or instance '0000:00:07.0/virtio-console' 0) - Resolves: bz#624767 (Replace virtio-net TX timer mitigation with bottom half handler) - Resolves: bz#625948 (qemu exits when hot adding rtl8139 nic to win2k8 guest) - Resolves: bz#633699 (Cannot hot-plug nic in windows VM when the vmem is larger) - Resolves: bz#635354 (Can not commit copy-on-write image's data to raw backing-image) - Resolves: bz#639437 (Incorrect russian vnc keymap) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1751 CVE-2011-1750 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-131.0.15.el6] - [build] disable Werr for external modules (Aristeu Rozanski) [703504] [2.6.32-131.0.14.el6] - [scsi] hpsa: fix reading a write only register causes a hang (Rob Evers) [703262] - [scsi] mpt2sas: remove the use of writeq, since writeq is not atomic (Tomas Henzl) [701947] [2.6.32-131.0.13.el6] - [scsi] hpsa: fix lost command problem (Tomas Henzl) [700430] - [scsi] cciss: fix lost command problem (Tomas Henzl) [700430] - [scsi] ibft: fix oops during boot (Mike Christie) [698737] [2.6.32-131.0.12.el6] - [scsi] beiscsi: update version (Mike Christie) [674340] - [scsi] be2iscsi: fix chip cleanup (Mike Christie) [674340] - [scsi] be2iscsi: fix boot hang due to interrupts not getting rearmed (Mike Christie) [674340] - [scsi] bnx2fc: fix regression due to incorrect setup of em for npiv port (Mike Christie) [700672] - [ppc] pseries: Use a kmem cache for DTL buffers (Steve Best) [695678] [2.6.32-131.0.11.el6] - [kdump] revert commit 8f4ec27fc to keep crashkernel=auto (Amerigo Wang) [605786] [2.6.32-131.0.10.el6] - [netdrv] cnic: fix hang due to rtnl_lock (Mike Christie) [694874] - [netdrv] firmware: re-add the recently deleted bnx2x fw 6.2.5.0 (Michal Schmidt) [690470] - [netdrv] firmware/bnx2x: add 6.2.9.0 fw, remove unused fw (Michal Schmidt) [690470] - [netdrv] bnx2x, cnic: Disable iSCSI if DCBX negotiation is successful (Michal Schmidt) [690470] - [netdrv] bnx2x: don't write dcb/llfc fields in STORM memory (Michal Schmidt) [690470] - [netdrv] bnx2x: Update firmware to 6.2.9 (Michal Schmidt) [690470] [2.6.32-131.0.9.el6] - [net] limit socket backlog add operation to prevent possible DoS (Jiri Pirko) [694396] {CVE-2010-4251} - [scsi] mpt2sas: prevent heap overflows and unchecked (Tomas Henzl) [694023] {CVE-2011-1494 CVE-2011-1495} - [fs] epoll: prevent creating circular epoll structures (Don Howard) [681683] {CVE-2011-1082} - [mm] Prevent page_fault at do_mm_track_pte+0xc when Stratus dirty page tracking is active (Larry Woodman) [693786] - [fs] GFS2 causes kernel panic in spectator mode (Steven Whitehouse) [696535] - [net] bonding: interface doesn't issue IGMP report on slave interface during failover (Flavio Leitner) [640690] - [scsi] isci: validate oem parameters early, and fallback (David Milburn) [698016] - [scsi] isci: fix oem parameter header definition (David Milburn) [698016] [2.6.32-131.0.8.el6] - [scsi] mark bfa fc adapters tech preview (Rob Evers) [698384] - [virt] Revert pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Aristeu Rozanski) [691310] - [i686] nmi watchdog: Enable panic on hardlockup (Don Zickus) [677532] - [netdrv] Adding Chelsio Firmware for cxgb4 (Neil Horman) [691929] [2.6.32-131.0.7.el6] - [virt] x86: better fix for race between nmi injection and enabling nmi window (Aristeu Rozanski) - [virt] x86: revert 'fix race between nmi injection and enabling nmi window' (Aristeu Rozanski) [2.6.32-131.0.6.el6] - [net] bonding: fix jiffy comparison issues (Andy Gospodarek) [696337] [2.6.32-131.0.5.el6] - [kernel] perf: add script command help (Jiri Olsa) [693050] - [drm] radeon/kms: make radeon i2c put/get bytes less noisy (Frank Arnold) [693829] - [drm] radeon/kms: fix hardcoded EDID handling (Frank Arnold) [693829] - [x86] Revert '[x86] perf: P4 PMU - Fix unflagged overflows handling' (Don Zickus) [688547] - [x86] perf: let everyone share counters on a P4 machine (Don Zickus) [688547] - [fs] nfs: Ensure that NFS4 acl requests don't use slab in skb fraglist (Neil Horman) [682645] {CVE-2011-1090} - [fs] partitions: Validate map_count in Mac partition tables (Danny Feng) [679286] {CVE-2011-1010} [2.6.32-131.0.4.el6] - [scsi] ibft: search for broadcom specific ibft sign (Mike Christie) [696275] - [fs] Fix corrupted OSF partition table parsing (Danny Feng) [688025] {CVE-2011-1163} - [netdrv] ixgbe: DCB, X540 devices do not respond to pause frames (Andy Gospodarek) [694930] - [netdrv] ixgbe: DCB, misallocated packet buffer size with X540 device (Andy Gospodarek) [694930] - [netdrv] ixgbe: refactor common start_hw code for 82599 and x54 (Andy Gospodarek) [694930] - [netdrv] ixgbe: balance free_irq calls with request_irq calls (Andy Gospodarek) [692988] [2.6.32-131.0.3.el6] - [net] sctp: fix the INIT/INIT-ACK chunk length calculation (Thomas Graf) [690743] {CVE-2011-1573} - [kernel] sched: Fix granularity of task_u/stime() (Jerome Marchand) [690998] - [pci] Call PCIe _OSC methods earlier (Matthew Garrett) [693974] - [fs] nfs: use unstable writes for groups of small DIO writes (Jeff Layton) [694309] - [net] CAN: Use inode instead of kernel address for /proc file (Danny Feng) [664561] {CVE-2010-4565} - [x86] mce: reject CEs on Westmere EX MCE bank 6 (Prarit Bhargava) [694891] - [scsi] libfcoe: Incorrect CVL handling for NPIV ports (Mike Christie) [694906] - [x86] perf: Complain louder about BIOSen corrupting CPU/PMU state and continue (Don Zickus) [694913] - [fs] inotify: fix double free/corruption of stuct user (Eric Paris) [656832] {CVE-2010-4250} - [netdrv] netxen: limit skb frags for non tso packet (Chad Dupuis) [695478] - [fs] nfsd4: fix oops on lock failure (J. Bruce Fields) [696376] - [netdrv] Return bnx2 firmware files to Makefile (John Feeney) [696365] - [scsi] be2iscsi: fix be2iscsi rmmod (Mike Christie) [695585] - [netdrv] qlcnic: limit skb frags for non tso packet (Bob Picco) [695488] - [md] Cleanup after raid45->raid0 takeover (Dean Nelson) [694106] - [md] revert 'Cleanup after raid45->raid0 takeover patch' (Dean Nelson) [694106] - [net] bonding: fix incorrect tx queue offset (Andy Gospodarek) [695548] {CVE-2011-1581} - [netdrv] igb: for 82576 EEPROMs reporting invalid size default to 16kB (Stefan Assmann) [695751] - [pci] return correct value when writing to the 'reset' attribute (Alex Williamson) [690291] - [kernel] Initalize call_single_queue during boot to handle left over ipi (Neil Horman) [680478] [2.6.32-131.0.2.el6] - [virt] x86: better fix for race between nmi injection and enabling nmi window (Marcelo Tosatti) [684719] - [virt] x86: revert 'fix race between nmi injection and enabling nmi window' (Marcelo Tosatti) [684719] [2.6.32-131.0.1.el6] - [mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Larry Woodman) [691310] - [drm] i915: backports from stable to fix some regressions (Dave Airlie) [690865] - [fs] svcrpc: complete svsk processing on cb receive failure (J. Bruce Fields) [629030] - [ppc] pseries: fix hang caused by missing spin_unlock in dtl_disable (Steve Best) [694327] - [ppc] pseries: Disable VPNH feature (Steve Best) [694266] - [netdrv] bna: Avoid kernel panic in case of FW heartbeat failure (Ivan Vecera) [694115] - [input] wacom: Move the cintiq initialization down (Peter Hutterer) [693573] - [input] wacom: specify Cinitq supported tools (Peter Hutterer) [693573] - [input] wacom: fix pressure in Cintiq 21UX2 (Peter Hutterer) [693573] - [input] wacom: fix serial number handling on Cintiq 21UX2 (Peter Hutterer) [693573] - [input] wacom: add Cintiq 21UX2 and Intuos4 WL (Peter Hutterer) [693573] - [kernel] spec: strip note and comment from ppc64's vmlinux before checksum is calculated (Aristeu Rozanski) [692515] - [scsi] fcoe: have fcoe log off and lport destroy before ndo_fcoe_disable (Mike Christie) [691611] - [scsi] libfc: rec tov value and REC_TOV_CONST units usages is incorrect (Mike Christie) [691611] - [scsi] libfcoe: fix wrong comment in fcoe_transport_detach (Mike Christie) [691611] - [scsi] libfcoe: clean up netdev mapping properly when the transport goes away (Mike Christie) [691611] - [scsi] fcoe: remove unnecessary module state check (Mike Christie) [691611] - [scsi] fcoe: Remove mutex_trylock/restart_syscall checks (Mike Christie) [691611] - [scsi] libfcoe: Remove mutex_trylock/restart_syscall checks (Mike Christie) [691611] - [scsi] fcoe: correct checking for bonding (Mike Christie) [691611] - [scsi] fcoe: fix broken fcoe interface reset (Mike Christie) [691611] - [scsi] fcoe: precedence bug in fcoe_filter_frames() (Mike Christie) [691611] - [scsi] libfcoe: Move FCOE_MTU definition from fcoe.h to libfcoe.h (Mike Christie) [691611] - [scsi] libfc: remove duplicate ema_list init (Mike Christie) [691611] - [scsi] fcoe, libfc: initialize EM anchors list and then update npiv EMs (Mike Christie) [691611] - [scsi] libfc: Fixing a memory leak when destroying an interface (Mike Christie) [691611] - [scsi] fc: Add GSPN_ID request to header file (Mike Christie) [691611] - [scsi] hpsa: fix pci_device_id table (Tomas Henzl) [684997] - [netdrv] ixgbe: only enable WoL for magic packet by default (Andy Gospodarek) [632598] - [mm] zram: disable zram on ppc64 (Jerome Marchand) [661293] - [mm] zram: update config file (Jerome Marchand) [661293] - [mm] zram: initialize device on first read (Jerome Marchand) [661293] - [mm] zram: fix data corruption issue (Jerome Marchand) [661293] - [mm] zram: xvmalloc: combine duplicate block delete code (Jerome Marchand) [661293] - [mm] zram: Return zero'd pages on new reads (Jerome Marchand) [661293] - [mm] zram: xvmalloc: Close 32byte hole on 64bit CPUs (Jerome Marchand) [661293] - [mm] zram: xvmalloc: create CONFIG_ZRAM_DEBUG for debug code (Jerome Marchand) [661293] - [mm] zram: xvmalloc: free bit block insertion optimization (Jerome Marchand) [661293] - [mm] zram: Prevent overflow in logical block size (Jerome Marchand) [661293] - [mm] zram: vmalloc: Correct tunings to enable use with 64K pages (Jerome Marchand) [661293] - [mm] zram: xvmalloc.c: Fix a typo (Jerome Marchand) [661293] - [mm] zram: Fix sparse warning 'Using plain integer as NULL pointer' (Jerome Marchand) [661293] [2.6.32-131.el6] - [tracing] t_start: reset FTRACE_ITER_HASH in case of seek/pread (Jiri Olsa) [631626] {CVE-2010-3079} - [scsi] scsi_dh_rdac: fix for lun_table update for rdac (Rob Evers) [687878] - [usb] EHCI: unlink unused QHs when the controller is stopped (Don Zickus) [680987] - [fs] Revert '[fs] sunrpc: Use static const char arrays' (Steve Dickson) [690754] - [fs] sunrpc: Propagate errors from xs_bind() through xs_create_sock() (Steve Dickson) [689777] - [net] netfilter: ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko) [689342] - [net] ipv6: netfilter: ip6_tables: fix infoleak to userspace (Jiri Pirko) [689351] {CVE-2011-1172} - [net] netfilter: ip_tables: fix infoleak to userspace (Jiri Pirko) [689334] {CVE-2011-1171} - [net] netfilter: arp_tables: fix infoleak to userspace (Jiri Pirko) [689325] {CVE-2011-1170} - [kernel] remove kernel-debuginfo-common requires from perf-debuginfo (Jason Baron) [682012] - [drm] radeon/kms: check AA resolve registers on r300 + regression fix (Dave Airlie) [680002] {CVE-2011-1016} - [net] fix ebtables stack infoleak (Eugene Teo) [681323] {CVE-2011-1080} - [drm] fix unsigned vs signed comparison issue in modeset ctl ioctl (Don Howard) [679928] {CVE-2011-1013} - [fs] svcrpc: take advantage of tcp autotuning (J. Bruce Fields) [629030] - [fs] SUNRPC: Don't wait for full record to receive tcp data (J. Bruce Fields) [629030] - [net] svcrpc: copy cb reply instead of pages (J. Bruce Fields) [629030] - [fs] svcrpc: close connection if client sends short packet (J. Bruce Fields) [629030] - [fs] svcrpc: note network-order types in svc_process_calldir (J. Bruce Fields) [629030] - [fs] SUNRPC: svc_tcp_recvfrom cleanup (J. Bruce Fields) [629030] - [fs] SUNRPC: requeue tcp socket less frequently (J. Bruce Fields) [629030] - [fs] rpc: move sk_bc_xprt to svc_xprt (J. Bruce Fields) [629030] - [acpi] ACPICA: Truncate I/O addresses to 16 bits for Windows compatibility (Frank Arnold) [593766] [2.6.32-130.el6] - [kernel] kcore: restrict access to the whole memory (Amerigo Wang) [663864] - [scsi] libsas: flush initial device discovery before completing ->scan_finished (David Milburn) [682265] - [md] Cleanup after raid45->raid0 takeover (Doug Ledford) [688725] - [md] partition detection when array becomes active (Doug Ledford) [688725] - [md] avoid spinlock problem in blk_throtl_exit (Doug Ledford) [679096 688725] - [md] correctly handle probe of an 'mdp' device (Doug Ledford) [688725] - [md] don't set_capacity before array is active (Doug Ledford) [688725] - [md] Fix raid1->raid0 takeover (Doug Ledford) [688725] - [md] process hangs at wait_barrier after 0->10 takeover (Doug Ledford) [688725] - [md] md_make_request: don't touch the bio after calling make_request (Doug Ledford) [688725] - [md] Don't allow slot_store while resync/recovery is happening (Doug Ledford) [688725] - [md] don't clear curr_resync_completed at end of resync (Doug Ledford) [688725] - [md] Don't use remove_and_add_spares to remove failed devices from a read-only array (Doug Ledford) [688725] - [md] Add raid1->raid0 takeover support (Doug Ledford) [688725] - [md] Remove the AllReserved flag for component devices (Doug Ledford) [688725] - [md] don't abort checking spares as soon as one cannot be added (Doug Ledford) [688725] - [md] fix the test for finding spares in raid5_start_reshape (Doug Ledford) [688725] - [md] simplify some 'if' conditionals in raid5_start_reshape (Doug Ledford) [688725] - [md] revert change to raid_disks on failure (Doug Ledford) [688725] - [md] Fix removal of extra drives when converting RAID6 to RAID5 (Doug Ledford) [688725] - [md] range check slot number when manually adding a spare (Doug Ledford) [688725] - [md] raid5: handle manually-added spares in start_reshape (Doug Ledford) [688725] - [md] fix sync_completed reporting for very large drives (>2TB) (Doug Ledford) [688725] - [md] allow suspend_lo and suspend_hi to decrease as well as increase (Doug Ledford) [688725] - [md] Don't let implementation detail of curr_resync leak out through sysfs (Doug Ledford) [688725] - [md] separate meta and data devs (Doug Ledford) [688725] - [md] add new param to_sync_page_io() (Doug Ledford) [688725] - [md] new param to calc_dev_sboffset (Doug Ledford) [688725] - [md] Be more careful about clearing flags bit in ->recovery (Doug Ledford) [688725] - [md] md_stop_writes requires mddev_lock (Doug Ledford) [688725] - [md] raid5: use sysfs_notify_dirent_safe to avoid NULL pointer (Doug Ledford) [688725] - [md] Ensure no IO request to get md device before it is properly initialised (Doug Ledford) [688725] - [md] Fix single printks with multiple KERN_<level>s (Doug Ledford) [688725] - [md] fix regression resulting in delays in clearing bits in a bitmap (Doug Ledford) [688725] - [md] fix regression with re-adding devices to arrays with no metadata (Doug Ledford) [688725] - [md] pick some changes from commits to match upstream (Doug Ledford) [688725] - [md] raid1: add takeover support for raid5->raid1 (Doug Ledford) [688725] - [md] pick up some percpu annotations that upstream has (Doug Ledford) [688725] - [md] update includes to match upstream (Doug Ledford) [688725] - [scsi] isci: fix fragile/conditional isci_host lookups (David Milburn) [691591] - [scsi] isci: cleanup isci_remote_device[_not]_ready interface (David Milburn) [691591] - [scsi] isci: Qualify when the host lock is managed for STP/SATA callbacks (David Milburn) [691591] - [scsi] isci: Fix use of SATA soft reset state machine (David Milburn) [691591] - [scsi] isci: Free host lock for SATA/STP abort escalation at submission time (David Milburn) [691591] - [scsi] isci: Properly handle requests in the 'aborting' state (David Milburn) [691591] - [scsi] isci: Remove 'screaming' data types (David Milburn) [691591] - [scsi] isci: remove unused 'remote_device_started' (David Milburn) [691591] - [scsi] isci: namespacecheck cleanups (David Milburn) [691591] - [scsi] isci: kill some long macros (David Milburn) [691591] - [scsi] isci: reorder init to cleanup unneeded declarations (David Milburn) [691591] - [scsi] isci: Remove event_* calls as they are just wrappers (David Milburn) [691591] - [netdrv] iwlagn: Support new 5000 microcode (Stanislaw Gruszka) [682742] - [netdrv] iwlwifi: fix dma mappings and skbs leak (Stanislaw Gruszka) [682726] - [netdrv] iwl3945: remove plcp check (Stanislaw Gruszka) [679002] - [netdrv] iwlwifi: add {ack,plpc}_check module parameters (Stanislaw Gruszka) [620501] - [fs] ext4: Fix ext4_quota_write cross block boundary behaviour (Lukas Czerner) [680105] - [fs] quota: Don't write quota info in dquot_commit() (Lukas Czerner) [680105] - [netdrv] be2net: Change f/w command versions for Lancer (Ivan Vecera) [685027] - [netdrv] be2net: Remove ERR compl workaround for Lancer (Ivan Vecera) [685027] - [netdrv] be2net: fix to ignore transparent vlan ids wrongly indicated by NIC (Ivan Vecera) [685027] - [netdrv] be2net: pass proper hdr_size while flashing redboot (Ivan Vecera) [685027] - [netdrv] be2net: Allow VFs to call be_cmd_reset_function (Ivan Vecera) [685027] - [netdrv] be2net: pass domain numbers for pmac_add/del functions (Ivan Vecera) [685027] - [netdrv] be2net: Initialize and cleanup sriov resources only if pci_enable_sriov has succeeded (Ivan Vecera) [685027] - [netdrv] be2net: Use domain id when be_cmd_if_destroy is called (Ivan Vecera) [685027] - [netdrv] be2net: While configuring QOS for VF, pass proper domain id (Ivan Vecera) [685027] - [netdrv] benet: Avoid potential null deref in be_cmd_get_seeprom_data() (Ivan Vecera) [685027] - [netdrv] benet: fix be_cmd_multicast_set() memcpy bug (Ivan Vecera) [685027] - [ppc] kdump: Override crash_free_reserved_phys_range to avoid freeing RTAS (Steve Best) [672983] - [kernel] kdump: Allow shrinking of kdump region to be overridden (Steve Best) [672983] - [scsi] bnx2fc: Bumped version to 1.0.2 (Mike Christie) [683153] - [scsi] bnx2fc: Fix kernel panic when deleting NPIV ports (Mike Christie) [683153] - [scsi] bnx2fc: scsi_dma_unmap() not invoked on IO completions (Mike Christie) [683153] - [scsi] bnx2fc: host stats show the link speed 'unknown' on NIC partitioned interfaces (Mike Christie) [683153] - [scsi] bnx2fc: IO completion not processed due to missed wakeup (Mike Christie) [683153] - [scsi] bnx2fc: Bump version to 1.0.1 (Mike Christie) [683153] - [scsi] bnx2fc: Remove unnecessary module state checks (Mike Christie) [683153] - [scsi] bnx2fc: Fix MTU issue by using static MTU (Mike Christie) [683153] - [scsi] bnx2fc: Remove network bonding checking (Mike Christie) [683153] - [scsi] bnx2fc: Call bnx2fc_return_rqe and bnx2fc_get_next_rqe with tgt lock held (Mike Christie) [683153] - [scsi] bnx2fc: common free list for cleanup commands (Mike Christie) [683153] - [scsi] bnx2fc: Remove rtnl_trylock/restart_syscall checks (Mike Christie) [683153] - [netdrv] cnic: Fix lost interrupt on bnx2x (Mike Christie) [683153] - [netdrv] cnic: Prevent status block race conditions with hardware (Mike Christie) [683153] - [kernel] ring-buffer: Use sync sched protection on ring buffer resizing (Jiri Olsa) [676583] - [kernel] tracing: avoid soft lockup in trace_pipe (Jiri Olsa) [676583] - [kernel] tracing: Fix a race in function profile (Jiri Olsa) [676583] - [block] cfq-iosched: Don't update group weights when on service tree (Vivek Goyal) [689551] - [block] cfq-iosched: Get rid of on_st flag (Vivek Goyal) [689551] - [net] tcp_cubic: fix low utilization of CUBIC with HyStart (Thomas Graf) [616985] - [net] tcp_cubic: make the delay threshold of HyStart less sensitive (Thomas Graf) [616985] - [net] tcp_cubic: enable high resolution ack time if needed (Thomas Graf) [616985] - [net] tcp_cubic: fix clock dependency (Thomas Graf) [616985] - [net] tcp_cubic: make ack train delta value a parameter (Thomas Graf) [616985] - [net] tcp_cubic: fix comparison of jiffies (Thomas Graf) [616985] - [net] tcp: fix RTT for quick packets in congestion control (Thomas Graf) [616985] - [fs] fix GFS2 filesystem hang caused by incorrect lock order (Robert S Peterson) [651584] - [fs] btrfs: bring us up to date with .38 (Josef Bacik) [684667] - [ppc] add dynamic dma window support minor updates (Steve Best) [691952] - [ppc] ptrace: Remove BUG_ON when full register set not available (Steve Best) [678099] - [ppc] pseries: Disable MSI using new interface if possible (Steve Best) [684961] - [ppc] kexec: Fix orphaned offline CPUs across kexec (Steve Best) [682875] - [net] ipsec: Disable granular bundles (Herbert Xu) [631833] - [scsi] libsas: fix runaway error handler problem (David Milburn) [691527] - [scsi] mpt2sas: Added customer specific display support (Tomas Henzl) [684841] - [scsi] Add next gen Dell Powervault controller MD36xxf into RDAC device list (Shyam Iyer) [688979] - [kernel] perf: Fix task context scheduling (Jiri Olsa) [688065] - [drm] nouveau: disable acceleration on NVA3/NVA5/NVA8/NVAF by default (Ben Skeggs) [684816] - [kernel] radix: don't tag the root if we didn't tag within our range (Josef Bacik) [681439] - [block] blk-throttle: Do not use kblockd workqueue for throtl work (Vivek Goyal) [681360] - [sound] ALSA: HDA hdmi related fixes (Jaroslav Kysela) [671501] - [pci] Preserve Existing pci sort whitelists for Dell systems (Shyam Iyer) [688954] - [x86] perf: Add support for AMD family 15h core counters family 15h core counters (Robert Richter) [635671] - [x86] hpwdt: fix section mismatch warning (Prarit Bhargava) [689837] - [x86] UV: Correct kABI from upstream (George Beshers) [684957] - [x86] When cleaning MTRRs, do not fold WP into UC (Prarit Bhargava) [682758] - [virt] xen-blkfront: handle Xen major numbers other than XENVBD (Andrew Jones) [691339] - [virt] Fix regression with SMP guests (Zachary Amsden) [681133] - [netdrv] enic: update to version 2.1.1.13 (Andy Gospodarek) [684865] - [netdrv] igb: full support for i350 devices (Stefan Assmann) [687932] - [fs] NFS: Fix a hang/infinite loop in nfs_wb_page() (Steve Dickson) [672305] - [fs] nfsd: fix auth_domain reference leak on nlm operations (J. Bruce Fields) [690900] - [fs] svcrpc: ensure cache_check caller sees updated entry (J. Bruce Fields) [690900] - [fs] svcrpc: take lock on turning entry NEGATIVE in cache_check (J. Bruce Fields) [690900] - [fs] svcrpc: modifying valid sunrpc cache entries is racy (J. Bruce Fields) [690900] - [fs] sunrpc: extract some common sunrpc_cache code from nfsd (Steve Dickson) [690900] - [infiniband] RDMA/cxgb4: Initialization errors can cause crash (Steve Best) [647013] - [infiniband] RDMA/cxgb4: Don't change QP state outside EP lock (Steve Best) [647013] - [infiniband] RDMA/cxgb4: Remove db_drop_task (Steve Best) [647013] - [infiniband] RDMA/cxgb4: Do CIDX_INC updates every 1/16 CQ depth CQE reaps (Steve Best) [647013] - [infiniband] RDMA/cxgb4: Dispatch FATAL event on EEH errors (Steve Best) [647013] - [infiniband] RDMA/cxgb4: Set the correct device physical function for iwarp connections (Steve Best) [647013] - [infiniband] RDMA/cxgb4: limit MAXBURST EQ context field to 256B (Steve Best) [647013] - [infiniband] RDMA/cxgb4: Don't re-init wait object in init/fini paths (Steve Best) [647013] - [infiniband] RMDA/cxgb4 kfifo changes (Steve Best) [647013] - [netdrv] cxgb4 driver update (Neil Horman) [647006] - [tracing] Add unstable sched clock note to the warning (Jiri Olsa) [666264] - [x86] Reevaluate T-states on CPU hot-add (Matthew Garrett) [673442] - [scsi] libsas: fix/amend device gone notification in sas_deform_port (David Milburn) [682315] - [kdump] kexec: move the crashkernel=auto logic into kernel spec file (Amerigo Wang) [605786] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-4251 CVE-2011-1171 CVE-2010-3881 CVE-2011-1023 CVE-2011-1170 CVE-2010-4805 CVE-2011-1090 CVE-2011-1494 CVE-2011-1495 CVE-2011-0999 CVE-2011-1581 CVE-2011-1010 CVE-2011-1163 CVE-2011-1082 CVE-2011-1172 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [3.1.10-1] - Resolves: #639365 - Rebase squid to version 3.1.10 - Resolves: #666533 - small memleak in squid-3.1.4 LOW Copyright 2011 Oracle, Inc. CVE-2010-3072 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 python: [2.6.6-20] Resolves: CVE-2010-3493 [2.6.6-19] Resolves: CVE-2011-1015 [2.6.6-18] Resolves: CVE-2011-1521 [2.6.6-17] - recompile against systemtap 1.4 Related: rhbz#569695 [2.6.6-16] - recompile against systemtap 1.4 Related: rhbz#569695 [2.6.6-15] - fix race condition that sometimes breaks the build with parallel make Resolves: rhbz#690315 [2.6.6-14] - backport pre-canned ways of salting a password to the 'crypt' module Resolves: rhbz#681878 [2.6.6-13] - move lib2to3/tests to the python-test subpackage Related: rhbz#625395 [2.6.6-12] - fix a new test in 2.6.6 that was failing on 64-bit big-endian architectures Resolves: rhbz#677392 [2.6.6-11] - fix incompatibility between 2.6.6 and our non-standard M2Crypto.SSL.SSLTimeoutError Resolves: rhbz#681811 [2.6.6-10] - add workaround for bug in rhythmbox-0.12 exposed by python 2.6.6 Resolves: rhbz#684991 [2.6.6-9] - prevent tracebacks for the 'py-bt' gdb command on x86_64 Resolves: rhbz#639392 [2.6.6-8] - fix a regression in 2.6.6 relative to 2.6.5 in urllib2 Resolves: rhbz#669847 [2.6.6-7] - add an optional 'timeout' argument to the subprocess module (patch 131) Resolves: rhbz#567229 [2.6.6-6] - prevent _sqlite3.so being built with a redundant RPATH of _libdir (patch 130) - remove DOS batch file 'idle.bat' - remove shebang lines from .py files that aren't executable, and remove executability from .py files that don't have a shebang line Related: rhbz#634944 - add 'Obsoletes: python-ssl' to core package, as 2.6 contains the ssl module Resolves: rhbz#529274 [2.6.6-5] - allow the 'no_proxy' environment variable to override 'ftp_proxy' in urllib2 (patch 128) Resolves: rhbz#637895 - make garbage-collection assertion failures more informative (patch 129) Resolves: rhbz#614680 [2.6.6-4] - backport subprocess fixes to use the 'poll' system call, rather than 'select' Resolves: rhbz#650588 [2.6.6-3] - use an ephemeral port for IDLE, enabling multiple instances to be run Resolves: rhbz#639222 - add systemtap static markers, tapsets, and example scripts Resolves: rhbz#569695 [2.6.6-2] - fix dbm.release on ppc64/s390x Resolves: rhbz#626756 - fix missing lib2to3 test files Resolves: rhbz#625395 - fix test.test_commands SELinux incompatibility Resolves: rhbz#625393 - make 'pydoc -k' more robust in the face of broken modules Resolves: rhbz#603073 [2.6.6-1] - rebase to 2.6.6: (which contains the big whitespace cleanup of r81031) http://www.python.org/download/releases/2.6.6/ - fixup patch 102, patch 11, patch 52, patch 110 - drop upstreamed patches: patch 113 (CVE-2010-1634), patch 114 (CVE-2010-2089), patch 115 (CVE-2008-5983), patch 116 (rhbz598564), patch 118 (rhbz540518) - add fix for upstream bug in test_posix.py introduced in 2.6.6 (patch 120) Resolves: rhbz#627301 python-docs: [2.6.6-2] - rebuild [2.6.6-1] - rebase to 2.6.6 to track the main python package Related: rhbz#627301 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1521 CVE-2010-3493 CVE-2011-1015 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [5.10.1-119] - 692862 - lc launders tainted flag, CVE-2011-1487 - make SOURCE1 executable, because it missed +x in brew - Resolves: rhbz#692862 [5.10.1-118] - Correct perl-5.10.1-rt77352.patch - Related: rhbz#640720 [5.10.1-117] - 671352 CGI-3.51 security update - Resolves: rhbz#671352 [5.10.1-116] - require Digest::SHA 640716 - remove removal of NDBM 640729 - remove unsupported option fork from prove's documentation 609492 - Thread desctructor leaks 640720 - update threads to 1.82 (bugfixes releases) 626330 - remove unused patches from cvs - Resolves: rhbz#640729, rhbz#640716, rhbz#609492, rhbz#640720, rhbz#626330 MODERATE Copyright 2011 Oracle, Inc. CVE-2010-2761 CVE-2010-4410 CVE-2011-1487 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.5.1-34] - Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead [1.5.1-33] - Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal [1.5.1-32] - Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage [1.5.1-31] - Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password [1.5.1-30] - Resolves: rhbz#696972 - Filters not honoured against fully-qualified users [1.5.1-29] - Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak LOW Copyright 2011 Oracle, Inc. CVE-2010-4341 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 eclipse: [1:3.6.1-6.13] - Drop patch to remove ant-trax (needed by test runs). [1:3.6.1-6.12] - Add two upstream patches to allow for running SDK JUnit tests. [1:3.6.1-6.11] - Bring in line with Fedora. - Remove some stuff that is now done in eclipse-build. - Fix sources URL. - Add PDE dependency on zip for pdebuild script. - Use new eclipse-build targets. - Increase minimum required memory in eclipse.ini. [1:3.6.1-6.10] - Put ant.launching into JDT's dropins directory. [1:3.6.1-6.9] - Use apache-tomcat-apis JARs. - Version objectweb-asm BR/R. [1:3.6.1-6.8] - Fix JSP API symlinks. [1:3.6.1-6.7] - Install o.e.jdt.junit.core in jdt (rhbz#663207). [1:3.6.1-6] - Add Eclipse help XSS vulnerability fix (RH Bz #661901). [1:3.6.1-5] - Remove work around for openjdk bug#647737 as openjdk has posted its own work around and will shortly be fixing problem correctly. [1:3.6.1-4] - Work around for openjdk bug#647737. [1:3.6.1-3] - Add missing Requires on tomcat5-jsp-api (bug#650145). [1:3.6.1-2] - Add prepare-build-dir.sh patch. [1:3.6.1-1] - Update to 3.6.1. [1:3.6.0-3] - Increasing min versions for jetty, icu4j-eclipse and sat4j. [1:3.6.0-2] - o.e.core.net.linux is no longer x86 only. [1:3.6.0-1] - Update to 3.6.0. - Based on eclipse-build 0.6.1 RC0. [1:3.5.2-10] - Rebuild for new jetty. [1:3.5.2-9] - Fix typo in symlinking. [1:3.5.2-8] - No need to link jasper. [1:3.5.2-7] - Fix servlet and jsp apis symlinks. [1:3.5.2-6] - Fix jetty symlinks. eclipse-birt: [2.6.0-1.1] - RHEL 6.1 rebase to Helios. [2.6.0-1] - Update to 2.6.0. - Build rhino plugin as part of BIRT chart feature. - Remove unnecessary dependencies. eclipse-callgraph: [0.6.1-1] - Update to upstream 0.6.1 release. - Add reasonable required dependency versions. [0.6.0-2] - Update tag to correct version [0.6.0-1] - Update to version 0.6 of Linux Tools Proect. [0.5.0-1] - Resolves: #575108 - Rebase to Linux tools 0.5 release. [0.4.0-2] - Resolves: #553288 - Only support i686, x86_64 for RHEL6 and above. [0.4.0-1] - Update to version 0.4 of Linux Tools Project and remove tests feature [0.0.1-3] - Added ExcludeArch for ppc64 because eclipse-cdt is not present [0.0.1-2] - Some more changes to spec file [0.0.1-1] - Make minor changes to spec file [0.0.1-1] - Initial creation of eclipse-callgraph eclipse-cdt: [1:7.0.1-4] - Resolves: #678364 - Modify a version of copy-platform so it does not add wild-cards when looking in the dropins folder. [1:7.0.1-3] - Resolves: #679543, #678364 - Fix libhover local patch to change location specifiers in glibc and libstdc++ plug-ins. - Fix build so that it still works if eclipse-cdt-parsers is currently installed. [1:7.0.1-2] - Resolves: #622713 - Resolves: #668890 - Fix problems with applying autotools and libhover local patches [1:7.0.1-1] - Resolves: #656333 - Rebase to 7.0.1 (Helios SR1) including gdb hardware support fix - Rebase to Autotools/Libhover 0.7 - Fix Eclipse bug 286162 eclipse-changelog: [1:2.7.0-1] - Resolves: #669499 - Update to 2.7.0. - Update requires. eclipse-dtp: [1.8.1-1.1] - RHEL 6.1 rebase. [1.8.1-1] - Update to 1.8.1 (Helios SR1). [1.8.0-1] - Update to 1.8.0 (Helios). - Clarify get-dtp.sh a bit. - Re-generate Java 6 patch. eclipse-emf: [2.6.0-1] - Resolves: #656344 - Rebase to 2.6.0 (Helios SR1) eclipse-gef: [3.6.1-3] - Fix patch that disables examples source plugin. [3.6.1-2] - Remove example source JARs. - Don't build debuginfo. [3.6.1-1] - Update to 3.6.1. [3.6.0-1] - Update to 3.6.0. eclipse-linuxprofilingframework: [0.6.1-1] - Resolves: #669461 - Rebase to Linux Tools 0.6.1 version. eclipse-mylyn: [3.4.2-9] - Fix incorrect install_loc path. - Resolves: rhbz#673174. [3.4.2-8] - Add back missing changelog entries. - Fix mixed tabs and spaces. [3.4.2-7] - Fix qualifier to match upstream. - Resolves: rhbz#669819. [3.4.2-6] - Put back in %{_libdir} due to multilib issues. [3.4.2-5] - Fix symlink to updated jdom 1.1.1 jar. [3.4.2-4] - Fix symlink to non-existing versioned jar. [3.4.2-3] - Really fix FTBFS. [3.4.2-2] - Fix FTBFS RH Bz #660784 [3.4.2-1] - Update to 3.4.2. [3.4.1-3] - Fix obsoletes/provides for eclipse-cdt-mylyn using an epoch of 2. [3.4.1-2] - Backport patch for wikitext to work with Fedora wiki. [3.4.1-1] - Update to 3.4.1. [3.4.0-4] - Add Wikitext SDK to eclipse-mylyn [3.4.0-3] - Relax cdt requires, remove extraneous links, fix xmlrpc split [3.4.0-2] - Add required jar links to mylyn dropins directory [3.4.0-1] - Update to 3.4.0. Add mylyn-commons feature, remove commons.soap eclipse-oprofile: [0.6.1-1] - Rebase to Linux tools 0.6.1. [0.5.0-1] - Resolves: #575107 - Rebase to Linux tools 0.5.0. [0.4.0-2] - Only build on x86 and x86_64. [0.4.0-1] - 0.4.0 (long overdue) [0.2.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.2.0-2] - Add -Dconfigs to fix compile. [0.2.0-1] - 0.2.0 [0.1.0-4] - Rebuild for new pdebuild. [0.1.0-3] - Refined patch for gcc build failures. [0.1.0-2] - Add patch for gcc build failure. [0.1.0-1] - Initial packaging. eclipse-rse: [3.2-1] - Resolves: #656338 - Rebase to 3.2 (Helios) [3.1.2-1] - Resolves: #566766 - Rebase to 3.1.2 (Galileo SR2 version) - Remove oro requirement as it is not needed. [3.1.1-2.2] - Don't build debuginfo if building arch-specific packages. [3.1.1-2.1] - Only build on x86 and x86_64 since we only have eclipse on those arches [3.1.1-2] - Update plugin and feature version property files. [3.1.1-1] - Move to 3.1.1 tarball. [3.1-2] - Add BuildArch noarch. [3.1-1] - Move to 3.1 tarball. [3.0.3-4] - Resolves #514630 [3.0.3-3] - Restrict arch support to those supported by prereq CDT. [3.0.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [3.0.3-1] - Initial release. eclipse-valgrind: [0.6.1-1] - Upstream 0.6.1 release. [0.6.0-1] - Upstream 0.6.0 release. [0.5.0-2] - Match upstream qualifier. [0.5.0-1] - Rebase to 0.5.0. [0.4.1-1] - Upstream 0.4.1 release. [0.4.0-0.2] - Make it Exclusive i386 i486 i586 i686 pentium3 pentium4 athlon geode x86_64. [0.4.0-0.1] - Pre-release of 0.4.0. [0.3.0-1] - Upstream 0.3.0 release. [0.2.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.2.1-2] - Fix Massif parsing for unknown symbols (Eclipse#281417). [0.2.1-1] - Upstream 0.2.1 release. [0.2.0-2] - Adding cachegrind plugin to fetch script. [0.2.0-1] - Upstream 0.2.0 release. [0.1.0-6] - Don't generate debuginfo (rhbz#494719). [0.1.0-5] - Rebuild for changes in pdebuild to not ship p2 metadata. [0.1.0-4] - Fixed Massif parser crashing on other locales. [0.1.0-3] - Changing to arch dependent for CDT dependency. - Setting minimum Valgrind requirement to 3.3.0. [0.1.0-2] - No eclipse-cdt on ppc64 -> ExcludeArch. [0.1.0-1] - Initial package. icu4j: [1:4.2.1-5] - Remove maven bits. - Restore missing changelog entries. [1:4.2.1-4] - Bring back epoch. [1:4.2.1-3] - fix arch-related statements so we build on s390 variants. [1:4.2.1-1] - Update to 4.2.1. jetty-eclipse: [6.1.24-2] - Resolves: #661845 - Bump version to allow make tag to work. [6.1.24-1] - Resolves: #661845 - Rebase to release based on jetty-6.1.24. objectweb-asm: [0:3.2-2.1] - Rebuild for RHEL 6.1. [0:3.2.1-2] - Change depmap parent id to asm (bug #606659) [0:3.2.1] - Upgrade to 3.2 sat4j: [2.2.0-4] - update to 2.2.0 and move to RHEL 6.1 - removed ecj dependency - fixed to run against Java 1.5+ LOW Copyright 2011 Oracle, Inc. CVE-2010-4647 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.7.17-17] - Remove dependency on gfs2-utils. resolves: rhbz#695138 [1.7.17-16] - Canonicalize /dev/vd* paths in virt-inspector code. resolves: rhbz#691724 [1.7.17-15] - Fix trace segfault for non-daemon functions. resolves: rhbz#676788 [1.7.17-14] - Add explicit BuildRequires for latest augeas. (RHBZ#677616) [1.7.17-13] - Rebuild to pick up new augeas lens (RHBZ#677616) [1.7.17-12] - Fix typo in virt-make-fs manual page. resolves: rhbz#673721 - Add a grep-friendly string to LIBGUESTFS_TRACE output. resolves: rhbz#673477 [1.7.17-11] - Only runtime require febootstrap-supermin-helper (not whole of febootstrap) (RHBZ#669840). [1.7.17-10] - Remove external hexedit script and make guestfish users set . This is because requiring emacs pulls in all of X (RHBZ#641494). [1.7.17-9] - Fix: guestfish fails when guest fstab entry does not exist (RHBZ#668611). [1.7.17-8] - Backport patches up to upstream 1.8.1. (RHBZ#613593) - Fixes: * guestfish: fails to tilde expand '~' when /home/ksharma unset (RHBZ#617440) * libguestfs: unknown filesystem /dev/fd0 (RHBZ#666577) * libguestfs: unknown filesystem label SWAP-sda2 (RHBZ#666578) * libguestfs: unknown filesystem /dev/hd{x} (cdrom) (RHBZ#666579) * virt-filesystems fails on guest with corrupt filesystem label (RHBZ#668115) * emphasize 'libguestfs-winsupport' in error output (RHBZ#627468) [1.7.17-4] - Backport patches up to upstream 1.8.0 _except_ for: * changes which require febootstrap 3.x * changes which were only relevant for other distros [1.7.17-3] - New upstream version 1.7.17, rebase for RHEL 6.1 (RHBZ#613593). - Require febootstrap >= 2.11. - Split out new libguestfs-tools-c package from libguestfs-tools. . This is so that the -tools-c package can be pulled in by people wanting to avoid a dependency on Perl, while -tools pulls in everything as before. . The C tools currently are: cat, df, filesystems, fish, inspector, ls, mount, rescue. . libguestfs-tools no longer pulls in guestfish. - guestfish no longer requires pod2text, hence no longer requires perl. - guestfish also depends on: less, man, vi, emacs. - Add BR db4-utils (although since RPM needs it, it not really necessary). - Runtime requires on db4-utils should be on core lib, not tools package. - Change all 'Requires: perl-Foo' to 'Requires: perl(Foo)'. - New manual pages containing example code. - Ship examples for C, OCaml, Ruby, Python. - Don't ship HTML versions of man pages. - Rebase no-fuse-test patch to latest version. - New tool: virt-filesystems. - Rename perl-libguestfs as perl-Sys-Guestfs (RHBZ#652587). - Remove guestfs-actions.h and guestfs-structs.h. Libguestfs now [header file.] - Add AUTHORS file from tarball. [1.6.2-4] - New upstream stable version 1.6.2, rebase for RHEL 6.1 (RHBZ#613593). - Remove previous patches which are now all upstream and in this new version. - BR febootstrap 2.10 (RHBZ#628849). - BR cryptsetup-luks for new LUKS encryption support. - ocaml-xml-light{,-devel} is no longer required to build. - guestfish is no longer dependent on virt-inspector. - Require the ruby package. - Disable PHP and Haskell bindings in configure (they wouldn't build anyway, but this will help people building from source). - Set sysconfdir in configure. - --enable-debug-command is no longer required by configure script. - New command 'virt-make-fs'. - Include virt-inspector2, upstream replacement for virt-inspector. - Provide hexedit replacement script for guestfish. - BR autotools, and rerun after applying patches. LOW Copyright 2011 Oracle, Inc. CVE-2010-3851 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.7.4p5-5] - patch: log failed user role changes Resolves: rhbz#665131 [1.7.4p5-4] - added #includedir /etc/sudoers.d to sudoers Resolves: rhbz#615087 [1.7.4p5-3] - added !visiblepw option to sudoers Resolves: rhbz#688640 [1.7.4p5-2] - added patch for rhbz#665131 Resolves: rhbz#665131 [1.7.4p5-1] - rebase to latest stable version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - sync configuration paths with the nss_ldap package Resolves: rhbz#615087 Resolves: rhbz#652726 Resolves: rhbz#634159 Resolves: rhbz#603823 LOW Copyright 2011 Oracle, Inc. CVE-2011-0010 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.0.9-2] - fix issues and assert crashes found in 2.0.9 (lmtp,dotlock,zlib) [2.0.9-1] - dovecot updated to 2.0.9 - fixed a high system CPU usage / high context switch count performance problem - lda: Fixed a crash when trying to send 'out of quota' reply [2.0.8-1] - dovecot updated to 2.0.8 (fixes #654226), pigeonhole updated to 0.2.2 - IMAP: Fixed SELECT QRESYNC not to crash on mailbox close if a lot of changes w ere being sent. - Fixed leaking fds when writing to dovecot.mailbox.log. - Fixed rare dovecot.index.cache corruption - zlib: Fixed several crashes, which mainly showed up with mbox. - acl: Fixed crashing when sometimes listing shared mailboxes via dict proxy. - mdbox: Fixed potential assert-crash when saving multiple messages in one transaction - dsync: a lot of fixes - fixed lda + sieve crash MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3707 CVE-2010-3780 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.7.9-3.el6] - Add patch for RH bug #684685 (zero-out crypto keys before freeing). [2.7.9-2.el6] - Add patch for CVE-2011-1091 (RH bug #683031). [2.7.9-1.el6] - Update to 2.7.9 (RH bug #616917). - Remove patches now included upstream: pidgin-2.6.6-clientLogin-proxy-fix.patch pidgin-2.6.6-clientLogin-use-https.patch pidgin-2.6.6-CVE-2010-1624.patch pidgin-2.6.6-CVE-2010-3711.patch - Disable the translation updates patch. It doesn't apply anymore and will have to be redone. Saving the patch for now in case some parts are still useful to translators. LOW Copyright 2011 Oracle, Inc. CVE-2011-1091 CVE-2011-4922 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document [1.0.0-8] - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode [1.0.0-7] - listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6 (#601612) - fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers (#619762) [1.0.0-6] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-5] - fix race in extension parsing code - CVE-2010-3864 (#649304) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0014 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.6.25-11] - Fix for CVE-2011-1002 - Resolves: #684886 - Actually apply the patch [0.6.25-10] - Fix for CVE-2011-1002 - Resolves: #684886 [0.6.25-9] - Don't stomp on rpm's default CFLAGS when building MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1002 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream MODERATE Copyright 2011 Oracle, Inc. CVE-2011-0013 CVE-2010-4172 CVE-2010-3718 cpe:/a:oracle:linux:6:1:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.6.32-131.2.1.el6] - [kernel] lib/vsprintf.c: add %pU to print UUID/GUIDs (Frantisek Hrbata) [704280 700299] - [scsi] megaraid_sas: Driver only report tape drive, JBOD and logic drives (Tomas Henzl) [704601 619422] [2.6.32-131.1.1.el6] - [net] dccp: handle invalid feature options length (Jiri Pirko) [703012 703013] {CVE-2011-1770} - [fs] cifs: check for private_data before trying to put it (Jeff Layton) [703017 702642] {CVE-2011-1771} - [net] can: add missing socket check in can/raw and can/bcm release (Jiri Pirko) [698482 698483] {CVE-2011-1748 CVE-2011-1598} - [netdrv] ixgbe: do not clear FCoE DDP error status for received ABTS (Andy Gospodarek) [704011 695966] - [netdrv] ixgbe: DCB remove ixgbe_fcoe_getapp routine (Andy Gospodarek) [704002 694358] - [fs] setup_arg_pages: diagnose excessive argument size (Oleg Nesterov) [645228 645229] {CVE-2010-3858} - [scsi] bfa: change tech-preview to cover all cases (Rob Evers) [704014 703251] - [scsi] bfa: driver version update (Rob Evers) [704282 703265] - [scsi] bfa: kdump fix (Rob Evers) [704282 703265] - [scsi] bfa: firmware download fix (Rob Evers) [704282 703265] - [netdrv] bna: fix memory leak during RX path cleanup (Ivan Vecera) [704000 698625] - [netdrv] bna: fix for clean fw re-initialization (Ivan Vecera) [704000 698625] - [scsi] ipr: improve interrupt service routine performance (Steve Best) [704009 696754] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-3858 CVE-2011-1598 CVE-2011-1748 CVE-2011-1770 CVE-2011-1771 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2:2.6.9-4.1] - fix various overflows (#666793, #703403, #703405, #703407, #704512) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4542 CVE-2010-4540 CVE-2010-4541 CVE-2010-4543 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [1.4.6.0.1.el6_1.1] - remove doc/SystemTap_Beginners_Guide/en-US in tarball - comment bz683569.patch in specfile [1.3-4.1] - bz702687 (patch) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1781 CVE-2011-1769 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2:2.6.6-2.2] - fix CVE-2011-1720 (#704136) Resolves: rhbz#704136 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1720 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:5:6:patch Oracle Linux 5 Oracle Linux 6 [1.3.9-3.2] - add fix for apr_fnmatch() regression (CVE-2011-1928, #706352) LOW Copyright 2011 Oracle, Inc. CVE-2011-1928 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 Oracle Linux 5 [32:9.7.3-2.1.P1] - update to 9.7.3-P1 (CVE-2011-1910) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1910 cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.6.0.0-1.39.1.9.8] - Resolves: rhbz#709375 - Bumped to IcedTea6 1.9.8 - Copy fontconfig files to match names for current and next release - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-0862 CVE-2011-0865 CVE-2011-0864 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0:2.7.1-12.6] - Add xerces-j2-CVE-2009-2625.patch - Resolves: rhbz#690931 CVE-2009-2625 MODERATE Copyright 2011 Oracle, Inc. CVE-2009-2625 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 Oracle Linux 5 [2.3.16-6.2] - do not use strict aliasing [2.3.16-6.1] - fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1926 cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [1.6.11-2.4] - add security fixes for CVE-2011-1752, CVE-2011-1783, CVE-2011-1921 (#709220) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1921 CVE-2011-1752 CVE-2011-1783 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:6:patch Oracle Linux 6 [1.0.90-0.15.20110314svn4359.1] - viewer can send password without proper validation of X.509 certs (CVE-2011-1775) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1775 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox: [3.6.18-1.0.1.el6_1] - Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js [3.6.18-1] - Update to 3.6.18 xulrunner: [1.9.2.18-2.0.1.el6_1] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.18-2] - Update to 1.9.2.18 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2373 CVE-2011-2377 CVE-2011-2605 CVE-2011-2376 CVE-2011-2374 CVE-2011-2371 CVE-2011-2365 CVE-2011-2375 CVE-2011-0083 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.11-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.11-2] - Update to 3.1.11 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0085 CVE-2011-2374 CVE-2011-2362 CVE-2011-2364 CVE-2011-2375 CVE-2011-2376 CVE-2011-2363 CVE-2011-2605 CVE-2011-2365 CVE-2011-0083 CVE-2011-2377 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.8.7.299-7.1] - Address CVE-2011-1004 'Symlink race condition by removing directory trees in fileutils module' * ruby-1.8.7-CVE-2011-1004.patch - Address CVE-2011-1005 'Untrusted codes able to modify arbitrary strings' * ruby-1.8.7-CVE-2011-1005.patch - Address CVE-2011-0188 'memory corruption in BigDecimal on 64bit platforms' * ruby-1.8.7-CVE-2011-0188.patch - Resolves: rhbz#709963 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1005 CVE-2011-1004 CVE-2011-0188 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [7.19.7-26.el6_1.1] - do not delegate GSSAPI credentials (CVE-2011-2192) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2192 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [qemu-kvm-0.12.1.2-2.160.el6_1.2] - kvm-virtio-guard-against-negative-vq-notifies.patch [bz#717403] - Resolves: bz#717403 (qemu-kvm: OOB memory access caused by negative vq notifies [rhel-6.1.z]) [qemu-kvm-0.12.1.2-2.160.el6_1] - kvm-Fix-phys-memory-client-pass-guest-physical-address-n.patch [bz#701771] - kvm-virtio-prevent-indirect-descriptor-buffer-overflow.patch [bz#713592] - Resolves: bz#701771 (Fix phys memory client for vhost) - Resolves: bz#713592 (EMBARGOED CVE-2011-2212 virtqueue: too-large indirect descriptor buffer overflow [rhel-6.1.z]) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-2212 CVE-2011-2512 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.0.1-2.1] - ftpd: add candidate patch to detect setegid/setregid/setresgid and check for errors when calling them (MITKRB5-SA-2011-005, CVE-2011-1526, #713341) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1526 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [32:9.7.3-2.2.P3] - update to 9.7.3-P3 (CVE-2011-2464) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-2464 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-131.6.1.el6] - [audit] ia32entry.S sign extend error codes when calling 64 bit code (Eric Paris) [713831 703935] - [audit] push audit success and retcode into arch ptrace.h (Eric Paris) [713831 703935] - [x86] intel-iommu: Flush unmaps at domain_exit (Alex Williamson) [713458 705441] - [x86] intel-iommu: Only unlink device domains from iommu (Alex Williamson) [713458 705441] - [virt] x86: Mask out unsupported CPUID features if running on xen (Igor Mammedov) [711546 703055] - [block] fix accounting bug on cross partition merges (Jerome Marchand) [682989 669363] - [net] vlan: remove multiqueue ability from vlan device (Neil Horman) [713494 703245] - [net] Fix netif_set_real_num_tx_queues (Neil Horman) [713492 702742] - [scsi] mpt2sas: move event handling of MPT2SAS_TURN_ON_FAULT_LED in process context (Tomas Henzl) [714190 701951] - [mm] thp: simple fix for /dev/zero THP mprotect bug (Andrea Arcangeli) [714762 690444] [2.6.32-131.5.1.el6] - [kernel] cgroupfs: use init_cred when populating new cgroupfs mount (Eric Paris) [713135 700538] - [netdrv] ixgbe: adding FdirMode module option (Andy Gospodarek) [711550 707287] - [crypto] testmgr: add xts-aes-256 self-test (Jarod Wilson) [711548 706167] - [fs] ext3: Fix lost extented attributes for inode with ino == 11 (Eric Sandeen) [712413 662666] - [mm] Prevent Disk IO throughput degradation due to memory allocation stalls (Larry Woodman) [711540 679526] - [net] sock: adjust prot->obj_size always (Jiri Pirko) [709381 704231] - [fs] GFS2: resource group bitmap corruption resulting in panics and withdraws (Robert S Peterson) [711528 702057] - [x86] kprobes: Disable irqs during optimized callback (Jiri Olsa) [711545 699865] - [mm] slab, kmemleak: pass the correct pointer to kmemleak_erase() (Steve Best) [712414 698023] - [net] fix netns vs proto registration ordering (Wade Mealing) [702305 702306] {CVE-2011-1767 CVE-2011-1768} - [ppc] Fix oops if scan_dispatch_log is called too early (Steve Best) [711524 696777] - [virt] i8259: initialize isr_ack (Avi Kivity) [711520 670765] - [virt] VMX: Save and restore tr selector across mode switches (Gleb Natapov) [711535 693894] - [virt] VMX: update live TR selector if it changes in real mode (Gleb Natapov) [711535 693894] MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1767 CVE-2011-2479 CVE-2011-1768 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.8.1-9_el6_1.1] - core: CVE-2011-2176: check for authorization when activating shared wifi connections (rh #705806) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2176 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 system-config-firewall: [1.2.27-3.3] - fixed possible privilege escalation flaw via use of python pickle (CVE-2011-2520), replaced pickle by json (rhbz#717985) - stop D-BUS firewall mechanism on update system-config-printer: [1.1.16-17:.2] - Build pycups with -fno-strict-aliasing compiler option to avoid compiler warnings. [1.1.16-17:.1] - Adapted to system-config-firewall API change (bug #717985, CVE-2011-2520). MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2520 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.5.20-2.20091214hg736b6a.el6_1.1] - Fixed hostname verification of x.509 certificates. Resolves: #716889 (CVE-2011-1429) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1429 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.8.3-3] - Bump the release since the bz was set to the wrong target [2.8.3-2] - Fix another umount race (bz# 673250, CVE-2010-3879) MODERATE Copyright 2011 Oracle, Inc. CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.0.20-3.1] - fixes integer overflow by processing certain PAF audio files (#722841) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2696 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.3.11-6.el6_1.6] - A little change in configure part - Resolves: #723467 [2.3.11-6.el6_1.5] - Use -fno-strict-aliasing instead of __attribute__((__may_alias__)) - Resolves: #723467 [2.3.11-6.el6_1.4] - Allow FT_Glyph to alias (to pass Rpmdiff) - Resolves: #723467 [2.3.11-6.el6_1.3] - Add freetype-2.3.11-CVE-2011-0226.patch (Add better argument check for 'callothersubr'.) - based on patches by Werner Lemberg, Alexei Podtelezhnikov and Matthias Drochner - Resolves: #723467 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-0226 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.4.6.0.1.el6_1.2] - remove doc/SystemTap_Beginners_Guide/en-US in tarball - comment bz683569.patch in specfile [1.4-6.2] - bz716476 (patch) - bz716489 (patch) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2503 CVE-2011-2502 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.0.4-2] - Added patch to make plugin table size mismatch a warning instead of error [1.0.4-1] - Bump to 1.0.4 - Resolves rhbz#718180 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2514 CVE-2011-2513 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.28.2-1.1] - Patch for CVE-2011-2524 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2524 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [2:1.2.46-1] - Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Resolves: #721305 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2692 CVE-2011-2501 CVE-2011-2690 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [4.0.4-1:.1] - Applied patch to fix improper sanitization of command line options (CVE-2011-2697, bug #721001). MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2964 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base Oracle Linux 5 Oracle Linux 6 [1:1.2.24-5] - Merge changes from RHEL-6 branch: * Drop default patch fuzz * Merge CVE-2010-4352.patch from RHEL-6_0-Z - Apply patches for CVE-2011-2200 - Resolves: #725313 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2200 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [1.4.1-2] - cve-2011-2895.patch: LZW decompression heap corruption IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-2895 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::u10_base Oracle Linux 5 Oracle Linux 6 [12:4.1.1-19.P1.1] - A pair of defects cause the server to halt upon processing certain packets (CVE-2011-2748, CVE-2011-2749, #729883) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2749 CVE-2011-2748 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 firefox: [3.6.20-2.0.1.el6_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [3.6.20-2] - Update to 3.6.20 xulrunner: [1.9.2.20-2.0.1.el6_1] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.20-2] - Update to 1.9.2.20 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2984 CVE-2011-2983 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.12-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.12-1] - Update to 3.1.12 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-2378 CVE-2011-2982 CVE-2011-0084 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1:2.0.9-2.1] - fix potential crash when parsing header names that contain NUL characters (#728672) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1929 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-131.12.1.el6] - [netdrv] be2net: clear intr bit in be_probe() (Ivan Vecera) [726308 722596] [2.6.32-131.11.1.el6] - [mm] hold the page lock until after set_page_stable_node (Andrea Arcangeli) [726095 683658] - [netdrv] be2net: remove certain cmd failure logging (Ivan Vecera) [725329 719304] - [net] nl80211: missing check for valid SSID size in scan operation (Stanislaw Gruszka) [718157 718158] {CVE-2011-2517} - [net] bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. (Thomas Graf) [703022 703023] {CVE-2011-2492} - [net] inet_diag: fix validation of user data in inet_diag_bc_audit() (Thomas Graf) [714540 714541] {CVE-2011-2213} - [fs] proc: restrict access to /proc/PID/io (Oleg Nesterov) [716829 716830] {CVE-2011-2495} - [fs] validate size of EFI GUID partition entries (Anton Arapov) [703029 703030] {CVE-2011-1776} - [fs] ext4: Fix max file size and logical block counting of extent format file (Lukas Czerner) [722568 722569] {CVE-2011-2695} - [virt] kvm: Disable device assignment without interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898} - [virt] iommu-api: Extension to check for interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898} - [netdrv] r8169: fix Rx checksum offloading bugs (Ivan Vecera) [723807 635596] - [netdrv] be2net: changes for BE3 native mode support (Ivan Vecera) [723820 695231] [2.6.32-131.10.1.el6] - [virt] ksm: fix race between ksmd and exiting task (Andrea Arcangeli) [710340 710341] {CVE-2011-2183} - [kernel] proc: signedness issue in next_pidmap() (Jerome Marchand) [697824 697825] {CVE-2011-1593} - [net] bluetooth: Prevent buffer overflow in l2cap config request (Jiri Pirko) [716809 716810] {CVE-2011-2497} - [fs] NLM: Don't hang forever on NLM unlock requests (Jeff Layton) [709548 709549] {CVE-2011-2491} - [fs] NFS: Fix NFSv3 exclusive open semantics (Jeff Layton) [719925 694210] - [fs] GFS2: Incorrect inode state during deallocation (Steven Whitehouse) [714982 712139] - [virt] KVM: Fix register corruption in pvclock_scale_delta (Avi Kivity) [719910 712102] - [netdrv] ehea: Fix memory hotplug oops (Steve Best) [720914 702036] - [net] Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [695175 695176] {CVE-2011-1576} - [md] Fix resync hang after surprise removal (James Paradis) [719928 707268] - GFS2: make sure fallocate bytes is a multiple of blksize (Benjamin Marzinski) [720863 695763] {CVE-2011-2689} - [kernel] Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code (Oleg Nesterov) [715521 690033] {CVE-2011-1182} - [redhat] config: enable parallel port printer support (Aristeu Rozanski) [713827 635968] [2.6.32-131.9.1.el6] - [scsi] cciss: Annotate cciss_kdump_soft_reset and cciss_sent_reset as __devinit (Tomas Henzl) [715397 698268] - [scsi] cciss: Don't wait forever for soft reset to complete, give up after awhile (Tomas Henzl) [715397 698268] - [scsi] cciss: use cmd_alloc not cmd_special_alloc for the kdump soft reset command (Tomas Henzl) [715397 698268] - [scsi] cciss: do not use bit 2 doorbell reset (Tomas Henzl) [715397 698268] - [scsi] cciss: do not attempt PCI power management reset method if we know it won't work (Tomas Henzl) [715397 698268] - [scsi] cciss: increase timeouts for post-reset no-ops (Tomas Henzl) [715397 698268] - [scsi] cciss: remove superfluous sleeps around reset code (Tomas Henzl) [715397 698268] - [scsi] cciss: do soft reset if hard reset is broken (Tomas Henzl) [715397 698268] - [scsi] cciss: clarify messages around reset behavior (Tomas Henzl) [715397 698268] - [scsi] cciss: increase time to wait for board reset to start (Tomas Henzl) [715397 698268] - [scsi] cciss: factor out irq_request code (Tomas Henzl) [715397 698268] - [scsi] cciss: factor out scatterlist allocation functions (Tomas Henzl) [715397 698268] - [scsi] cciss: factor out command pool allocation functions (Tomas Henzl) [715397 698268] - [scsi] cciss: use new doorbell-bit-5 reset method (Tomas Henzl) [715397 698268] - [scsi] cciss: wait longer for no-op to complete after resetting controller (Tomas Henzl) [715397 698268] - [scsi] cciss: do a better job of detecting controller reset failure (Tomas Henzl) [715397 698268] - [scsi] hpsa: do not attempt PCI PM reset if we know it will not work (Tomas Henzl) [715397 698268] - [scsi] hpsa: remove superfluous sleeps around reset code (Tomas Henzl) [715397 698268] - [scsi] hpsa: do soft reset if hard reset is broken (Tomas Henzl) [715397 698268] - [scsi] hpsa: clarify messages around reset behavior (Tomas Henzl) [715397 698268] - [scsi] hpsa: factor out irq request code (Tomas Henzl) [715397 698268] - [scsi] hpsa: factor out cmd_pool allocation functions (Tomas Henzl) [715397 698268] - [scsi] hpsa: do not use bit 2 doorbell reset, it causes NMIs (Tomas Henzl) [715397 698268] - [scsi] hpsa: wait longer for no-op to complete after resetting controller (Tomas Henzl) [715397 698268] - [scsi] hpsa: use new doorbell-bit-5 reset method (Tomas Henzl) [715397 698268] - [scsi] hpsa: adjust timing of post-reset sleeps (Tomas Henzl) [715397 698268] - [scsi] hpsa: do a better job of detecting controller reset failure (Tomas Henzl) [715397 698268] [2.6.32-131.8.1.el6] - [fs] GFS2: force a log flush when invalidating the rindex glock (Benjamin Marzinski) [717018 702263] [2.6.32-131.7.1.el6] - [virt] xen: bump memory limit for x86_64 domU PV guest to 128Gb (Igor Mammedov) [716539 669739] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1898 CVE-2011-2492 CVE-2011-1182 CVE-2011-1576 CVE-2011-1593 CVE-2011-1776 CVE-2011-2183 CVE-2011-2495 CVE-2011-2213 CVE-2011-2517 CVE-2011-2497 CVE-2011-2695 CVE-2011-2491 CVE-2011-2689 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.8.7-18.0.1.el6_1.1 ] - Replace docs/et.png in tarball with blank image [libvirt-0.8.7-18.el6_1.1] - debug: Avoid null dereference on uuid lookup api (rhbz#728546) - Fix auditing of disk hotunplug operations (rhbz#728516) - storage: Fix regression with backing format (rhbz#726617) - Fix performance problem of virStorageVolCreateXMLFrom() (rhbz#715400) - qemu: Translate boot config into bootindex if possible (rhbz#715401) - remote: Protect against integer overflow (rhbz#717202) Resolves: rhbz#728546, rhbz#728516, rhbz#715400, rhbz#715401, rhbz#717202 Resolves: rhbz#726617 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2511 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 cifs-utils: [4.8.1-2.2] - fix handling of check_newline return code in mount.cifs (bz 725508) [4.8.1-2.1] - mount.cifs: handle ENOSPC/EFBIG condition when altering mtab (bz 725508) samba: [3.5.6-86.4] - Fix cleartext authentication after applying Windows security patch KB2536276 - resolves: #728517 [3.5.6-86.3] - Security Release, fixes CVE-2011-2694, CVE-2011-2522 - resolves: #722560 [3.5.6-86.2] - Fix cups location publishing - resolves: #716374 [3.5.6-86.1] - Fix joining principal - resolves: #717563 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2522 CVE-2011-2724 CVE-2011-3585 CVE-2011-1678 CVE-2011-2694 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [82-6.3] - do not forget to set the group id in mount.ecryptfs_private [82-6.2] - fix regression in ecryptfs-setup-private [82-6.1] - security fixes: - privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832) - race condition when checking source during mount (CVE-2011-1833) - mtab corruption via improper handling (CVE-2011-1834) - key poisoning via insecure temp directory handling (CVE-2011-1835) - arbitrary file overwrite via lock counter race (CVE-2011-1837) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1832 CVE-2011-1835 CVE-2011-1831 CVE-2011-1834 CVE-2011-1837 CVE-2011-3145 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1.9.2.20-3.0.1.el6_1] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.20-3] - Distrust a specific Certificate Authority IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.12-2.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.12-2] - Distrust a specific Certificate Authority IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [2.2.15-9.0.1.el6_1.2] - replace index.html with Oracle's index page - update vstring in specfile [2.2.15-9.2,] - updated patch for CVE-2011-3192 from upstream (#733062) [2.2.15-9.1] - fix #733062 - backported CVE-2011-3192 fix from httpd trunk IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-3192 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [4.6.2-3.el6_1.2] - add patch to resolve buffer overflow (CVE-2011-3200) Resolves: #733647 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3200 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2010.63-3.5] - BR java-openjdk [2010.63-3.4] - fix inclusion of code-signing-only certs in .trust.crt - Initial build (#448497) IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [3.1.14-1.0.2.el6_1] - Replace clean.gif in tarball [3.1.14-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [3.1.14-1] - Update to 3.1.14 IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox: [3.6.22-1.0.1.el6_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [3.6.22-1] - Update to 3.6.22 xulrunner: [1.9.2.22-1.0.1.el6_1] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [- 1.9.2.22-1] - Update to 1.9.2.22 IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [3.12.9-12.0.1.el6_1] - Use blank image instead of clean.gif in nss-3.12.9-stripped.tar.bz2 [3.12.9-12] - Retagging [3.12.10-12] - Update builtins certs to those from NSSCKBI_1_87_RTM [3.12.9-11] - Update builtins certs to those from NSSCKBI_1_86_RTM [3.12.9-10] - Update builtins certs to NSSCKBI_1_85_RTM IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [2.26.0-5.el6_1.1] - Store node type separately in RsvgNode (CVE-2011-3146) Resolves: #735266 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3146 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [7:3.1.10-1.el6_1.1] - Resolves: #735447 - CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3205 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 Oracle Linux 5 [2.3.16-6.3] - Resolves: #735391 - CVE-2011-3208 nntpd buffer overflow IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-3208 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1:4.6.2-17.1] - Resolves: #rhbz737812 fix multiple flaws in Qt CVE-2011-3193, CVE-2011-3194 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3193 CVE-2011-3194 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [4.6.2-20] - Resolves: #rhbz737813 fix multiple flaws in Qt CVE-2011-3193, CVE-2011-3194 [4.6.2-19] - Resolves: rhbz#679759, missing executable bit in qt-examples binaries - Resolves: rhbz#716694, move macros.qt4 to -devel - Resolves: rhbz#680088, rpmdiff failure [4.6.2-18] - Resolves: rhbz#562132, Malayalam rakar is not getting reordered MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3194 CVE-2011-3193 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [0.8.1-9_el6_1.3] - ifcfg-rh: CVE-2011-3364: filter newline characters when writing into ifcfg-* files (rh #737338) [0.8.1-9_el6_1.2] - ifcfg-rh: CVE-2011-3364: filter newline characters when writing into ifcfg-* files (rh #737338) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3364 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox: [3.6.23-2.0.1.el6_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [3.6.23-2] - Update to 3.6.23 xulrunner: [1.9.2.23-1.0.1.el6_1.1] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.23-1.1] - Rebuild. [1.9.2.23-1] - Update to 1.9.2.23 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-2998 CVE-2011-3000 CVE-2011-2372 CVE-2011-2995 CVE-2011-2999 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.15-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.15-1] - Update to 3.1.15 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-2999 CVE-2011-3000 CVE-2011-2995 CVE-2011-2372 CVE-2011-2998 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [4.8.0-16.1] - fix CVE-2011-3378 (#742154) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-3378 cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [2.6.32-131.17.1.el6] - Revert: [net] ipv6: make fragment identifications less predictable (Jiri Pirko) [723432 723433] {CVE-2011-2699} [2.6.32-131.16.1.el6] - [net] br_multicast: Ensure to initialize BR_INPUT_SKB_CB(skb)->mrouters_only. (Frantisek Hrbata) [739477 738110] [2.6.32-131.15.1.el6] - rebuild [2.6.32-131.14.1.el6] - [scsi] megaraid_sas: Convert 6, 10, 12 byte CDB's for FastPath IO (Tomas Henzl) [710047 705835] - [x86] perf, x86: Fix Intel fixed counters base initialization (Don Zickus) [719229 736284] {CVE-2011-2521} - [net] ipv6: make fragment identifications less predictable (Jiri Pirko) [723432 723433] {CVE-2011-2699} - [fs] Ecryptfs: Add mount option to check uid of device being mounted = expect uid (Eric Sandeen) [731175 731176] {CVE-2011-1833} - [char] tpm: Fix uninitialized usage of data buffer (Stanislaw Gruszka) [684674 684675] {CVE-2011-1160} - [kernel] perf: Fix software event overflow (Frantisek Hrbata) [730707 730708] {CVE-2011-2918} - [serial] 8250_pci: ifdef for powerpc, to only add functionality to this arch (Steve Best) [732382 696695] - [serial] 8250: Fix capabilities when changing the port type (Steve Best) [732382 696695] - [serial] 8250_pci Add EEH support to the 8250 driver for IBM/Digi PCIe 2-port Adapter (Steve Best) [732382 696695] - [serial] 8250_pci: Add support for the Digi/IBM PCIe 2-port Adapter (Steve Best) [732382 696695] - [ppc] pseries/iommu: Add additional checks when changing iommu mask (Steve Best) [736065 704401] - [ppc] pseries/iommu: Use correct return type in dupe_ddw_if_already_created (Steve Best) [736065 704401] - [ppc] iommu: Restore iommu table pointer when restoring iommu ops (Steve Best) [736065 704401] - [ppc] Fix kexec with dynamic dma windows (Steve Best) [736065 704401] [2.6.32-131.13.1.el6] - [net] af_packet: prevent information leak (Jiri Pirko) [728032 728033] {CVE-2011-2898} - [net] gro: Only reset frag0 when skb can be pulled (Jiri Pirko) [726555 726556] {CVE-2011-2723} - [fs] FS-Cache: Only call mark_tech_preview() when caching is actually begun (David Howells) [713463 696396] - [fs] Fix mark_tech_preview() to not disable lock debugging (David Howells) [713463 696396] - [fs] ext4: Rewrite ext4_page_mkwrite() to use generic helpers (Eric Sandeen) [723551 692167] - [fs] vfs: Block mmapped writes while the fs is frozen (Eric Sandeen) [723551 692167] - [fs] vfs: Create __block_page_mkwrite() helper passing error values back (Eric Sandeen) [723551 692167] - [mm] avoid wrapping vm_pgoff in mremap() and stack expansion (Jerome Marchand) [716540 716541] {CVE-2011-2496} - [pci] MSI: Restore read_msi_msg_desc(); add get_cached_msi_msg_desc() (Don Zickus) [728522 696511] - [pci] MSI: Remove unsafe and unnecessary hardware access (Don Zickus) [728522 696511] - [net] sock: do not change prot->obj_size (Jiri Pirko) [726626 725711] - [virt] x86: report valid microcode update ID (Marcelo Tosatti) [727838 694747] - [agp] fix arbitrary kernel memory writes (Jerome Marchand) [699307 699308] {CVE-2011-2022 CVE-2011-1745} - [agp] fix OOM and buffer overflow (Jerome Marchand) [699305 699306] {CVE-2011-1746} - [kernel] taskstats: don't allow duplicate entries in listener mode (Jerome Marchand) [715447 715448] {CVE-2011-2484} - [netdrv] bnx2x: remove a log-spamming message (Michal Schmidt) [732379 712000] - [scsi] ibmvscsi: Improve CRQ reset reliability (Steve Best) [727618 700165] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1833 CVE-2011-1160 CVE-2011-2484 CVE-2011-2898 CVE-2011-1745 CVE-2011-2496 CVE-2011-1746 CVE-2011-2022 CVE-2011-2918 CVE-2011-2521 CVE-2011-2723 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-4.2] Resolves: #742069 CVE-2011-3380 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3380 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.7.7-29.2] - cve-2011-4818.patch: Multiple input sanitization flaws in GLX and Render MODERATE Copyright 2011 Oracle, Inc. CVE-2010-4819 CVE-2010-4818 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [6:4.3.4-11.4] - Resolves: bz#743951, use ca-certificates' ca-bundle.crt [6:4.3.4-11.3] - Resolves: bz#743515, CVE-2011-3365 - input validation failure MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3365 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 5 Oracle Linux 6 [8.4.9-1] - Update to PostgreSQL 8.4.9, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-9.html http://www.postgresql.org/docs/8.4/static/release-8-4-8.html including the fix for CVE-2011-2483 Resolves: #740735 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2483 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.9-9.2] - apply upstream patch to fix a null pointer derference with the LDAP kdb backend (CVE-2011-1527), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529) (#740084) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1:1.6.0.0-1.40.1.9.10] - Resolves: rhbz#744788 - Bumped to IcedTea6 1.9.8 -removed font copying Security fixes - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks - S7064341, CVE-2011-3389: JSSE - S7070134, CVE-2011-3558: Hotspot unspecified issue - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection NetX - PR794: javaws does not work if a Web Start app jar has a Class-Path element in the manifest CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-3544 CVE-2011-3551 CVE-2011-3554 CVE-2011-3556 CVE-2011-3389 CVE-2011-3557 CVE-2011-3521 CVE-2011-3547 CVE-2011-3548 CVE-2011-3552 CVE-2011-3553 CVE-2011-3558 CVE-2011-3560 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [3.5.10-24.1] - Resolves: bz#746160, CVE-2011-3365, input validation failure in KSSL MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3365 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:base Oracle Linux 6 [2.2.15-9.0.1.el6_1.3] - replace index.html with Oracle's index page - update vstring in specfile [2.2.15-9.3] - add security fixes for CVE-2011-3347, CVE-2011-3368 (#743901) - fix regressions in CVE-2011-3192 patch (#736592) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3348 CVE-2011-3368 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.3.11-6.el6_1.7] - Add freetype-2.3.11-CVE-2011-3256.patch (Handle some border cases.) - Resolves: #747083 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-3256 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.0.0-10.5] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3207 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.6.32-4.4] Resolves: #748969 CVE-2011-4073 updated patch by upstream [2.6.32-4.3] Resolves: #748969 CVE-2011-4073 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-4073 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [5.3.3-3.3] - improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH [5.3.3-3.1] - add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740731) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2202 CVE-2011-0708 CVE-2011-1148 CVE-2011-1468 CVE-2011-1469 CVE-2011-1938 CVE-2011-1466 CVE-2011-1471 CVE-2011-2483 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [4:5.10.1-119.1] - 731246 (CVE-2011-2939)CVE-2011-2939 heap overflow - decoding Unicode string - 743010 - perl: code injection vulnerability in Digest->new() - Resolves: rhbz#743090, rhbz#743092 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2939 CVE-2011-3597 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 5 Oracle Linux 6 firefox: [3.6.24-3.0.1.el6_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [3.6.24-3] - Update to 3.6.24 xulrunner: [1.9.2.24-2.0.1.el6_1.1] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.24-2] - Update to 1.9.2.24 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-3650 CVE-2011-3647 CVE-2011-3648 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.16-2.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.16-2] - Update to 3.1.16 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.0.6-1] - Updated to 1.0.6 - Resolves: rhbz#744738 - Resolves: rhbz#745414 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3377 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 nspr: [4.8.7-2] - Update to 4.8.8 nss: [3.12.10-2.0.1.el6_1] - Update clean.gif in the nss-3.12.10-stripped.tar.bz2 tarball [3.12.10-2] - Update builtins certs to those from NSSCKBI_1_88_RTM [3.12.10-1] - Update to 3.12.10 nss-util: [3.12.10-1] - Update to 3.12.10 IMPORTANT Copyright 2011 Oracle, Inc. cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [2.3.11-6.el6_1.8] - Add freetype-2.3.11-CVE-2011-3439.patch (Various loading fixes.) - Resolves: #754011 IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-3439 cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [32:9.7.3-2.3.P3] - fix DOS against recursive servers (#754398) [32:9.7.3-2.2.P3] - update to 9.7.3-P3 (CVE-2011-2464) [32:9.7.3-2.1.P1] - update to 9.7.3-P1 (CVE-2011-1910) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-4313 cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [2.6.32-131.21.1.el6] - [net] ipv6/udp: fix the wrong headroom check (Thomas Graf) [753167 698170] [2.6.32-131.20.1.el6] - [net] vlan: fix panic when handling priority tagged frames (Andy Gospodarek) [742849 714936] {CVE-2011-3593} - [netdrv] igb: fix WOL on second port of i350 device (Frantisek Hrbata) [743807 718293] - [kernel] fix taskstats io infoleak (Jerome Marchand) [716847 716848] {CVE-2011-2494} - [tpm] Zero buffer after copying to userspace (Jiri Benc) [732632 732633] {CVE-2011-1162} - [scsi] Revert megaraid_sas: Driver only report tape drive, JBOD and logic drives (Tomas Henzl) [741167 736667] - [x86] acpi: Prevent acpiphp from deadlocking on PCI-to-PCI bridge remove (Prarit Bhargava) [745557 732706] - [net] sctp: deal with multiple COOKIE_ECHO chunks (Frantisek Hrbata) [743510 729220] - [scsi] iscsi_tcp: fix locking around iscsi sk user data (Mike Christie) [741704 647268] - [kernel] first time swap use results in heavy swapping (Hendrik Brueckner) [747868 722461] - [scsi] Reduce error recovery time by reducing use of TURs (Mike Christie) [744811 691945] - [fs] cifs: add fallback in is_path_accessible for old servers (Jeff Layton) [738301 692709] {CVE-2011-3363} - [fs] cifs: always do is_path_accessible check in cifs_mount (Jeff Layton) [738301 692709] {CVE-2011-3363} - [net] ipv6: fix NULL dereference in udp6_ufo_fragment() (Jason Wang) [748808 740465] - [net] ipv6: make fragment identifications less predictable (Jiri Pirko) [723432 723433] {CVE-2011-2699} [2.6.32-131.19.1.el6] - [scsi] scan: don't fail scans when host is in recovery (Mike Christie) [734774 713682] - [netdrv] b43: allocate receive buffers big enough for max frame len + offset (RuiRui Yang) [738204 738205] {CVE-2011-3359} - [fs] fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (RuiRui Yang) [736764 736765] {CVE-2011-3353} - [fs] cifs: fix possible memory corruption in CIFSFindNext (Jeff Layton) [737482 730354] {CVE-2011-3191} - [kernel] perf tools: do not look at ./config for configuration (Jiri Benc) [730203 730204] {CVE-2011-2905} - [x86] mm: Fix pgd_lock deadlock (Andrew Jones) [737570 691310] - [mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Andrew Jones) [737570 691310] - [mm] Revert 'fix pgd_lock deadlock' (Andrew Jones) [737570 691310] - [fs] corrupted GUID partition tables can cause kernel oops (Jerome Marchand) [695981 695982] {CVE-2011-1577} - [net] Compute protocol sequence numbers and fragment IDs using MD5. (Jiri Pirko) [732664 732665] {CVE-2011-3188} - [crypto] Move md5_transform to lib/md5.c (Jiri Pirko) [732664 732665] {CVE-2011-3188} - [fs] SUNRPC: Fix use of static variable in rpcb_getport_async (Steve Dickson) [740230 723650] - [fs] NFSv4.1: update nfs4_fattr_bitmap_maxsz (Steve Dickson) [740230 723650] - [fs] SUNRPC: Fix a race between work-queue and rpc_killall_tasks (Steve Dickson) [740230 723650] - [fs] SUNRPC: Ensure we always run the tk_callback before tk_action (Steve Dickson) [740230 723650] - [misc] enclosure: fix error path to actually return ERR_PTR() on error (Tomas Henzl) [741166 713730] - [virt] KVM: make guest mode entry to be rcu quiescent state (Gleb Natapov) [740352 712653] - [virt] rcu: provide rcu_virt_note_context_switch() function (Gleb Natapov) [740352 712653] [2.6.32-131.18.1.el6] - [sched] wait_for_completion_interruptible_timeout() should return signed long (J. Bruce Fields) [745413 738379] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-2494 CVE-2011-2905 CVE-2011-1577 CVE-2011-2699 CVE-2011-3359 CVE-2011-4326 CVE-2011-1162 CVE-2011-3188 CVE-2011-3191 CVE-2011-3353 CVE-2011-3363 CVE-2011-3593 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.8.3-3] - Security fixes (CVE-2011-1777, CVE-2011-1778) (#739939) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1778 CVE-2011-1777 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [2.3.16-6.4] - fix CVE-2011-3481: NULL pointer dereference via crafted References header in email (#738391) - fix CVE-2011-3372: nntpd authentication bypass (#740822) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3481 CVE-2011-3372 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 6 [2.12-1.47] - Don't start AVC thread until credentials are installed (#700507) [2.12-1.46] - Update systemtaparches [2.12-1.45] - Update configure script [2.12-1.44] - Add gdb hooks (#711927) [2.12-1.43] - Don't assume AT_PAGESIZE is always available (#739184) - Define IP_MULTICAST_ALL (#738763) [2.12-1.42] - Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork (#738665) [2.12-1.41] - Locale-independent parsing in libintl (#737778) [2.12-1.40] - Change setgroups to affect all the threads in the process (#736346) [2.12-1.39] - Make sure AVC thread has capabilities (#700507) - Fix memory leak in dlopen with RTLD_NOLOAD (#699724) [2.12-1.38] - Build libresolv with stack protector (#730379) [2.12-1.37] - Maintain stack alignment when cancelling threads (#731042) [2.12-1.36] - Fix missing debuginfo (#729036) [2.12-1.35] - Report write error in addmnt even for cached streams (#688980, CVE-2011-1089) - Handle Lustre filesystem (#712248) [2.12-1.34] - Query NIS domain only when needed (#718057) - Update: Use mmap for allocation of buffers used for __abort_msg (#676591) [2.12-1.33] - Don't use gethostbyaddr to determine canonical name (#714823) [2.12-1.32] - ldd: never run file directly (#713134) [2.12-1.31] - Support Intel processor model 6 and model 0x2c (#695595) - Optimize memcpy for SSSE3 (#695812) - Optimize strlen for SSE2 (#695963) [2.12-1.30] - Support f_flags in Linux statfs implementation (#711987) [2.12-1.29] - Avoid overriding CFLAGS (#706903) [2.12-1.28] - Use mmap for allocation of buffers used for __abort_msg (#676591) [2.12-1.27] - Fix PLT use due to __libc_alloca_cutoff - Schedule nscd cache pruning more accurately from re-added values (#703481) - Fix POWER4 optimized strncmp to not read past differing bytes (#694386) [2.12-1.26] - Create debuginfo-common on biarch platforms (#676467) - Use Rupee sign in Indian locales (#692838) - Signal temporary host lookup errors in nscd as such to the requester (#703480) - Define initgroups callback for nss_files (#705465) LOW Copyright 2011 Oracle, Inc. CVE-2011-1089 CVE-2009-5064 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.6.32-220.el6] - [drm] i915: fix unmap race condition introduced with VT-d fix (Dave Airlie) [750583] - [scsi] iscsi: revert lockless queuecommand dispatch (Rob Evers) [751426] [2.6.32-219.el6] - [kernel] KEYS: Fix a NULL pointer deref in the user-defined key type (David Howells) [751190] {CVE-2011-4110} - [scsi] fc class: fix building of Fibre Channel DUP drivers in 6.2 (Mike Christie) [750268] - [fs] nfs: dont call __mark_inode_dirty while holding i_lock (Steve Dickson) [747391] - [netdrv] vxge: allow rebinding the driver with a different number of SR-IOV VFs (Michal Schmidt) [694742] - [netdrv] vxge: fix crash of VF when unloading PF (Michal Schmidt) [694742] - [ata] revert libata: remove SCSI host lock (David Milburn) [751426] - [crypto] ansi_cprng: enforce key != seed in fips mode (Jarod Wilson) [751198] - [net] mac80211: Fix reassociation processing within ESS roaming (John Linville) [750350] - [net] nl80211: Allow association to change channels during reassociation (John Linville) [750350] - [net] mac80211: let cfg80211 manage auth state (John Linville) [750350] - [net] cfg80211: avoid sending spurious deauth to userspace (John Linville) [750350] - [net] mac80211: recalculate idle later in MLME (John Linville) [750350] - [net] mac80211: avoid spurious deauth frames/messages (John Linville) [750350] - [net] cfg80211: Allow reassociation in associated state (John Linville) [750350] - [net] cfg80211: remove warning in deauth case (John Linville) [750350] - [net] netfilter: fix nf_conntrack refcount leak in l4proto->error() (Thomas Graf) [745472] - [scsi] qla2xxx: Remove check for null fcport from host reset handler (Chad Dupuis) [744741] - [scsi] qla2xxx: Perform implicit logout during rport tear-down (Chad Dupuis) [744741] - [scsi] Revert 'qla2xxx: Remove host_lock in queuecommand function' (Chad Dupuis) [744741] - [drm] nv50/disp: shutdown display on suspend/hibernate (Ben Skeggs) [740857] - [edac] Add sb_edac driver into the Red Hat Building system (Mauro Carvalho Chehab) [647700] - [edac] Fix incorrect edac mode reporting in sb_edac (Mauro Carvalho Chehab) [647700] - [edac] Add an experimental new driver to support Sandy Bridge CPUs (Mauro Carvalho Chehab) [647700] [2.6.32-218.el6] - [netdrv] benet: remove bogus 'unlikely' on vlan check (Ivan Vecera) [736429] {CVE-2011-3347} - [netdrv] be2net: non-member vlan pkts not received in promiscous mode (Ivan Vecera) [736429] {CVE-2011-3347} - [netdrv] be2net: fix crash receiving non-member VLAN packets (Ivan Vecera) [736429] {CVE-2011-3347} - [mm] fix race between mremap and removing migration entry (Andrea Arcangeli) [751084] [2.6.32-217.el6] - [fs] GFS2: rewrite fallocate code to write blocks directly (Benjamin Marzinski) [750208] {CVE-2011-4098} - [netdrv] bnx2x: link fixes for 57810 (Andy Gospodarek) [749421] - [netdrv] enic: fix accidental GRO off by default (Stefan Assmann) [749390] - [scsi] qla2xxx: Correct inadvertent clearing of RISC_INTR status (Chad Dupuis) [748978] - [debug] lockdep: double MAX_LOCKDEP_ENTRIES (Kyle McMartin) [748941] - [x86] Add missing KERN_DEBUG to x86 module printk (Prarit Bhargava) [747837] - [x86] Update module alternatives message (Prarit Bhargava) [745596] - [x86] UV: KABI breakage in uv_blade_info (George Beshers) [745253] - [net] vlan: fix panic when handling priority tagged frames (Andy Gospodarek) [714936] {CVE-2011-3593} - [scsi] qla4xxx: Autologin persisted target entries update (Mike Christie) [747696] - [mm] oom: fix integer overflow of points in oom_badness (Frantisek Hrbata) [741207] {CVE-2011-4097} [2.6.32-216.el6] - [scsi] lockless queuecommand dispatch fixup (Rob Evers) [749018] - [scsi] iscsi class: export pid of process that created session (Mike Christie) [747696] - [scsi] qla4xxx: Autologin persisted target entries (Mike Christie) [747696] - [netdrv] iwlagn: enable 11n aggregation without checking traffic load (John Linville) [744361] - [s390x] qdio: EQBS retry after CCQ 96 (Hendrik Brueckner) [747578] - [s390x] dasd: fix UID readout for z/VM (Hendrik Brueckner) [746000] - [x86] PCI: irq and pci_ids patch for Intel Panther Point DeviceIDs (Prarit Bhargava) [747638] - [netdrv] Help 6.1 out of tree drivers cope with ABI breakage (Thomas Graf) [746570] - [mm] shmem: let shared anonymous be nonlinear again (Larry Woodman) [690129] - [fs] ext4: fix BUG_ON() in ext4_ext_insert_extent() (Lukas Czerner) [742091] {CVE-2011-3638} - [ipc] mqueue: separate mqueue default value from maximum value (Motohiro Kosaki) [746606] - [ipc] mqueue: dont use kmalloc with KMALLOC_MAX_SIZE (Motohiro Kosaki) [746606] - [ipc] mqueue: revert bump up DFLT_*MAX (Motohiro Kosaki) [746606] - [kernel] ipc/mqueue: Up the hard limit on message queues per namespace (Doug Ledford) [746606] - [kernel] ipc/mqueue: update maximums for the mqueue subsystem (Doug Ledford) [746606] - [kernel] ipc/mqueue: enforce hard limits (Doug Ledford) [746606] - [kernel] ipc/mqueue: switch back to using non-max values on create (Doug Ledford) [746606 746898] - [kernel] ipc/mqueue: cleanup definition names and locations (Doug Ledford) [746606] - [kernel] Revert 'Restore max mqueue message size to its previous RHEL 5 value' (Doug Ledford) [746606] [2.6.32-215.el6] - [virt] index of virtio disk is not decremented when removed (Mark Wu) [692767] - [edac] i7core_edac: Initialize memory name with cpu, channel, bank (Mauro Carvalho Chehab) [712957] - [kernel] perf: Optimize event scheduling locking (Steve Best) [744986] - [drm] i915: set the right SDVO transcoder for CPT (Adam Jackson) [735122] - [scsi] libfc: Prevent race that causes panic during FCoE port destroy (Neil Horman) [735959] - [scsi] qla4xxx: Update driver version to 5.02.00-k8 (Mike Christie) [732622] - [scsi] qla4xxx: updated device id check for BFS (Mike Christie) [732622] - [scsi] qla4xxx: Fixed target discovery failed issue (Mike Christie) [732622] - [scsi] qla4xxx: Fixed active session re-open issue (Mike Christie) [732622] - [scsi] qla4xxx: Fixed device blocked issue on link up-down (Mike Christie) [732622] - [scsi] qla4xxx: Fixed session destroy issue on link up-down (Mike Christie) [732622] - [scsi] qla4xxx: Clear DDB map index on the basis of AEN (Mike Christie) [732622] - [scsi] qla4xxx: Free Device Database (DDB) reserved by FW (Mike Christie) [732622] - [scsi] qla4xxx: Fix getting BIDI CHAP for boot targets (Mike Christie) [732622] - [scsi] qla4xxx: Fix exporting boot targets to sysfs (Mike Christie) [732622] - [scsi] qla4xxx: Do not add duplicate CHAP entry in FLASH (Mike Christie) [732622] - [scsi] qla4xxx: Fix bidirectional CHAP (Mike Christie) [732622] - [scsi] qla4xxx: Add new FLT firmware region (Mike Christie) [732622] - [scsi] qla4xxx: Update license (Mike Christie) [732622] - [scsi] iscsi class: fix vlan configuration (Mike Christie) [732622] - [scsi] qla4xxx: fix data alignment and use nl helpers (Mike Christie) [732622] - [scsi] iscsi class: fix link local mispelling (Mike Christie) [732622] - [scsi] qla4xxx: Added Get ACB support using BSG (Mike Christie) [732622] - [scsi] qla4xxx: Added restore factory defaults support using BSG (Mike Christie) [732622] - [scsi] qla4xxx: added support to update initiator iscsi port (Mike Christie) [732622] - [scsi] scsi_transport_iscsi: Added support to update initiator iscsi port (Mike Christie) [732622] - [scsi] qla4xxx: Added vendor specific sysfs attributes (Mike Christie) [732622] - [scsi] qla4xxx: Add read/update NVRAM support for 40xx adapters using BSG (Mike Christie) [732622] - [scsi] qla4xxx: Add get ACB state support using BSG (Mike Christie) [732622] - [scsi] qla4xxx: Code cleanup for read/update flash using BSG (Mike Christie) [732622] - [scsi] qla4xxx: Added support to update mtu (Mike Christie) [732622] - [scsi] scsi_transport_iscsi: Added support to update mtu (Mike Christie) [732622] - [scsi] libfc: improve flogi retries to avoid lport stuck (Mike Christie) [745667] - [scsi] libfc: avoid exchanges collision during lport reset (Mike Christie) [745667] - [scsi] libfc: fix checking FC_TYPE_BLS (Mike Christie) [745667] - [scsi] libfc: revert fix deadlock bug in fc_exch_abort_locked (Mike Christie) [745667] - [dm] log userspace: Allow for 'log device name' response in CTR msg exchange (Jonathan E Brassow) [746254] - [dm] kcopyd: fix job_pool leak (Mike Snitzer) [748441] - [netdrv] igb: Fix for Alt MAC Address feature on 82580 and later (Andy Gospodarek) [748503] [2.6.32-214.el6] - [dm] table: add immutable feature (Mike Snitzer) [747438] - [mm] reduce overhead on paravirt functions (Larry Woodman) [743554] [2.6.32-213.el6] - [netdrv] Fixing use of netif_set_real_num_tx_queues in niu.c (Neil Horman) [742117] - [netdrv] Fixing use of netif_set_real_num_tx_queues in myri10ge.c (Neil Horman) [742117] - [netdrv] Fixing use of netif_set_real_num_tx_queues in igb_main.c (Neil Horman) [742117] - [netdrv] Fixing use of netif_set_real_num_tx_queues in cxgb4_main.c (Neil Horman) [742117] - [netdrv] Fixing use of netif_set_real_num_tx_queues in cxgb3_main.c (Neil Horman) [742117] - [netdrv] Fixing use of netif_set_real_num_tx_queues in bnx2.c (Neil Horman) [742117] - [ppc] kabi: add symbol 'paca' to ppc KABI (Jiri Olsa) [737466] - [fs] proc: fix oops on invalid /proc/pid/maps access (Johannes Weiner) [746613] {CVE-2011-3637} - [nfs] fix pNFS hang and oops on umounts (Steve Dickson) [746861] - [scsi] qla4xxx: export address/port of connection (Mike Christie) [728156] - [netdrv] Fix pktgen to not oops on unsupported drivers (Neil Horman) [678794] - [kernel] tracing: Update the comm field in the right variable in update_max_tr (Jiri Olsa) [736955] - [kernel] kabi: Add missing compat_alloc_user_space symbol to kABI (Jiri Olsa) [747047] - [kernel] fix taskstats io infoleak (Jerome Marchand) [716848] {CVE-2011-2494} - [x86] ACPI, APEI, HEST: Detect duplicated hardware error source ID (Don Zickus) [737189] - [netdrv] Add latest cxgb3 firmware (Neil Horman) [742011] [2.6.32-212.el6] - [net] bridge: fix use after free in __br_deliver() (Amerigo Wang) [730756] {CVE-2011-2942} - [scsi] Update lpfc version for 8.3.5.45.4p driver release (Rob Evers) [746668] - [scsi] Fix crash when cfg_fcp_eq_count is zero (Rob Evers) [746668] - [scsi] Fix kernel crash during boot with SLI4 card installed (Rob Evers) [746668] - [scsi] Properly clean up EQ and CQ child lists to prevent kernel crash (Rob Evers) [746668] - [kabi] add missing symbols for Emulex be2net driver (Jiri Olsa) [745712] - [netdrv] netxen-firmware: Install the 4.0.579 firmware (Kyle McMartin) [741776] - [perf] symbols: Treat all memory maps without dso file as loaded (Jiri Olsa) [726582] - [debug] increase MAX_STACK_TRACE_ENTRIES (Kyle McMartin) [645777] - [fs] cifs: add fallback in is_path_accessible for old servers (Jeff Layton) [692709] {CVE-2011-3363} - [tpm] Zero buffer after copying to userspace (Jiri Benc) [732633] {CVE-2011-1161 CVE-2011-1162} - [pci] intel-iommu: IOTLB hang workaround (Dave Airlie) [728476] - [drm] i915: Fix hang on Ironlake mobile GPU with VT-d (Dave Airlie) [728476] - [drm] i915: Remove early exit on i915_gpu_idle (Dave Airlie) [728476] - [drm] nv50/bios: fixup mpll programming from the init table parser (Ben Skeggs) [744992] - [drm] nv50/vram: fix incorrect detection of bank count on newer chipsets (Ben Skeggs) [744992] - [drm] radeon: fix llano output setup + memory corruption (Dave Airlie) [747292] - [drm] radeon caicos enablement fixes (Dave Airlie) [747291] - [pci] Disable SRIOV on powerpc (Prarit Bhargava) [742089] - [pci] Add pci=nosriov to disable SRIOV (Prarit Bhargava) [742089] - [x86] apic: ack all pending irqs when crashed/on kexec (Takao Indoh) [704142] [2.6.32-211.el6] - [scsi] libsas: fix warnings when checking sata/stp protocol (David Milburn) [695950] - [scsi] libsas: disable scanning lun > 0 on ata devices (David Milburn) [695950] - [scsi] libsas: Allow expander T-T attachments (David Milburn) [695950] - [usb] xhci: Make xHCI driver endian-safe (Don Zickus) [745967] - [infiniband] RDMA/cxgb3: Dont post zero-byte read if endpoint is going away (Neil Horman) [717379] - [scsi] isci: atapi support (David Milburn) [743692] - [x86] amd: Move BSP code to cpu_dev helper (Larry Woodman) [739456] - [x86] Add a BSP cpu_dev helper (Larry Woodman) [739456] - [x86] amd: Avoid cache aliasing penalties on AMD family 15h (Larry Woodman) [739456] - [net] ipv6: fix NULL dereference in udp6_ufo_fragment() (Jason Wang) [740465] - [netdrv] cxgb4: Updating NIC driver firmware (Neil Horman) [717806] - [netdrv] cxgb3: Fix NULL pointer dereference in t3_l2t_get (Neil Horman) [729737] - [netdrv] bnx2x: remaining fixes from upstream 3.1 (Michal Schmidt) [743917] - [netdrv] e1000e: fix WoL on 82578DM and 82567V3 (Andy Gospodarek) [699042] - [netdrv] tg3: Use netif_set_real_num_tx_queues() (Jiri Pirko) [740477] - [netdrv] bnx2x: critical fixes (Veaceslav Falico) [745211] - [netdrv] bonding: properly stop queuing work when requested (Andy Gospodarek) [736904] - [netdrv] tg3: negate USE_PHYLIB flag check (Jiri Pirko) [746006] - [x86] Add new cpu capabilities to /proc/cpuinfo (Prarit Bhargava) [745799] - [kabi] add missing multipath symbols for s390x (Aristeu Rozanski) [714992] - [perf] sched: Fix script command documentation (Jiri Olsa) [726589] - [pm] hibernate: Fix memory corruption related to swap (Stanislaw Gruszka) [701857] - [scsi] hpsa: add heartbeat sysfs host attribute (Tomas Henzl) [730027] - [scsi] Revert megaraid_sas: Driver only report tape drive, JBOD and logic drives (Tomas Henzl) [736667] - [fs] GFS2: Fix ->page_mkwrite() races (Steven Whitehouse) [725091] - [scsi] scsi_transport_fc: Fix deadlock during fc_remove_host (Mike Christie) [714320] - [kernel] workqueue: Fix workqueue deadlock during destroy_workqueue (Mike Christie) [714320] - [sched] Avoid expensive initial update_cfs_load() (Larry Woodman) [741569 742414] - [sched] Simplify update_cfs_shares parameters (Larry Woodman) [741569 742414] - [sched] Fix/remove redundant cfs_rq checks (Larry Woodman) [741569 742414] - [sched] Fix sign under-flows in wake_affine (Larry Woodman) [741569 742414] - [sched] Update effective_load() to use global share weights (Larry Woodman) [741569 742414] - [sched] Fix interactivity bug by charging unaccounted run-time on entity re-weight (Larry Woodman) [741569 742414] - [sched] Move periodic share updates to entity_tick() (Larry Woodman) [741569 742414] - [sched] Fix UP build breakage (Larry Woodman) [741569 742414] - [sched] Update tg->shares after cpu.shares write (Larry Woodman) [741569 742414] [2.6.32-210.el6] - [drm] i915: fix IVB cursor support (Adam Jackson) [741780] - [drm] i915: always set FDI composite sync bit (Adam Jackson) [745564] - [netdrv] bnx2i: Fixed the endian on TTT for NOP out transmission (Mike Christie) [745676] - [scsi] megaraid_sas: Add driver workaround for PERC5/1068 kdump kernel panic (Tomas Henzl) [723218] - [ata] AHCI: Add new Panther Point RAID DeviceID (Prarit Bhargava) [745484] - [scsi] isci: export phy events via ->lldd_control_phy() (David Milburn) [743654] - [scsi] isci: The port state should be set to stopping on the last phy (David Milburn) [743654] - [scsi] isci: fix decode of DONE_CRC_ERR TC completion status (David Milburn) [743654] - [scsi] isci: SATA/STP I/O is only returned in the normal path to libsas (David Milburn) [743654] - [scsi] isci: fix support for large smp requests (David Milburn) [743654] - [scsi] isci: fix missed unlock in apc_agent_timeout() (David Milburn) [743654] - [scsi] isci: fix event-get pointer increment (David Milburn) [743654] - [scsi] isci: add version number (David Milburn) [743654] - [scsi] isci: dynamic interrupt coalescing (David Milburn) [743654] - [scsi] isci: fix sata response handling (David Milburn) [743654] - [scsi] isci: Leave requests alone if already terminating (David Milburn) [743654] - [fs] jbd: Fix forever sleeping process in do_get_write_access() (Harshula Jayasuriya) [744979] - [fs] jbd2: Fix forever sleeping process in do_get_write_access() (Harshula Jayasuriya) [744979] - [net] ipv6: fix refcnt problem related to POSTDAD state (Weiping Pan) [709280 731608] - [x86] paravirt: PTE updates in k(un)map_atomic need to be synchronous, regardless of lazy_mmu mode (Igor Mammedov) [632802] - [s390x] qdio: 2nd stage retry on SIGA-W busy conditions (Hendrik Brueckner) [732708] - [s390x] kernel: NSS creation with initrd fails (Hendrik Brueckner) [730780] - [s390x] qeth: wrong number of output queues for HiperSockets (Hendrik Brueckner) [730701] - [s390x] qeth: l3 ipv6 vlan not working on shared OSA chpid (Hendrik Brueckner) [727850] - [x86] Intel pci: Provide option to enable 64-bit IOMMU pass through mode (George Beshers) [696420] - [x86] intel-iommu: Remove Host Bridge devices from identity mapping (George Beshers) [696420] - [x86] intel-iommu: Add domain check in domain_remove_one_dev_info (George Beshers) [696420] - [x86] intel-iommu: Use coherent DMA mask when requested (George Beshers) [696420] - [x86] intel-iommu: Dont cache iova above 32bit (George Beshers) [696420] - [x86] intel-iommu: Speed up processing of the identity_mapping function (George Beshers) [696420] - [x86] intel-iommu: Check for identity mapping candidate using system dma mask (George Beshers) [696420] - [scsi] tcm_fc: Fix to activate non-offload path for FCoE target (Andy Grover) [638007] [2.6.32-209.el6] - [pci] edd: Treat 'XPRS' host bus type the same as 'PCI' (Mike Christie) [742059] - [scsi] be2iscsi: Move driver Version (Mike Christie) [738163 738934] - [scsi] be2iscsi: memset wrb for ring create (Mike Christie) [738163 738934] - [scsi] be2iscsi: Fix for case where task->sc was cleanedup earlier (Mike Christie) [738163 738934] - [scsi] be2iscsi: Fix for wrong dmsg setting in wrb (Mike Christie) [738163 738934] - [scsi] be2iscsi: Fix for kdump failure (Mike Christie) [738163 738934] - [sched] wait_for_completion_interruptible_timeout() should return signed long (J. Bruce Fields) [738379] [2.6.32-208.el6] - [net] fix net_dev_xmit tracepoint use of freed skb (Jiri Pirko) [705253] - [block] kabi: symbols missing for FusionIO iomemory-vsl driver (Jiri Olsa) [735227] - [netdrv] kabi: symbols missing for Emulex be2net driver (Jiri Olsa) [735229] - [virt] xen: use maximum reservation to limit amount of usable RAM (Igor Mammedov) [743590] - [usb] additional regression fix for device removal (Don Zickus) [744154] - [usb] fix regression occurring during device removal (Don Zickus) [744154] - [usb] Lower USB storage settling delay to something more reasonable (Don Zickus) [743959] [2.6.32-207.el6] - [netdrv] bna: Multiple Definition and Interface Setup Fix (Ivan Vecera) [743347] - [netdrv] bna: Driver Version changed to 3.0.2.2 (Ivan Vecera) [743347] - [netdrv] bna: Add Callback to Fix RXQ Stop (Ivan Vecera) [743347] - [netdrv] bna: PLL Init Fix and Add Stats Attributes (Ivan Vecera) [743347] - [netdrv] bna: Brocade 1860 HW Enablement (Ivan Vecera) [743347] - [netdrv] bna: Implement FW Download for New HW (Ivan Vecera) [743347] - [netdrv] bna: Capability Map and MFG Block Changes for New HW (Ivan Vecera) [743347] - [netdrv] bna: PCI Probe Conf Lock Fix (Ivan Vecera) [743347] - [netdrv] bna: Eliminate Small Race Condition Window in RX Path (Ivan Vecera) [743347] - [netdrv] bna: Set Ring Param Fix (Ivan Vecera) [743347] - [netdrv] bna: Semaphore Lock Fix (Ivan Vecera) [743347] - [netdrv] bna: make function tables cont (Ivan Vecera) [743347] - [netdrv] bna: Driver Version changed to 3.0.2.1 (Ivan Vecera) [743347] - [netdrv] bna: SKB PCI UNMAP Fix (Ivan Vecera) [743347] - [netdrv] bna: TX Queue Depth Fix (Ivan Vecera) [743347] - [netdrv] bna: MBOX IRQ Flag Check after Locking (Ivan Vecera) [743347] - [netdrv] bna: Async Mode Tx Rx Init Fix (Ivan Vecera) [743347] - [netdrv] bna: Ethtool Enhancements and Fix (Ivan Vecera) [743347] - [netdrv] bna: Initialization and Locking Fix (Ivan Vecera) [743347] - [netdrv] bna: Formatting and Code Cleanup (Ivan Vecera) [743347] - [netdrv] bna: TX Path and RX Path Changes (Ivan Vecera) [743347] - [netdrv] bna: Interrupt Polling and NAPI Init Changes (Ivan Vecera) [743347] - [netdrv] bna: PCI Probe Fix (Ivan Vecera) [743347] - [netdrv] bna: Naming Change and Minor Macro Fix (Ivan Vecera) [743347] - [netdrv] bna: off by one in bfa_msgq_rspq_pi_update() (Ivan Vecera) [743347] - [netdrv] bna: unlock on error path in pnad_pci_probe() (Ivan Vecera) [743347] - [scsi] libfc: fix deadlock bug in fc_exch_abort_locked (Mike Christie) [740096] - [scsi] bnx2fc: Bumped version to 1.0.8 (Mike Christie) [740096] - [scsi] bnx2fc: Return error statistics of remote peer (Mike Christie) [740096] - [scsi] fcoe/libfcoe: Move common code for fcoe_get_lesb to fcoe_transport (Mike Christie) [740096] - [scsi] bnx2fc: call ctlr_link_up only when the interface is enabled (Mike Christie) [740096] - [scsi] bnx2fc: Add driver documentation (Mike Christie) [740096] - [scsi] bnx2fc: Bumped version to 1.0.7 (Mike Christie) [740096] - [scsi] bnx2fc: Handle bnx2fc_map_sg failure (Mike Christie) [740096] - [scsi] bnx2fc: Replace scsi_dma_map() with dma_map_sg() (Mike Christie) [740096] - [x86] acpi: Prevent acpiphp from deadlocking on PCI-to-PCI bridge remove (Prarit Bhargava) [732706] - [x86] UV2: add missing kABI bits (George Beshers) [741432] - [ppc] pci: Check devices status property when scanning OF tree (Steve Best) [738450] - [drm] radeon/kms: reject video mode that would go over bandwidth limit on RN50 (Jerome Glisse) [729976] - [fs] deal with races in /proc/*/syscall, stack, personality (Johannes Weiner) [692039] - [fs] proc: enable writing to /proc/pid/mem (Johannes Weiner) [692039] - [fs] proc: make check_mem_permission() return an mm_struct on success (Johannes Weiner) [692039] - [fs] proc: hold cred_guard_mutex in check_mem_permission() (Johannes Weiner) [692039] - [fs] proc: disable mem_write after exec (Johannes Weiner) [692039] - [mm] implement access_remote_vm (Johannes Weiner) [692039] - [mm] factor out main logic of access_process_vm (Johannes Weiner) [692039] - [mm] use mm_struct to resolve gate vmas in __get_user_pages (Johannes Weiner) [692039] - [mm] rename in_gate_area_no_task to in_gate_area_no_mm (Johannes Weiner) [692039] - [mm] make in_gate_area take an mm_struct instead of a task_struct (Johannes Weiner) [692039] - [mm] make get_gate_vma take an mm_struct instead of a task_struct (Johannes Weiner) [692039] - [x86] mark associated mm when running a task in 32 bit compatibility mode (Johannes Weiner) [692039] - [x86] add context tag to mark mm when running a task in 32-bit compatibility mode (Johannes Weiner) [692039] - [fs] auxv: require the target to be tracable (or yourself) (Johannes Weiner) [692039] - [fs] close race in /proc/*/environ (Johannes Weiner) [692039] - [fs] report errors in /proc/*/*map* sanely (Johannes Weiner) [692039] - [fs] pagemap: close races with suid execve (Johannes Weiner) [692039] - [fs] make sessionid permissions in /proc/*/task/* match those in /proc/* (Johannes Weiner) [692039] {CVE-2011-1020} [2.6.32-206.el6] - [ppc] ibmveth: Fix leak when recycling skb and hypervisor returns error (Steve Best) [740548] - [fs] nfs: Do not allow multiple mounts on same mountpoint when using -o noac (Sachin Prabhu) [584768] - [scsi] megaraid: fix FastPath and update to v5.40 (Tomas Henzl) [726225] - [acpi] APEI: set enable bit for OSC call (Matthew Garrett) [734509] - [block] Whitelist symbols for dm-switch multipathing driver (Shyam Iyer) [714992] - [x86] Missing 'unregister_cpu_notifier' in powernow-k8.c (Prarit Bhargava) [741302] - [virt] xen-netfront: fix MTU reset after migration (Paolo Bonzini) [733651] [2.6.32-205.el6] - [mm] add extra free kbytes tunable (Rik van Riel) [696395] - [build] Makefile: include RHEL_RELEASE in version.h (Aristeu Rozanski) - [ppc] Fix bogus it_blocksize in VIO iommu code (Steve Best) [738449] - [ppc] hvcs: Ensure page aligned partner info buffer (Steve Best) [739749] - [virt] KVM: Enable RDRAND feature support for KVM (Don Dugger) [721131] - [virt] x86, cpu: Add CPU flags for F16C and RDRND (Don Dugger) [721131] - [mm] zram: prevent accessing an unallocated table when init fails early (Jerome Marchand) [732707] - [mm] zram: fix zram locking (Jerome Marchand) [732707] - [ppc] eeh: Display eeh error location for bus and device (Steve Best) [707843] - [ppc] pseries/eeh: Handle functional reset on non-PCIe device (Steve Best) [707843] - [ppc] pseries/eeh: Propagate needs_freset flag to device at PE (Steve Best) [707843] - [ppc] eeh: Add support for ibm, configure-pe RTAS call (Steve Best) [707843] - [scsi] isci: initial sgpio write support (David Milburn) [735318] - [scsi] isci: fix sgpio register definitions (David Milburn) [735318] - [scsi] libsas: sgpio write support (David Milburn) [735318] - [drm] i915: set GFX_MODE to pre-Ivybridge default value even on Ivybridge (Adam Jackson) [695793] [2.6.32-204.el6] - [netdrv] firmware: add bnx2x FW 7.0.23 (Michal Schmidt) [733693] - [netdrv] bnx2x: Add new PHY BCM54616 (Michal Schmidt) [733888] - [netdrv] bnx2x: fixes from upstream 3.1-rc (Michal Schmidt) [733693] - [netdrv] bnx2x: driver-side changes for firmware 7.0.23 (Michal Schmidt) [733693] - [netdrv] bnx2x: add missing DCB callbacks (Michal Schmidt) [733693] - [scsi] scan: dont fail scans when host is in recovery (Mike Christie) [713682] - [usb] dont let errors prevent system sleep (Don Zickus) [732457 732909 735048 735050 735263] - [usb] dont let the hub driver prevent system sleep (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xhci: Reject double add of active endpoints (Don Zickus) [732457 732909 735048 735050 735263] - [usb] Free bandwidth when usb_disable_device is called (Don Zickus) [732457 732909 735048 735050 735263] - [usb] disable endpoints after unbinding interfaces, not before (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xhci: Dont warn about zeroed bMaxBurst descriptor field (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xHCI 1.0: Force Stopped Event(FSE) (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xHCI 1.0: introduce Incompatible Device Error (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xhci: Add reset on resume quirk for asrock p67 host (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xhci: Always set urb->status to zero for isoc endpoints (Don Zickus) [732457 732909 735048 735050 735263] - [usb] Fix up URB error codes to reflect implementation (Don Zickus) [732457 732909 735048 735050 735263] - [usb] config: use proper endian access for wMaxPacketSize (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xhci: fix OS want to own HC (Don Zickus) [732457 732909 735048 735050 735263] - [usb] xhci: Dont submit commands or URBs to halted hosts (Don Zickus) [732457 732909 735048 735050 735263] - [usb] usbcore: warm reset USB3 port in SS.Inactive state (Don Zickus) [732457 732909 735048 735050 735263] - [usb] Refine USB3.0 device suspend and resume (Don Zickus) [732457 732909 735048 735050 735263] - [usb] fix system suspend with USB3.0 device connected to USB3.0 hub (Don Zickus) [732457 732909 735048 735050 735263] - [usb] Clear 'warm' port reset change (Don Zickus) [732457 732909 735048 735050 735263] - [netdrv] b43: allocate receive buffers big enough for max frame len + offset (RuiRui Yang) [738205] {CVE-2011-3359} - [netdrv] tg3: call netif_carrier_off to initialize operstate value (John Feeney) [727330] - [fs] fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (RuiRui Yang) [736765] {CVE-2011-3353} - [fs] cifs: fix possible memory corruption in CIFSFindNext (Jeff Layton) [730354] {CVE-2011-3191} - [fs] nfsd4: fix open downgrade, again (J. Bruce Fields) [729176] - [fs] jbd[2]: Use WRITE_SYNC_PLUG in journal_commit_transaction (Jeff Moyer) [720918] - [fs] mbcache: Limit the maximum number of cache entries (Eric Sandeen) [731585] - [netdrv] netxen: Add firmware version 4.0.557[579]. (Chad Dupuis) [741776] - [netdrv] netxen: Add pcie workaround (Chad Dupuis) [741774] - [netdrv] netxen: add vlan LRO support (Chad Dupuis) [741774] - [netdrv] netxen: add fw version compatibility check (Chad Dupuis) [741774] - [netdrv] netxen: drivers/net: Remove casts of void * (Chad Dupuis) [741774] - [netdrv] netxen: fix race in skb->len access (Chad Dupuis) [741774] - [netdrv] netxen: drivers/net: Remove unnecessary semicolons (Chad Dupuis) [741774] - [netdrv] netxen: ethtool: cosmetic: Use ethtool ethtool_cmd_speed API (Chad Dupuis) [741774] - [netdrv] netxen: ethtool: Use full 32 bit speed range in ethtools set_settings (Chad Dupuis) [741774] [2.6.32-203.el6] - [fs] xfs: avoid direct I/O write vs buffered I/O race (Dave Chinner) [732976] - [fs] xfs: dont serialise adjacent concurrent direct IO appending writes (Dave Chinner) [732976] - [fs] xfs: dont serialise direct IO reads on page cache checks (Dave Chinner) [732976] - [fs] gfs2: Ignore buffers with wrong state during fsync (Abhijith Das) [740066] - [fs] GFS2: balance pages on gfs2_fallocate. (Benjamin Marzinski) [737989] - [fs] xfs: avoid synchronous transactions when deleting attr blocks (Dave Chinner) [740312] - [fs] GFS2: large file delete/unlink is slow (Robert S Peterson) [739987] - [fs] ext4: optimize ext4_check_dir_entry() (Eric Sandeen) [714007] - [fs] Fix do_lookup false negative. (David Howells) [693841] - [netdrv] tg3: Fix VLAN creation problem (John Feeney) [731268 732769] - [netdrv] ixgbe: fix improper check of dma address for NULL (Neil Horman) [683611] - [netdrv] e1000: dont enable dma receives until after dma address has been setup (Dean Nelson) [703357] - [net] sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [729220] [2.6.32-202.el6] - [net] br_multicast: Ensure to initialize BR_INPUT_SKB_CB(skb)->mrouters_only. (Herbert Xu) [738110] [2.6.32-201.el6] - [x86] Add rh_kabi.c and protect struct alt_instr under KABI (Prarit Bhargava) [737753] - [x86] Fix module alt_instr KABI breakage (Prarit Bhargava) [737753] [2.6.32-200.el6] - [build] Makefile: update RHEL_MINOR to 2 (Aristeu Rozanski) - [scsi] scsi_lib: pause between error retries (Rob Evers) [736812] - [kernel] perf tools: do not look at ./config for configuration (Jiri Benc) [730204] {CVE-2011-2905} - [scsi] Fix out of spec CD-ROM problem with media change (Rob Evers) [703366] - [netdrv] bna: Driver Version changed to 3.0.2.0 (Ivan Vecera) [701486] - [netdrv] bna: Remove Obsolete Files (Ivan Vecera) [701486] - [netdrv] bna: Remove Unused Code (Ivan Vecera) [701486] - [netdrv] bna: ENET and Tx Rx Redesign Enablement (Ivan Vecera) [701486] - [netdrv] bna: Add New HW Defs (Ivan Vecera) [701486] - [netdrv] bna: Tx and Rx Redesign (Ivan Vecera) [701486] - [netdrv] bna: Introduce ENET as New Driver and FW Interface (Ivan Vecera) [701486] - [netdrv] bna: MSGQ Implementation (Ivan Vecera) [701486] - [netdrv] bna: Remove Obsolete File bfi_ctreg.h (Ivan Vecera) [701486] - [netdrv] bna: Consolidated HW Registers for Supported HWs (Ivan Vecera) [701486] - [netdrv] bna: Remove get_regs Ethtool Support (Ivan Vecera) [701486] - [netdrv] bna: HW Interface Init Update (Ivan Vecera) [701486] - [netdrv] bna: Remove Unnecessary CNA Check (Ivan Vecera) [701486] - [netdrv] bna: Header File Consolidation (Ivan Vecera) [701486] - [netdrv] bna: HW Error Counter Fix (Ivan Vecera) [701486] - [netdrv] bna: Add HW Semaphore Unlock Logic (Ivan Vecera) [701486] - [netdrv] bna: IOC Event Name Change (Ivan Vecera) [701486] - [netdrv] bna: Mboxq Flush When IOC Disabled (Ivan Vecera) [701486] - [netdrv] bna: Minor IRQ Index and Definition Change (Ivan Vecera) [701486] - [netdrv] bna: State Machine Fault Handling Cleanup (Ivan Vecera) [701486] - [netdrv] bna: IOC Event Notification Enhancement (Ivan Vecera) [701486] - [netdrv] bna: CheckPatch Cleanup (Ivan Vecera) [701486] - [netdrv] bna: Print Driver Version (Ivan Vecera) [701486] - [netdrv] bna: use netdev_alloc_skb_ip_align() (Ivan Vecera) [701486] - [netdrv] bna: ethtool: cosmetic: Use ethtool ethtool_cmd_speed API (Ivan Vecera) [701486] - [netdrv] bna: ethtool: Use full 32 bit speed range in ethtools set_settings (Ivan Vecera) [701486] - [net] bna: fix compile warning of bfa_ioc_smem_pgoff defined but not used (Ivan Vecera) [701486] - [netdrv] bna: Fix set-but-unused variables. (Ivan Vecera) [701486] - [netdrv] bna: use device model DMA API (Ivan Vecera) [701486] - [netdrv] bna: Remove unnecessary memset(,0,) (Ivan Vecera) [701486] [2.6.32-199.el6] - [scsi] libfcoe: fix compilation when fcoe.ko is not used (Mike Christie) [727304] - [scsi] bnx2fc: Bumped version to 1.0.6 (Mike Christie) [727304] - [scsi] bnx2fc: Fix FW assert during RSCN stress tests (Mike Christie) [727304] - [scsi] bnx2fc: Fix panic caused because of incorrect errror handling in create() (Mike Christie) [727304] - [scsi] bnx2fc: Avoid calling bnx2fc_if_destroy with unnecessary locks (Mike Christie) [727304] - [scsi] bnx2fc: Validate vlan id in NETDEV_UNREGISTER handler (Mike Christie) [727304] - [scsi] bnx2fc: No abort issued for REC when it times out (Mike Christie) [727304] - [scsi] bnx2fc: Send solicitation only after vlan discovery is complete (Mike Christie) [727304] - [scsi] bnx2fc: Reset max receive frame size during link up (Mike Christie) [727304] - [scsi] bnx2fc: Do not use HBA_DBG macro when lport is not available (Mike Christie) [727304] - [scsi] bnx2fc: increase cleanup wait time (Mike Christie) [727304] - [scsi] bnx2fc: Bump version to 1.0.5 (Mike Christie) [727304] - [scsi] bnx2fc: Prevent creating of NPIV port with duplicate WWN (Mike Christie) [727304] - [scsi] bnx2fc: Obtain WWNN/WWPN from the shared memory (Mike Christie) [727304] - [scsi] fcoe: Move common functions to fcoe_transport library (Mike Christie) [727304] - [scsi] bnx2fc: Drop incoming ABTS (Mike Christie) [727304] - [scsi] bnx2fc: code cleanup in bnx2fc_offload_session (Mike Christie) [727304] - [scsi] bnx2fc: Fix NULL pointer deref during arm_cq (Mike Christie) [727304] - [scsi] bnx2fc: Do not reuse the fcoe connection id immediately (Mike Christie) [727304] - [scsi] bnx2fc: Clear DESTROY_CMPL flag after firmware destroy (Mike Christie) [727304] - [scsi] bnx2fc: Handle NETDEV_UNREGISTER for vlan devices (Mike Christie) [727304] - [scsi] bnx2fc: Reorganize cleanup code between interface_cleanup and if_destroy (Mike Christie) [727304] - [scsi] bnx2fc: Change function names of bnx2fc_netdev_setup/bnx2fc_netdev_cleanup (Mike Christie) [727304] - [scsi] bnx2fc: Do not attempt destroying NPIV port twice (Mike Christie) [727304] - [scsi] bnx2fc: Remove erroneous kref_get on IO request (Mike Christie) [727304] - [scsi] bnx2fc: Enable bsg_request support for bnx2fc (Mike Christie) [727304] - [scsi] bnx2fc: Bug fixes in percpu_thread_create/destroy (Mike Christie) [727304] - [scsi] bnx2fc: Reset the max receive frame size (Mike Christie) [727304] - [netdrv] cnic: Wait for all Context IDs to be deleted before sending FCOE_DESTROY_FUNC (Mike Christie) [727304] - [netdrv] cnic: Fix Context ID space calculation (Mike Christie) [727304] - [netdrv] cnic: Return proper error code if we fail to send netlink message (Mike Christie) [727304] - [netdrv] cnic: Fix ring setup/shutdown code (Mike Christie) [727304] - [netdrv] cnic: Fix port_mode setting (Mike Christie) [727304] - [netdrv] cnic: Replace get_random_bytes() with random32() (Mike Christie) [727304] - [scsi] cnic, bnx2i: Add support for new devices - 57800, 57810, and 57840 (Mike Christie) [727304] - [netdrv] cnic: Add VLAN ID as a parameter during netevent upcall (Mike Christie) [727304] - [x86] mm: Fix pgd_lock deadlock (Andrew Jones) [691310] - [mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Andrew Jones) [691310] - [mm] Revert 'fix pgd_lock deadlock' (Andrew Jones) [691310] - [scsi] libfc: fix referencing to fc_fcp_pkt from the frame pointer via fr_fsp() (Mike Christie) [734961] - [scsi] libfc: block SCSI eh thread for blocked rports (Mike Christie) [734961] - [scsi] libfc: fix fc_eh_host_reset (Mike Christie) [734961] - [scsi] fcoe: Fix deadlock between fips recv_work and rtnl (Mike Christie) [734961] - [scsi] fcoe: add fip retry to avoid missing critical keep alive (Mike Christie) [734961] - [scsi] libfc: fix warn on in lport retry (Mike Christie) [734961] - [scsi] libfc: Remove the reference to FCP packet from scsi_cmnd in case of error (Mike Christie) [734961] - [scsi] libfc: cleanup sending SRR request (Mike Christie) [734961] - [scsi] libfc: two minor changes in comments (Mike Christie) [734961] - [scsi] libfc, fcoe: ignore rx frame with wrong xid info (Mike Christie) [734961] - [scsi] libfc: release exchg cache (Mike Christie) [734961] - [scsi] libfc: use FC_MAX_ERROR_CNT (Mike Christie) [734961] - [scsi] fcoe: remove unused ptype field in fcoe_rcv_info (Mike Christie) [734961] - [scsi] fcoe: Rearrange fcoe port and NPIV port cleanup (Mike Christie) [734961] - [x86] intel_idle: Fix mismerge (Matthew Garrett) [733730] - [x86] x2apic: enable the bios request for x2apic optout (Prarit Bhargava) [696902] - [x86] ACPI: fix ioremap failure regression (Stanislaw Gruszka) [731546] [2.6.32-198.el6] - [fs] corrupted GUID partition tables can cause kernel oops (Jerome Marchand) [695982] {CVE-2011-1577} - [x86] perf: Fix Intel fixed counters base initialization (Don Zickus) [736284] {CVE-2011-2521} - [netdrv] iwlagn: use 6000g2b uCode for 130 series devices (Stanislaw Gruszka) [737185] - [block] Missing portions of DM/MD RAID1 plugging patch (Jonathan E Brassow) [735124] - [net] Compute protocol sequence numbers and fragment IDs using MD5. (Jiri Pirko) [732665] {CVE-2011-3188} - [crypto] Move md5_transform to lib/md5.c (Jiri Pirko) [732665] {CVE-2011-3188} [2.6.32-197.el6] - [block] blktrace: fix handling of requests with SYNC and META flags (Mike Snitzer) [726437] - [block] blktrace: add FLUSH/FUA support (Mike Snitzer) [726437] - [kernel] Restore max mqueue message size to its previous RHEL 5 value (Doug Ledford) [730632] [2.6.32-196.el6] - [scsi] qla4xxx: updated device id check for BFS (Chad Dupuis) [732622] - [fs] nfsd4: return nfserr_symlink on v4 OPEN of non-regular file (J. Bruce Fields) [697659] - [netdrv] bnx2: Fix some late breaking bnx2 bugs (Neil Horman) [728328] - [netdrv] e1000: save skb counts in TX to avoid cache misses (Dean Nelson) [690780] - [netdrv] bonding: reset queue mapping prior to transmission (Neil Horman) [726688] - [netdrv] e1000e: update to upstream version 1.4.4 (Andy Gospodarek) [730607] - [netdrv] bonding: add missing xmit_hash_policy=layer2+3 info (Weiping Pan) [706018] - [net] vlan: do not transfer real_num_tx_queues (Weiping Pan) [735015] - [mm] thp: tail page refcounting fix (Andrea Arcangeli) [732986] - [virt] xen: x86_32: do not enable iterrupts when returning from exception in interrupt context (Igor Mammedov) [713399] - [mm] oom: task->mm == NULL doesnt mean the memory was freed (Frantisek Hrbata) [734732] - [scsi] scsi_dh_rdac: Associate HBA and storage in rdac_controller to support partitions in storage (Mike Snitzer) [733763] - [scsi] scsi_dh_rdac: Use WWID from C8 page instead of Subsystem id from C4 page to identify storage (Mike Snitzer) [733763] - [scsi] lpfc: Update lpfc version for 8.3.5.45.3p driver release (Rob Evers) [733500] - [scsi] lpfc: Fix compiler warning due to uninitialized local variable (Rob Evers) [733500] - [scsi] lpfc: Fix bus reset handler fails with bad failure code (Rob Evers) [733500] - [scsi] lpfc: Fix proper error code return value for management API (Rob Evers) [733500] - [scsi] lpfc: Fixed ctlreg write bug (Rob Evers) [733500] - [scsi] lpfc: Fix default adapter name for the OCe15100 (Rob Evers) [733500] - [scsi] lpfc: Fix cable pull failure on interface type 2 SLI-4 adapters (Rob Evers) [733500] - [scsi] lpfc: Fixed not able to perform firmware reset through sysfs board_mode attribute (Rob Evers) [733500] - [scsi] lpfc: Fixed SLI4 device firmware reset with SR-IOV virtual functions (Rob Evers) [733500] - [scsi] lpfc: Fixed not recovering SLI port in handling error attention with RN bit set (Rob Evers) [733500] - [scsi] lpfc: Fix two crashes when unsolicted ELS ECHO_CMD is received (Rob Evers) [733500] - [scsi] lpfc: Fix direct connect does not come up for SLI4 FC ports (Rob Evers) [733500] - [scsi] lpfc: Fixed long wait when firmware reset to a SLI port without required privilege (Rob Evers) [733500] - [scsi] lpfc: Fix request firmware support for little endian systems (Rob Evers) [733500] [2.6.32-195.el6] - [drm] radeon/kms: set a default max_pixel_clock (Dave Airlie) [729545] - [pci] pciehp: change wait time for valid configuration access (Myron Stowe) [727720] - [pci] ACPI: Report ASPM support to BIOS if not disabled from command line (Myron Stowe) [732501] - [ppc] pci: Add calls to set_pcie_port_type() and set_pcie_hotplug_bridge() (Steve Best) [734192] - [ppc] pci: Add missing hookup to pci_slot (Steve Best) [734192] - [ppc] pci: Add missing call to header fixup (Steve Best) [734192] - [virt] xen events: implement mask_ack (Andrew Jones) [733672] - [virt] Revert '[virt] xen/events: change to using fasteoi' (Andrew Jones) [733672] - [scsi] be2iscsi: Add pci_disable device (Mike Christie) [688076] - [scsi] be2iscsi: Adding a shutdown Routine (Mike Christie) [688076] - [net] ipv6: make fragment identifications less predictable (Jiri Pirko) [723433] {CVE-2011-2699} - [fs] Ecryptfs: Add mount option to check uid of device being mounted = expect uid (Eric Sandeen) [731176] {CVE-2011-1833} MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1020 CVE-2011-3347 CVE-2011-3638 CVE-2011-4110 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [qemu-kvm-0.12.1.2-2.209.el6] - kvm-hda-do-not-mix-output-and-input-streams-RHBZ-740493-v2.patch [bz#740493] - kvm-hda-do-not-mix-output-and-input-stream-states-RHBZ-740493-v2.patch [bz#740493] - kvm-intel-hda-fix-stream-search.patch [bz#740493] - Resolves: bz#740493 (audio playing doesn't work when sound recorder is opened) [qemu-kvm-0.12.1.2-2.208.el6] - kvm-migration-flush-migration-data-to-disk.patch [bz#721114] - Resolves: bz#721114 (qemu fails to restore guests that were previously suspended on host shutdown) [qemu-kvm-0.12.1.2-2.207.el6] - kvm-migration-s-dprintf-DPRINTF-v2.patch [bz#669581] - kvm-migration-simplify-state-assignmente-v2.patch [bz#669581] - vm-migration-Check-that-migration-is-active-before-canc-v2.patch [bz#669581] - kvm-Reorganize-and-fix-monitor-resume-after-migration-v2.patch [bz#669581] - kvm-migration-add-error-handling-to-migrate_fd_put_notif-v2.patch [bz#669581] - kvm-migration-If-there-is-one-error-it-makes-no-sense-to-v2.patch [bz#669581] - kvm-buffered_file-Use-right-opaque-v2.patch [bz#669581] - kvm-buffered_file-reuse-QEMUFile-has_error-field-v2.patch [bz#669581] - kvm-migration-don-t-write-when-migration-is-not-active-v2.patch [bz#669581] - kvm-migration-set-error-if-select-return-one-error-v2.patch [bz#669581] - kvm-migration-change-has_error-to-contain-errno-values-v2.patch [bz#669581] - kvm-migration-return-real-error-code-v2.patch [bz#669581] - kvm-migration-rename-qemu_file_has_error-to-qemu_file_ge-v2.patch [bz#669581] - kvm-savevm-Rename-has_error-to-last_error-field-v2.patch [bz#669581] - kvm-migration-use-qemu_file_get_error-return-value-when--v2.patch [bz#669581] - kvm-migration-make-save_live-return-errors-v2.patch [bz#669581] - kvm-savevm-qemu_fille_buffer-used-to-return-one-error-fo-v2.patch [bz#669581] - kvm-Fix-segfault-on-migration-completion.patch [bz#669581 bz#749806] - Resolves: bz#669581 (Migration Never end while Use firewall reject migration tcp port) - Resolves: bz#749806 (Migration segfault on migrate_fd_put_notify()/qemu_file_get_error()) [qemu-kvm-0.12.1.2-2.206.el6] - kvm-Revert-savevm-qemu_fille_buffer-used-to-return-one-e.patch [bz#669581] - kvm-Revert-migration-make-save_live-return-errors.patch [bz#669581] - kvm-Revert-migration-use-qemu_file_get_error-return-valu.patch [bz#669581] - kvm-Revert-savevm-Rename-has_error-to-last_error-field.patch [bz#669581] - kvm-Revert-migration-rename-qemu_file_has_error-to-qemu_.patch [bz#669581] - kvm-Revert-migration-return-real-error-code.patch [bz#669581] - kvm-Revert-migration-change-has_error-to-contain-errno-v.patch [bz#669581] - kvm-Revert-migration-set-error-if-select-return-one-erro.patch [bz#669581] - kvm-Revert-migration-don-t-write-when-migration-is-not-a.patch [bz#669581] - kvm-Revert-buffered_file-reuse-QEMUFile-has_error-field.patch [bz#669581] - kvm-Revert-buffered_file-Use-right-opaque.patch [bz#669581] - kvm-Revert-migration-If-there-is-one-error-it-makes-no-s.patch [bz#669581] - kvm-Revert-migration-add-error-handling-to-migrate_fd_pu.patch [bz#669581] - kvm-Revert-Reorganize-and-fix-monitor-resume-after-migra.patch [bz#669581] - kvm-Revert-migration-Check-that-migration-is-active-befo.patch [bz#669581] - kvm-Revert-migration-simplify-state-assignmente.patch [bz#669581] - kvm-Revert-migration-s-dprintf-DPRINTF.patch [bz#669581] - Related: bz#669581 (Migration Never end while Use firewall reject migration tcp port) - Fixes bz#749806 (Migration segfault on migrate_fd_put_notify()/qemu_file_get_error()) [qemu-kvm-0.12.1.2-2.205.el6] - kvm-qxl-fix-guest-cursor-tracking.patch [bz#744518] - kvm-qxl-create-slots-on-post_load-in-vga-state.patch [bz#740547] - kvm-qxl-reset-update_surface.patch [bz#690427] - Resolves: bz#690427 (qemu-kvm crashes when update/roll back of qxl driver in WindowsXP guest) - Resolves: bz#740547 (qxl: migrating when not in native mode causes a 'panic: virtual address out of range') - Resolves: bz#744518 (qemu-kvm core dumps when qxl-linux guest migrate with reboot) [qemu-kvm-0.12.1.2-2.204.el6] - kvm-savevm-qemu_fille_buffer-used-to-return-one-error-fo.patch [bz#669581] - Resolves: bz#669581 (Migration Never end while Use firewall reject migration tcp port) [qemu-kvm-0.12.1.2-2.203.el6] - kvm-qemu-kvm-fix-improper-nmi-emulation-2.patch [bz#738565] - Resolves: bz#738565 ([FJ6.2 Bug]: Failed to capture kdump due to redundant NMIs) [qemu-kvm-0.12.1.2-2.202.el6] - kvm-Revert-qemu-kvm-fix-improper-nmi-emulation.patch [bz#738565] - Related: bz#738565 ([FJ6.2 Bug]: Failed to capture kdump due to redundant NMIs) [qemu-kvm-0.12.1.2-2.201.el6] - kvm-migration-s-dprintf-DPRINTF.patch [bz#669581] - kvm-migration-simplify-state-assignmente.patch [bz#669581] - kvm-migration-Check-that-migration-is-active-before-canc.patch [bz#669581] - kvm-Reorganize-and-fix-monitor-resume-after-migration.patch [bz#669581] - kvm-migration-add-error-handling-to-migrate_fd_put_notif.patch [bz#669581] - kvm-migration-If-there-is-one-error-it-makes-no-sense-to.patch [bz#669581] - kvm-buffered_file-Use-right-opaque.patch [bz#669581] - kvm-buffered_file-reuse-QEMUFile-has_error-field.patch [bz#669581] - kvm-migration-don-t-write-when-migration-is-not-active.patch [bz#669581] - kvm-migration-set-error-if-select-return-one-error.patch [bz#669581] - kvm-migration-change-has_error-to-contain-errno-values.patch [bz#669581] - kvm-migration-return-real-error-code.patch [bz#669581] - kvm-migration-rename-qemu_file_has_error-to-qemu_file_ge.patch [bz#669581] - kvm-savevm-Rename-has_error-to-last_error-field.patch [bz#669581] - kvm-migration-use-qemu_file_get_error-return-value-when-.patch [bz#669581] - kvm-migration-make-save_live-return-errors.patch [bz#669581] - kvm-qemu-kvm-fix-improper-nmi-emulation.patch [bz#738565] - kvm-scsi-fix-accounting-of-writes.patch [bz#744780] - kvm-scsi-disk-bump-SCSIRequest-reference-count-until-aio.patch [bz#744780] - Resolves: bz#669581 (Migration Never end while Use firewall reject migration tcp port) - Resolves: bz#738565 ([FJ6.2 Bug]: Failed to capture kdump due to redundant NMIs) - Resolves: bz#744780 (use-after-free in QEMU SCSI target code) [qemu-kvm-0.12.1.2-2.200.el6] - kvm-Introduce-the-RunState-type.patch [bz#617889] - kvm-RunState-Add-additional-states.patch [bz#617889] - kvm-runstate_set-Check-for-valid-transitions.patch [bz#617889] - kvm-Drop-the-incoming_expected-global-variable.patch [bz#617889] - kvm-Drop-the-vm_running-global-variable.patch [bz#617889] - kvm-Monitor-QMP-Don-t-allow-cont-on-bad-VM-state.patch [bz#617889] - kvm-QMP-query-status-Introduce-status-key.patch [bz#617889] - kvm-HMP-info-status-Print-the-VM-state.patch [bz#617889] - kvm-RunState-Rename-enum-values.patch [bz#617889] - kvm-runstate-Allow-to-transition-from-paused-to-postmigr.patch [bz#617889] - kvm-savevm-qemu_savevm_state-Drop-stop-VM-logic.patch [bz#617889] - kvm-runstate-Allow-user-to-migrate-twice.patch [bz#617889] - kvm-RunState-Don-t-abort-on-invalid-transitions.patch [bz#617889] - Resolves: bz#617889 (QMP: provide VM stop reason) [qemu-kvm-0.12.1.2-2.199.el6] - kvm-usb-hid-activate-usb-tablet-mouse-after-migration.patch [bz#741878] - kvm-ps2-migrate-ledstate.patch [bz#729294] - Resolves: bz#729294 (Keyboard leds/states are not synchronized after migration of guest) - Resolves: bz#741878 (USB tablet mouse does not work well when migrating between 6.2<->6.2 hosts and 6.1<->6.2 hosts) [qemu-kvm-0.12.1.2-2.198.el6] - kvm-bz716261-kvm-Extend-kvm_arch_get_supported_cpuid-to-.patch [bz#716261] - kvm-bz716261-Enable-XSAVE-related-CPUID.patch [bz#716261] - kvm-bz716261-Fix-XSAVE-feature-bit-enumeration.patch [bz#716261] - kvm-bz716261-Synchronize-kernel-headers.patch [bz#716261] - kvm-bz716261-kvm-Enable-XSAVE-live-migration-support.patch [bz#716261] - kvm-bz716261-Put-XSAVE-area-in-a-sub-section.patch [bz#716261] - kvm-bz716261-Enable-xsave-as-a-cpu-flag.patch [bz#716261] - kvm-allow-more-than-1T-in-KVM-x86-guest.patch [bz#743391] - kvm-blockdev-Belatedly-remove-driveopts.patch [bz#742458] - kvm-ide-Remove-useless-IDEDeviceInfo-members-unit-drive.patch [bz#742458] - kvm-block-New-bdrv_next.patch [bz#742458] - kvm-block-Decouple-savevm-from-DriveInfo.patch [bz#742458] - kvm-savevm-Survive-hot-unplug-of-snapshot-device.patch [bz#743269] - kvm-ide-Replace-IDEState-members-is_cdrom-is_cf-by-drive.patch [bz#742458] - kvm-ide-split-ide-command-interpretation-off.patch [bz#742458] - kvm-ide-fix-whitespace-gap-in-ide_exec_cmd.patch [bz#742458] - kvm-trace-Trace-bdrv_set_locked.patch [bz#742458] - kvm-atapi-Drives-can-be-locked-without-media-present.patch [bz#742469] - kvm-atapi-Report-correct-errors-on-guest-eject-request.patch [bz#742458] - kvm-ide-Split-atapi.c-out.patch [bz#742458] - kvm-ide-atapi-Factor-commands-out.patch [bz#742458] - kvm-ide-atapi-Use-table-instead-of-switch-for-commands.patch [bz#742458] - kvm-ide-atapi-Replace-bdrv_get_geometry-calls-by-s-nb_se.patch [bz#742458] - kvm-ide-atapi-Introduce-CHECK_READY-flag-for-commands.patch [bz#742458] - kvm-atapi-Move-comment-to-proper-place.patch [bz#742458] - kvm-atapi-Explain-why-we-need-a-media-not-present-state.patch [bz#742458] - kvm-block-QMP-Deprecate-query-block-s-type-drop-info-blo.patch [bz#742458] - kvm-blockdev-Make-eject-fail-for-non-removable-drives-ev.patch [bz#742476] - kvm-block-Reset-device-model-callbacks-on-detach.patch [bz#742458] - kvm-block-raw-win32-Drop-disabled-code-for-removable-hos.patch [bz#742458] - kvm-block-Make-BlockDriver-method-bdrv_set_locked-return.patch [bz#742458] - kvm-block-Make-BlockDriver-method-bdrv_eject-return-void.patch [bz#742458] - kvm-block-Don-t-let-locked-flag-prevent-medium-load.patch [bz#742480] - kvm-scsi-disk-Codingstyle-fixes.patch [bz#742458] - kvm-scsi-Remove-references-to-SET_WINDOW.patch [bz#742458] - kvm-scsi-Remove-REZERO_UNIT-emulation.patch [bz#742458] - kvm-scsi-Sanitize-command-definitions.patch [bz#742458] - kvm-scsi-disk-Remove-drive_kind.patch [bz#742458] - kvm-scsi-disk-no-need-to-call-scsi_req_data-on-a-short-r.patch [bz#742458] - kvm-scsi-pass-status-when-completing.patch [bz#742458] - kvm-trace-Fix-harmless-mismerge-of-hw-scsi-bus.c-events.patch [bz#742458] - kvm-scsi-move-sense-handling-to-generic-code.patch [bz#742458] - kvm-block-Attach-non-qdev-devices-as-well.patch [bz#742458] - kvm-block-Generalize-change_cb-to-BlockDevOps.patch [bz#742458] - kvm-block-Split-change_cb-into-change_media_cb-resize_cb.patch [bz#742458] - kvm-ide-Update-command-code-definitions-as-per-ACS-2-Tab.patch [bz#742458] - kvm-ide-Clean-up-case-label-indentation-in-ide_exec_cmd.patch [bz#742458] - kvm-ide-Give-vmstate-structs-internal-linkage-where-poss.patch [bz#742458] - kvm-block-raw-Fix-to-forward-method-bdrv_media_changed.patch [bz#742458] - kvm-block-Leave-tracking-media-change-to-device-models.patch [bz#742458] - kvm-fdc-Make-media-change-detection-more-robust.patch [bz#742458] - kvm-block-Clean-up-bdrv_flush_all.patch [bz#742458] - kvm-savevm-Include-writable-devices-with-removable-media.patch [bz#742484] - kvm-scsi-fill-in-additional-sense-length-correctly.patch [bz#742458] - kvm-ide-Fix-ATA-command-READ-to-set-ATAPI-signature-for-.patch [bz#742458] - kvm-ide-Use-a-table-to-declare-which-drive-kinds-accept-.patch [bz#742458] - kvm-ide-Reject-ATA-commands-specific-to-drive-kinds.patch [bz#742458] - kvm-ide-atapi-Clean-up-misleading-name-in-cmd_start_stop.patch [bz#742458] - kvm-ide-atapi-Track-tray-open-close-state.patch [bz#742458] - kvm-scsi-disk-Factor-out-scsi_disk_emulate_start_stop.patch [bz#742458] - kvm-scsi-disk-Track-tray-open-close-state.patch [bz#742458] - kvm-block-Revert-entanglement-of-bdrv_is_inserted-with-t.patch [bz#742458] - kvm-block-Drop-tray-status-tracking-no-longer-used.patch [bz#742458] - kvm-ide-atapi-Track-tray-locked-state.patch [bz#742458] - kvm-scsi-disk-Track-tray-locked-state.patch [bz#742458] - kvm-block-Leave-enforcing-tray-lock-to-device-models.patch [bz#742458] - kvm-block-Drop-medium-lock-tracking-ask-device-models-in.patch [bz#742458] - kvm-block-Rename-bdrv_set_locked-to-bdrv_lock_medium.patch [bz#742458] - kvm-ide-atapi-Don-t-fail-eject-when-tray-is-already-open.patch [bz#742458] - kvm-scsi-disk-Fix-START_STOP-to-fail-when-it-can-t-eject.patch [bz#742458] - kvm-ide-atapi-Preserve-tray-state-on-migration.patch [bz#743342] - kvm-block-Clean-up-remaining-users-of-removable.patch [bz#742458] - kvm-block-Drop-BlockDriverState-member-removable.patch [bz#742458] - kvm-block-Show-whether-the-virtual-tray-is-open-in-info-.patch [bz#723270] - kvm-block-New-change_media_cb-parameter-load.patch [bz#742458] - kvm-ide-atapi-scsi-disk-Make-monitor-eject-f-then-change.patch [bz#676528] - Resolves: bz#676528 (Can't insert media after previous media was forcefully ejected) - Resolves: bz#716261 ([Intel 6.2 FEAT] Add support for XSAVE/XRSTOR qemu-kvm changes) - Resolves: bz#723270 (Report cdrom tray status in a monitor command such as info block) - Resolves: bz#742458 (Tracker Bug:Big block layer backport) - Resolves: bz#742469 (Drives can not be locked without media present) - Resolves: bz#742476 (Make eject fail for non-removable drives even with -f) - Resolves: bz#742480 (Don't let locked flag prevent medium load) - Resolves: bz#742484 (should be also have snapshot on floppy) - Resolves: bz#743269 (Hot unplug of snapshot device crashes) - Resolves: bz#743342 (IDE CD-ROM tray state gets lost on migration) - Resolves: bz#743391 (KVM guest limited to 40bit of physical address space) [qemu-kvm-0.12.1.2-2.197.el6] - kvm-device-assignment-pci_cap_init-add-82599-VF-quirk.patch [bz#742080] - kvm-savevm-teach-qemu_fill_buffer-to-do-partial-refills.patch [bz#725565] - kvm-savevm-some-coding-style-cleanups.patch [bz#725565] - kvm-savevm-define-qemu_get_byte-using-qemu_peek_byte.patch [bz#725565] - kvm-savevm-improve-subsections-detection-on-load.patch [bz#725565] - kvm-Revert-savevm-fix-corruption-in-vmstate_subsection_l.patch [bz#725565] - kvm-QMP-HMP-Drop-the-live-snapshot-commands.patch [bz#742401] - kvm-usb-hub-wakeup-on-attach.patch [bz#733272] - Resolves: bz#725565 (migration subsections are still broken) - Resolves: bz#733272 (Usb stick passthrough failed under uhci+ehci) - Resolves: bz#742080 (Device assignment of 82599 VFs no longer work after patch for v1 PCIe Capability structures) - Resolves: bz#742401 (qemu-kvm disable live snapshot support) [qemu-kvm-0.12.1.2-2.196.el6] - kvm-usb-linux-add-get_endp.patch [bz#733272] - kvm-usb-host-reapurb-error-report-fix.patch [bz#733272] - kvm-usb-host-fix-halted-endpoints.patch [bz#733272] - kvm-usb-host-limit-open-retries.patch [bz#733272] - kvm-usb-host-fix-configuration-tracking.patch [bz#733272] - kvm-usb-host-claim-port.patch [bz#733272] - kvm-usb-host-endpoint-table-fixup.patch [bz#733272] - kvm-usb-host-factor-out-code.patch [bz#733272] - kvm-usb-host-handle-USBDEVFS_SETCONFIGURATION-returning-.patch [bz#733272] - Resolves: bz#733272 (Usb stick passthrough failed under uhci+ehci) [qemu-kvm-0.12.1.2-2.195.el6] - Require spice-server-devel >= 0.8.2-4 [bz#737921] - Resolves: bz#737921 (No Spice password is set on target host after migration) [qemu-kvm-0.12.1.2-2.194.el6] - kvm-spice-turn-client_migrate_info-to-async.patch [bz#737921] - kvm-spice-support-the-new-migration-interface-spice-0.8..patch [bz#737921] - kvm-pci-devfn-check-device-slot-number-in-range.patch [bz#678729] - Resolves: bz#678729 (Hotplug VF/PF with invalid addr value leading to qemu-kvm process quit with core dump) - Resolves: bz#737921 (No Spice password is set on target host after migration) [qemu-kvm-0.12.1.2-2.193.el6] - kvm-usb-bus-Don-t-allow-speed-mismatch-while-attaching-d.patch [bz#728120] - kvm-usb-vmstate-add-parent-dev-path.patch [bz#734995] - kvm-usb-claim-port-at-device-initialization-time.patch [bz#734995] - kvm-usb-host-tag-as-unmigratable.patch [bz#723870] - kvm-usb-storage-fix-NULL-pointer-dereference.patch [bz#733010] - kvm-register-signal-handler-after-initializing-SDL.patch [bz#735716] - kvm-report-that-QEMU-process-was-killed-by-a-signal.patch [bz#735716] - kvm-Tidy-up-message-printed-when-we-exit-on-a-signal.patch [bz#735716] - kvm-Monitor-Convert-do_screen_dump-to-QObject.patch [bz#729969] - kvm-usb-hub-need-to-check-dev-attached.patch [bz#734995] - kvm-usb-fix-port-reset.patch [bz#734995] - kvm-qdev-print-bus-properties-too.patch [bz#678731] - kvm-ide-link-BMDMA-and-IDEState-at-device-creation.patch [bz#739480] - Resolves: bz#678731 (Update qemu-kvm -device pci-assign,? properties) - Resolves: bz#723870 (tag devices without migration support) - Resolves: bz#728120 (print error on usb speed mismatch between device and bus/port) - Resolves: bz#729969 (Make screendump command available in QMP) - Resolves: bz#733010 (core dump when issue fdisk -l in guest which has two usb-storage attached) - Resolves: bz#734995 (Core dump when hotplug three usb-hub into the same port under both uhci and ehci) - Resolves: bz#735716 (QEMU should report the PID of the process that sent it signals for troubleshooting purposes) - Resolves: bz#739480 (qemu-kvm core dumps when migration with reboot) [qemu-kvm-0.12.1.2-2.192.el6] - kvm-spice-workaround-a-spice-server-bug.patch [bz#697441] - kvm-balloon-Disassociate-handlers-from-balloon-device-on.patch [bz#736975] - kvm-virtio-balloon-Disassociate-from-the-balloon-handler.patch [bz#736975] - kvm-virtio-serial-Plug-memory-leak-on-qdev-exit.patch [bz#738019] - kvm-spice-set-qxl-ssd.running-true-before-telling-spice-.patch [bz#733993] - kvm-qemu-kvm-vm_stop-pause-threads-before-calling-other-.patch [bz#729621] - kvm-Fix-termination-by-signal-with-no-shutdown.patch [bz#738487] - kvm-qemu-option-Remove-enable-nesting-from-help-text.patch [bz#738555] - Resolves: bz#697441 (JSON corruption when closing SPICE window) - Resolves: bz#729621 (ASSERT worker->running failed on source qemu during migration with Spice session) - Resolves: bz#733993 (migration target can crash (assert(d->ssd.running))) - Resolves: bz#736975 (Qemu-kvm fails to unregister virtio-balloon-pci device when unplugging) - Resolves: bz#738019 (Memleak in virtio-serial code: VirtIOSerialBus not freed) - Resolves: bz#738487 (Fix termination by signal with -no-shutdown) - Resolves: bz#738555 (Stop exposing -enable-nested) [qemu-kvm-0.12.1.2-2.191.el6] - kvm-CVE-2011-2527-os-posix-set-groups-properly-for-runas.patch [bz#722583] - CVE: CVE-2011-2527 - Resolves: bz#722583 (when started as root, extra groups are not dropped correctly) [qemu-kvm-0.12.1.2-2.190.el6] - kvm-Add-flag-to-indicate-external-users-to-block-device.patch [bz#633370] - kvm-block-enable-in_use-flag.patch [bz#633370] - kvm-block-add-drive-copy-on-read-on-off.patch [bz#633370] - kvm-qed-replace-is_write-with-flags-field.patch [bz#633370] - kvm-qed-extract-qed_start_allocating_write.patch [bz#633370] - kvm-qed-make-qed_aio_write_alloc-reusable.patch [bz#633370] - kvm-qed-add-support-for-copy-on-read.patch [bz#633370] - kvm-qed-avoid-deadlock-on-emulated-synchronous-I-O.patch [bz#633370] - kvm-block-add-bdrv_aio_copy_backing.patch [bz#633370] - kvm-qmp-add-block_stream-command.patch [bz#633370] - kvm-qmp-add-block_job_cancel-command.patch [bz#633370] - kvm-qmp-add-query-block-jobs-command.patch [bz#633370] - kvm-qmp-add-block_job_set_speed-command.patch [bz#633370] - kvm-block-add-drive-stream-on-off.patch [bz#633370] - kvm-qed-intelligent-streaming-implementation.patch [bz#633370] - Resolves: bz#633370 ([6.1 FEAT] Enhance QED image format to support streaming from remote systems) [qemu-kvm-0.12.1.2-2.189.el6] - kvm-qemu-img-Require-larger-zero-areas-for-sparse-handli.patch [bz#730587] - kvm-qxl-send-interrupt-after-migration-in-case-ram-int_p.patch [bz#732949] - kvm-qxl-s-qxl_set_irq-qxl_update_irq.patch [bz#732949] - kvm-block-include-flush-requests-in-info-blockstats-v2.patch [bz#715017] - kvm-block-explicit-I-O-accounting-v2.patch [bz#715017] - kvm-block-latency-accounting-v2.patch [bz#715017] - Resolves: bz#715017 (Report disk latency (read and write) for each storage device) - Resolves: bz#730587 (qemu-img convert takes 25m for specific images when using cache=none) - Resolves: bz#732949 (Guest screen becomes abnormal after migration with spice) [qemu-kvm-0.12.1.2-2.188.el6] - kvm-x86-Introduce-kvmclock-device-to-save-restore-it-fixed.patch [bz#658467] - kvm-use-kernel-provided-para_features-instead-of-statica-take2.patch [bz#624983] - kvm-add-kvmclock-to-its-second-bit-v2-take2.patch [bz#624983] - kvm-create-kvmclock-when-one-of-the-flags-are-present-take2.patch [bz#624983] - kvm-x86-Allow-multiple-cpu-feature-matches-of-lookup_fea-take2.patch [bz#624983] - Resolves: bz#624983 (QEMU should support the newer set of MSRs for kvmclock) - Resolves: bz#658467 (kvm clock breaks migration result stability - for unit test propose) [qemu-kvm-0.12.1.2-2.187.el6] - Revert patches that broke the build - kvm-Revert-block-latency-accounting.patch [bz#715017] - kvm-Revert-block-explicit-I-O-accounting.patch [bz#715017] - kvm-Revert-block-include-flush-requests-in-info-blocksta.patch [bz#715017] - kvm-Revert-x86-Allow-multiple-cpu-feature-matches-of-loo.patch [bz#624983] - kvm-Revert-kvm-create-kvmclock-when-one-of-the-flags-are.patch [bz#624983] - kvm-Revert-add-kvmclock-to-its-second-bit-v2.patch [bz#624983] - kvm-Revert-use-kernel-provided-para_features-instead-of-.patch [bz#624983] - kvm-Revert-kvm-x86-Introduce-kvmclock-device-to-save-res.patch [bz#658467] - Related: bz#624983 (QEMU should support the newer set of MSRs for kvmclock) - Related: bz#658467 (kvm clock breaks migration result stability - for unit test propose) - Related: bz#715017 (Report disk latency (read and write) for each storage device) [qemu-kvm-0.12.1.2-2.186.el6] - kvm-x86-Introduce-kvmclock-device-to-save-restore-it.patch [bz#658467] - kvm-use-kernel-provided-para_features-instead-of-statica.patch [bz#624983] - kvm-add-kvmclock-to-its-second-bit-v2.patch [bz#624983] - kvm-create-kvmclock-when-one-of-the-flags-are-presen.patch [bz#624983] - kvm-x86-Allow-multiple-cpu-feature-matches-of-lookup_fea.patch [bz#624983] - kvm-vhost-net-cleanup-host-notifiers-at-last-step.patch [bz#695285] - kvm-block-include-flush-requests-in-info-blockstats.patch [bz#715017] - kvm-block-explicit-I-O-accounting.patch [bz#715017] - kvm-block-latency-accounting.patch [bz#715017] - kvm-revert-floppy-save-and-restore-DIR-register.patch [bz#718664] - kvm-qemu-sockets-avoid-strlen-of-NULL-pointer.patch [bz#734860] - Resolves: bz#624983 (QEMU should support the newer set of MSRs for kvmclock) - Resolves: bz#658467 (kvm clock breaks migration result stability - for unit test propose) - Resolves: bz#695285 (guest quit with 'Guest moved used index from 256 to 915' error when save_vm) - Resolves: bz#715017 (Report disk latency (read and write) for each storage device) - Resolves: bz#718664 (Migration from host RHEL6.1+ to host RHEL6.0.z failed with floppy) - Resolves: bz#734860 (qemu-kvm: segfault when missing host parameter for socket chardev) [qemu-kvm-0.12.1.2-2.185.el6] - kvm-virtio-prevent-indirect-descriptor-buffer-overflow.patch [bz#713593] - Resolves: bz#713593 (CVE-2011-2212 virtqueue: too-large indirect descriptor buffer overflow [rhel-6.2]) - CVE: CVE-2011-2212 [qemu-kvm-0.12.1.2-2.184.el6] - kvm-bz719818-KVM-qemu-support-for-SMEP.patch [bz#719818] - kvm-vmstate-add-no_migrate-flag-to-VMStateDescription.patch [bz#723870] - kvm-ehci-doesn-t-support-migration.patch [bz#723870] - kvm-usb-storage-first-migration-support-bits.patch [bz#723870] - Resolves: bz#719818 (KVM qemu support for Supervisor Mode Execution Protection (SMEP)) - Resolves: bz#723870 (tag devices without migration support) [qemu-kvm-0.12.1.2-2.183.el6] - kvm-spice-add-sanity-check-for-spice-ports.patch [bz#715582 bz#717958] - kvm-block-add-discard-support.patch [bz#711354] - kvm-qemu-option-New-qemu_opts_reset.patch [bz#711354] - kvm-error-New-qemu_opts_loc_restore.patch [bz#711354] - kvm-scsi-Rebase-to-upstream-v0.15.0-rc2.patch [bz#711354] - kvm-qxl-upon-reset-if-spice-worker-is-stopped-the-comman.patch [bz#728984] - kvm-qxl-allowing-the-command-rings-to-be-not-empty-when-.patch [bz#728984] - Resolves: bz#711354 (Fix and enable enough of SCSI to make usb-storage work) - Resolves: bz#715582 (qemu-kvm doesn't report error when supplied negative spice port value) - Resolves: bz#717958 (qemu-kvm start vnc even though -spice ... is supplied) - Resolves: bz#728984 (Target qemu process - assertion failed during migration) [qemu-kvm-0.12.1.2-2.182.el6] - kvm-spice-catch-spice-server-initialization-failures.patch [bz#682227] - kvm-qcow2-Fix-L1-table-size-after-bdrv_snapshot_goto.patch [bz#729572] - spec: require spice-server-devel >= 0.8.2-2 [bz#723676] - kvm-Add-missing-trace-call-to-oslib-posix.c-qemu_vmalloc.patch [bz#714773] - Resolves: bz#682227 (qemu-kvm doesn't exit when binding to specified port fails) - Resolves: bz#714773 (qemu missing marker for qemu.kvm.qemu_vmalloc) - Related: bz#723676 (spice-server: update to upstream spice 0.8.2) - Resolves: bz#729572 (qcow2: Loading internal snapshot can corrupt image) [qemu-kvm-0.12.1.2-2.181.el6] - kvm-docs-Add-QED-image-format-specification.patch [bz#633380] - kvm-qed-Add-QEMU-Enhanced-Disk-image-format.patch [bz#633380] - kvm-qed-Table-L2-cache-and-cluster-functions.patch [bz#633380] - kvm-qed-Read-write-support.patch [bz#633380] - kvm-qed-Consistency-check-support.patch [bz#633380] - kvm-docs-Fix-missing-carets-in-QED-specification.patch [bz#633380] - kvm-qed-Refuse-to-create-images-on-block-devices.patch [bz#633380] - kvm-qed-Images-with-backing-file-do-not-require-QED_F_NE.patch [bz#633380] - kvm-docs-Describe-zero-data-clusters-in-QED-specificatio.patch [bz#633380] - kvm-qed-Add-support-for-zero-clusters.patch [bz#633380] - kvm-qed-Fix-consistency-check-on-32-bit-hosts.patch [bz#633380] - kvm-block-add-BDRV_O_INCOMING-migration-consistency-hint.patch [bz#633380] - kvm-qed-honor-BDRV_O_INCOMING-for-live-migration-support.patch [bz#633380] - spec file: spec-file-whitelist-QED-image-format [bz#633380] - kvm-qemu-tool-Stub-out-qemu-timer-functions.patch [bz#633380] - kvm-qed-Periodically-flush-and-clear-need-check-bit.patch [bz#633380] - kvm-qed-support-for-growing-images.patch [bz#633380] - kvm-usb-ehci-trace-rename-next-to-nxt.patch [bz#720979] - kvm-qxl-make-sure-primary-surface-is-saved-on-migration.patch [bz#729869] - Resolves: bz#633380 ([6.2 FEAT] Include QED image format for KVM guests) - Resolves: bz#720979 (do not use next as a variable name in qemu-kvm systemtap tapset) - Resolves: bz#729869 (qxl: primary surface not saved on migration) [qemu-kvm-0.12.1.2-2.180.el6] - kvm-virtio-event-index-support.patch [bz#710943] - kvm-pc-rhel-6.1-and-back-compat-event-idx-support.patch [bz#710943] - kvm-qdev-implement-qdev_prop_set_bit.patch [bz#729104] - kvm-pci-insert-assert-that-auto-assigned-address-functio.patch [bz#729104] - kvm-pci-introduce-multifunction-property.patch [bz#729104] - kvm-pci_bridge-make-pci-bridge-aware-of-pci-multi-functi.patch [bz#729104] - kvm-pci-set-multifunction-property-for-normal-device.patch [bz#729104] - kvm-pci-don-t-overwrite-multi-functio-bit-in-pci-header-.patch [bz#729104] - kvm-pci-set-PCI-multi-function-bit-appropriately.patch [bz#729104] - kvm-Add-user_print-handler-to-qxl_screendump-monitor-com.patch [bz#705070] - Resolves: bz#705070 (QMP: screendump command does not allow specification of monitor to capture) - Resolves: bz#710943 (event index support in virtio and vhost-net) - Resolves: bz#729104 (qemu-kvm: pci needs multifunction property) [qemu-kvm-0.12.1.2-2.179.el6] - kvm-usb-linux-make-iso-urb-count-contigurable.patch [bz#723858 bz#723863] - kvm-usb-linux-track-inflight-iso-urb-count.patch [bz#723858 bz#723863] - kvm-ehci-add-freq-maxframes-properties.patch [bz#723858 bz#723863] - kvm-usb-bus-Don-t-allow-attaching-a-device-to-a-bus-with.patch [bz#723858 bz#723863] - kvm-usb-Proper-error-propagation-for-usb_device_attach-e.patch [bz#723858 bz#723863] - kvm-usb-Add-a-speedmask-to-devices.patch [bz#723858 bz#723863] - kvm-usb-linux-allow-compatible-high-speed-devices-to-con.patch [bz#723858 bz#723863] - kvm-usb-ignore-USB_DT_DEBUG.patch [bz#723858 bz#723863] - kvm-usb-Add-a-usb_fill_port-helper-function.patch [bz#723858 bz#723863] - kvm-usb-Move-initial-call-of-usb_port_location-to-usb_fi.patch [bz#723858 bz#723863] - kvm-usb-Add-a-register_companion-USB-bus-op.patch [bz#723858 bz#723863] - kvm-usb-Make-port-wakeup-and-complete-ops-take-a-USBPort.patch [bz#723858 bz#723863] - kvm-usb-Replace-device_destroy-bus-op-with-a-child_detac.patch [bz#723858 bz#723863] - kvm-usb-ehci-drop-unused-num-ports-state-member.patch [bz#723858 bz#723863] - kvm-usb-ehci-Connect-Status-bit-is-read-only-don-t-allow.patch [bz#723858 bz#723863] - kvm-usb-ehci-cleanup-port-reset-handling.patch [bz#723858 bz#723863] - kvm-usb-assert-on-calling-usb_attach-port-NULL-on-a-port.patch [bz#723858 bz#723863] - kvm-usb-ehci-Fix-handling-of-PED-and-PEDC-port-status-bi.patch [bz#723858 bz#723863] - kvm-usb-ehci-Add-support-for-registering-companion-contr.patch [bz#723858 bz#723863] - kvm-usb-uhci-Add-support-for-being-a-companion-controlle.patch [bz#723858 bz#723863] - kvm-pci-add-ich9-usb-controller-ids.patch [bz#723858 bz#723863] - kvm-uhci-add-ich9-controllers.patch [bz#723858 bz#723863] - kvm-ehci-fix-port-count.patch [bz#723858 bz#723863] - kvm-ehci-add-ich9-controller.patch [bz#723858 bz#723863] - kvm-usb-documentation-update.patch [bz#723858 bz#723863] - kvm-usb-fixup-bluetooth-descriptors.patch [bz#723858 bz#723863] - kvm-usb-hub-remove-unused-descriptor-arrays.patch [bz#723858 bz#723863] - kvm-usb-update-documentation.patch [bz#723858 bz#723863] - kvm-usb_register_port-do-not-set-port-opaque-and-port-in.patch [bz#723858 bz#723863] - kvm-qxl-fix-cmdlog-for-vga.patch [bz#700134] - kvm-qxl-interface_get_command-fix-reported-mode.patch [bz#700134] - kvm-spice-add-worker-wrapper-functions.patch [bz#700134] - kvm-spice-add-qemu_spice_display_init_common.patch [bz#700134] - kvm-spice-qxl-move-worker-wrappers.patch [bz#700134] - kvm-qxl-fix-surface-tracking-locking.patch [bz#700134] - kvm-qxl-add-io_port_to_string.patch [bz#700134] - kvm-qxl-error-handling-fixes-and-cleanups.patch [bz#700134] - kvm-qxl-make-qxl_guest_bug-take-variable-arguments.patch [bz#700134] - kvm-qxl-put-QXL_IO_UPDATE_IRQ-into-vgamode-whitelist.patch [bz#700134] - kvm-qxl-allow-QXL_IO_LOG-also-in-vga.patch [bz#700134] - kvm-qxl-only-disallow-specific-io-s-in-vga-mode.patch [bz#700134] - kvm-qxl-async-io-support-using-new-spice-api.patch [bz#700134] - kvm-qxl-add-QXL_IO_FLUSH_-SURFACES-RELEASE-for-guest-S3-.patch [bz#706711] - kvm-qxl-Remove-support-for-the-unused-unstable-device-ID.patch [bz#706711] - kvm-qxl-bump-pci-rev.patch [bz#706711] - kvm-move-balloon-handling-to-balloon.c.patch [bz#694378] - kvm-balloon-Make-functions-local-vars-static.patch [bz#694378] - kvm-balloon-Add-braces-around-if-statements.patch [bz#694378] - kvm-balloon-Simplify-code-flow.patch [bz#694378] - kvm-virtio-balloon-Separate-status-handling-into-separat.patch [bz#694378] - kvm-balloon-Separate-out-stat-and-balloon-handling.patch [bz#694378] - kvm-balloon-Fix-header-comment-add-Copyright.patch [bz#694378] - kvm-virtio-balloon-Fix-header-comment-add-Copyright.patch [bz#694378] - kvm-balloon-Don-t-allow-multiple-balloon-handler-registr.patch [bz#725625] - kvm-virtio-balloon-Check-if-balloon-registration-failed.patch [bz#725625] - kvm-balloon-Reject-negative-balloon-values.patch [bz#694373] - kvm-virtio-balloon-Add-exit-handler-fix-memleaks.patch [bz#726014] - kvm-virtio-balloon-Unregister-savevm-section-on-device-u.patch [bz#726023] - kvm-virtio-blk-Fix-memleak-on-exit.patch [bz#726015] - kvm-virtio-net-don-t-use-vdev-after-virtio_cleanup.patch [bz#726020] - kvm-virtio-Plug-memleak-by-freeing-vdev.patch [bz#726020] - kvm-qemu-img-Use-qemu_blockalign.patch [bz#728905] - kvm-Fix-automatically-assigned-network-names-for-netdev.patch [bz#623907] - kvm-Fix-netdev-name-lookup-in-device-device_add-netdev_d.patch [bz#623907] - kvm-do-not-reset-no_shutdown-after-we-shutdown-the-vm.patch [bz#728464] - Resolves: bz#623907 (device_add rejects valid netdev when NIC with same ID exists) - Resolves: bz#694373 (ballooning value reset to original value after setting a negative number) - Resolves: bz#694378 (Core dump occurs when ballooning memory to 0) - Resolves: bz#700134 ([qemu-kvm] - qxl runs i/o requests synchronously) - Resolves: bz#706711 (qemu-kvm process quits when windows guest doing S3 w/ qxl device) - Resolves: bz#723858 (usb: add companion controller support) - Resolves: bz#723863 (usb: fixes various issues.) - Resolves: bz#725625 (Hot unplug one virtio balloon device cause another balloon device unavailable) - Resolves: bz#726014 (Fix memleak on exit in virtio-balloon) - Resolves: bz#726015 (Fix memleak on exit in virtio-blk) - Resolves: bz#726020 (Fix memleaks in all virtio devices) - Resolves: bz#726023 (Migration after hot-unplug virtio-balloon will not succeed) - Resolves: bz#728464 (QEMU does not honour '-no-shutdown' flag after the first shutdown attempt) - Resolves: bz#728905 (qemu-img: use larger output buffer for cache option 'none') [qemu-kvm-0.12.1.2-2.178.el6] - Require new sgabios package [bz#684949] - Resolves: bz#684949 ([RFE] Ability to display VM BIOS messages on boot) [qemu-kvm-0.12.1.2-2.177.el6] - kvm-Revert-hw-qxl-render-drop-cursor-locks-replace-with-.patch [bz#674583 bz#705070] - kvm-Revert-qxl-spice-remove-qemu_mutex_-un-lock_iothread.patch [bz#674583 bz#705070] - kvm-Revert-qxl-implement-get_command-in-vga-mode-without.patch [bz#674583 bz#705070] - kvm-Revert-qxl-spice-display-move-pipe-to-ssd.patch [bz#674583 bz#705070] - kvm-spice-don-t-create-updates-in-spice-server-context.patch [bz#674583 bz#705070] - kvm-spice-don-t-call-displaystate-callbacks-from-spice-s.patch [bz#674583 bz#705070] - kvm-spice-drop-obsolete-iothread-locking.patch [bz#674583 bz#705070] - kvm-Make-spice-dummy-functions-inline-to-fix-calls-not-c.patch [bz#674583 bz#705070] - kvm-add-qdev_find_by_id.patch [bz#674583 bz#705070] - kvm-add-qxl_screendump-monitor-command.patch [bz#674583 bz#705070] - Resolves: bz#674583 (qemu-kvm build fails without --enable-spice) - Resolves: bz#705070 (QMP: screendump command does not allow specification of monitor to capture) [qemu-kvm-0.12.1.2-2.176.el6] - kvm-net-Consistently-use-qemu_macaddr_default_if_unset.patch [bz#712046] - kvm-virtio-serial-bus-replay-guest_open-on-migration.patch [bz#725965] - kvm-qdev-Fix-printout-of-bit-device-properties-with-bit-.patch [bz#727580] - Resolves: bz#712046 (Qemu allocates an existed macaddress to hotpluged nic) - Resolves: bz#725965 (spice client mouse doesn't work after migration) - Resolves: bz#727580 (bit property doesn't print correctly) [qemu-kvm-0.12.1.2-2.175.el6] - kvm-report-serial-devices-created-with-device-in-the-PII.patch [bz#707130] - kvm-device-assignment-handle-device-with-incorrect-PCIe-.patch [bz#720972] - Resolves: bz#707130 (ACPI description of serial and parallel ports incorrect with -chardev/-device) - Resolves: bz#720972 (Unable to attach PCI device on a booted virt guest) [qemu-kvm-0.12.1.2-2.174.el6] - kvm-usb-hid-RHEL-6.1-migration-compatibility.patch [bz#720237] - Resolves: bz#720237 (usb migration compatibility) [qemu-kvm-0.12.1.2-2.173.el6] - kvm-Change-snapshot_blkdev-hmp-to-use-correct-argument-t.patch [bz#676982] - kvm-QMP-add-snapshot-blkdev-sync-command.patch [bz#676982] - kvm-Add-missing-documentation-for-qemu-img-p.patch [bz#722728] - Resolves: bz#676982 (RFE: no qmp command for live snapshot) - Resolves: bz#722728 (Update qemu-img convert/re-base man page) [qemu-kvm-0.12.1.2-2.172.el6] - kvm-ide-Split-error-status-from-status-register.patch [bz#698537] - kvm-ide-Fix-ide_drive_pio_state_needed.patch [bz#698537] - kvm-ide-Add-forgotten-VMSTATE_END_OF_LIST-in-subsection.patch [bz#698537] - kvm-ide-Clear-error_status-after-restarting-flush.patch [bz#698537] - kvm-qemu-img-Add-cache-command-line-option.patch [bz#713743] - kvm-virtio-serial-bus-use-bh-for-unthrottling.patch [bz#709397] - kvm-usb-bluetooth-compile-out.patch [bz#723864] - kvm-clarify-support-statement-in-KVM-help.patch [bz#725054] - Resolves: bz#698537 - Resolves: bz#709397 - Resolves: bz#713743 - Resolves: bz#723864 - Resolves: bz#725054 [qemu-kvm-0.12.1.2-2.171.el6] - kvm-Add-qemu_ram_alloc_from_ptr-function.patch [bz#696102] - kvm-exec-remove-code-duplication-in-qemu_ram_alloc-and-q.patch [bz#696102] - kvm-Move-extern-of-mem_prealloc-to-cpu-all.h.patch [bz#696102] - kvm-Add-qemu_ram_remap.patch [bz#696102] - kvm-s390-Detect-invalid-invocations-of-qemu_ram_free-rem.patch [bz#696102] - kvm-MCE-unpoison-memory-address-across-reboot.patch [bz#696102] - Resolves: bz#696102 ([Intel 6.2 FEAT] KVM: un-poison page when guest reboot: QEMU part) [qemu-kvm-0.12.1.2-2.170.el6] - kvm-raw-posix-Linearize-direct-I-O-on-Linux-NFS.patch [bz#711213] - kvm-virtio-console-Prevent-abort-s-in-case-of-host-chard.patch [bz#720535] - Resolves: bz#711213 (QEMU should use pass preadv/pwritev a single vector when using cache=none and NFS) - Resolves: bz#720535 ((virtio serial) Guest aborted when transferring data from guest to host) [qemu-kvm-0.12.1.2-2.169.el6] - kvm-rtl8139-cleanup-FCS-calculation.patch [bz#583922] - kvm-rtl8139-add-vlan-tag-extraction.patch [bz#583922] - kvm-rtl8139-add-vlan-tag-insertion.patch [bz#583922] - kvm-usb-serial-Fail-instead-of-crash-when-chardev-is-mis.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-Add-exit-notifiers.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-Return-usb-device-to-host-on-usb_del-command.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-Return-usb-device-to-host-on-exit.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Store-devpath-into-USBHostDevice-when-usb_.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-introduce-a-usb_linux_get_configuration-fu.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Get-the-active-configuration-from-sysfs-ra.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-data-structs-and-helpers-for-usb-descriptors.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hid-use-new-descriptor-infrastructure.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-serial-use-new-descriptor-infrastructure.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-storage-use-new-descriptor-infrastructure.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-scsi-disk-fix-build-disable-cdrom-emulation.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-enable-usb-storage-scsi-bus-scsi-disk.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-wacom-use-new-descriptor-infrastructure.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-bluetooth-use-new-descriptor-infrastructure.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hub-use-new-descriptor-infrastructure.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-descriptors-add-settable-strings.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-storage-serial-number-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-network-use-new-descriptor-infrastructure.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-move-USB_REQ_SET_ADDRESS-handling-to-common-code.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-move-USB_REQ_-GET-SET-_CONFIGURATION-handling-to.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-move-remote-wakeup-handling-to-common-code.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-create-USBPortOps-move-attach-there.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-rework-attach-detach-workflow.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-usb_wakeup-wakeup-callback-to-port-ops.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-uhci-remote-wakeup-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hub-remote-wakeup-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hid-remote-wakeup-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hid-change-serial-number-to-42.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-speed-mask-to-ports.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-attach-callback.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-usb_desc_attach.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-device-qualifier-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-storage-high-speed-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-storage-fix-status-reporting.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-storage-handle-long-responses.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-mass-storage-fix.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-keep-track-of-physical-port-address.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-port-property.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-rewrite-fw-path-fix-numbering.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-zap-pdev-from-usbport.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-USB-keyboard-emulation-key-mapping-error.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hid-modifiers-should-generate-an-event.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-keyboard-add-event-event-queue.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hid-move-head-n-to-common-struct.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-core-add-migration-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hub-add-migration-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-hid-add-migration-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-bus-use-snprintf.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-Add-bootindex-handling-into-usb-storage-device.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-trivial-spelling-fixes.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-initialise-data-element-in-Linux-USB_DISCONNECT-.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-introduce-a-usb_linux_alt_setting-function.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Get-the-alt.-setting-from-sysfs-rather-the.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-s-dprintf-DPRINTF-to-reduce-conflicts.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Add-support-for-buffering-iso-usb-packets.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Refuse-packets-for-endpoints-which-are-not.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Refuse-iso-packets-when-max-packet-size-is.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-We-only-need-to-keep-track-of-15-endpoints.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Add-support-for-buffering-iso-out-usb-pack.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-control-buffer-fixes.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-uhci-switch-to-QTAILQ-cherry-picked-from-commit-ddf6.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-uhci-keep-uhci-state-pointer-in-async-packet-struct.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-ohci-get-ohci-state-via-container_of.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-musb-get-musb-state-via-container_of-cherry-picked-f.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-move-complete-callback-to-port-ops-cherry-picked.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Add-missing-break-statement.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-Add-Interface-Association-Descriptor-descriptor-.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-update-config-descriptors-to-identify-number-of-.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-remove-fallback-to-bNumInterfaces-if-no-.nif.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-support-for-grouped-interfaces-and-the-Inter.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-Bug-757654-UHCI-fails-to-signal-stall-response-patch.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-Pass-the-packet-to-the-device-s-handle_control-c.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-use-usb_generic_handle_packet.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-fix-device-path-aka-physical-port-handling.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-add-hostport-property.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-track-aurbs-in-list.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-walk-async-urb-list-in-cancel.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-split-large-xfers.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-fix-max_packet_size-for-highspeed.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-storage-don-t-call-usb_packet_complete-twice.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-usb_handle_packet.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-keep-track-of-packet-owner.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-move-cancel-callback-to-USBDeviceInfo.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-add-ehci-adapter.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-catch-ENODEV-in-more-places.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-trace-mmio-and-usbsts-usb-ehci-trace-mmio-a.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-trace-state-machine-changes.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-trace-port-state.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-improve-mmio-tracing.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-ehci-trace-workaround.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-trace-buffer-copy.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-add-queue-data-struct.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-multiqueue-support.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-fix-offset-writeback-in-ehci_buffer_rw.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-fix-error-handling.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-ehci-fix-a-number-of-unused-but-set-variable-warning.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-cancel-async-packets-on-unplug.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-drop-EXECUTING-checks.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-Fix-USB-mouse-Set_Protocol-behavior.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-The-USB-tablet-should-not-claim-boot-protocol-suppor.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-itd-handling-fixes.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-ehci-split-trace-calls-to-handle-arg-count-limit.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Get-speed-from-sysfs-rather-then-from-the-.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Teach-about-super-speed.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Don-t-do-perror-when-errno-is-not-set.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Ensure-devep-0.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Don-t-try-to-open-the-same-device-twice.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-only-cleanup-in-host_close-when-host_open-.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-linux-Enlarge-buffer-for-descriptors-to-8192-byt.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-bus-Add-knowledge-of-USB_SPEED_SUPER-to-usb_spee.patch [bz#561414 bz#632299 bz#645351 bz#711354] - kvm-usb-bus-Don-t-detach-non-attached-devices-on-device-.patch [bz#561414 bz#632299 bz#645351 bz#711354] - Resolves: bz#561414 (Writes to virtual usb-storage produce I/O errors) - Resolves: bz#583922 (Guests in same vlan could not ping successfully using rtl8139 nic) - Resolves: bz#632299 (higher CPU load observed for virtualization workload on RHEL 6 than on RHEL 5.5) - Resolves: bz#645351 (Add support for USB 2.0 (EHCI) to QEMU) - Resolves: bz#711354 (Fix and enable enough of SCSI to make usb-storage work) [qemu-kvm-0.12.1.2-2.168.el6] - kvm-vnc-fix-numlock-capslock-tracking.patch [bz#599306] - kvm-Add-an-isa-device-for-SGA.patch [bz#684949] - kvm-pc-add-rhel-6.2-pc-and-make-it-the-default.patch [bz#716906] - Resolves: bz#599306 (Some strange behaviors on key's appearance viewed by using vnc) - Resolves: bz#684949 ([RFE] Ability to display VM BIOS messages on boot) - Resolves: bz#716906 (add 6.2 machine type) [qemu-kvm-0.12.1.2-2.167.el6] - kvm-qemu-img-create-Fix-displayed-default-cluster-size.patch [bz#570830] - kvm-Fix-the-RARP-protocol-ID.patch [bz#715141] - Resolves: bz#570830 (The 'cluster_size' shows wrong size to zero when creating a qcow2 without specify the option) - Resolves: bz#715141 (Wrong Ethertype for RARP) [qemu-kvm-0.12.1.2-2.166.el6] - kvm-virtio-guard-against-negative-vq-notifies.patch [bz#707094] - kvm-blockdev-Belatedly-remove-MAX_DRIVES.patch [bz#627585] - kvm-blockdev-Hide-QEMUMachine-from-drive_init.patch [bz#627585] - kvm-qdev-Move-declaration-of-qdev_init_bdrv-into-qdev.h.patch [bz#627585] - kvm-blockdev-Collect-block-device-code-in-new-blockdev.c.patch [bz#627585] - kvm-Fix-regression-for-drive-file.patch [bz#627585] - kvm-block-Move-error-actions-from-DriveInfo-to-BlockDriv.patch [bz#627585] - kvm-blockdev-Fix-error-message-for-invalid-drive-CHS.patch [bz#627585] - kvm-blockdev-Make-drive_init-use-error_report.patch [bz#627585] - kvm-blockdev-Put-BlockInterfaceType-names-and-max_devs-i.patch [bz#627585] - kvm-blockdev-Fix-regression-in-drive-if-scsi-index-N.patch [bz#627585] - kvm-blockdev-Make-drive_add-take-explicit-type-index-par.patch [bz#627585] - kvm-blockdev-Factor-drive_index_to_-bus-unit-_id-out-of-.patch [bz#627585] - kvm-blockdev-New-drive_get_by_index.patch [bz#627585] - kvm-blockdev-Reject-multiple-definitions-for-the-same-dr.patch [bz#627585] - kvm-blockdev-Replace-drive_add-s-fmt-.-by-optstr-paramet.patch [bz#627585] - kvm-blockdev-Fix-drive_add-for-drives-without-media.patch [bz#627585] - kvm-blockdev-Plug-memory-leak-in-drive_uninit.patch [bz#627585] - kvm-blockdev-Plug-memory-leak-in-drive_init-error-paths.patch [bz#627585] - kvm-vhost-fix-double-free-on-device-stop.patch [bz#699635] - kvm-QMP-QError-New-QERR_UNSUPPORTED.patch [bz#644919] - kvm-QMP-add-inject-nmi-qmp-command.patch [bz#644919] - kvm-HMP-Use-QMP-inject-nmi-implementation.patch [bz#644919] - Resolves: bz#627585 (Improve error messages for bad options in -drive and -device) - Resolves: bz#644919 (RFE: QMP command to trigger an NMI in the guest) - Resolves: bz#699635 ([REG][6.1] After executing virsh dump with --live option and the completion, the subsequent virsh dump command to the same domain behaves abnormally) - Resolves: bz#707094 (qemu-kvm: OOB memory access caused by negative vq notifies [rhel-6.2]) [qemu-kvm-0.12.1.2-2.165.el6] - kvm-ide-Factor-ide_dma_set_inactive-out.patch [bz#701775] - kvm-ide-Set-bus-master-inactive-on-error.patch [bz#701775] - kvm-ide-cleanup-warnings.patch [bz#701775] - kvm-virtio-correctly-initialize-vm_running.patch [bz#701442] - kvm-Add-virtio-disk-identification-support.patch [bz#710349] - kvm-spice-add-option-for-disabling-copy-paste-support-rh.patch [bz#693645] - Resolves: bz#693645 (RFE: add spice option to enable/disable copy paste) - Resolves: bz#701442 (vhost-net not enabled on hotplug) - Resolves: bz#701775 (KVM: stdio is flooded) - Resolves: bz#710349 (Backport serial number support for virtio-blk devices) [qemu-kvm-0.12.1.2-2.164.el6] - kvm-e1000-check-buffer-availability.patch [bz#684127] - kvm-Add-error-message-for-loading-snapshot-without-VM-st.patch [bz#680378] - kvm-BZ710046-qemu-kvm-prints-warning-Using-CPU-model.patch [bz#710046] - Resolves: bz#680378 (no error message when loading zero size internal snapshot) - Resolves: bz#684127 (e1000:Execute multiple netperf clients caused system call interrupted) - Resolves: bz#710046 (qemu-kvm prints warning 'Using CPU model [...]' (with patch)) [qemu-kvm-0.12.1.2-2.163.el6] - kvm-qemu-img-Initial-progress-printing-support.patch [bz#621482] - kvm-Add-dd-style-SIGUSR1-progress-reporting.patch [bz#621482] - kvm-Remove-obsolete-enabled-variable-from-progress-state.patch [bz#621482] - kvm-qemu-progress.c-printf-isn-t-signal-safe.patch [bz#621482] - kvm-qemu-img.c-Remove-superfluous-parenthesis.patch [bz#621482] - kvm-Add-documentation-for-qemu_progress_-init-print.patch [bz#621482] - kvm-Add-qerror-message-if-the-change-target-filename-can.patch [bz#655719] - Resolves: bz#621482 ([RFE] Be able to get progress from qemu-img) - Resolves: bz#655719 (no error pops when change cd to non-exist file) [qemu-kvm-0.12.1.2-2.162.el6] - kvm-virtio-serial-Disallow-generic-ports-at-id-0.patch [bz#700511] - kvm-virtio-serial-Don-t-clear-have_data-pointer-after-un.patch [bz#681736] - kvm-char-Prevent-multiple-devices-opening-same-chardev.patch [bz#656779] - kvm-char-Allow-devices-to-use-a-single-multiplexed-chard.patch [bz#656779] - kvm-char-Detect-chardev-release-by-NULL-handlers-as-well.patch [bz#656779] - kvm-virtio-console-Keep-chardev-open-for-other-users-aft.patch [bz#700512] - kvm-Revert-cdrom-Make-disc-change-event-visible-to-guest.patch [bz#700065] - kvm-Revert-cdrom-Allow-the-TEST_UNIT_READY-command-after.patch [bz#700065] - kvm-atapi-Add-medium-ready-to-medium-not-ready-transitio.patch [bz#700065] - Resolves: bz#656779 (Core dumped when hot plug/un-plug virtio serial port to the same chardev) - Resolves: bz#681736 (Guest->Host communication stops for other ports after one port is unplugged) - Resolves: bz#700065 (Switch to upstream solution for cdrom patches) - Resolves: bz#700511 (virtio-serial: Disallow generic ports at id 0) - Resolves: bz#700512 (Keep chardev open for later reuse) [qemu-kvm-0.12.1.2-2.161.el6] - kvm-Fix-phys-memory-client-pass-guest-physical-address-n.patch [bz#700859] - Resolves: bz#700859 (Fix phys memory client for vhost) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2527 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.0.0-209.0.1.el6] - Make sure '--allow-missing' is effective by adding to MKDUMPRD_ARGS in kdump.sysconfig, kdump.sysconfig.i386, and kdump.sysconfig.x86_64 [12590865] [11678808] [2.0.0-209] - Improve debugfs mounting code, from Dave Young. Resolve bug 748748. [2.0.0-208] - Search DUP firmware directory too, from Caspar Zhang. Resolve bug 747233. [2.0.0-207] - Don't run kdump service on s390x, from Caspar Zhang. Resolve bug 746207. [2.0.0-206] - Fix some security flaws, resolve bug 743165. [2.0.0-205] - Fix a scriptlet failure in fence-agents, resolve bug 739050. [2.0.0-204] - Add new config 'force_rebuild', resolve bug 598067. [2.0.0-203] - Warn users to use maxcpus=1 instead of nr_cpus=1 for older kernels, resolve bug 727892. [2.0.0-202] - Pass 'noefi acpi_rsdp=X' to the second kernel, resolve bug 681796. [2.0.0-201] - Include patch 602 for rawbuild, resolve bug 708503. [2.0.0-200] - Remove the warning for reserved memory on x86, resolve BZ 731394. [2.0.0-199] - Add debug_mem_level debugging option, from Jan Stancek. Resolve Bug 734528. [2.0.0-198] - Fix the error message on /etc/cluster_iface, resolve bug 731236. From Ryan O'Hara. [2.0.0-197] - Add coordination between kdump and cluster fencing for long kernel panic dumps, resolve bug 585332. From Ryan O'Hara. [2.0.0-196] - Use nr_cpus=1 instead of maxcpus=1 on x86, resolve Bug 725484. [2.0.0-195] - Fix segfault on ppc machine with 1TB memory, resolve Bug 709441. [2.0.0-194] - Specify kernel version for every modprobe, resolve Bug 719105. [2.0.0-193] - Don't handle raid device specially, resolve Bug 707805. [2.0.0-192] - Read mdadm.conf correctly, resolve Bug 707805. [2.0.0-191] - Use makedumpfile as default core_collector for ssh dump. Resolve Bug 693025. [2.0.0-190] - Revert the previous patch, resolve Bug 701339. [2.0.0-189] - Disable THP in kdump kernel, resolve Bug 701339. MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.1.3-9.el6] - Add current password prompt when changing own password in web UI (#751179) - Remove extraneous trailing ' from netgroup patch (#749352) [2.1.3-8.el6] - Updated patch for CVE-2011-3636 to include CR in the HTTP headers. xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is not set any more. Another fake header, X-Original-User_Agent, is added so there is no more trailing junk after the Referer header. (#749870) [2.1.3-7.el6] - Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636. (#749870) [2.1.3-6.el6] - Users not showing up in nis netgroup triple (#749352) [2.1.3-5.el6] - Add update file to remove entitlement roles, privileges and permissions (#739060) [2.1.3-4.el6] - Quote worker option in krb5kdc (#748754) [2.1.3-3.el6] - hbactest fails while you have svcgroup in hbacrule (#746227) - Add Kerberos domain mapping for system hostname (#747443) - Format certificates as PEM in browser (#701325) [2.1.3-2.el6] - ipa-client-install hangs if the discovered server is unresponsive (#745392) - Fix minor problems in help system (#747028) - Remove help fix from Disable automember patch (#746717) - Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265) [2.1.3-1.el6] - Update to upstream 2.1.3 release (#736170) - Additional branding (#742264) - Disable automember cli (#746717) - ipa-client-install sometimes fails to start sssd properly (#736954) - ipa-client-install adds duplicate information to krb5.conf (#714597) - ipa-client-install should configure hostname (#714919) - inconsistency in enabling 'delete' buttons (#730751) - hbactest does not resolve canonical names during simulation (#740850) - Default DNS Administration Role - Permissions missing (#742327) - named fails to start after installing ipa server when short (#742875) - Duplicate hostgroup and netgroup should not be allowed (#743253) - named fails to start (#743680) - Global password policy should not be able to be deleted (#744074) - Client install fails when anonymous bind is disabled (#744101) - Internal Server Error adding invalid reverse DNS zone (#744234) - ipa hbactest does not evaluate indirect members from groups. (#744410) - Leaks KDC password and master password via command line arguments (#744422) - Traceback when upgrading from ipa-server-2.1.1-1 (#744798) - IPA User's Primary GID is not being set to their UPG's GID (#745552) - --forwarder option of ipa-dns-install allows invalid IP addr (#745698) - UI does not grant access based on roles (#745957) - Unable to add external user for RunAs User for Sudo (#746056) - Typo in error message while adding invalid ptr record. (#746199) - Don't use python 2.7-only syntax (#746229) - Error when using ipa-client-install with --no-sssd option (#746276) - Installation fails if sssd.conf exists and is already config (#746298) - External hosts are not removed properly from sudorule (#709665) - Competely remove entitlement support (#739060) - Add winsync section to ipa-replica-manage man page (#744306) [2.1.2-2.el6] - Remove python-rhsm as a Requires (#739060) [2.1.2-1.el6] - Update to upstream 2.1.2 release (#736170) - More completely disable entitlement support (#739060) - Drop patch to ignore return value from restorecon (upstreamed) - Set min version of 389-ds-base to 1.2.9.12-2 - Set min version of dogtag to 9.0.3-20 - Rebased hide-pkinit, ipa-RHEL-index and remove-persistent-search patches (#700586) [2.1.1-4.el6] - Update RHEL patch (#740094) [2.1.1-3.el6] - Ignore return value from restorecon (#739604) - Disable entitlement support (#739060, #739061) [2.1.1-2.el6] - Update minimum xmlrpc-c version (#736787) - Fix package installation order causing SELinux problems (#737516) [2.1.1-1.el6] - Update to upstream 2.1.1 release (#732803) [2.1.0-1.el6] - Resolves: rhbz#708388 - Update to upstream 2.1.0 release [2.0.0-25] - Remove client debug logging patch (#705800) [2.0.0-24] - Wait for 389-ds tasks to complete (#698421) - Set replica to restart ipa on boot (#705794) - Improve client debug logging (#705800) - Managed Entries not configured on replicas (#703869) - Don't create bogus aRecord when creating new zone (#704012) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-3636 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [1.2.3-15] - mout.nfs: Don't roll back to IPv4 whe IPv6 fails (bz 744657) - rpcdebug: Added pNFS and FSCache debugging (bz 747400) [1.2.3-14] - mount.nfs: Backported how upstream handles the SIGXFSZ signal (bz 697981) [1.2.3-13] - mount.nfs: Reworked the code that deals with RLIMIT_FSIZE (bz 697981) [1.2.3-12] - Removed the stripping of debugging information from rpcdebug (bz 729001) [1.2.3-11] - mount.nfs: Fixed problem in mount error verbosity patch (bz 731693) [1.2.3-10] - mount.nfs: add error verbosity to invalid versions (bz 731693) [1.2.3-9] - umount.nfs: Got IPV6 unmounts working again (bz 732673) - mountd: return multiple hosts exporting the same directory (bz 726112) - mount: Better error message for invalid version (bz 723780) [1.2.3-8] - initscripts: just try to mount rpc_pipefs always (bz 692702) - Rely on crypto module autoloading in init scripts - svcgssd: Document '-n' for svcgssd (bz 697359) - mount.nfs: anticipate RLIMIT_FSIZE (bz 697981) - exportfs manpage: Ipv6 update (bz 715078) - mountd: Stop segfault in mtab code (bz 723438) - exportfs: wilcards in exports can lead to unintended mounts (bz 715391) - umount: allow spaces in unmount paths (bz 702273) - specfile: reordered how libgssglue is linked in (bz 720479) LOW Copyright 2011 Oracle, Inc. CVE-2011-2500 CVE-2011-1749 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.2-17.0.1.el6] - Direct traceroute to linux.oracle.com (John Haxby) [orabug 11713272] - Allow '-' in ticket (SR) numbers (John Haxby) - Disable --upload option as it will not work with Oracle support - Check oraclelinux-release instead of redhat-release to get OS version (John Haxby) [bug 11681869] - Remove RH ftp URL and support email - add sos-oracle-enterprise.patch [2.2-17] - Do not collect subscription manager keys in general plugin Resolves: bz750607 [2.2-16] - Fix execution of RHN hardware.py from hardware plugin Resolves: bz736718 - Fix hardware plugin to support new lsusb path Resolves: bz691477 [2.2-15] - Fix brctl collection when a bridge contains no interfaces Resolves: bz697899 - Fix up2dateclient path in hardware plugin Resolves: bz736718 [2.2-14] - Collect brctl show and showstp output Resolves: bz697899 - Collect nslcd.conf in ldap plugin Resolves: bz682124 [2.2-11] - Truncate files that exceed specified size limit Resolves: bz683219 - Add support for collecting Red Hat Subscrition Manager configuration Resolves: bz714293 - Collect /etc/init on systems using upstart Resolves: bz694813 - Don't strip whitespace from output of external programs Resolves: bz713449 - Collect ipv6 neighbour table in network module Resolves: bz721163 - Collect basic cgroups configuration data Resolves: bz729455 [2.2-10] - Fix collection of data from LVM2 reporting tools in devicemapper plugin Resolves: bz704383 - Add /proc/vmmemctl collection to vmware plugin Resolves: bz709491 [2.2-9] - Collect yum repository list by default Resolves: bz600813 - Add basic Infiniband plugin Resolves: bz673244 - Add plugin for scsi-target-utils iSCSI target Resolves: bz677124 - Fix autofs plugin LC_ALL usage Resolves: bz683404 - Fix collection of lsusb and add collection of -t and -v outputs Resolves: bz691477 - Extend data collection by qpidd plugin Resolves: bz726360 - Add ethtool pause, coalesce and ring (-a, -c, -g) options to network plugin Resolves: bz726427 LOW Copyright 2011 Oracle, Inc. CVE-2011-4083 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [1.8.7.352-3] - mkconfig.rb: fix for continued lines. * ruby-1.8.7-p352-mkconfig.rb-fix-for-continued-lines.patch - Resolves: rhbz#730287 [1.8.7.352-2] - Fix of ruby interpreter crash in FIPS mode. * ruby-1.8.7-FIPS.patch - Resolves: rhbz#717709 [1.8.7.352-1] - Update to Ruby 1.8.7-p352. * Remove Patch43: ruby-1.8.7-CVE-2011-1004.patch; subsumed * Remove Patch44: ruby-1.8.7-CVE-2011-1005.patch; subsumed * Remove Patch200: ruby-1.8.7-webrick-CVE.patch; subsumed - Resolves: rhbz#706332 - Fix of conflict between 32bit and 64bit library versions. - Resolves: rhbz#674787 - Add systemtap static probes. - Resolves: rhbz#673162 - Remove duplicate path entry - Resolves: rhbz#722887 [1.8.7.299-8] - Address CVE-2011-1004 'Symlink race condition by removing directory trees in fileutils module' * ruby-1.8.7-CVE-2011-1004.patch - Address CVE-2011-1005 'Untrusted codes able to modify arbitrary strings' * ruby-1.8.7-CVE-2011-1005.patch - Address CVE-2011-0188 'memory corruption in BigDecimal on 64bit platforms' * ruby-1.8.7-CVE-2011-0188.patch - Resolves: rhbz#709964 LOW Copyright 2011 Oracle, Inc. CVE-2011-3009 CVE-2011-2705 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [0.8.3-5] - Fix regression when converting Win7 32 bit to RHEV (RHBZ#738236) [0.8.3-4] [element] [0.8.3-3] - Add missing dependency on new Sys::Virt [0.8.3-2] - Fix for CVE-2011-1773 - Document limitations wrt Windows Recovery Console [0.8.3-1] - Include missing virt-v2v.db - Rebase to upstream release 0.8.3 [0.8.2-2] - Split configuration into /etc/virt-v2v.conf and /var/lib/virt-v2v/virt-v2v.db - Improve usability as non-root user (RHBZ#671094) - Update man pages to use -os as appropriate (RHBZ#694370) - Warn if user specifies both -n and -b (RHBZ#700759) - Fix cleanup when multiboot OS is detected (RHBZ#702007) - Ensure the cirrus driver is installed if required (RHBZ#708961) - Remove unnecessary dep on perl(IO::Handle) - Fix conversion of xen guests using aio storage backend. - Suppress warning for chainloader grub entries. - Only configure a single scsi_hostadapter for converted VMware guests. [0.8.2-1] - Rebase to upstream release 0.8.2 [0.7.1-4] - Fix detection of Windows XP Pro x64 (RHBZ#679017) - Fix error message when converting Red Hat Desktop (RHBZ#678950) LOW Copyright 2011 Oracle, Inc. CVE-2011-1773 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [1.4.2-44] - Init script should source /etc/sysconfig/cups (bug #744791) [1.4.2-43] - The scheduler might leave old job data files in the spool directory (STR #3795, STR #3880, bug #735505). [1.4.2-42] - A further fix for imageto* filters crashing with bad GIF files (STR #3914, bug #714118). [1.4.2-41] - The imageto* filters could crash with bad GIF files (STR #3867, bug #714118). [1.4.2-40] - Map ASCII to ISO-8859-1 in the transcoding code (STR #3832, bug #681836). - Check for empty values for some configuration directives (STR #3861, bug #706673). - The network backends no longer try to collect SNMP supply and status information for raw queues (STR #3809, bug #709896). - Handle EAI_NONAME when resolving hostnames (bug #712430). LOW Copyright 2011 Oracle, Inc. CVE-2011-2896 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.17.2-12.4] - fix CVE-2011-1675 - mount fails to anticipate RLIMIT_FSIZE - fix CVE-2011-1677 - umount may fail to remove /etc/mtab~ lock file [2.17.2-12.3] - fix fatal typos in patch for #723546 [2.17.2-12.2] - rename /etc/hushlogin to /etc/hushlogins (#696731) [2.17.2-12.1] - fix #723546 - Defects revealed by Coverity scan - fix #723352 - cfdisk cannot read default installer partitioning - fix #712158 - uid/gid overflow in ipcs - fix #696959 - wipefs(8) reject partitioned devices - fix #694648 - document blank line at head of fstab - fix #684203 - umount fails on inconsistent fstab - fix #679831 --lines does not work - fix #679741 - canonicalize swap device - fix #692119 - include fstrim tool - fix #675999 - blkid crashes on a server with more than 128 storage devices - fix #696731 - display failed login attempts - fix #726092 - Pass host name from agetty to login - fix #716995 - Remove Deprecation Statement in /etc/udev/rules.d/60-raw.rules - fix #712808 - uuidd should depend on chkconfig - fix #723638 - Backport upstream extensions for lsblk (RHEL6.2) LOW Copyright 2011 Oracle, Inc. CVE-2011-1677 CVE-2011-1675 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [2.16-5.5] - remove some obsolete parameters from capsh manpage [2.16-5.4] - add capsh manpage (#730957) [2.16-5.3] - make sure to chdir ('/') after calling chroot http://cwe.mitre.org/data/definitions/243.html LOW Copyright 2011 Oracle, Inc. CVE-2011-4099 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [1.9.4-4] - fix patch application for #747361 [1.9.4-3] - ignore REST cache creation failures as non-root user (#747361) [1.9.4-2] - fix XML-Util provides [1.9.4-1] - update to 1.9.4 (#651897) - update XML_RPC to 1.5.4, Structures_Graph to 1.0.4, Archive_Tar to 1.3.7 [1.9.1-1] - update to 1.9.1 (#651897) - fix installation of XML_RPC license file LOW Copyright 2011 Oracle, Inc. CVE-2011-1072 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.7.6-4.0.1.el6] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-4] - Fixes another XPath problem CVE-2011-2834 - Resolves: rhbz#732335 [2.7.6-3] - Fixes various other issues in 2.7.6 XPath evaluation - Resolves: rhbz#732335 [2.7.6-2] - Fix a potential crasher in XPath or XSLT, CVE-2011-1944 - Resolves: rhbz#710397 LOW Copyright 2011 Oracle, Inc. CVE-2011-1944 CVE-2011-2821 CVE-2010-4494 CVE-2011-0216 CVE-2011-2834 CVE-2010-4008 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:base Oracle Linux 6 [qemu-kvm-0.12.1.2-2.209.el6_2.1] - kvm-ccid-Fix-buffer-overrun-in-handling-of-VSC_ATR-messa.patch [bz#751312] - CVE: CVE-2011-4111 - Resolves: bz#751312 (CVE-2011-4111 qemu: ccid: buffer overflow in handling of VSC_ATR message [rhel-6.2.z]) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-4111 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0:6.0.24-35] - Resolves: cve-2011-3190 - Resolves: cve-2011-2204 - Resolves: cve-2011-2526 - Resolves: cve-2011-1184 - Resolves: rhbz 748807 - tomcat6 broken when LANG=fr MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2526 CVE-2011-3190 CVE-2011-5064 CVE-2011-5062 CVE-2011-5063 CVE-2011-1184 CVE-2011-2204 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.9-22.1] - add candidate patch to fix a NULL pointer dereference while processing TGS requests (MITKRB5-SA-2011-007, #754046) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1530 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [-7:3.1.10-1.el6_2.1] - Resolves: #755016 - CVE-2011-4096: Invalid free by processing CNAME DNS record MODERATE Copyright 2011 Oracle, Inc. CVE-2011-4096 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.900.1-15.1] - CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution (#749149) IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-4516 CVE-2011-4517 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.8.11-12.1] - fixed wrong permissions on ipmievd.pid (#756684) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-4339 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [4.2.1-9.1] - Resolves: rhbz#766539 CVE-2011-4599 localeID overflow MODERATE Copyright 2011 Oracle, Inc. CVE-2011-4599 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:5:8:base Oracle Linux 6 [12:4.1.1-25.P1.1] - DoS due to processing certain regular expressions (CVE-2011-4539, #765682) MODERATE Copyright 2011 Oracle, Inc. CVE-2011-4539 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.7.9-3.el6_2.2] - Add patch for CVE-2011-4602 (RH bug #766452). [2.7.9-3.el6_2.1] - Add patch for CVE-2011-4601 (RH bug #766452). MODERATE Copyright 2011 Oracle, Inc. CVE-2011-4601 CVE-2011-4602 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [2.6.32-220.2.1.el6] - [dm] fixing test for NULL pointer testing (Paolo Bonzini) [752379 752380] {CVE-2011-4127} [2.6.32-220.1.1.el6] - [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752379 752380] {CVE-2011-4127} - [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752379 752380] {CVE-2011-4127} - [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752379 752380] {CVE-2011-4127} - [x86] amd: Fix align_va_addr kernel parameter (Frank Arnold) [758028 753237] - [md] RAID1: Do not call md_raid1_unplug_device while holding spinlock (Jonathan E Brassow) [755545 752528] - [pci] intel-iommu: Default to non-coherent for domains unattached to iommus (Don Dutile) [757671 746484] - [x86] initialize min_delta_ns in one_hpet_msi_clockevent() (Prarit Bhargava) [756426 728315] - [x86] Update hpet_next_event() (Prarit Bhargava) [756426 728315] - [kernel] sched: Use resched IPI to kick off the nohz idle balance (Vivek Goyal) [750459 717179] - [drm] i915: enable ring freq scaling, RC6 and graphics turbo on Ivy Bridge (Prarit Bhargava) [758513 752163] - [drm] i915: load a ring frequency scaling table (Prarit Bhargava) [758513 752163] - [x86] cpufreq: expose a cpufreq_quick_get_max routine (Prarit Bhargava) [758513 752163] - [sched] Cleanup/optimize clock updates (Larry Woodman) [751403 750237] - [sched] fix skip_clock_update optimization (Larry Woodman) [751403 750237] - [block] virtio-blk: Use ida to allocate disk index (Michael S. Tsirkin) [756427 692767] - [virt] virtio_blk: Replace cryptic number with the macro (Michael S. Tsirkin) [756427 692767] - [kernel] ida: simplified functions for id allocation (Michael S. Tsirkin) [756427 692767] - [virt] revert virtio-blk: Use ida to allocate disk index (Aristeu Rozanski) [756427 692767] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-4127 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.0.1-7] - Correct patch, bump release [1.0.1-6] - Fix for CVE-2011-4862 CRITICAL Copyright 2011 Oracle, Inc. CVE-2011-4862 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.6.32-100.28.9.el6] - sync up the version [2.6.32-100.28.8.el6] - [block] check for proper length of iov entries earlier in blk_rq_map_user_iov (Xiaotian Feng) {CVE-2010-4668} - scm: lower SCM_MAX_FD (Eric Dumazet) {CVE-2010-4249} - perf_events: Fix perf_counter_mmap() hook in mprotect() (Pekka Enberg) {CVE-2010-4169} - tcp: Increase TCP_MAXSEG socket option minimum (David S. Miller) {CVE-2010-4165} - Enable module force load option [orabug 11782146] - Enable vmw balloon and pvscsi (Guru Anbalagane) [orabug 11697522] [2.6.32-100.28.7.el6] - build from git [2.6.32-100.28.6.el6] - Remove crashkernel option if it is present [bug 11714928] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-4165 CVE-2010-4668 CVE-2010-4249 CVE-2010-4169 cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-100.28.11.el6] - fs/partitions: Validate map_count in Mac partition tables {CVE-2011-1010} - nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab (v3) {CVE-2011-1090} [2.6.32-100.28.10.el6] - Use cciss for some Smart Array controller for OL5 [orabug 11899706] - CVEs from RHSA-2011-0421 - install_special_mapping skips security_file_mmap check {CVE-2010-4346} - orinoco: fix TKIP countermeasure behaviour {CVE-2010-4648} - net: clear heap allocation for ethtool_get_regs() {CVE-2010-4655} - usb: iowarrior: don't trust report_size for buffer size {CVE-2010-4656} - [media] [v3,media] av7110: check for negative array offset {CVE-2011-0521} - RDMA/cma: Fix crash in request handlers {CVE-2011-0695} - IB/cm: Bump reference count on cm_id before invoking callback {CVE-2011-0695} - gro: reset skb_iif on reuse {CVE-2011-1478} IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-4648 CVE-2010-4655 CVE-2011-0521 CVE-2011-1010 CVE-2011-1090 CVE-2011-0695 CVE-2011-1478 CVE-2010-4346 CVE-2010-4656 cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-100.28.15.el6] - sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set {CVE-2011-1573} - dccp: fix oops on Reset after close {CVE-2011-1093} - bridge: netfilter: fix information leak {CVE-2011-1080} - Bluetooth: bnep: fix buffer overflow {CVE-2011-1079} - net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules {CVE-2011-1019} - ipip: add module alias for tunl0 tunnel device - gre: add module alias for gre0 tunnel device - drm/radeon/kms: check AA resolve registers on r300 {CVE-2011-1016} - drm/radeon: fix regression with AA resolve checking {CVE-2011-1016} - drm: fix unsigned vs signed comparison issue in modeset ctl ioctl {CVE-2011-1013} - proc: protect mm start_code/end_code in /proc/pid/stat {CVE-2011-0726} - ALSA: caiaq - Fix possible string-buffer overflow {CVE-2011-0712} - xfs: zero proper structure size for geometry calls {CVE-2011-0711} - xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 {CVE-2011-0711} - ima: fix add LSM rule bug {CVE-2011-0006} - IB/uverbs: Handle large number of entries in poll CQ {CVE-2010-4649, CVE-2011-1044} - CAN: Use inode instead of kernel address for /proc file {CVE-2010-4565} [2.6.32-100.28.14.el6] - IB/qib: fix qib compile warning. - IB/core: Allow device-specific per-port sysfs files. - dm crypt: add plain64 iv. - firmware: add firmware for qib. - Infiniband: Add QLogic PCIe QLE InfiniBand host channel adapters support. IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1079 CVE-2011-1013 CVE-2011-0726 CVE-2011-0711 CVE-2011-1044 CVE-2011-1573 CVE-2011-1080 CVE-2011-1019 CVE-2010-4565 CVE-2011-1093 CVE-2011-0712 CVE-2010-4649 CVE-2011-1016 CVE-2011-0006 cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 A [2.6.32-100.28.17.el6] - [net] Extend prot->slab size when add sock extend fields. [2.6.32-100.28.16.el6] - kernel: Fix unlimited socket backlog DoS {CVE-2010-4251} - RDS: Fix congestion issues for loopback - rds: prevent BUG_ON triggering on congestion map updates {CVE-2011-1023} - epoll: prevent creating circular epoll structures {CVE-2011-1082} - fs: fix corrupted OSF partition table parsing {CVE-2011-1163} - fs: Increase OSF partition limit from 8 to 18 {CVE-2011-1163} - netfilter: arp_tables: fix infoleak to userspace {CVE-2011-1170} - netfilter: ip_tables: fix infoleak to userspace {CVE-2011-1171} - ipv6: netfilter: ip6_tables: fix infoleak to userspace {CVE-2011-1172} - [SCSI] mpt2sas: prevent heap overflows and unchecked reads {CVE-2011-1494, CVE-2011-1495} IMPORTANT Copyright 2011 Oracle, Inc. CVE-2010-4251 CVE-2011-1023 CVE-2011-1082 CVE-2011-1170 CVE-2011-1494 CVE-2011-1495 CVE-2011-1172 CVE-2011-1163 CVE-2011-1171 cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:0:ga_patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-100.35.1.el6uek] - [net] dccp: handle invalid feature options length {CVE-2011-1770} - [net] can: add missing socket check in can/raw release {CVE-2011-1748} - [net] can: Add missing socket check in can/bcm release {CVE-2011-1598} IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1770 CVE-2011-1598 CVE-2011-1748 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-100.37.1.el6uek] - [net] gre: fix netns vs proto registration ordering {CVE-2011-1767} - [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768} MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1767 CVE-2011-1768 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-200.16.1.el6uek] - Revert change to restore DEFAULTKERNEL [2.6.32-200.15.1.el6uek] - Add -u parameter to kernel_variant_post to make it work properly for uek [orabug 12819958] [2.6.32-200.14.1.el6uek] - Restore DEFAULTKERNEL value to kernel-uek [orabug 12819958] [2.6.32-200.13.1.el6uek] - make default kernel kernel-uek (Kevin Lyons) [orabug 12803424] [2.6.32-200.12.1.el6uek] - SCSI: Fix oops dereferencing queue (Martin K. Petersen) [orabug 12741636] [2.6.32-200.11.1.el6uek] - inet_diag: fix inet_diag_bc_audit() (Eric Dumazet) [CVE-2011-2213] [2.6.32-200.10.8.el6uek] - block: export blk_{get,put}_queue() (Jens Axboe) - [SCSI] Fix oops caused by queue refcounting failure (James Bottomley) - [dm-mpath] maintain reference count for underlying devices (Martin K. Petersen) [2.6.32-200.10.7.el6uek] - [net] gre: fix netns vs proto registration ordering {CVE-2011-1767} - [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768} - [rps] don't free rx_queue until netdevice is freed (Dave Kleikamp) [orabug 11071685] [2.6.32-200.10.6.el6uek] - Add entropy generation to nics (John Sobecki) [10622900] - [SCSI] compat_ioct: fix bsg SG_IO [orabug 12732464] - ipc/sem.c: error path in try_atomic_semop() left spinlock locked [2.6.32-200.10.5.el6uek] - update kabi [2.6.32-200.10.4.el6uek] - block: Fix double free in blk_integrity_unregister [orabug 12707880] - block: Make the integrity mapped property a bio flag [orabug 12707880] - dm mpath: do not fail paths after integrity errors [orabug 12707880] - dm ioctl: refactor dm_table_complete [orabug 12707880] - block: Require subsystems to explicitly allocate bio_set integrity mempool [orabug 12707880] - dm: improve block integrity support [orabug 12707880] - sd: Update protection mode strings [orabug 12707880] - [SCSI] fix propogation of integrity errors [orabug 12707880] - [SCSI] modify change_queue_depth to take in reason why it is being called [orabug 12707880] - [SCSI] scsi error: have scsi-ml call change_queue_depth to handle QUEUE_FULL [orabug 12707880] - [SCSI] add queue_depth ramp up code [orabug 12707880] - [SCSI] scsi_dh: Change the scsidh_activate interface to be asynchronous [orabug 12707880] - SCSI: Updated RDAC device handler [orabug 12707880] - [SCSI] scsi_dh: propagate SCSI device deletion [orabug 12707880] - [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path [orabug 12707880] - qla2xxx: Driver update from QLogic [orabug 12707880] - lpfc 8.3.5.44 driver update from Emulex [orabug 12707880] - Add Hydra (hxge) support [orabug 12314121] - update hxge to 1.3.1 [orabug 12314121] - Hide mwait, TSC invariance and MTRR capability in published CPUID [2.6.32-200.10.3.el6uek] - [config] Revert Add some usb devices supported - [config] make all usb drivers part of the kernel. - [fs] NFS: Don't SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation [orabug 10435482] [2.6.32-200.10.2.el6uek] - [config] Add some usb devices supported. [2.6.32-200.10.1.el6uek] - update kabi changes and revision to -200 series MODERATE Copyright 2011 Oracle, Inc. CVE-2011-2213 CVE-2011-1768 CVE-2011-1767 cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.6.32-200.19.1.el6uek] - Apply new fix for CVE-2011-1576. [2.6.32-200.18.1.el6uek] - Revert 'proc: fix a race in do_io_accounting' [2.6.32-200.17.1.el6uek] - net: Fix memory leak/corruption on VLAN GRO_DROP {CVE-2011-1576} - iommu-api: Extension to check for interrupt remapping {CVE-2011-1898} - KVM: IOMMU: Disable device assignment without interrupt remapping {CVE-2011-1898} - ext4: Fix max file size and logical block counting of extent format file {CVE-2011-2695} - nl80211: fix overflow in ssid_len {CVE-2011-2517} - Bluetooth: Prevent buffer overflow in l2cap config request {CVE-2011-2497} - proc: fix a race in do_io_accounting() {CVE-2011-2495} - proc: restrict access to /proc/PID/io {CVE-2011-2495} - Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace {CVE-2011-2492} - NLM: Don't hang forever on NLM unlock requests {CVE-2011-2491} - ksm: fix NULL pointer dereference in scan_get_next_rmap_item() {CVE-2011-2183} IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1898 CVE-2011-2517 CVE-2011-2497 CVE-2011-2491 CVE-2011-2695 CVE-2011-2495 CVE-2011-2492 CVE-2011-1576 CVE-2011-2183 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-200.20.1.el6uek] - af_packet: prevent information leak {CVE-2011-2898} - gro: Only reset frag0 when skb can be pulled {CVE-2011-2723} - vm: fix vm_pgoff wrap in stack expansion {CVE-2011-2496} - vm: fix vm_pgoff wrap in upward expansion {CVE-2011-2496} - taskstats: don't allow duplicate entries in listener mode {CVE-2011-2484} - Ecryptfs: Add mount option to check uid of device being mounted {CVE-2011-1833} IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-2496 CVE-2011-2484 CVE-2011-2898 CVE-2011-2723 CVE-2011-1833 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-200.23.1.el6uek] - net: Remove atmclip.h to prevent break kabi check. - KConfig: add CONFIG_UEK5=n to ol6/config-generic [2.6.32-200.22.1.el6uek] - ipv6: make fragment identifications less predictable (Joe Jin) {CVE-2011-2699} - vlan: fix panic when handling priority tagged frames (Joe Jin) {CVE-2011-3593} - ipv6: udp: fix the wrong headroom check (Maxim Uvarov) {CVE-2011-4326} - b43: allocate receive buffers big enough for max frame len + offset (Maxim Uvarov) {CVE-2011-3359} - fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (Maxim Uvarov) {CVE-2011-3353} - cifs: fix possible memory corruption in CIFSFindNext (Maxim Uvarov) {CVE-2011-3191} - crypto: md5 - Add export support (Maxim Uvarov) {CVE-2011-2699} - fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops (Maxim Uvarov) {CVE-2011-1577} - block: use struct parsed_partitions *state universally in partition check code (Maxim Uvarov) - net: Compute protocol sequence numbers and fragment IDs using MD5. (Maxim Uvarov) {CVE-2011-3188} - crypto: Move md5_transform to lib/md5.c (Maxim Uvarov) {CVE-2011-3188} - perf tools: do not look at ./config for configuration (Maxim Uvarov) {CVE-2011-2905} - Make TASKSTATS require root access (Maxim Uvarov) {CVE-2011-2494} - TPM: Zero buffer after copying to userspace (Maxim Uvarov) {CVE-2011-1162} - TPM: Call tpm_transmit with correct size (Maxim Uvarov){CVE-2011-1161} - fnic: fix panic while booting in fnic(Xiaowei Hu) - Revert 'PCI hotplug: acpiphp: set current_state to D0 in register_slot' (Guru Anbalagane) - xen: drop xen_sched_clock in favour of using plain wallclock time (Jeremy Fitzhardinge) [2.6.32-200.21.1.el6uek] - PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [orabug 13033435] IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1577 CVE-2011-3191 CVE-2011-3593 CVE-2011-2494 CVE-2011-1162 CVE-2011-3188 CVE-2011-3353 CVE-2011-4326 CVE-2011-2699 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:1:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.3.1.el6uek] - proc: fix oops on invalid /proc/<pid>/maps access (Linux Torvalds) - Revert 'capabilities: do not grant full privs for setuid w/ file caps + no effective caps' (Joe Jin) - [mm]: Use MMF_COMPAT instead ia32_compat to prevent kabi be broken (Joe Jin) - proc: enable writing to /proc/pid/mem (Stephen Wilson) - proc: make check_mem_permission() return an mm_struct on success (Stephen Wilson) - proc: hold cred_guard_mutex in check_mem_permission() (Joe Jin) - proc: disable mem_write after exec (Stephen Wilson) - mm: implement access_remote_vm (Stephen Wilson) - mm: factor out main logic of access_process_vm (Stephen Wilson) - mm: use mm_struct to resolve gate vma's in __get_user_pages (Stephen Wilson) - mm: arch: rename in_gate_area_no_task to in_gate_area_no_mm (Stephen Wilson) - mm: arch: make in_gate_area take an mm_struct instead of a task_struct (Stephen Wilson) - mm: arch: make get_gate_vma take an mm_struct instead of a task_struct (Stephen Wilson) - x86: mark associated mm when running a task in 32 bit compatibility mode (Stephen Wilson) - x86: add context tag to mark mm when running a task in 32-bit compatibility mode (Stephen Wilson) - auxv: require the target to be tracable (or yourself) (Al Viro) - close race in /proc/*/environ (Al Viro) - report errors in /proc/*/*map* sanely (Al Viro) - pagemap: close races with suid execve (Al Viro) - make sessionid permissions in /proc/*/task/* match those in /proc/* (Al Viro) - Revert 'report errors in /proc/*/*map* sanely' (Joe Jin) - Revert 'proc: fix oops on invalid /proc/<pid>/maps access' (Joe Jin) [2.6.32-300.2.1.el6uek] - [kabi] Add missing kabi (Srinivas Maturi) - report errors in /proc/*/*map* sanely (Joe Jin) [2.6.32-300.1.1.el6uek] - [SCSI] qla4xxx: fix build error for OL6 (Joe Jin) - Ecryptfs: Add mount option to check uid of device being mounted = expect uid (Maxim Uvarov) - proc: fix oops on invalid /proc/<pid>/maps access (Linus Torvalds) - x86/mm: Fix pgd_lock deadlock (Joe Jin) - x86, mm: Hold mm->page_table_lock while doing vmalloc_sync (Joe Jin) - proc: restrict access to /proc/PID/io (Vasiliy Kulikov) - futex: Fix regression with read only mappings (Shawn Bohrer) - x86-32, vdso: On system call restart after SYSENTER, use int db_5.ELSA-2011-2037x80 (H. Peter Anvin) - x86, UV: Remove UV delay in starting slave cpus (Jack Steiner) - Include several Xen pv hugepage fixes. (Dave McCracken) - GRO: fix merging a paged skb after non-paged skbs (Michal Schmidt) - md/linear: avoid corrupting structure while waiting for rcu_free to complete. (NeilBrown) - xen: x86_32: do not enable iterrupts when returning from exception in interrupt context (Igor Mammedov) - xen/smp: Warn user why they keel over - nosmp or noapic and what to use instead. (Konrad Rzeszutek Wilk) - hvc_console: Improve tty/console put_chars handling (Hendrik Brueckner) - 3w-9xxx: fix iommu_iova leak (James Bottomley) - aacraid: reset should disable MSI interrupt (Vasily Averin) - libsas: fix failure to revalidate domain for anything but the first expander child. (Mark Salyzyn) - splice: direct_splice_actor() should not use pos in sd (Changli Gao) - libsas: fix panic when single phy is disabled on a wide port (Mark Salyzyn) - epoll: fix spurious lockdep warnings (Nelson Elhage) - kobj_uevent: Ignore if some listeners cannot handle message (Milan Broz) - kmod: prevent kmod_loop_msg overflow in __request_module() (Jiri Kosina) - nfsd4: ignore WANT bits in open downgrade (J. Bruce Fields) - nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir() (Bernd Schubert) - iommu/amd: Fix wrong shift direction (Joerg Roedel) - cfq: Don't allow queue merges for queues that have no process references (Jeff Moyer) - cfq-iosched: get rid of the coop_preempt flag (Jens Axboe) - cfq: break apart merged cfqqs if they stop cooperating (Jeff Moyer) - cfq: change the meaning of the cfqq_coop flag (Jeff Moyer) - cfq: merge cooperating cfq_queues (Jeff Moyer) - cfq: calculate the seek_mean per cfq_queue not per cfq_io_context (Jeff Moyer) - kcore: fix test for end of list (Dan Carpenter) - deal with races in /proc/*/{syscall,stack,personality} (Al Viro) - NLM: Don't hang forever on NLM unlock requests (Maxim Uvarov) - vm: fix vm_pgoff wrap in upward expansion (Hugh Dickins) - vm: fix vm_pgoff wrap in stack expansion (Linus Torvalds) - net_sched: Fix qdisc_notify() (Eric Dumazet) - drivers/net/rionet.c: fix ethernet address macros for LE platforms (Alexandre Bounine) - ext2,ext3,ext4: don't inherit APPEND_FL or IMMUTABLE_FL for new inodes (Theodore Ts'o) - st: fix race in st_scsi_execute_end (Petr Uzel) - Make scsi_free_queue() kill pending SCSI commands (Bart Van Assche) - NFS/sunrpc: don't use a credential with extra groups. (NeilBrown) - netlink: validate NLA_MSECS length (Johannes Berg) - mtd: mtdchar: add missing initializer on raw write (Peter Wippich) - PM / Suspend: Off by one in pm_suspend() (Dan Carpenter) - hfs: add sanity check for file name length (Dan Carpenter) - md/raid5: abort any pending parity operations when array fails. (NeilBrown) - mm: avoid null pointer access in vm_struct via /proc/vmallocinfo (Mitsuo Hayasaka) - USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c (Andrew Worsley) - usb-storage: Accept 8020i-protocol commands longer than 12 bytes (Alan Stern) - [SCSI] ql4xxx: upgrade to 5.02.14.00.32.01-c0 (Joe Jin) - [netdrv] be2net: Merge fixes for CVE-2011-3347 (Joe Jin) - ext4: fix BUG_ON() in ext4_ext_insert_extent() (Zheng Liu) - proc: fix a race in do_io_accounting() (Vasiliy Kulikov) - capabilities: do not grant full privs for setuid w/ file caps + no effective caps (Zhi Li) - KEYS: Fix a NULL pointer deref in the user-defined key type (Maxim Uvarov) - igb: Fix for Alt MAC Address feature on 82580 and later devices (Joe Jin) - [netdrv] enic: fix accidental GRO off by default (Joe Jin) - Fixing use of netif_set_real_num_tx_queues in cxgb4_main.c (Joe Jin) - firmware: Update cxgb4 NIC driver firmware (Joe Jin) - firmware Add latest cxgb3 firmware (Joe Jin) - [netdrv] cxgb3: misc fixes. (Joe Jin) - bnx2x: upgrade bnx2x (Joe Jin) - dcb: add DCBX mode to event notifier attributes (John Fastabend) - dcb: Use ifindex instead of ifname (Mark Rustad) - dcbnl: unlock on an error path in dcbnl_cee_fill() (Dan Carpenter) - dcbnl: Add CEE notification (Shmulik Ravid) - dcbnl: Aggregated CEE GET operation (Shmulik Ravid) - dcb: use nlmsg_free() instead of kfree() (Dan Carpenter) - dcb: Add missing error check in dcb_ieee_set() (John Fastabend) - dcb: fix return type on dcb_setapp() (John Fastabend) - dcb: Add dcb_ieee_getapp_mask() for drivers to query APP settings (John Fastabend) - dcb: Add ieee_dcb_delapp() and dcb op to delete app entry (John Fastabend) - dcb: Add ieee_dcb_setapp() to be used for IEEE 802.1Qaz APP data (John Fastabend) - net: dcbnl, add multicast group for DCB (John Fastabend) - dcb: Add DCBX capabilities bitmask to the get_ieee response (John Fastabend) - dcbnl: add support for retrieving peer configuration - cee (Shmulik Ravid) - dcbnl: add support for retrieving peer configuration - ieee (Shmulik Ravid) - net: dcbnl: check correct ops in dcbnl_ieee_set() (John Fastabend) - Don't potentially dereference NULL in net/dcb/dcbnl.c:dcbnl_getapp() (Jesper Juhl) - net: dcb: application priority is per net_device (John Fastabend) - dcbnl: make get_app handling symmetric for IEEE and CEE DCBx (John Fastabend) - dcb: use after free in dcb_flushapp() (Dan Carpenter) - dcb: unlock on error in dcbnl_ieee_get() (Dan Carpenter) - dcbnl: more informed return values for new dcbnl routines (Shmulik Ravid) - dcbnl: cleanup (Shmulik Ravid) - net_dcb: add application notifiers (John Fastabend) - [netdrv] firmware: add bnx2x FW 7.0.23 (Joe Jin) - [netdrv] Fixing use of netif_set_real_num_tx_queues in bnx2.c (Joe Jin) - [netdrv] tg3: drver update. (Joe Jin) - tg3: negate USE_PHYLIB flag check (Jiri Pirko) - [netdrv] e1000e: fix WoL on 82578DM and 82567V3 (Joe Jin) - e1000: don't enable dma receives until after dma address has been setup (Dean Nelson) - [SCSI] bnx2i: Fixed the endian on TTT for NOP out transmission (Eddie Wai) - [SCSI] bnx2fc: upgrade to 1.0.8 (Joe Jin) - [scsi] hpsa: add heartbeat sysfs host attribute (Joe Jin) - [SCSI] move PCI_DEVICE_ID_HP_CISSE to include/linux/pci_ids.h (Joe Jin) - [SCSI] lpfc: update to 8.3.5.45.4p (Joe Jin) - [SCSI] be2iscsi: upgrade to 4.1.239.0 (Joe Jin) - fcoe/libfcoe: Move common code for fcoe_get_lesb to fcoe_transport (Joe Jin) - libfc: Prevent race that causes panic during FCoE port destroy via sysfs (Joe Jin) - [SCSI] isci: dynamic interrupt coalescing (Dan Williams) - megaraid_sas: trim the space and tab. (Joe Jin) - megaraid_sas: Add driver workaround for PERC5/1068 kdump kernel panic (Joe Jin) - scsi_transport_fc: Fix deadlock during fc_remove_host (Joe Jin) - [SCSI] libfc: improve flogi retries to avoid lport stuck (Vasu Dev) - [SCSI] libfc: avoid exchanges collision during lport reset (Vasu Dev) - [SCSI] libfc: fix checking FC_TYPE_BLS (Vasu Dev) - [SCSI] libsas: fix warnings when checking sata/stp protocol (Dan Williams) - [SCSI] libsas: disable scanning lun > 0 on ata devices (Dan Williams) - [SCSI] libsas: Allow expander T-T attachments (Luben Tuikov) - [SCSI] isci: atapi support (Dan Williams) - isci: export phy events via ->lldd_control_phy() (Dan Williams) - [SCSI] isci: The port state should be set to stopping on the last phy. (Jeff Skirvin) - [SCSI] isci: fix decode of DONE_CRC_ERR TC completion status (Jeff Skirvin) - [SCSI] isci: SATA/STP I/O is only returned in the normal path to libsas (Jeff Skirvin) - [SCSI] isci: fix support for large smp requests (Dan Williams) - [SCSI] isci: fix missed unlock in apc_agent_timeout() (Jeff Skirvin) - [SCSI] isci: fix event-get pointer increment (Dan Williams) - [SCSI] isci: add version number (Dan Williams) - [SCSI] isci: fix sata response handling (Dan Williams) - [SCSI] isci: Leave requests alone if already terminating. (Jeff Skirvin) - [SCSI] isci: initial sgpio write support (Dan Williams) - [SCSI] isci: fix sgpio register definitions (Dan Williams) - [SCSI] libsas: sgpio write support (Dan Williams) - [SCSI] scsi scan: don't fail scans when host is in recovery (Mike Christie) - net: Remove atmclip.h to prevent break kabi check (Joe Jin) - SPEC: ol6 req dracut-kernel-004-242.0.3 (Maxim Uvarov) - SPEC: req udev-095-14.27.0.1.el5_7.1 or more (Maxim Uvarov) - SPEC: el5 mkinird more then 5.1.19.6-71.0.10 (Maxim Uvarov) - ipv6: make fragment identifications less predictable (Joe Jin) - vlan: fix panic when handling priority tagged frames (Joe Jin) - ipv6: udp: fix the wrong headroom check (Shan Wei) - b43: allocate receive buffers big enough for max frame len + offset (Maxim Uvarov) - fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (Miklos Szeredi) - cifs: fix possible memory corruption in CIFSFindNext (Jeff Layton) - crypto: md5 - Add export support (Maxim Uvarov) - fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops (Timo Warns) - block: use struct parsed_partitions *state universally in partition check code (Maxim Uvarov) - net: Compute protocol sequence numbers and fragment IDs using MD5 (Maxim Uvarov) - perf tools: do not look at ./config for configuration (Jonathan Nieder) - Make TASKSTATS require root access (Linus Torvalds) - TPM: Zero buffer after copying to userspace (Peter Huewe) - TPM: Call tpm_transmit with correct size (Peter Huewe) - PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [2.6.32-300.0.12.el6uek] - Install include/drm headers (Maxim Uvarov) [orabug 13260234] - qla2xxx: Double check for command completion if abort mailbox command fails (Chad Dupuis) - Ensure full IOC buffer can be mapped (Martin K. Petersen) - Fix incorrect timeout handling (Martin K. Petersen) [2.6.32-300.0.11.el6uek] - fix pgoff in mbind vma merge (Caspar Zhang) [orabug 13370691] [2.6.32-300.0.10.el6uek] - compat_ioct: move initialization before use in sg_ioctl_trans() (Dan Carpenter) - genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier (Dan Carpenter) - xen/timer: Missing IRQF_NO_SUSPEND in timer code broke suspend [orabug 13359907] - pids: fix a race in pid generation that causes pids to be reused immediately (Salman) [orabug 13370594] - Revert 'mlx4: Updated the driver version from 1.5.1.6 August 2010 to 1.5.4.1 March 2011 update' (Maxim Uvarov) [orabug 13322248] [2.6.32-300.0.9.el6uek] - [firmware] bnx2x 7.0.20 (Maxim Uvarov) [orabug 13354737] - Revert 'qla2xxx: Double check for command completion if abort mailbox [orabug 13339986] - SPEC: fixes for spec file [orabugs 13359985, 13339700, 13348381] - kabi: Modify Kabi and enable kabicheck [2.6.32-300.0.8.el6uek] - ipv6: add a missing unregister_pernet_subsys call (Neil Horman) - SPEC: hwcap set to 1 for nosegneg (Guru Anbalagane) [orabug 13321811] - put firmware to kernel version specific location (Maxim Uvarov) [orabug 13254457] - xen: drop xen_sched_clock in favour of using plain wallclock time (Jeremy Fitzhardinge) - Revert '[scsi] add lockless to improve queuecommand performance' - fix fnic init panic and san disks are not visible (Xiaowei Hu) - SPEC: Add debug to the list of kernels that kernel-uek should replace in /etc/sysconfig/kernel (Kevin Lyons) [bug 13260459,13339700] - bfa: cleanup Makefile. (Joe Jin) - fc class: add fc host default default dev loss setting (Mike Christie) - fc class: add fc host dev loss sysfs file (Mike Christie) - add dev_loss_tmo support for lpfc, fnic and ibmvfc (Joe Jin) - scsi_transport_fc: Protect against overflow in dev_loss_tmo (Hannes Reinecke) - [netdrv] bna: cleanup Makefile. (Joe Jin) - PCI/e1000e: Add and use pci_disable_link_state_locked() (Yinghai Lu) - tracepoint: Move signal sending tracepoint to events/signal.h (Masami Hiramatsu) - perf_event, x86, mce: Use TRACE_EVENT() for MCE logging (Hidetoshi Seto) - xen: Add support for hugepages on Xen pv domains, including support for hugepages in the balloon driver. (Dave Mccracken) [2.6.32-300.0.7.el6uek] - Add entropy generation to NIC drivers - [netdrv] bnx2x: replace pci_find_capability to pci_pcie_cap - [pci] dma-mapping: dma-mapping.h: add dma_set_coherent_mask - PCI: introduce pci_is_pcie() - PCI: introduce pci_pcie_cap() - PCI: cache PCIe capability offset - [scsi] add lockless to improve queuecommand performance [2.6.32-300.0.6.el6uek] - [netdrv] ixgbe: correct Makefile. [2.6.32-300.0.5.el6uek] bnx2: upgrade to 2.1.11 vlan: allow null VLAN ID to be used ethtool: Add 20G bit definitions ethtool: Add Direct Attach support to connector port reporting bnx2i: add pci_id for brocadcom fcoe: Prevent creation of an NPIV port with duplicate WWPN bnx2i: upgrade to 2.7.0.3 bnx2fc: upgrade to 1.0.6 lpfc: upgrade to 0:8.3.5.45.3p mptsas: upgrade to 3.04.19 netdev: ethtool RXHASH flag be2net: upgrade to 4.0.160r be2iscsi: upgrade to 4.0.160r vmxnet3: upgrade to 1.1.18.0-k add vmxnet3 support e100: merge misc fixes. igb: upgrade to 3.0.6-k igbvf: upgrade to 2.0.0-k e1000: upgrade to 7.3.21-k6-1-NAPI e1000e: upgrade to 1.4.4-k ixgbevf: upgrade to 2.1.0-k [netdrv] bnx2x: upgrade to 1.70.00-0] [block] cciss: upgrade to 3.6.28] [scsi] hpsa: upgrade to 2.0.2-3] [scsi] arcmsr: upgrade to 1.20.00.15.el6u2 2010/08/05] [scsi] megaraid: minor update megaraid] fcoe: correct checking for bonding [scsi] ipr: upgrade to 2.5.2] [SCSI] sd: Combine DIF/DIX error handling] [SCSI] Fix printing of failed 32-byte commands] [SCSI] sd: Logical Block Provisioning update] [SCSI] sd: retry read_capacity on UNIT_ATTENTION] [SCSI] libfc: fix mm leak in handling incoming request for target discovery] [SCSI] libfc: release DDP context if frame_send() fails] [SCSI] libfc: don't call resp handler after FC_EX_TIMEOUT] [SCSI] libfc: fix race in SRR response] [SCSI] libfc: do not immediately retry the cmd when seq_send fails in fc_fcp_send_data] [SCSI] libfcoe: Remove unnecessary module state checks] [SCSI] libfc: Enhancement to RPORT state machine applicable only for VN2VN mode] [SCSI] fcoe: Unable to select the exchangeID from offload pool for storage targets] [SCSI] fcoe: Round-robin based selection of CPU for post-processing of incoming commands] [SCSI] fcoe: Amends previous patch, Round-robin based selection of CPU for post processing of incoming request for FCoE target] [SCSI] libfc:Fix for exchange/seq loopup failure when FCoE stack is used as target and connected to windows initaitor] [SCSI] libfc: post reset event on lport reset] [SCSI] fcoe: cleanup cpu selection for incoming requests] [SCSI] scsi_dh_alua: Attach to UNAVAILABLE/OFFLINE AAS devices] [SCSI] iscsi: add module alias] [SCSI] iscsi: fix iscsi_endpoint leak] [SCSI] libiscsi: add helper to convert addr to string] [SCSI] iscsi_tcp: use iscsi_conn_get_addr_param libiscsi function] [SCSI] iscsi class: add callout to get iscsi_endpoint values] [SCSI] libiscsi_tcp: use kmap in xmit path] [SCSI] iscsi_tcp: fix locking around iscsi sk user data] [SCSI] libiscsi_tcp: fix LLD data allocation] [SCSI] libsas: remove spurious sata control register read/write] [SCSI] libsas: fix SATA NCQ error] [SCSI] libsas: fix loopback topology bug during discovery] [SCSI] fcoe: remove unused ptype field in fcoe_rcv_info] [SCSI] libfc: use FC_MAX_ERROR_CNT] [SCSI] libfc: Remove the reference to FCP packet from scsi_cmnd in case of error] [SCSI] libfc: release exchg cache] [SCSI] libfc, fcoe: ignore rx frame with wrong xid info] [SCSI] libfc: two minor changes in comments] [SCSI] libfc: cleanup sending SRR request] [SCSI] libfc: fix warn on in lport retry] [SCSI] fcoe: add fip retry to avoid missing critical keep alive] libfc: fix fc_eh_host_reset [SCSI] libfc: block SCSI eh thread for blocked rports] [SCSI] libfc: fix referencing to fc_fcp_pkt from the frame pointer via fr_fsp()] [SCSI] scsi_lib: pause between error retries] KConfig: add CONFIG_UEK5=n to ol6/config-generic [SCSI] Fix race when removing SCSI devices] ipmi: reduce polling when interrupts are available ipmi: reduce polling ipmi: Fix IPMI errors due to timing problems [SCSI] scsi_dh: Make alua hardware handler's activate() async] [SCSI] scsi_dh_alua: Handle all states correctly] [SCSI] scsi_dh_alua: fix submit_stpg return] [SCSI] scsi_dh_alua: fix deadlock in stpg_endio] [SCSI] scsi_dh_alua: fix stpg_endio group state reporting] [SCSI] scsi_dh: cosmetic change to sizeof()] [SCSI] scsi_dh_rdac : Add definitions for different RDAC operating modes] [SCSI] scsi_dh_rdac : decide whether to send mode select based on operating mode] [SCSI] dh_rdac: Use WWID from C8 page instead of Subsystem id from C4 page to identify storage] [SCSI] dh_rdac: Associate HBA and storage in rdac_controller to support partitions in storage] [SCSI] scsi_dh: Make hp hardware handler's activate() async] [SCSI] scsi_dh_hp_sw: fix deadlock in start_stop_endio] cnic: upgrade to 2.5.7 update enic to 2.1.1.24 enic: remove VF [SCSI] libiscsi: use bh locking instead of irq with session lock] [SCSI] libiscsi: Check TMF state before sending PDU] iscsi: Use struct scsi_lun in iscsi structs instead of u8[8] [SCSI] fix id computation in scsi_eh_target_reset()] [SCSI] Reduce error recovery time by reducing use of TURs] [scsi] mpt2sas: upgrade 09.101.00.00] [SCSI] fcoe: Rearrange fcoe port and NPIV port cleanup] [SCSI] fcoe: Fix deadlock between fip's recv_work and rtnl] [SCSI] Add missing SPC-4 CDB and MAINTENANCE_[IN,OUT] service action definitions] [SCSI] scsi_debug: Thin provisioning support] [SCSI] scsi_debug: fix Thin provisioning support] [SCSI] scsi_debug: add max_queue + no_uld parameters] [SCSI] scsi_debug: Block Limits VPD page fixes] [SCSI] scsi_debug: fix map_region and unmap_region oops] [SCSI] scsi_debug: Update thin provisioning support] [SCSI] scsi_debug: Convert to use root_device_register() and root_device_unregister()] [SCSI] scsi_debug: set resid to indicate no data-in when medium error] [SCSI] scsi_debug: Fix 32-bit overflow in do_device_access causing memory corruption] [SCSI] scsi_debug: Logical Block Provisioning (SBC3r26)] [SCSI] scsi_debug: add consecutive medium errors] drivers/firmware/iscsi_ibft.c: use %pM to show MAC address drivers/firmware/iscsi_ibft.c: remove NIPQUAD_FMT, use %pI4 x86: Make sure wakeup trampoline code is below 1MB ibft, x86: Change reserve_ibft_region() to find_ibft_region() ibft: Update iBFT handling for v1.03 of the spec. [xen] remove unused functions.] bitmap: introduce bitmap_set, bitmap_clear, bitmap_find_next_zero_area [netdrv] s2io: upgrade to 2.0.26.28] [watchdog] hpwdt: upgrade to 1.3.0] qla2xxx: During loopdown perform Diagnostic loopback. qla2xxx: Save and restore irq in the response queue interrupt handler. qla2xxx: Prevent CPU lockups when 'ql2xdontresethba' module param is set. qla2xxx: Fix array out of bound warning. qla2xxx: Acquire hardware lock while manipulating dsd list. qla2xxx: check for marker IOCB during response queue processing. qla2xxx: Fix qla24xx revision check while enabling interrupts. qla2xxx: Implemeted beacon on/off for ISP82XX. qla2xxx: Double check for command completion if abort mailbox command fails. qla2xxx: T10 DIF - Convert HBA specific checks to capability based. qla2xxx: Add support for ISP82xx to capture dump (minidump) on failure. qla2xxx: Enable write permission to some debug related module parameters to be changed dynamically. qla2xxx: Provide method for updating I2C attached VPD. qla2xxx: Set the task attributes after memsetting fcp cmnd. qla2xxx: Update to the beacon implementation. qla2xxx: Correct inadvertent loop state transitions during port-update handling. qla2xxx: Return sysfs error codes appropriate to conditions. qla2xxx: Issue mailbox command only when firmware hung bit is reset for ISP82xx. qla2xxx: Don't call alloc_fw_dump for ISP82XX. qla2xxx: Remove qla2x00_wait_for_loop_ready function. qla2xxx: Display FCP_CMND priority on update. qla2xxx: Check for SCSI status on underruns. qla2xxx: Fix for active_mask warning. qla2xxx: Updated the driver version to 8.03.07.08.32.1-k. ixgbe-3.4.24 kernel.h: add BUILD_BUG_ON_NOT_POWER_OF_2() isci update isci firmware update tg3: Updated the driver version from 3.113 to 3.119 mlx4: Updated the driver version from 1.5.1.6 August 2010 to 1.5.4.1 [2.6.32-300.0.4.el6uek] - Add 32-bit value for MAX_LOCAL_APIC to fix i386-i686 build error after a9da091 [2.6.32-300.0.3.el6uek] - [NET] Update qlcnic driver to 5.0.24 [orabug 13005421] - [NET] Update netxen NIC driver to 4.0.76 [orabug 13005427] - [SCSI] Update megaraid_sas driver to v5.40-rc1 [orabug 13005432] - [NET] Update Brocade BNA driver to 3.0.2.2 [orabug 13005438] - [SCSI] Update Brocade BFA driver to 3.0.2.2 [orabug 13005441] - [NET] Update qlge driver to v1.00.00.29.00.00-01 [orabug 13005443] - [SCSI] mpt2sas: Add a module parameter that permits overriding protection capabilities (Martin K. Petersen) - [SCSI] mpt2sas: Return the correct sense key for DIF errors (Martin K. Petersen) - [SCSI] mpt2sas: Do not check DIF for unwritten blocks (Martin K. Petersen) - [NET] bnx2x: prevent flooded warning kernel info [orabug 12687487] (Joe Jin) - [SCSI] fix lport uninitalized bug in fnic [orabug 12866385] (Xiaowei Hu) - acpi: Handle xapic/x2apic entries in MADT at same time (Yinghai Lu yinghai@kernel.org) [2.6.32-300.0.2.el6uek] - Revert 'netns xfrm: fixup xfrm6_tunnel error propagation' - block: export blk_{get,put}_queue() - Revert 'block: export blk_{get,put}_queue()' [2.6.32-300.0.1.el6uek] - [SCSI] mpt2sas: Fix missing reference tag seed with Type 2 devices (Martin K. Petersen) - stable tree merge to 2.6.32.45 MODERATE Copyright 2011 Oracle, Inc. CVE-2011-1585 CVE-2011-1577 CVE-2011-4110 CVE-2011-2525 CVE-2011-3638 CVE-2011-1020 CVE-2011-2707 CVE-2011-4330 CVE-2011-2495 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:2:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-300.4.1.el6uek] - [pci] intel-iommu: Default to non-coherent for domains unattached to iommus (Joe Jin) - [dm] do not forward ioctls from logical volumes to the underlying device (Joe Jin) {CVE-2011-4127} - [block] fail SCSI passthrough ioctls on partition devices (Joe Jin) {CVE-2011-4127} - [block] add and use scsi_blk_cmd_ioctl (Joe Jin) {CVE-2011-4127} - [net] gro: reset vlan_tci on reuse (Dan Carpenter) {CVE-2011-1576} - [net] rose: Add length checks to CALL_REQUEST parsing (Ben Hutchings) {CVE-2011-1493} - [net] rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC (Bernard Pidoux F6BVP) {CVE-2011-1493} IMPORTANT Copyright 2011 Oracle, Inc. CVE-2011-1493 CVE-2011-1576 CVE-2011-4127 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.7.6-4.0.1.el6_2.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-4.el6_2.1] - Make sure the parser returns when getting a Stop order CVE-2011-3905 - Fix an allocation error when copying entities CVE-2011-3919 - Resolves: rhbz#771913 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2011-3919 CVE-2011-3905 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [5.3.3-3.5] - remove extra php.ini-prod/devel files caused by %patch -b [5.3.3-3.4] - add security fixes for CVE-2011-4885, CVE-2011-4566 (#769754) MODERATE Copyright 2012 Oracle, Inc. CVE-2011-4566 CVE-2011-4885 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 6 [qemu-kvm-0.12.1.2-2.209.el6_2.4] - kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772081] - Resolves: bz#772081 (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.3] - kvm-Revert-virtio-blk-refuse-SG_IO-requests-with-scsi-of.patch [for bz#767721] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off-v2.patch [bz#767721] - CVE: CVE-2011-4127 - Resolves: bz#767721 (qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.2] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off.patch [bz#752375] - CVE: CVE-2011-4127 - Resolves: bz#767721 (EMBARGOED qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.3]) - Resolves: bz#767906 (qemu-kvm should be built with full relro and PIE support) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0029 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-220.4.1.el6] - [fs] Revert 'proc: enable writing to /proc/pid/mem' (Johannes Weiner) [782649 782650] {CVE-2012-0056} [2.6.32-220.3.1.el6] - [kernel] Remove 'WARNING: at kernel/sched.c:5915' (Larry Woodman) [768288 766051] - [x86] kernel: Fix memory corruption in module load (Prarit Bhargava) [769595 767140] - [kernel] Reset clocksource watchdog after sysrq-t (Prarit Bhargava) [755867 742890] - [x86] AMD: Make tsc=reliable override boot time stability checks (Prarit Bhargava) [755867 742890] IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0056 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.12-1.47.el6_2.5] - Avoid high cpu usage when accept fails with EMFILE (#767692) [2.12-1.47.el6_2.4] - Make implementation of ARENAS_TEST and ARENAS_MAX match documentation (#769594) - Check malloc arena atomically (#769594) [2.12-1.47.el6_2.3] - Check values from TZ file header (#767692) [2.12-1.47.el6_2.2] - Correctly reparse group line after enlarging the buffer (#766484) [2.12-1.47.el6_2.1] - Fix grouping and reuse other locales in various locales (#754116) MODERATE Copyright 2012 Oracle, Inc. CVE-2009-5029 CVE-2011-4609 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.0.0-20.1] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) MODERATE Copyright 2012 Oracle, Inc. CVE-2011-4577 CVE-2011-4108 CVE-2011-4576 CVE-2011-4619 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.1.2-6.1] - Fixed CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554 Resolves: rhbz#772900 MODERATE Copyright 2012 Oracle, Inc. CVE-2011-0433 CVE-2011-1554 CVE-2011-0764 CVE-2011-1552 CVE-2010-2642 CVE-2011-1553 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.8.7.352-4] - Address CVE-2011-4815 'DoS (excessive CPU use) via hash meet-in-the-middle attacks (oCERT-2011-003)' * ruby-1.8.7-p352-CVE-2011-4815.patch - Resolves: rhbz#768831 MODERATE Copyright 2012 Oracle, Inc. CVE-2011-4815 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox: [3.6.26-1.0.1.el6_2] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [3.6.26-1] - Update to 3.6.26 xulrunner: [1.9.2.26-1.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.26-1] - Update to 1.9.2.26 CRITICAL Copyright 2012 Oracle, Inc. CVE-2011-3670 CVE-2011-3659 CVE-2012-0449 CVE-2012-0442 CVE-2012-0444 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.1.18-1.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.18-1] - Update to 3.1.18 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-0442 CVE-2012-0449 CVE-2011-3659 CVE-2011-3670 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [5.3.3-3.6] - add security fix for CVE-2012-0830 (#786743) CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-0830 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [8.70-11:.6] - Applied upstream fix to last patch (CVE-2010-4054, bug #646086). [8.70-11:.5] - Applied patch to prevent null pointer dereference (CVE-2010-4054, bug #646086). [8.70-11:.4] - Don't ship patch backup files for CVE-2010-2055. [8.70-11:.3] - Applied patch to prevent integer underflow in TrueType bytecode interpreter (CVE-2009-3743, bug #627902). - Applied patch to avoid reading initialization files from CWD (CVE-2010-2055, bug #599564). MODERATE Copyright 2012 Oracle, Inc. CVE-2009-3743 CVE-2010-2055 CVE-2010-4820 CVE-2010-4054 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 6 [5.1.61-1.el6_2.1] - Update to 5.1.61, for assorted upstream bugfixes including numerous CVEs announced in January 2012 Resolves: #787191 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0087 CVE-2012-0101 CVE-2012-0113 CVE-2012-0075 CVE-2012-0120 CVE-2012-0484 CVE-2012-0118 CVE-2012-0115 CVE-2012-0116 CVE-2012-0119 CVE-2012-0485 CVE-2012-0490 CVE-2012-0102 CVE-2011-2262 CVE-2012-0112 CVE-2012-0114 CVE-2012-0492 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.2.15-15.0.1.el6_2.1] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-15.1] - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787598) - obviates fix for CVE-2011-3638, patch removed MODERATE Copyright 2012 Oracle, Inc. CVE-2011-3639 CVE-2012-0053 CVE-2011-4317 CVE-2011-3607 CVE-2012-0031 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [1:1.6.0.0-1.43.1.10.6] - Updated to IcedTea6 1.10.6 - Resolves: rhbz#787144 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception throwing mechanism in ObjectStreamClass - S7110704: Issues with some method in corba - S7112642: Incorrect checking for graphics rendering object - S7118283: Better input parameter checking in zip file processing - S7126960: Add property to limit number of request headers to the HTTP Server - Bug fixes - RH580478: Desktop files should not use hardcoded path - Removed upstreamed patch7 - java-1.6.0-openjdk-6_2-Z-rmi-fix.patch CRITICAL Copyright 2012 Oracle, Inc. CVE-2011-5035 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2011-3563 CVE-2011-3571 CVE-2012-0497 CVE-2012-0507 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.2.3-4.1] - fix CVE-2012-0444 (#787076) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0444 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2007-57] - fix CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554, texlive various flaws (#773183) MODERATE Copyright 2012 Oracle, Inc. CVE-2011-1552 CVE-2010-2642 CVE-2011-0764 CVE-2011-1553 CVE-2011-1554 CVE-2011-0433 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [3.1.18-2.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.18-2] - added fix for mozbz#727401 CRITICAL Copyright 2012 Oracle, Inc. CVE-2011-3026 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.9.2.26-2.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.26-2] - added fix for mozbz#727401 CRITICAL Copyright 2012 Oracle, Inc. CVE-2011-3026 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2:1.2.46-2] - Fix CVE-2011-3026 Resolves: #791007 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2011-3026 cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [1.11.23-11.el6_2.1] - Fix CVE-2012-0804 (Resolves: #784338) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0804 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base Oracle Linux 5 Oracle Linux 6 [2.7.6-4.0.1.el6_2.4] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-4.el6_2.4] - remove chunk in patch related to configure.in as it breaks rebuild - Resolves: rhbz#788845 [2.7.6-4.el6_2.3] - fix previous build to force compilation of randomization code - Resolves: rhbz#788845 [2.7.6-4.el6_2.2] - adds randomization to hash and dict structures CVE-2012-0841 - Resolves: rhbz#788845 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0841 cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [2.6.32-220.7.1.el6] - [netdrv] tg3: Fix single-vector MSI-X code (John Feeney) [787162 703555] - [mm] export remove_from_page_cache() to modules (Jerome Marchand) [772687 751419] - [block] cfq-iosched: fix cfq_cic_link() race confition (Vivek Goyal) [786022 765673] - [fs] cifs: lower default wsize when unix extensions are not used (Jeff Layton) [789058 773705] - [net] svcrpc: fix double-free on shutdown of nfsd after changing pool mode (J. Bruce Fields) [787580 753030] - [net] svcrpc: avoid memory-corruption on pool shutdown (J. Bruce Fields) [787580 753030] - [net] svcrpc: destroy server sockets all at once (J. Bruce Fields) [787580 753030] - [net] svcrpc: simplify svc_close_all (J. Bruce Fields) [787580 753030] - [net] svcrpc: fix list-corrupting race on nfsd shutdown (J. Bruce Fields) [787580 753030] - [fs] xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() (Carlos Maiolino) [749161 694702] {CVE-2011-4077} - [fs] xfs: Fix memory corruption in xfs_readlink (Carlos Maiolino) [749161 694702] {CVE-2011-4077} - [x86] hpet: Disable per-cpu hpet timer if ARAT is supported (Prarit Bhargava) [772884 750201] - [x86] Improve TSC calibration using a delayed workqueue (Prarit Bhargava) [772884 750201] - [kernel] clocksource: Add clocksource_register_hz/khz interface (Prarit Bhargava) [772884 750201] - [kernel] clocksource: Provide a generic mult/shift factor calculation (Prarit Bhargava) [772884 750201] - [block] cfq-iosched: fix a kbuild regression (Vivek Goyal) [769208 705698] - [block] cfq-iosched: rethink seeky detection for SSDs (Vivek Goyal) [769208 705698] - [block] cfq-iosched: rework seeky detection (Vivek Goyal) [769208 705698] - [block] cfq-iosched: don't regard requests with long distance as close (Vivek Goyal) [769208 705698] [2.6.32-220.6.1.el6] - [scsi] qla2xxx: Module parameter to control use of async or sync port login (Chad Dupuis) [788003 769007] [2.6.32-220.5.1.el6] - [net] igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Jiri Pirko) [772870 772871] {CVE-2012-0207} - [fs] xfs: validate acl count (Eric Sandeen) [773282 773283] {CVE-2012-0038} - [fs] Fix sendfile write-side file position (Steven Whitehouse) [771870 770023] - [virt] kvm: x86: fix missing checks in syscall emulation (Marcelo Tosatti) [773390 773391] {CVE-2012-0045} - [virt] kvm: x86: extend 'struct x86_emulate_ops' with 'get_cpuid' (Marcelo Tosatti) [773390 773391] {CVE-2012-0045} - [fs] nfs: when attempting to open a directory, fall back on normal lookup (Jeff Layton) [771981 755380] - [kernel] crypto: ghash - Avoid null pointer dereference if no key is set (Jiri Benc) [749481 749482] {CVE-2011-4081} - [fs] jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) [753344 693981] {CVE-2011-4132} - [net] fix unsafe pointer access in sendmmsg (Jiri Benc) [761668 760798] {CVE-2011-4594} - [scsi] increase qla2xxx firmware ready time-out (Mark Goodwin) [781971 731917] - [perf] powerpc: Handle events that raise an exception without overflowing (Steve Best) [767917 755737] {CVE-2011-4611} - [sched] x86: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [781974 765720] - [virt] x86: Prevent starting PIT timers in the absence of irqchip support (Marcelo Tosatti) [769634 769550] {CVE-2011-4622} - [virt] vmxnet3: revert hw features change (Neil Horman) [761536 759613] - [netdrv] qlge: fix size of external list for TX address descriptors (Steve Best) [783226 772237] - [netdrv] e1000e: Avoid wrong check on TX hang (Dean Nelson) [768916 751087] - [virt] KVM: Device assignment permission checks (Alex Williamson) [756092 756093] {CVE-2011-4347} - [virt] KVM: Remove ability to assign a device without iommu support (Alex Williamson) [756092 756093] {CVE-2011-4347} - [virt] kvm: device-assignment: revert Disable the option to skip iommu setup (Alex Williamson) [756092 756093] {CVE-2011-4347} MODERATE Copyright 2012 Oracle, Inc. CVE-2011-4132 CVE-2011-4347 CVE-2011-4594 CVE-2012-0038 CVE-2012-0045 CVE-2011-4622 CVE-2011-4077 CVE-2011-4081 CVE-2011-4611 CVE-2012-0207 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.5.5-3] - sanitize inputs to limit() and offset() Resolves: CVE-2012-0805 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0805 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 5 [1.6-5.0.1.el6_2] - remove doc/SystemTap_Beginners_Guide/en-US in tarball - comment bz683569.patch in specfile - remove buildtime dependency on package publican-redhat [1.6-5] - CVE-2012-0875 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0875 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 firefox: [10.0.3-1.0.1.el6_2] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [10.0.3-1] - Update to 10.0.3 ESR xulrunner: [10.0.3-1.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with - xulrunner-oracle-default-prefs.js [10.0.3-1] - Update to 10.0.3 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-0451 CVE-2012-0459 CVE-2012-0460 CVE-2012-0462 CVE-2012-0455 CVE-2012-0458 CVE-2012-0456 CVE-2012-0457 CVE-2012-0461 CVE-2012-0464 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [10.0.3-1.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.3-1] - Update to 10.0.3 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-0455 CVE-2012-0460 CVE-2012-0456 CVE-2012-0461 CVE-2012-0462 CVE-2012-0451 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0464 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.12-1.47.el6_2.9] - Always use another area after a failed allocation in the main arena (#795328) - Remove sse3 memcpy (#695812) changes (#799259) [2.12-1.47.el6_2.8] - Avoid nargs integer overflow which could be used to bypass FORTIFY_SOURCE (#794815) [2.12-1.47.el6_2.7] - Fix locking on malloc family retry paths (#795328) [2.12-1.47.el6_2.6] - Fix cycle detection in dynamic loader (#783999) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0864 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2:1.2.48-1] - Update to libpng 1.2.48, for minor security issues (CVE-2011-3045) Resolves: #801663 MODERATE Copyright 2012 Oracle, Inc. CVE-2011-3045 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.4.18-5.1] - Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037) Resolves: rhbz#804496 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0037 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1.0.0-20.3] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0884 CVE-2012-1165 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.3-3.1] - fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1569 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [2.8.5-4.2] - fix CVE-2012-1573 - security issue in packet parsing (#805432) - fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1573 CVE-2011-4128 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 5 Oracle Linux 6 [4.8.0-19.1] - Proper region tag validation on package/header read (CVE-2012-0060) - Double-check region size against header size (CVE-2012-0061) - Validate negated offsets too in headerVerifyInfo() (CVE-2012-0815) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0061 CVE-2012-0060 CVE-2012-0815 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [3.5.10-115] - Security Release, fixes CVE-2012-1182 - resolves: #804644 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1182 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.3.11-6.el6_2.9] - Fix CVE-2012-{1126, 1127, 1130, 1131, 1132, 1134, 1136, 1137, 1139, 1140, 1141, 1142, 1143, 1144} - Properly initialize array 'result' in FT_Outline_Get_Orientation() - Check bytes per row for overflow in _bdf_parse_glyphs() - Resolves: #806268 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1141 CVE-2012-1144 CVE-2012-1130 CVE-2012-1131 CVE-2012-1142 CVE-2012-1143 CVE-2012-1139 CVE-2012-1127 CVE-2012-1136 CVE-2012-1126 CVE-2012-1132 CVE-2012-1137 CVE-2012-1140 CVE-2012-1134 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [3.9.4-5] - Add fix for CVE-2012-1173 Resolves: #CVE-2012-1173 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1173 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0:6.0.24-36] - Resolves: CVE-2012-0022 regression. Changes made to patch file. MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0022 CVE-2011-4858 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-220.13.1.el6] - Revert: [fs] NFSv4: include bitmap in nfsv4 get acl data (Sachin Prabhu) [753231 753232] {CVE-2011-4131} [2.6.32-220.12.1.el6] - [net] net_sched: qdisc_alloc_handle() can be too slow (Jiri Pirko) [805458 785891] - [fs] procfs: add hidepid= and gid= mount options (Jerome Marchand) [770651 770652] - [fs] procfs: parse mount options (Jerome Marchand) [770651 770652] - [fs] fuse: add O_DIRECT support (Josef Bacik) [800552 753798] - [kernel] sysctl: restrict write access to dmesg_restrict (Phillip Lougher) [749248 749251] - [block] dm io: fix discard support (Mike Snitzer) [799943 758404] - [net] netlink: wrong size was calculated for vfinfo list blob (Andy Gospodarek) [790338 772136] - [netdrv] mlx4_en: fix endianness with blue frame support (Steve Best) [789911 750166] - [usb] Fix deadlock in hid_reset when Dell iDRAC is reset (Shyam Iyer) [797205 782374] - [virt] vmxnet3: Cap the length of the pskb_may_pull on transmit (bz 790673) (Neil Horman) [801723 790673] - [scsi] megaraid_sas: Fix instance access in megasas_reset_timer (Tomas Henzl) [790341 759318] - [netdrv] macvtap: Fix the minor device number allocation (Steve Best) [796828 786518] - [net] tcp: bind() fix autoselection to share ports (Flavio Leitner) [787764 784671] - [fs] cifs: change oplock break slow work to very slow work (Jeff Layton) [789373 772874] - [net] sunrpc: remove xpt_pool (J. Bruce Fields) [795338 753301] - [net] Potential null skb->dev dereference (Flavio Leitner) [795335 769590] - [net] pkt_sched: Fix sch_sfq vs tcf_bind_filter oops (Jiri Pirko) [786873 667925] - [net] mac80211: cancel auth retries when deauthenticating (John Linville) [797241 754356] [2.6.32-220.11.1.el6] - [netdrv] igb: reset PHY after recovering from PHY power down (Frantisek Hrbata) [789371 737714] - [drm] Ivybridge force wake fixes (Dave Airlie) [790007 786272] - [fs] xfs: fix inode lookup race (Dave Chinner) [804961 796277] - [kernel] regset: Return -EFAULT, not -EIO, on host-side memory fault (Jerome Marchand) [799212 799213] {CVE-2012-1097} - [kernel] regset: Prevent null pointer reference on readonly regsets (Jerome Marchand) [799212 799213] {CVE-2012-1097} - [block] Fix io_context leak after failure of clone with CLONE_IO (Vivek Goyal) [796846 791125] {CVE-2012-0879} - [block] Fix io_context leak after clone with CLONE_IO (Vivek Goyal) [796846 791125] {CVE-2012-0879} - [fs] cifs: fix dentry refcount leak when opening a FIFO on lookup (Sachin Prabhu) [798298 781893] {CVE-2012-1090} - [fs] NFSv4: include bitmap in nfsv4 get acl data (Sachin Prabhu) [753231 753232] {CVE-2011-4131} - [mm] fix nrpages assertion (Josef Bacik) [797182 766861] - [mm] Eliminate possible panic in page compaction code (Larry Woodman) [802430 755885] - [mm] Prevent panic on 2-node x3850 X5 w/2 MAX5 memory drawers panics while running certification tests caused by page list corruption (Larry Woodman) [802430 755885] - [sched] Fix cgroup movement of waking process (Larry Woodman) [795326 773517] - [sched] Fix cgroup movement of forking process (Larry Woodman) [795326 773517] - [sched] Fix cgroup movement of newly created process (Larry Woodman) [795326 773517] - [sched] Fix ->min_vruntime calculation in dequeue_entity() (Larry Woodman) [795326 773517] - [sched] cgroup: Fixup broken cgroup movement (Larry Woodman) [795326 773517] - [kernel] Prevent system deadlock when moving tasks between cgroups (Larry Woodman) [789060 773522] - [kernel] sched: fix {s,u}time values decrease (Stanislaw Gruszka) [789061 748559] - [mm] mempolicy.c: refix mbind_range() vma issue (Motohiro Kosaki) [802379 727700] - [mm] mempolicy.c: fix pgoff in mbind vma merge (Motohiro Kosaki) [802379 727700] [2.6.32-220.10.1.el6] - [sched] Fix Kernel divide by zero panic in find_busiest_group() (Larry Woodman) [801718 785959] [2.6.32-220.9.1.el6] - [x86] Fix c-state transitions when !NOHZ (Prarit Bhargava) [798572 767753] - [x86] tsc: Skip TSC synchronization checks for tsc=reliable (Prarit Bhargava) [798572 767753] [2.6.32-220.8.1.el6] - [fs] nfs: don't try to migrate pages with active requests (Jeff Layton) [790905 739811] MODERATE Copyright 2012 Oracle, Inc. CVE-2012-1097 CVE-2012-1090 CVE-2012-0879 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.2.15-2.0.1.el6_2.1] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.2.15-2.1] - security patches - Resolves: CVE-2011-1143 CVE-2011-1590 CVE-2011-1957 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-1958 CVE-2011-2597 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0066 CVE-2012-0067 CVE-2012-0042 CVE-2012-1595 MODERATE Copyright 2012 Oracle, Inc. CVE-2011-1958 CVE-2011-1959 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2012-0042 CVE-2011-1590 CVE-2011-1143 CVE-2011-4102 CVE-2012-0066 CVE-2012-0067 CVE-2011-2174 CVE-2012-1595 CVE-2012-0041 CVE-2011-1957 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 5 Oracle Linux 6 firefox: [10.0.4-1.0.1.el6_2] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.4-1] - Update to 10.0.4 ESR xulrunner: [10.0.4-1.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.4-1] - Update to 10.0.4 ESR [10.0.3-3] - Fixed mozbz#746112 - ppc(64) freeze [10.0.3-2] - Fixed mozbz#681937 CRITICAL Copyright 2012 Oracle, Inc. CVE-2011-3062 CVE-2012-0472 CVE-2012-0479 CVE-2012-0470 CVE-2012-0469 CVE-2012-0471 CVE-2012-0477 CVE-2012-0467 CVE-2012-0468 CVE-2012-0473 CVE-2012-0474 CVE-2012-0478 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [10.0.4-1.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.4-1] - Update to 10.0.4 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-0469 CVE-2012-0470 CVE-2012-0472 CVE-2012-0474 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0479 CVE-2012-0471 CVE-2012-0473 CVE-2012-0477 CVE-2012-0478 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 openssl: [1.0.0-20.4] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) openssl098e: [0.9.8e-17.el6_2.2] - Updated the description [0.9.8e-17.2] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2110 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 [2:1.2.49-1] - Update to libpng 1.2.49, for minor security issues (CVE-2011-3048) Resolves: #812714 MODERATE Copyright 2012 Oracle, Inc. CVE-2011-3048 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 Oracle Linux 5 [3.5.10-116] - Security Release, fixes CVE-2012-2111 - resolves: #815688 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2111 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [6.5.4.7-6] - Add fix for CVE-2010-4167 - Add fix for CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 - Add fix for CVE-2012-0259 CVE-2012-0260 CVE-2012-1798 MODERATE Copyright 2012 Oracle, Inc. CVE-2010-4167 CVE-2012-0260 CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-1798 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:3:base Oracle Linux 5 Oracle Linux 6 [5.3.3-3.8] - correct detection of = in CVE-2012-1823 fix (#818607) [5.3.3-3.7] - add security fix for CVE-2012-1823 (#818607) CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1823 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-220.17.1.el6] - [scsi] fcoe: Do not switch context in vport_delete callback (Neil Horman) [809388 806119] [2.6.32-220.16.1.el6] - Revert: [x86] Ivy Bridge kernel rdrand support (Jay Fenlason) [800268 696442] [2.6.32-220.15.1.el6] - [net] SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up() (Steve Dickson) [811299 809928] - [char] ipmi: Increase KCS timeouts (Matthew Garrett) [806906 803378] - [kernel] sched: Fix ancient race in do_exit() (Frantisek Hrbata) [805457 784758] - [scsi] sd: Unmap discard alignment needs to be converted to bytes (Mike Snitzer) [810322 805519] - [scsi] sd: Fix VPD buffer allocations (Mike Snitzer) [810322 805519] - [x86] Ivy Bridge kernel rdrand support (Jay Fenlason) [800268 696442] - [scsi] fix system lock up from scsi error flood (Frantisek Hrbata) [809378 800555] - [sound] ALSA: pcm midlevel code - add time check for (Jaroslav Kysela) [801329 798984] - [pci] Add pcie_hp=nomsi to disable MSI/MSI-X for pciehp driver (hiro muneda) [807426 728852] - [sound] ALSA: enable OSS emulation layer for PCM and mixer (Jaroslav Kysela) [812960 657291] - [scsi] qla4xxx: Fixed BFS with sendtargets as boot index (Chad Dupuis) [803881 722297] - [fs] nfs: Additional readdir cookie loop information (Steve Dickson) [811135 770250] - [fs] NFS: Fix spurious readdir cookie loop messages (Steve Dickson) [811135 770250] - [x86] powernow-k8: Fix indexing issue (Frank Arnold) [809391 781566] - [x86] powernow-k8: Avoid Pstate MSR accesses on systems supporting CPB (Frank Arnold) [809391 781566] - [redhat] spec: Add python-perf-debuginfo subpackage (Josh Boyer) [806859 806859] [2.6.32-220.14.1.el6] - [net] fix vlan gro path (Jiri Pirko) [810454 720611] - [virt] VMX: vmx_set_cr0 expects kvm->srcu locked (Marcelo Tosatti) [808206 807507] {CVE-2012-1601} - [virt] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings (Marcelo Tosatti) [808206 807507] {CVE-2012-1601} - [scsi] fcoe: Move destroy_work to a private work queue (Neil Horman) [809388 806119] - [fs] jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) [749727 748713] {CVE-2011-4086} - [net] af_iucv: offer new getsockopt SO_MSGSIZE (Hendrik Brueckner) [804547 786997] - [net] af_iucv: performance improvements for new HS transport (Hendrik Brueckner) [804548 786996] - [s390x] af_iucv: remove IUCV-pathes completely (Hendrik Brueckner) [807158 786960] - [x86] iommu/amd: Fix wrong shift direction (Don Dutile) [809376 781531] - [x86] iommu/amd: Don't use MSI address range for DMA addresses (Don Dutile) [809374 781524] - [fs] NFSv4: Further reduce the footprint of the idmapper (Steve Dickson) [802852 730045] - [fs] NFSv4: Reduce the footprint of the idmapper (Steve Dickson) [802852 730045] - [scsi] fcoe: Make fcoe_transport_destroy a synchronous operation (Neil Horman) [809372 771251] - [net] ipv4: Constrain UFO fragment sizes to multiples of 8 bytes (Jiri Benc) [809104 797731] - [net] ipv4: Don't use ufo handling on later transformed packets (Jiri Benc) [809104 797731] - [net] udp: Add UFO to NETIF_F_GSO_SOFTWARE (Jiri Benc) [809104 797731] - [fs] nfs: Try using machine credentials for RENEW calls (Sachin Prabhu) [806205 795441] MODERATE Copyright 2012 Oracle, Inc. CVE-2012-1601 CVE-2011-4086 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [8.4.11-1] - Update to PostgreSQL 8.4.11, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.postgresql.org/docs/8.4/static/release-8-4-10.html including the fixes for CVE-2012-0866, CVE-2012-0867, CVE-2012-0868 Resolves: #812081 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0.2.0-7.1] - fix for CVE-2012-2134 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2134 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.0.0-20.5] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2333 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [1:3.2.1-19.6.0.1.el6_2.7] - Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp., and the filename redhat.soc with oracle.soc in specfile [1:3.2.1-19.6.7] - Resolves: CVE-2012-2334 Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents [1:3.2.1-19.6.6] - Resolves: CVE-2012-1149 Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1149 CVE-2012-2334 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox: [10.0.5-1.0.1.el6_2] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.5-1] - Update to 10.0.5 ESR xulrunner: [10.0.5-1.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.5-1] - Update to 10.0.5 ESR [10.0.4-2] - Added patch for mozbz#703633 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1938 CVE-2012-1941 CVE-2012-1945 CVE-2012-1937 CVE-2012-1944 CVE-2012-1939 CVE-2012-1946 CVE-2011-3101 CVE-2012-1940 CVE-2012-1947 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:5::latest Oracle Linux 6 [10.0.5-2.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.5-2] - Update to 10.0.5 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1938 CVE-2012-1939 CVE-2011-3101 CVE-2012-1937 CVE-2012-1946 CVE-2012-1947 CVE-2012-1940 CVE-2012-1944 CVE-2012-1945 CVE-2012-1941 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 5 Oracle Linux 6 [32:9.7.3-8.P3.3] - fix CVE-2012-1667 and CVE-2012-1033 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1667 CVE-2012-1033 cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [1:1.6.0.0-1.48.1.11.3] - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz#828751 [1:1.6.0.0-1.47.1.11.3] - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added also to package.definition - Resolves: rhbz#828751 [1:1.6.0.0-1.46.1.11.3] - Sync with 6.3: - Bump to IcedTea6 1.11.3 - With removed patch8 - java-1.6.0-openjdk-jirafix_2820_2821.patch - Including patch7 - java-1.6.0-openjdk-jstack.patch - Including patch3, java-1.6.0-openjdk-java-access-bridge-security.patch modification - Resolves: rhbz#828751 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1716 CVE-2012-1717 CVE-2012-1713 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1711 CVE-2012-1718 CVE-2012-1725 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.0.1-11] - use symbol version for XML_SetHashSalt (CVE-2012-0876, #816306) [2.0.1-10] - add security fix for CVE-2012-1148 (#811825) - add security fix for CVE-2012-0876 (#811833) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0876 CVE-2012-1148 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 6 [2.6.32-220.23.1.el6] - [net] bond: Make LRO flag follow slave settings (Neil Horman) [831176 794647] [2.6.32-220.22.1.el6] - [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [824429 812108] [2.6.32-220.21.1.el6] - [security] fix compile error in commoncap.c (Eric Paris) [806725 806726] {CVE-2012-2123} - [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806725 806726] {CVE-2012-2123} - [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [822757 803936] {CVE-2012-2372} - [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [816292 814504] {CVE-2012-2136} - [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816154 816155] {CVE-2012-2137} - [drm] integer overflow in drm_mode_dirtyfb_ioctl() (Dave Airlie) [773249 773250] {CVE-2012-0044} - [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [824429 812108] - [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [824429 812108] - [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [823903 822697] - [infiniband] mlx4: fix RoCE oops (Doug Ledford) [799946 749059] - [mm] read_pmd_atomic: fix pmd_populate SMP race condition (Andrea Arcangeli) [822824 820762] {CVE-2012-2373} - [infiniband] mlx4: check return code and bail on error (Doug Ledford) [799946 749059] - [infiniband] mlx4: use locking when walking netdev list (Doug Ledford) [799946 749059] - [mm] thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) [803808 800328] {CVE-2012-1179} [2.6.32-220.20.1.el6] - [vhost] net: fix possible NULL pointer dereference of vq->bufs (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: validate zerocopy vectors before building skb (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: put zerocopy page when fail to get all requested user pages (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] macvtap: fix zerocopy offset calculation when building skb (Jason Wang) [814286 814288] {CVE-2012-2119} - [net] bonding: remove entries for master_ip and vlan_ip and query devices instead (Andy Gospodarek) [816197 810299] - [virt] KVM: lock slots_lock around device assignment (Alex Williamson) [814154 811653] {CVE-2012-2121} - [virt] kvm: unmap pages from the iommu when slots are removed (Alex Williamson) [814154 811653] {CVE-2012-2121} - [virt] xenfv: fix hangs when kdumping (Andrew Jones) [812953 811815] - [s390x] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [810125 808487] - [drm] i915: suspend fbdev device around suspend/hibernate (Dave Airlie) [818503 746169] - [fs] tmpfs: fix off-by-one in max_blocks checks (Eric Sandeen) [809399 783497] - [net] bonding: Allow Bonding driver to disable/enable LRO on slaves (Neil Horman) [818504 772317] - [virt] xen-blkfront: conditionally drop name and minor adjustments for emulated scsi devs (Laszlo Ersek) [818505 729586] - [virt] xen-blk: plug device number leak on error path in xlblk_init (Laszlo Ersek) [818505 729586] [2.6.32-220.19.1.el6] - [pci] Fix unbootable HP DL385G6 on 2.6.32-220 by properly disabling pcie aspm (Dave Wysochanski) [819614 769626] [2.6.32-220.18.1.el6] - [netdrv] iwlwifi: add option to disable 5Ghz band (Stanislaw Gruszka) [816226 812259] - [netdrv] iwlwifi: cancel scan before nulify ctx->vif (Stanislaw Gruszka) [816225 801730] - [netdrv] iwlwifi: do not nulify ctx->vif on reset (Stanislaw Gruszka) [816225 801730] - [net] mac80211: workaround crash at ieee80211_mgd_probe_ap_send (Stanislaw Gruszka) [814657 808095] - [net] bonding: 802.3ad - fix agg_device_up (Veaceslav Falico) [817466 806081] - [scsi] st: fix memory leak with 1MB tape I/O (David Milburn) [816271 811703] IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2121 CVE-2012-1179 CVE-2012-2137 CVE-2012-2119 CVE-2012-0044 CVE-2012-2136 CVE-2012-2123 CVE-2012-2372 CVE-2012-2373 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.6-29.el6_2.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.6.6-29.el6_2.1] - distutils.config: create ~/.pypirc securely Resolves: CVE-2011-4944 - fix endless loop in SimpleXMLRPCServer upon malformed POST request Resolves: CVE-2012-0845 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150 MODERATE Copyright 2012 Oracle, Inc. CVE-2011-4944 CVE-2012-1150 CVE-2011-4940 CVE-2012-0845 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [libvirt-0.9.10-21.0.1.el6] - Replace docs/et.png in tarball with blank image [libvirt-0.9.10-21.el6] - qemu: Rollback on used USB devices (rhbz#743671) - qemu: Dont delete USB device on failed qemuPrepareHostdevUSBDevices (rhbz#743671) - Revert 'rpc: Discard non-blocking calls only when necessary' (rhbz#821468) [libvirt-0.9.10-20.el6] - Fix virDomainDeviceInfoIsSet() to check all struct fields (rhbz#820869) - Fix logic for assigning PCI addresses to USB2 companion controllers (rhbz#820869) - Set a sensible default master start port for ehci companion controllers (rhbz#820869) [libvirt-0.9.10-19.el6] - build: Fix the typo in configure.ac (rhbz#820461) - qemu: Fix build when !HAVE_NUMACTL (rhbz#820461) - usb: Fix crash when failing to attach a second usb device (rhbz#815755) - qemu: Use the CPU index in capabilities to map NUMA node to cpu list. (rhbz#820461) - qemu: Set memory policy using cgroup if placement is auto (rhbz#820461) [libvirt-0.9.10-18.el6] - numad: Set memory policy from numad advisory nodeset (rhbz#810157) [by default (rhbz#810157)] [(rhbz#810157)] - qemu: Avoid the memory allocation and freeing (rhbz#810157) - numad: Divide cur_balloon by 1024 before passing it to numad (rhbz#810157) - numad: Check numactl-devel if compiled with numad support (rhbz#810157) [libvirt-0.9.10-17.el6] - qemu: Dont modify domain on failed blockiotune (rhbz#819014) - qemu: Reject blockiotune if qemu too old (rhbz#819014) - qemu: Dont use virDomainDefFormat* directly (rhbz#815503) - qemu: Emit compatible XML when migrating a domain (rhbz#815503) - usb: Create functions to search usb device accurately (rhbz#815755) - qemu: Call usb search function for hostdev initialization and hotplug (rhbz#815755) - virsh: Avoid heap corruption leading to virsh abort (rhbz#819636) - util: Fix libvirtd startup failure due to netlink error (rhbz#816465) - util: Allow specifying both src and dst pid in virNetlinkCommand (rhbz#816465) - util: Function to get local nl_pid used by netlink event socket (rhbz#816465) - util: Set src_pid for virNetlinkCommand when appropriate (rhbz#816465) - domain_conf: Add 'usbredir' to list of valid spice channels (rhbz#819498) - domain_conf: Add 'default' to list of valid spice channels (rhbz#819499) - snapshot: Allow block devices past cgroup (rhbz#810200) - blockjob: Allow block devices past cgroup (rhbz#810200) - util: Avoid libvirtd crash in virNetDevTapCreate (rhbz#817234) - python: Fix the forward_null error in Python binding codes (rhbz#771021) - xen: Fix resource leak in xen driver (rhbz#771021) - test: Fix resource leak in test driver (rhbz#771021) - node: Fix resource leak in nodeinfo.c (rhbz#771021) - virnet: Fix resource leak in virnetlink.c (rhbz#771021) - vmx: Fix resource leak (rhbz#771021) - qemu: Fix resource leak (rhbz#771021) - uuid: Fix possible non-terminated string (rhbz#771021) - node_device: Fix possible non-terminated string (rhbz#771021) [libvirt-0.9.10-16.el6] - qemuOpenFile: Dont force chown on NFS (rhbz#810241) - util: Fix crash when starting macvtap interfaces (rhbz#815270) - qemu: Fix segfault when host CPU is empty (rhbz#817078) - blockjob: Allow speed setting in block copy (rhbz#815791) - blockjob: Fix block-stream bandwidth race (rhbz#815791) [libvirt-0.9.10-15.el6] - qemu: Improve errors related to offline domains (rhbz#816662) - blockjob: Check for active vm before checking blockcopy bits (rhbz#816662) - qemu: Preserve original error during migration (rhbz#807907) - rpc: Discard non-blocking calls only when necessary (rhbz#807907) - qemu: Fix detection of failed migration (rhbz#807907) - qemu: Avoid bogus error at the end of tunnelled migration (rhbz#807907) - qemu: Make sure qemu can access its directory in hugetlbfs (rhbz#815206) - virsh: Fix docs for list command (rhbz#814021) - virsh: Fix and clarify the --title flag for the list command in man page (rhbz#814021) [libvirt-0.9.10-14.el6] - blockjob: Add new API flags (rhbz#638506) - blockjob: Add 'blockcopy' to virsh (rhbz#638506) - blockjob: Enhance xml to track mirrors across libvirtd restart (rhbz#638506) - blockjob: React to active block copy (rhbz#638506) - blockjob: Add qemu capabilities related to block jobs (rhbz#638506) - blockjob: Return appropriate event and info (rhbz#638506) - blockjob: Support pivot operation on cancel (rhbz#638506) - blockjob: Make drive-reopen safer (rhbz#638506) - blockjob: Implement block copy for qemu (rhbz#638506) - blockjob: Allow for existing files (rhbz#638506) - blockjob: Allow mirroring under SELinux (rhbz#638506) - blockjob: Accommodate RHEL backport names (rhbz#638506) - virsh: Avoid strtol (rhbz#813972) - conf: Tighten up XML integer parsing (rhbz#813972) - snapshot: Fix memory leak on error (rhbz#782457) - virsh: Avoid uninitialized memory usage (rhbz#814080) [libvirt-0.9.10-13.el6] - Fix a problem in the patchset, rhbz#811497 one was applied twice in -12 - qemu, util: On restart of libvirt restart vepa callbacks (rhbz#812430) - qemu, util: Fix netlink callback registration for migration (rhbz#812430) - util: Only register callbacks for CREATE operations in virnetdevmacvlan.c (rhbz#812430) [libvirt-0.9.10-12.el6] - blockjob: Add qemu capabilities related to block pull jobs (rhbz#811683) - blockjob: Add API for async virDomainBlockJobAbort (rhbz#811683) - blockjob: Optimize JSON event handler lookup (rhbz#811683) - blockjob: Wire up qemu async virDomainBlockJobAbort (rhbz#811683) - blockjob: Allow for fast-finishing job (rhbz#811683) - virsh: Minor syntactic cleanups (rhbz#811683) - qemu: Use consistent error when qemu binary is too old (rhbz#811683) - blockjob: Add virsh blockpull --wait (rhbz#811683) - qemu: Fix deadlock when qemuDomainOpenConsole cleans up a connection (rhbz#811497) - qemu: Fix deadlock when qemuDomainOpenConsole cleans up a connection (rhbz#811497) - qemu: Fix mem leak in qemuProcessInitCpuAffinity (rhbz#810157) - numad: Convert node list to cpumap before setting affinity (rhbz#810157) - numad: Ignore cpuset if placement is auto (rhbz#810157) - conf: Do not parse cpuset only if the placement is auto (rhbz#810157) [libvirt-0.9.10-11.el6] - test: Fix segfault in networkxml2argvtest (rhbz#810100) - conf: Plug memory leaks on virDomainDiskDefParseXML (rhbz#575160) - qemu_ga: Dont overwrite errors on FSThaw (rhbz#808527) - Fix parallel build in docs/ directory (rhbz#810559) - qemu: Make migration fail when port profile association fails on the dst host (rhbz#811026) [to set the QEMU BIOS path (rhbz#811227)] [libvirt-0.9.10-10.el6] - python: Add new helper functions for python to C conversion (rhbz#807751) - python: Make python APIs use these helper functions (rhbz#807751) - python: Improve conversion validation (rhbz#807751) - qemu_agent: Issue guest-sync prior to every command (rhbz#808527) - qemu: Fix memory leak in virDomainGetVcpus (rhbz#808979) - qemu: Reflect any memory rounding back to xml (rhbz#808522) - conf: Allow fuzz in XML with cur balloon > max (rhbz#808522) - qemu: Start nested job in qemuDomainCheckEjectableMedia (rhbz#803186) - virsh: Clarify escape sequence (rhbz#808652) - virsh: Plug memory leaks on failure path (rhbz#807555) - conf: Prevent crash of libvirtd without channel target name (rhbz#808371) - qemu: Dont leak temporary list of USB devices (rhbz#808459) - qemu: Delete USB devices used by domain on stop (rhbz#808459) - qemu: Build activeUsbHostdevs list on process reconnect (rhbz#808459) - qemu: Fix virtio+macvtap migration from 6.3 to older hosts (rhbz#806633) [libvirt-0.9.10-9.el6] - qemu: Avoid entering monitor with locked driver (rhbz#803186) - snapshot: Dont pass NULL to QMP command creation (rhbz#807147) [libvirt-0.9.10-8.el6] - rebuild, forgot to apply part of the patch - spec: Add missed dependancy for numad (rhbz#769930) [libvirt-0.9.10-7.el6] - snapshot: Make quiesce a bit safer (rhbz#804210) - python: Avoid memory leaks on libvirt_virNodeGetMemoryStats (rhbz#770944) - qemu: Use unlimited speed when migrating to file (rhbz#740099) - qemu: Add support for domain cleanup callbacks (rhbz#795305) - qemu: Avoid dangling migration-in job on shutoff domains (rhbz#795305) - qemu: Add connection close callbacks (rhbz#795305) - qemu: Make autodestroy utilize connection close callbacks (rhbz#795305) - qemu: Avoid dangling migration-out job when client dies (rhbz#795305) - python: Avoid memory leaks on libvirt_virNodeGetCPUStats (rhbz#770943) - util: Consolidate duplicated error messages in virnetlink.c (rhbz#693842) - python: Add virDomainGetCPUStats python binding API (rhbz#800366) - snapshot: Add qemu capability for 'transaction' command (rhbz#782457) - snapshot: Add atomic create flag (rhbz#782457) - snapshot: Make offline qemu snapshots atomic (rhbz#782457) - snapshot: Rudimentary qemu support for atomic disk snapshot (rhbz#782457) - snapshot: Add support for qemu transaction command (rhbz#782457) - snapshot: Wire up qemu transaction command (rhbz#782457) - snapshot: Improve qemu handling of reused snapshot targets (rhbz#782457) - Clarify virsh freecell manpage entry (rhbz#698521) - Add support for event tray moved of removable disks (rhbz#575160) - docs: Add documentation for new attribute tray of disk target (rhbz#575160) - conf: Parse and for the tray attribute (rhbz#575160) - qemu: Do not start with source for removable disks if tray is open (rhbz#575160) - qemu: Prohibit setting tray status as open for block type disk (rhbz#575160) - qemu: Update tray status while tray moved event is emitted (rhbz#575160) - build: Fix incorrect enum declaration (rhbz#575160) - spec: Add missed dependancy for numad (rhbz#769930) [libvirt-0.9.10-6.el6] - cpu: Add new flag supported by qemu to the cpu definition (rhbz#767364) - Added support for AMD Bulldozer CPU (rhbz#767364) - graphics: Cleanup port policy (rhbz#801443) - qemu: Reverse condition in qemuDomainCheckDiskPresence (rhbz#798938) - cpu: Add cpu definition for Intel Sandy Bridge cpu type (rhbz#761005) - cpu: Disable tsc-deadline feature not supported in qemu on RHEL 6.3 (rhbz#761005) - qemu: Support numad (rhbz#769930) - numad: Fix typo and warning (rhbz#769930) - qemu: Use scsi-block for lun passthrough instead of scsi-disk (rhbz#782034) - util: Make virDomainLeaseDefFree global (rhbz#802851) - qemu: Dont 'remove' hostdev objects from domain if operation fails (rhbz#802851) - util: Eliminate device object leaks related to virDomain*Remove*() (rhbz#802851) - virsh: Fix invalid free (rhbz#803591) - qemu: Eliminate memory leak in qemuDomainUpdateDeviceConfig (rhbz#802854) [devices (rhbz#802856)] - qemu: Fix segfault when detaching non-existent network device (rhbz#802644) - remote: Fix migration leaks (rhbz#798497) - virsh: Trim aliases from -h output (rhbz#796526) - Fix handling of blkio deviceWeight empty string (rhbz#804028) [libvirt-0.9.10-5.el6] - Avoid global variable shadowed (rhbz#737726) - Add nodeGetCPUmap() for getting available CPU IDs in a cpumap. (rhbz#737726) - Qemu driver for virDomainGetCPUstats using cpuacct cgroup. (rhbz#737726) - Cpu-stats command shows cpu statistics information of a domain. (rhbz#737726) - Ensure max_id is initialized in linuxParseCPUmap() (rhbz#737726) - rpc: Allow truncated return for virDomainGetCPUStats (rhbz#737726) - qemu: Dont parse device twice in attach/detach (rhbz#770031) - sanlock: Fix condition left crippled while debugging (rhbz#785736) - sanlock: Use STREQ_NULLABLE instead of STREQ on strings that may be null (rhbz#785736) - qemu: Fix startupPolicy for snapshot-revert (rhbz#798938) - util: Dont overflow on errno in virFileAccessibleAs (rhbz#798938) - blockResize: Add flag for bytes (rhbz#796526) - docs: Use correct terminology for 1024 bytes (rhbz#796526) - api: Add overflow error (rhbz#796526) - util: New function for scaling numbers (rhbz#796526) - xml: Share 'unit' in RNG (rhbz#796526) - xml: Output memory unit for clarity (rhbz#796526) - storage: Support more scaling suffixes (rhbz#796526) - xml: Drop unenforced minimum memory limit from RNG (rhbz#796526) - xml: Use long long internally, to centralize overflow checks (rhbz#796526) - xml: Use better types for memory values (rhbz#796526) - xml: Allow scaled memory on input (rhbz#796526) - virsh: Add option aliases (rhbz#796526) - virsh: Use option aliases (rhbz#796526) - virsh: Add command aliases, and rename nodedev-detach (rhbz#796526) - virsh: Improve storage unit parsing (rhbz#796526) - virsh: Improve memory unit parsing (rhbz#796526) - qemuBuildCommandLine: Dont add tlsPort if none set (rhbz#801443) - Removed more AMD-specific features from cpu64-rhel* models (rhbz#768450) - qemu: Support disk filenames with comma (rhbz#801970) - cpustats: Collect VM user and sys times (miss python bindings) (rhbz#800366) - cpustats: Report user and sys times (rhbz#800366) - qemu: Fix (managed)save and snapshots with host mode CPU (rhbz#801160) - qemu: Make block io tuning smarter (rhbz#770683) [libvirt-0.9.10-4.el6] - Improve error reporting when virsh console is run without a TTY (rhbz#729940) - pidfile: Make checking binary path in virPidFileRead optional (rhbz#729940) - Add flags for virDomainOpenConsole (rhbz#729940) - virsh: Add support for VIR_DOMAIN_CONSOLE_* flags (rhbz#729940) - fdstream: Emit stream abort callback even if poll() doesnt. (rhbz#729940) - fdstream: Add internal callback on stream close (rhbz#729940) - util: Add helpers for safe domain console operations (rhbz#729940) - qemu: Add ability to abort existing console while creating new one (rhbz#729940) - Fixed service handling in specfile (rhbz#786770) - qemu: Dont emit tls-port spice option if port is -1 (rhbz#798220) - docs: Comments wiping supported algorithms (rhbz#725013) - libvirt-guests: Add documentation and clean up to use virshs improved list (rhbz#693758) - libvirt-guests: Dont try to do a managed-save of transient guests (rhbz#693758) - virsh: Enhance list command to ease creation of shell scripts (rhbz#693758) - libvirt-guests: Check if URI is reachable before launching commands (rhbz#720691) - hooks: Add support for capturing hook output (rhbz#795127) - qemu: Add pre-migration hook (rhbz#795127) - Support for cpu64-rhel* qemu cpu models (rhbz#768450) - util: Add netlink event handling to virnetlink.c (rhbz#693842) - Add de-association handling to macvlan code (rhbz#693842) - qemu: Add ibmvscsi controller model (rhbz#782034) - qemu: Add virtio-scsi controller model (rhbz#782034) - conf: Add helper function to look up disk controller model (rhbz#782034) - conf: Introduce new attribute for device address format (rhbz#782034) - qemu: New cap flag to indicate if channel is supported by scsi-disk (rhbz#782034) - qemu: Build command line for the new address format (rhbz#782034) - tests: Add tests for virtio-scsi and ibmvscsi controllers (rhbz#782034) - virsh: Two new helper functions for disk device changes (rhbz#713932) - virsh: Use vshFindDisk and vshPrepareDiskXML in cmdDetachDisk (rhbz#713932) - virsh: New command cmdChangeMedia (rhbz#713932) - qemu: Require json for block jobs (rhbz#799055) - qemu: Pass block pull backing file to monitor (rhbz#799055) - virsh: Expose partial pull (rhbz#799055) - libvirt-guests: Add parallel startup and shutdown of guests (rhbz#625362) - qemu: Shared or readonly disks are always safe wrt migration (rhbz#751631) - util: Eliminate crash in virNetDevMacVLanCreateWithVPortProfile (rhbz#693842) - rpc: Fix client crash on connection close (rhbz#800185) - conf: Add missing device types to virDomainDevice(Type|Def) (rhbz#691539) - conf: Relocate virDomainDeviceDef and virDomainHostdevDef (rhbz#691539) - conf: Reorder static functions in domain_conf.c (rhbz#691539) - qemu: Rename virDomainDeviceInfoPtr variables to avoid confusion (rhbz#691539) - conf: Add device pointer to args of virDomainDeviceInfoIterate callback (rhbz#691539) - conf: Make hostdev info a separate object (rhbz#691539) - conf: HostdevDef parse/format helper functions (rhbz#691539) - conf: Give each hostdevdef a parent pointer (rhbz#691539) - conf: Put subsys part of virDomainHostdevDef into its own struct (rhbz#691539) - conf: Hostdev utility functions (rhbz#691539) - qemu: Re-order functions in qemu_hotplug.c (rhbz#691539) - qemu: Refactor hotplug detach of hostdevs (rhbz#691539) - conf: Parse/format type='hostdev' network interfaces (rhbz#691539) - qemu: Support type='hostdev' network devices at domain start (rhbz#691539) - conf: Change virDomainNetRemove from static to global (rhbz#691539) - qemu: Use virDomainNetRemove instead of inline code (rhbz#691539) - qemu: Support type=hostdev network device live hotplug attach/detach (rhbz#691539) - util: Two new pci util functions (rhbz#691539) - util: Support functions for mac/portprofile associations on hostdev (rhbz#691539) - util: Changes to support portprofiles for hostdevs (rhbz#691539) - qemu: Install port profile and mac address on netdev hostdevs (rhbz#691539) - Fix build after commit e3ba4025 (rhbz#693842) [libvirt-0.9.10-3.el6] - storage: Allow runtime detection of scrub missing build dep (rhbz#725013) - daemon: Plug memory leak (rhbz#795978) - daemon: Fix logic bug with virAsprintf (rhbz#795978) - util: Fix virFileAccessibleAs return path from parent (rhbz#795093) - Add support for unsafe migration (rhbz#751631) - virsh: Add --unsafe option to migrate command (rhbz#751631) - Introduce virStorageFileIsClusterFS (rhbz#751631) - qemu: Forbid migration with cache != none (rhbz#751631) - qemu: Nicer error message on failed graceful destroy (rhbz#795656) - Error out when using SPICE TLS with spice_tls=0 (rhbz#790436) - Revert 'spec: Mark directories in /var/run as ghosts' (rhbz#788985) - Fixed URI parsing (rhbz#785164) - virsh: Fix informational message in iface-bridge command (rhbz#797066) [libvirt-0.9.10-2.el6] - qemu: Set capabilities based on supported monitor commands (rhbz#766958) - qemu: Implement DomainPMSuspendForDuration (rhbz#766958) - snapshot: Fix snapshot deletion use-after-free (rhbz#790744) - storage: Allow runtime detection of scrub (rhbz#725013) - qemu: Unlock monitor when connecting to dest qemu fails (rhbz#783968) - qemu: Prevent crash of libvirtd without guest agent (rhbz#790745) - python: Expose virDomain{G,S}etInterfaceParameters APIs in python binding (rhbz#770971) [libvirt-0.9.10-1.el6] - Rebase to upstream 0.9.10 (rhbz#752433) - Add support for sVirt in the LXC driver - block rebase: add new API virDomainBlockRebase - API: Add api to set and get domain metadata - virDomainGetDiskErrors public API - conf: add rawio attribute to disk element of domain XML - Add new public API virDomainGetCPUStats() - Introduce virDomainPMSuspendForDuration API - resize: add virStorageVolResize() API - Add a virt-host-validate command to sanity check HV config - Add new virDomainShutdownFlags API - QEMU guest agent support - many improvements and bug fixes [libvirt-0.9.10-0rc2.el6] - Rebase to upstream 0.9.10 release candidate 2 (rhbz#752433) [libvirt-0.9.10-0rc1.el6] - Rebase to upstream 0.9.10 release candidate 1 (rhbz#752433) [libvirt-0.9.9-2.el6] - Remove dependancy to dmidecode for non PC arches (rhbz#782444) [libvirt-0.9.9-1.el6] - Rebase to upstream 0.9.9 (rhbz#752433) [libvirt-0.9.9-0rc1.el6] - Rebase to upstream 0.9.9 release candidate 1 (rhbz#752433) [libvirt-0.9.8-1.el6] - Rebase to upstream 0.9.8 (rhbz#752433) - some cleanups on the few remaining RHEL-only patches [libvirt-0.9.8-0rc2.el6] - Rebase to upstream 0.9.8 release candidate 2 (rhbz#752433) LOW Copyright 2012 Oracle, Inc. CVE-2012-2693 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [1:1.16.19-1] - Rebase to libguestfs 1.16.19 resolves: rhbz#719879 - Rebuild against augeas 0.9.0-3.el6 related: rhbz#808662 - Fix: Don't abort inspection if mdadm.conf ARRAY doesn't have a uuid. - Switch back to git for patch management. [1:1.16.18-2] - Rebase to libguestfs 1.16.18 resolves: rhbz#719879 - Fix: guestfs_last_error not set when qemu fails early during launch resolves: rhbz#811673 - Fix: RFE: virt-sysprep: hostname can not be changed on rhel system (RHBZ#811112) - Fix: RFE: virt-sysprep: net-hwaddr not removed from ifcfg-* files on rhel (RHBZ#811117) - Fix: inspection fails on ubuntu 10.04 guest with encrypted swap (RHBZ#811872) - Fix: cannot open disk images which are symlinks to files that contain ':' (colon) character (RHBZ#812092) - BR gettext-devel so we can rerun autoconf. [1:1.16.15-1] - Rebase to libguestfs 1.16.15 resolves: rhbz#719879 - Fix: inspection doesn't recognize Fedora 17+ (RHBZ#809401) [1:1.16.14-1] - Rebase to libguestfs 1.16.14 resolves: rhbz#719879 - virt-sysprep should use virt-inspector2 resolves: rhbz#807557 - Fix: mkfs blocksize option breaks when creating btrfs resolves: rhbz#807905 [1:1.16.12-1] - Rebase to libguestfs 1.16.12 resolves: rhbz#719879 - Fix: could not locate HKLM\SYSTEM\MountedDevices resolves: rhbz#803699 [1:1.16.10-1] - Rebase to libguestfs 1.16.10 resolves: rhbz#719879 - Fix: libguestfs holds open file descriptors when handle is launched resolves: rhbz#801788 - Fix: Document for set-pgroup need to be updated resolves: rhbz#801273 - Fix: Possible null dereference and resource leaks resolves: rhbz#801298 [1:1.16.8-1] - Rebase to libguestfs 1.16.8 resolves: rhbz#719879 - Fix set_autosync function so it is not 'ConfigOnly' resolves: rhbz#796520 - Fix header compilation for C++ resolves: rhbz#799695 [1:1.16.6-1] - Rebase to libguesfs 1.16.6 resolves: rhbz#798197, rhbz#797760,rhbz#790958,rhbz#798980,rhbz#795322,rhbz#796520 - Fix virt-inspector2 man page. [1:1.16.5-1] - Rebase to libguestfs 1.16.5 resolves: rhbz#679737, rhbz#789960 [1:1.16.4-1] - Rebase to libguestfs 1.16.4 resolves: rhbz#788642 [1:1.16.3-1] - Rebase to libguestfs 1.16.3 resolves: rhbz#679737, rhbz#769359, rhbz#785305 [1:1.16.2-1] - Rebase to libguestfs 1.16.2 resolves: rhbz#719879 [1:1.16.1-1] - Rebase to libguestfs 1.16.1 - Disable tests (probably because we are hitting https://lists.gnu.org/archive/html/qemu-devel/2010-02/threads.html#00823 ) resolves: rhbz#719879 [1:1.14.7-4] - Continue with rebase to libguestfs 1.14.7 resolves: rhbz#719879 [1:1.14.7-1] - Rebase to libguestfs 1.14.7 resolves: rhbz#719879 LOW Copyright 2012 Oracle, Inc. CVE-2012-2690 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [5.8.10-2] - add patch to update information on debugging in the man page Resolves: #820311 - add patch to prevent debug output to stdout after forking Resolves: #820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: #822118 [5.8.10-1] - rebase to rsyslog 5.8.10 Resolves: #803550 Resolves: #805424 Resolves: #813079 Resolves: #813084 - consider lock file in 'status' action Resolves: #807608 - add impstats and imptcp modules - include new license text files - specify which versions of sysklogd are obsoleted [5.8.7-1] - rebase to rsyslog-5.8.7 - change license from 'GPLv3+' to '(GPLv3+ and ASL 2.0)' http://blog.gerhards.net/2012/01/rsyslog-licensing-update.html - remove patches obsoleted by rebase - add patches for better sysklogd compatibility (taken from upstream) - update included files for the new major version Resolves: #672182 Resolves: #727380 Resolves: #756664 Resolves: #767527 Resolves: #769025 - add several directories for storing auxiliary data Resolves: #740420 - fix source package URL MODERATE Copyright 2012 Oracle, Inc. CVE-2011-4623 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [1:1.15.1-15] - Fix btrfs support to findfs and related applets - Resolves: #751927 [1:1.15.1-14] - Resolves: #790335 'busybox various flaws' Added a fix for SEGV on empty command in hush [1:1.15.1-13] - Resolves: #790335 'busybox various flaws' including: 'buffer underflow in decompression' 'udhcpc insufficient checking of DHCP options' [1:1.15.1-12] - Backport 'set -o pipefail' support - Resolves: #782018 - Add btrfs support to findfs and related applets - Resolves: #751927 LOW Copyright 2012 Oracle, Inc. CVE-2006-1168 CVE-2011-2716 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [3.1.9-2] - remove -devel package ISA multilib dependencies [3.1.9-1] - update to 3.1.9 (bugfix, stable) (#662655) - create -devel subpackage with header files - ship apc.php for easier referral in the config files LOW Copyright 2012 Oracle, Inc. CVE-2010-3294 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.2.10.2-15] - Resolves: Bug 824014 - DS Shuts down intermittently [1.2.10.2-14] - Resolves: Bug 819643 - Database RUV could mismatch the one in changelog under the stress -- patch 0015 fixes a small memleak in previous patch [1.2.10.2-13] - Resolves: Bug 822700 - Bad DNs in ACIs can segfault ns-slapd [1.2.10.2-12] - Resolves: Bug 819643 - Database RUV could mismatch the one in changelog under the stress - Resolves: Bug 821542 - letters in object's cn get converted to lowercase when renaming object [1.2.10.2-11] - Resolves: Bug 819643 - Database RUV could mismatch the one in changelog under the stress - 1.2.10.2-10 was built from the private branch [1.2.10.2-10] - Resolves: Bug 819643 - Database RUV could mismatch the one in changelog under the stress [1.2.10.2-9] - Resolves: Bug 815991 - crash in ldap_initialize with multiple threads - previous fix was still crashing in ldclt [1.2.10.2-8] - Resolves: Bug 815991 - crash in ldap_initialize with multiple threads [1.2.10.2-7] - Resolves: Bug 813964 - IPA dirsvr seg-fault during system longevity test [1.2.10.2-6] - Resolves: Bug 811291 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) - typo in previous patch [1.2.10.2-5] - Resolves: Bug 811291 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) [1.2.10.2-4] - Resolves: Bug 803930 - ipa not starting after upgade because of missing data - get rid of posttrans - move update code to post [1.2.10.2-3] - Resolves: Bug 800215 - Certain CMP operations hang or cause ns-slapd to crash [1.2.10.2-2] - Resolves: Bug 800215 - Certain CMP operations hang or cause ns-slapd to crash - Resolves: Bug 800217 - fix valgrind reported issues [1.2.10.2-1] - Resolves: Bug 766989 - Rebase 389-ds-base to 1.2.10 - Resolves: Bug 796770 - crash when replicating orphaned tombstone entry [1.2.10.1-1] - Resolves: Bug 766989 - Rebase 389-ds-base to 1.2.10 - Resolves: Bug 790491 - 389 DS Segfaults during replica install in FreeIPA [1.2.10.0-1] - Resolves: Bug 766989 - Rebase 389-ds-base to 1.2.10 [1.2.10-0.11.rc2] - Resolves: Bug 766989 - Rebase 389-ds-base to 1.2.10 [1.2.9.16-1] - Bug 759301 - Incorrect entryUSN index under high load in replicated environment - Bug 743979 - Add slapi_rwlock API and use POSIX rwlocks - WARNING - patches 0030 and 0031 remove and add back the file configure - this is necessary because the merge commit to rebase RHEL-6 to 1.2.9.6 - seriously messed up configure - so in order to add the patch for 743979 - which also touched configure, the file had to be removed and added back - also note that the commit for the RHEL-6 branch to remove configure does - not work - the way patch works, it has to match every line exactly in - order to remove the file, and because the merge commit messed things - up, it doesn't work - So, DO NOT TOUCH 0030-remove-configure-to-get-rid-of-merge-conflict.patch - BECAUSE IT IS HAND CRAFTED and not generated by git format-patch - if you must regenerate this file, - git format-patch ...args... to generate a file in patch format - remove all of the patch matches (all the lines beginning with -) - get the 1.2.9.6 version of configure from the source tarball - wc -l configure to get the number of lines in the file - sed 's/^/-/' configure >> thefile.patch - edit thefile.patch to have the right number of lines and have the - patch commands in the correct place - PROFIT!!! [1.2.9.15-1] - Bug 752577 - crash when simple paged fails to send entry to client - Bug 757897 - rhds81 modrn operation and 100% cpu use in replication - Bug 757898 - Fix Coverity (11104) Resource leak: ids_sasl_user_to_entry (slapd/saslbind.c) LOW Copyright 2012 Oracle, Inc. CVE-2012-0833 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 abrt [2.0.8-6.0.1.el6] - Add abrt-oracle-enterprise.patch to be product neutral - Remove abrt-plugin-rhtsupport dependency for cli and desktop - Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot [2.0.8-6] - enable plugin services after install rhbz#820515 - Resolves: #820515 [2.0.8-5] - removed the 'report problem with ABRT btn' rhbz#809587 - fixed double free - fixed ccpp-install man page - Resolves: #809587, #796216, #799027 [2.0.8-4] - dont mark reports reported in post-create by mailx as reported - Resolves: #803618 [2.0.8-3] - fixed remote crash handling rhbz#800828 - Resolves: #800828 [2.0.8-2] - updated translation - added man page for a-a-analyze-vmcore - minor fixes in kernel oops parser - Related: #759375 [2.0.8-1] - rebase to the latest upstream - partly fixed probles with suided cores - fixed confusing message about 'moved copy' - properly enable daemons on update from previous version - added default config file for mailx - cli doesnt depend on python plugin - properly init i18n all plugins - added missing man page to abrt-cli - added warning when user tries to report already reported problem again - added vmcores plugin - Resolves: #759375, #783450, #773242, #771597, #770357, #751068, #749100, #747624, #727494 btparser [0.16-3] - Report correct crash_function in the crash sumary Resolves: rhbz#811147 [0.16-1] - New upstream release Resolves: #768377 libreport [2.0.9-5.0.1.el6] - Add oracle-enterprise.patch - Remove libreport-plugin-rhtsupport pkg [2.0.9-5] - rebuild due to rpmdiff - Resolves: #823411 [2.0.9-4] - fixed compatibility with bugzilla 4.2 - Resolves: #823411 [2.0.9-3] - added notify-only option to mailx rhbz#803618 - Resolves: #803618 [2.0.9-2] - minor fix in debuginfo downloader - updated translations - Related: #759377 [2.0.9-1] - new upstream release - fixed typos in man - fixed handling of anaconda-tb file - generate valid xml file - Resolves: #759377, #758366, #746727 python-meh [0.12.1-3] - Add dbus-python and libreport to BuildRequires (vpodzime). Related: rhbz#796176 [0.12.1-2] - Add %check unset DISPLAY section to spec file (vpodzime). Resolves: rhbz#796176 [0.12.1-1] - Adapt to new libreport API (vpodzime). Resolves: rhbz#769821 - Add info about environment variables (vpodzime). Resolves: rhbz#788577 [0.11-3] - Move 'import rpm' to where its needed to avoid nameserver problems. Resolves: rhbz#749330 [0.11-2] - Change dependency to libreport-* (mtoman) Resolves: rhbz#730924 - Add abrt-like information to bug reports (vpodzime). Resolves: rhbz#728871 LOW Copyright 2012 Oracle, Inc. CVE-2011-4088 CVE-2012-1106 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.6.32-279.el6] - [netdrv] mlx4: ignore old module parameters (Jay Fenlason) [830553] [2.6.32-278.el6] - [kernel] sysctl: silence warning about missing strategy for file-max at boot time (Jeff Layton) [803431] - [net] sunrpc: make new tcp_max_slot_table_entries sysctl use CTL_UNNUMBERED (Jeff Layton) [803431] - [drm] i915: set AUD_CONFIG N_value_index for DisplayPort (Dave Airlie) [747890] - [scsi] scsi_lib: fix scsi_io_completions SG_IO error propagation (Mike Snitzer) [827163] - [fs] nfs: Fix corrupt read data after short READ from server (Sachin Prabhu) [817738] [2.6.32-277.el6] - [scsi] be2iscsi: fix dma free size mismatch regression (Mike Christie) [824287] - [scsi] libsas: check dev->gone before submitting sata i/o (David Milburn) [824025] [2.6.32-276.el6] - [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [812108] [2.6.32-275.el6] - [net] bridge: fix broadcast flood regression (Jesper Brouer) [817157] - [ipc] mqueue: use correct gfp flags in msg_insert (Doug Ledford) [750260] - [security] fix compile error in commoncap.c (Eric Paris) [806726] {CVE-2012-2123} - [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806726] {CVE-2012-2123} - [fs] proc: Fix vmstat crashing with trap divide error (Larry Woodman) [820507] - [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [803936] {CVE-2012-2372} - [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [814504] {CVE-2012-2136} - [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816155] {CVE-2012-2137} [2.6.32-274.el6] - [net] sunrpc: fix loss of task->tk_status after rpc_delay call in xprt_alloc_slot (Jeff Layton) [822189] - [net] sunrpc: suppress page allocation warnings in xprt_alloc_slot() (Jeff Layton) [822189] - [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [812108] - [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [812108] - [usb] Dont fail USB3 probe on missing legacy PCI IRQ (Don Zickus) [812254] - [usb] Fix handoff when BIOS disables host PCI device (Don Zickus) [812254] - [usb] Remove duplicate USB 3.0 hub feature #defines (Don Zickus) [812254] - [usb] Set hub depth after USB3 hub reset (Don Zickus) [812254] - [usb] xhci: Fix encoding for HS bulk/control NAK rate (Don Zickus) [812254] - [usb] Fix issue with USB 3.0 devices after system resume (Don Zickus) [812254] - [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [822697] [2.6.32-273.el6] - [s390] qeth: remove siga retry for HiperSockets devices (Hendrik Brueckner) [817090] - [scsi] lpfc: Changed version number to 8.3.5.68.5p (Rob Evers) [821515] - [scsi] lpfc: Fixed system crash due to not providing SCSI error-handling host reset handler (Rob Evers) [821515] - [scsi] lpfc: Correct handling of SLI4-port XRI resource-provisioning profile change (Rob Evers) [821515] - [scsi] lpfc: Fix driver crash during back-to-back ramp events. (Rob Evers) [821515] - [scsi] lpfc: Fixed system panic due to midlayer abort and driver complete race on SCSI cmd (Rob Evers) [821515] - [scsi] sd: Fix device removal NULL pointer dereference (Rob Evers) [817853] - [md] Add del_timer_sync to mddev_suspend, fixes a panic (Jonathan E Brassow) [818371] - [virt] virtio_net: invoke softirqs after __napi_schedule (Michael S. Tsirkin) [819435] - [virt] virtio_net: do not reschedule rx refill forever (Michael S. Tsirkin) [819435] [2.6.32-272.el6] - [md] bitmap: ensure to load bitmap when creating via sysfs (Jes Sorensen) [821329] - [infiniband] mlx4: fix RoCE oops (Doug Ledford) [749059] - [x86] setup: Add rh_check_supported() (Prarit Bhargava) [821561] - [mm] read_pmd_atomic: fix pmd_populate SMP race condition (Andrea Arcangeli) [820762] {CVE-2012-1179} - [drm] i915: add Ivy Bridge GT2 Server entries (Dave Airlie) [817926] [2.6.32-271.el6] - [scsi] qla2xxx: Update version number to 8.04.00.04.06.3-k (Chad Dupuis) [816331] - [scsi] qla2xxx: Properly check for current state after the fabric-login request (Chad Dupuis) [816331] - [scsi] qla2xxx: Proper completion to scsi-ml for scsi status task_set_full and busy (Chad Dupuis) [816331] - [scsi] qla2xxx: Fix reset time out as qla2xxx not ack to reset request (Chad Dupuis) [816331] - [scsi] qla2xxx: Block flash access from application when device is initialized for ISP82xx (Chad Dupuis) [816331] - [scsi] qla2xxx: Remove resetting memory during device initialization for ISP82xx (Chad Dupuis) [816331] - [scsi] qla2xxx: Proper detection of firmware abort error code for ISP82xx (Chad Dupuis) [816331] - [scsi] qla2xxx: Additional corrections for ISP83xx support (Chad Dupuis) [816331] - [scsi] bfa: remove tech-preview tainting (Rob Evers) [744301] - [input] wacom: add support for Cintiq 24HD (Aristeu Rozanski) [773052] - [netdrv] bna: remove tech-preview status (Ivan Vecera) [744302] - [net] xfrm: impement kabi work-arounds for alg_trunc_len (Jarod Wilson) [768460] - [net] xfrm: Add SHA384 and SHA512 HMAC authentication algorithms to XFRM (Jarod Wilson) [768460] - [net] xfrm: Use the user specified truncation length in ESP and AH (Jarod Wilson) [768460] - [net] xfrm: Store aalg in xfrm_state with a user specified truncation length (Jarod Wilson) [768460] - [net] xfrm: Define new XFRM netlink auth attribute with specified truncation bits (Jarod Wilson) [768460] - [scsi] bxn2fc: Bumped version to 1.0.11 (Mike Christie) [813065] - [scsi] bnx2fc: cleanup task management IO when it times out. (Mike Christie) [813065] - [scsi] bnx2fc: Decrememnt io ref count when abort times out (Mike Christie) [813065] - [scsi] bnx2fc: Allow FLOGI to be retried when receiving bad responses. (Mike Christie) [813065] - [netdrv] be2net: Ignore status of some ioctls during driver load (Ivan Vecera) [818561] - [netdrv] be2net: Fix wrong status getting returned for MCC commands (Ivan Vecera) [818561] - [netdrv] be2net: Fix traffic stall INTx mode (Ivan Vecera) [818561] - [netdrv] be2net: Fix FW download in Lancer (Ivan Vecera) [818561] - [netdrv] be2net: enable RSS for ipv6 pkts (Ivan Vecera) [818561] - [s390] af_iucv: allow shutdown for HS transport sockets (Hendrik Brueckner) [815273] - [infiniband] cxgb4: handle wake up waiters and add check for invalid endpoint (Steve Best) [811023] - [drm] radeon: deal with errors from framebuffer init path (Dave Airlie) [736376] - [fs] proc: restore 'huge' tag for hugetlb vmas in numa_maps (Larry Woodman) [818746] - [fs] proc: teach /proc//numa_maps about transparent hugepages (Larry Woodman) [818746] - [fs] proc: break out numa_maps gather_pte_stats() checks (Larry Woodman) [818746] - [fs] proc: make /proc//numa_maps gather_stats() take variable page size (Larry Woodman) [818746] - [fs] proc: allocate storage for numa_maps statistics once (Larry Woodman) [818746] - [fs] proc: make struct proc_maps_private truly private (Larry Woodman) [818746] - [fs] proc: move show_numa_map() to fs/proc/task_mmu.c (Larry Woodman) [818746] - [mm] mempolicy: declare mpol_to_str() when CONFIG_TMPFS=n (Larry Woodman) [818746] - [mm] mempolicy: remove check_huge_range() (Larry Woodman) [818746] - [mm] mempolicy: make gather_stats() type-safe and remove forward declaration (Larry Woodman) [818746] - [mm] mempolicy: remove MPOL_MF_STATS (Larry Woodman) [818746] - [mm] mempolicy: use walk_page_range() instead of custom page table walking code (Larry Woodman) [818746] - [mm] mempolicy: export get_vma_policy() (Larry Woodman) [818746] - [block] mtip32xx: fix missing mtip32xx.ko in installer initrd (Shyam Iyer) [819947] - [input] wacom: add LED support for Cintiq 24HD (Aristeu Rozanski) [808315] - [input] wacom: make LED status readable through sysfs (Aristeu Rozanski) [808315] - [input] wacom: add LED support for Cintiq 21ux2 (Aristeu Rozanski) [808315] - [input] wacom: add interface to control LEDs in Wacom tablets (Aristeu Rozanski) [808315] - [vhost] net: fix possible NULL pointer dereference of vq->bufs (Jason Wang) [814288] {CVE-2012-2119} - [net] macvtap: validate zerocopy vectors before building skb (Jason Wang) [814288] {CVE-2012-2119} - [net] macvtap: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (Jason Wang) [814288] {CVE-2012-2119} - [net] macvtap: put zerocopy page when fail to get all requested user pages (Jason Wang) [814288] {CVE-2012-2119} - [net] macvtap: fix zerocopy offset calculation when building skb (Jason Wang) [814288] {CVE-2012-2119} - [netdrv] be2net: Fix EEH error reset before a flash dump completes (Ivan Vecera) [818568] - [netdrv] be2net: cancel be_worker during EEH recovery (Ivan Vecera) [818568] - [net] bonding: assign slaves their own vlan_groups (Neil Horman) [804232] - [net] vlan: Add helper functions to manage vlans on bonds and slaves (Neil Horman) [804232] - [virt] kvm: Fix kvm_arch_vcpu_put() crash with vmm_exclusive=0 (Avi Kivity) [704173] [2.6.32-270.el6] - [netdrv] be2net: Record receive queue index in skb to aid RPS (Ivan Vecera) [818558] - [scsi] bnx2i: Updated version and copyright year (Mike Christie) [816376] - [scsi] bnx2i: Added the setting of target can_queue via target_alloc (Mike Christie) [816376] - [netdrv] be2net: fix calling __vlan_put_tag() after eth_type_trans() (Ivan Vecera) [815670] - [s390] af_iucv: detect down state of HS transport interface (Hendrik Brueckner) [815274] - [s390] qeth: Improve OSA Express 4 blkt defaults (Hendrik Brueckner) [808486] - [netdrv] ixgbe: Correct Adaptive Interrupt Moderation so that it will change values (Andy Gospodarek) [802837] - [mm] x86: Move do_page_fault()s error path under unlikely() (Motohiro Kosaki) [770376] - [mm] x86: make pagefault killable (Motohiro Kosaki) [770376] - [mm] x86: Handle mm_fault_error() in kernel space (Motohiro Kosaki) [770376] - [mm] introduce wait_on_page_locked_killable() (Motohiro Kosaki) [770376] - [mm] oom_kill: remove memcg argument from oom_kill_task() (Motohiro Kosaki) [770376] - [mm] oom-kill: remove boost_dying_task_prio() (Motohiro Kosaki) [770376] - [net] rds: RDS over QLogic hardware fails to work (Jay Fenlason) [797530] - [net] netpoll: fix Allow netpoll_setup/cleanup recursion (Herbert Xu) [816034] - [netdrv] atl1c: add workaround for issue of bit INTX-disable for MSI interrupt (Stanislaw Gruszka) [809036] - [netdrv] atl1c: enlarge L1 response waiting timer (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove PHY polling from atl1c_change_mtu (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Disable L0S when no cable link (Stanislaw Gruszka) [809036] - [netdrv] atl1c: do MAC-reset when PHY link down (Stanislaw Gruszka) [809036] - [netdrv] atl1c: cancel task when interface closed (Stanislaw Gruszka) [809036] - [netdrv] atl1c: refine mac address related code (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove code of closing register writable attribution (Stanislaw Gruszka) [809036] - [netdrv] atl1c: clear WoL status when reset pcie (Stanislaw Gruszka) [809036] - [netdrv] atl1c: add PHY link event(up/down) patch (Stanislaw Gruszka) [809036] - [netdrv] atl1c: refine start/enable code for MAC module (Stanislaw Gruszka) [809036] - [netdrv] atl1c: add function atl1c_power_saving (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove PHY reset/init for link down event (Stanislaw Gruszka) [809036] - [netdrv] atl1c: update PHY reset related routine (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove PHY polling from atl1c_open (Stanislaw Gruszka) [809036] - [netdrv] atl1c: refine SERDES-clock related code (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove PHY contrl in atl1c_reset_pcie (Stanislaw Gruszka) [809036] - [netdrv] atl1c: refine phy-register read/write function (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove REG_PHY_STATUS (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove MDIO_REG_ADDR_MASK in atl1c_mdio_read/write (Stanislaw Gruszka) [809036] - [netdrv] atl1c: fix WoL(magic) issue for l2cb 1.1 (Stanislaw Gruszka) [809036] - [netdrv] atl1c: refine atl1c_pcie_patch (Stanislaw Gruszka) [809036] - [netdrv] atl1c: refine/update ASPM configuration (Stanislaw Gruszka) [809036] - [netdrv] atl1c: clear bit MASTER_CTRL_CLK_SEL_DIS in atl1c_pcie_patch (Stanislaw Gruszka) [809036] - [netdrv] atl1c: refine reg definition of REG_MASTER_CTRL (Stanislaw Gruszka) [809036] - [netdrv] atl1c: clear PCIE error status in atl1c_reset_pcie (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove dmar_dly_cnt and dmaw_dly_cnt (Stanislaw Gruszka) [809036] - [netdrv] atl1c: update right threshold for TSO (Stanislaw Gruszka) [809036] - [netdrv] atl1c: add module parameter for l1c_wait_until_idle (Stanislaw Gruszka) [809036] - [netdrv] atl1c: threshold for ASPM is changed based on chip capability (Stanislaw Gruszka) [809036] - [netdrv] atl1c: restore max-read-request-size in Device Conrol Register (Stanislaw Gruszka) [809036] - [netdrv] atl1c: using fixed TXQ configuration for l2cb and l1c (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove dmaw_block (Stanislaw Gruszka) [809036] - [netdrv] atl1c: correct wrong definition of REG_DMA_CTRL (Stanislaw Gruszka) [809036] - [netdrv] atl1c: wrong register used to stop TXQ (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove code related to rxq 1/2/3 (Stanislaw Gruszka) [809036] - [netdrv] atl1c: split 2 32bit registers of TPD to 4 16bit registers (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove SMB/CMB DMA related code (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove VPD register (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove HDS register (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove multiple-RX-Q code (Stanislaw Gruszka) [809036] - [netdrv] atl1c: update author contact info & company/driver desciption (Stanislaw Gruszka) [809036] - [netdrv] atl1c: stop using net_device.{base_addr, irq} (Stanislaw Gruszka) [809036] - [netdrv] atl1c: set ATL1C_WORK_EVENT_RESET bit correctly (Stanislaw Gruszka) [809036] - [netdrv] atl1c: dont use highprio tx queue (Stanislaw Gruszka) [809036] - [netdrv] atl1c: set addr_assign_type if random_ether_addr() used (Stanislaw Gruszka) [809036] - [netdrv] atl1c: ethernet dev_alloc_skb to netdev_alloc_skb (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Remove alloc_etherdev error messages (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Sweep away N/A fw_version dustbunnies from the .get_drvinfo routine (Stanislaw Gruszka) [809036] - [netdrv] atl1c: add skb frag size accessors (Stanislaw Gruszka) [809036] - [netdrv] atl1c: use DMA_x_DEVICE and dma_mapping_error with skb_frag_dma_map (Stanislaw Gruszka) [809036] - [netdrv] atl1c: convert to SKB paged frag API (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Remove unneeded version.h includes from drivers/net/ (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove interrupt.h inclusion from netdevice.h (Stanislaw Gruszka) [809036] - [netdrv] atl1c: atl1c_resume() is only used when CONFIG_PM_SLEEP is defined (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Use ethtools ethtool_cmd_speed API (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Use full 32 bit speed range in ethtools set_settings (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Fix work event interrupt/task races (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Fix set-but-unused variable (Stanislaw Gruszka) [809036] - [netdrv] atl1c: fix sparse warnings (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Do not call device_init_wakeup() in atl1c_probe() (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Add missing PCI device ID (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove private #define (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Comment typo fixes for 'descriptor' (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Do not use legacy PCI power management (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Fix hardware type check for enabling OTP CLK (Stanislaw Gruszka) [809036] - [netdrv] atl1c: make functions static (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Dont check for vlan group before vlan_tx_tag_present (Stanislaw Gruszka) [809036] - [netdrv] atl1c: avoid some skb->ip_summed initializations (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Remove double test (Stanislaw Gruszka) [809036] - [netdrv] atl1c: use net_device_stats from struct net_device (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Add AR8151 v2 support and change L0s/L1 routine (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Remove unnecessary returns from void function()s (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove redundant code (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h (Stanislaw Gruszka) [809036] - [netdrv] atl1c: convert multiple drivers to use netdev_for_each_mc_addr, part3 (Stanislaw Gruszka) [809036] - [netdrv] atl1c: Add support for Atheros AR8152 and AR8152 (Stanislaw Gruszka) [809036] - [netdrv] atl1c: use DEFINE_PCI_DEVICE_TABLE() (Stanislaw Gruszka) [809036] - [netdrv] atl1c: fix assorted typos all over the place (Stanislaw Gruszka) [809036] - [netdrv] atl1c: use pM to show MAC address (Stanislaw Gruszka) [809036] - [netdrv] atl1c:add pci map direction in atl1c_buffer flags (Stanislaw Gruszka) [809036] - [netdrv] atl1c: remove exceptional & on function name (Stanislaw Gruszka) [809036] - [netdrv] atl1c: change atl1c_buffer struct and restructure clean atl1c_buffer procedure (Stanislaw Gruszka) [809036] - [netdrv] atl1c: duplicate atl1c_get_tpd (Stanislaw Gruszka) [809036] - [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [817140] - [fs] epoll: Dont limit non-nested epoll paths (Jason Baron) [817137] - [netdrv] tg3: Fix ethtool self tests (John Feeney) [808243 809036] - [infiniband] mlx4: check return code and bail on error (Doug Ledford) [749059] - [infiniband] mlx4: use locking when walking netdev list (Doug Ledford) [749059] - [x86] asm: undo paravirt_patch_template kABI breakage (Rik van Riel) [813682] - [fs] cifs: check S_AUTOMOUNT in revalidate (Ian Kent) [786149] - [fs] vfs: fix LOOKUP_DIRECTORY not propagated to managed_dentry() (Ian Kent) [786149] - [s390x] kdump: Change default action from reipl to stop for on_restart (Hendrik Brueckner) [806152] - [s390x] qeth: add missing wake_up call (Hendrik Brueckner) [806151] - [s390x] lcs: lcs offline failure (Hendrik Brueckner) [804643] - [s390x] ctcmpc: use correct idal word list for ctcmpc (Hendrik Brueckner) [798641] - [s390x] dasd: fix fixpoint divide exception in define_extent (Hendrik Brueckner) [798002] - [s390x] mm: prevent memory zone interleave (Hendrik Brueckner) [797936] - [s390x] qeth: synchronize discipline module loading (Hendrik Brueckner) [795462] - [powerpc] perf: Check current->mm in read_user_stack_slow (Steve Best) [804569] - [powerpc] perf: Disable pagefaults during callchain stack read (Jiri Olsa) [804569] - [tools] selftests: mqueue mq_perf_tests checkpatch fixes (Doug Ledford) [750260] - [ipc] mqueue: strengthen checks on mqueue creation fix (Doug Ledford) [750260] - [misc] rbtree: backport rb_init_node() (Doug Ledford) [750260] - [tools] selftests: add mq_perf_tests (Doug Ledford) [750260] - [tools] selftests: add mq_open_tests (Doug Ledford) [750260] - [ipc] mqueue: strengthen checks on mqueue creation (Doug Ledford) [750260] - [ipc] mqueue: correct mq_attr_ok test (Doug Ledford) [750260] - [ipc] mqueue: improve performance of send/recv (Doug Ledford) [750260] - [watchdog] iTCO_wdt: default SMI clearing to old behaviour (Prarit Bhargava) [727875 811324] - [watchdog] iTCO_wdt: problems with newer hardware due to SMI clearing (Prarit Bhargava) [727875 811324] - [sound] alsa: fix Conexant CX20561 audio mute functionality (Jaroslav Kysela) [816569] - [s390] kdump: Use 4 GiB for KEXEC_AUTO_THRESHOLD (Hendrik Brueckner) [815599] - [net] bonding: verify for NULL when getting bridge from bond_dev->br_port (Veaceslav Falico) [816034 817145] - [md] dm-mpath: only try to load the scsi_dh module if the scsi_dh doesnt exist (Mike Snitzer) [788591] - [virt] kvm/svm: handle adjustment of negative tsc offsets (Marcelo Tosatti) [817236] - [netdrv] be2net: fix programming of VLAN tags for VF (Ivan Vecera) [816013] - [scsi] isci: End the RNC resumption wait when the RNC is destroyed. (David Milburn) [809954] - [scsi] isci: Fixed RNC bug that lost the suspension or resumption during destroy (David Milburn) [809954] - [scsi] isci: Fix RNC AWAIT_SUSPENSION->INVALIDATING transition. (David Milburn) [809954] - [scsi] isci: Manage the IREQ_NO_AUTO_FREE_TAG under scic_lock. (David Milburn) [809954] - [scsi] isci: Remove obviated host callback list. (David Milburn) [809954] - [scsi] isci: Check IDEV_GONE before performing abort path operations. (David Milburn) [809954] - [scsi] isci: Restore the ATAPI device RNC management code. (David Milburn) [809954] - [scsi] isci: Dont wait for an RNC suspend if its being destroyed. (David Milburn) [809954] - [scsi] isci: Change the phy control and link reset interface for HW reasons. (David Milburn) [809954] - [scsi] isci: Added timeouts to RNC suspensions in the abort path. (David Milburn) [809954] - [scsi] isci: Add protocol indicator for TMF requests. (David Milburn) [809954] - [scsi] isci: Directly control IREQ_ABORT_PATH_ACTIVE when completing TMFs. (David Milburn) [809954] - [scsi] isci: Wait for RNC resumption before leaving the abort path. (David Milburn) [809954] - [scsi] isci: Fix RNC suspend call for SCI_RESUMING state. (David Milburn) [809954] - [scsi] isci: Manage tag releases differently when aborting tasks. (David Milburn) [809954] - [scsi] isci: Callbacks to libsas occur under scic_lock and are synchronized. (David Milburn) [809954] - [scsi] isci: When in the abort path, defeat other resume calls until done. (David Milburn) [809954] - [scsi] isci: Implement waiting for suspend in the abort path. (David Milburn) [809954] - [scsi] isci: Make sure all TCs are terminated and cleaned in LUN reset. (David Milburn) [809954] - [scsi] isci: Manage the LLHANG timer enable/disable per-device. (David Milburn) [809954] - [scsi] isci: Save the suspension hint for upcoming suspensions. (David Milburn) [809954] - [scsi] isci: Fix the terminated I/O to not call sas_task_abort(). (David Milburn) [809954] - [scsi] isci: Distinguish between remote device suspension cases (David Milburn) [809954] - [scsi] isci: Remove isci_device reqs_in_process and dev_node from isci_device. (David Milburn) [809954] - [scsi] isci: Only set IDEV_GONE in the device stop path. (David Milburn) [809954] - [scsi] isci: All pending TCs are terminated when the RNC is invalidated. (David Milburn) [809954] - [scsi] isci: Device access in the error path does not depend on IDEV_GONE. (David Milburn) [809954] - [scsi] isci: Add suspension cases for RNC INVALIDATING, POSTING states. (David Milburn) [809954] - [scsi] isci: Redesign device suspension, abort, cleanup. (David Milburn) [809954] - [scsi] isci: Escalate to I_T_Nexus_Reset when the device is gone. (David Milburn) [809954] - [scsi] isci: Remote device stop also suspends the RNC and terminates I/O. (David Milburn) [809954] - [scsi] isci: Remote device must be suspended for NCQ cleanup. (David Milburn) [809954] - [scsi] isci: Manage device suspensions during TC terminations. (David Milburn) [809954] - [scsi] isci: Terminate outstanding TCs on TX/RX RNC suspensions. (David Milburn) [809954] - [scsi] isci: Handle all suspending TC completions (David Milburn) [809954] - [scsi] isci: Fixed bug in resumption from RNC Tx/Rx suspend state. (David Milburn) [809954] - [scsi] isci: Manage the link layer hang detect timer for RNC suspensions. (David Milburn) [809954] [2.6.32-269.el6] - [x86] Revert: kdump: No need to disable ioapic in crash path (Don Zickus) [815785] - [mm] mempolicy: do_migrate_pages cleanup (Larry Woodman) [801904] - [mm] mempolicy: do_migrate_pages fix (Larry Woodman) [801904] - [ata] ahci: add another PCI ID for marvell (David Milburn) [813365] - [ata] ahci: recognize Marvell 88se9125 PCIe SATA 6.0 Gb/s controller (David Milburn) [813365] - [ata] ahci: HFLAG_YES_FBS fix legacy IDE interface (David Milburn) [813365] - [ata] ahci: add HFLAG_YES_FBS and apply it to 88SE9128 (David Milburn) [813365] - [sound] alsa: enable OSS emulation in rhel configuration (Jaroslav Kysela) [657291] - [sound] alsa: add probe_mask=0x101 automatically for WinFast VP200 H (Jaroslav Kysela) [805658] - [target] fcoe: Remove printk message from ft_dump_cmd (Neil Horman) [813678] - [scsi] be2iscsi: fix bh use in alloc pdu path (Mike Christie) [813550] - [scsi] libsas: fix sas port naming (David Milburn) [759210] - [scsi] libsas: fix panic when single phy is disabled on a wide port (David Milburn) [759210] - [scsi] isci: firmware update to latest firmware generator (David Milburn) [759210] - [scsi] isci: enable BCN in sci_port_add_phy() (David Milburn) [759210] - [scsi] isci: Changes in COMSAS timings enabling ISCI to detect buggy disc drives (David Milburn) [759210] - [scsi] isci: implement suspend/resume support (David Milburn) [759210] - [scsi] isci: kill isci_host.shost (David Milburn) [759210] - [scsi] isci: fix interrupt disable (David Milburn) [759210] - [scsi] isci: fix 'link-up' events occur after 'start-complete' (David Milburn) [759210] - [scsi] isci: fix controller stop (David Milburn) [759210] - [scsi] isci: refactor initialization for S3/S4 (David Milburn) [759210] - [scsi] isci: kill isci_port.domain_dev_list (David Milburn) [759210] - [scsi] isci: kill ->status, and ->state_lock in isci_host (David Milburn) [759210] - [scsi] isci: Dont filter BROADCAST CHANGE primitives (David Milburn) [759210] - [scsi] isci: kill sci_phy_protocol and sci_request_protocol (David Milburn) [759210] - [scsi] isci: kill ->is_direct_attached (David Milburn) [759210] - [scsi] isci: improve 'invalid state' warnings (David Milburn) [759210] - [scsi] libsas: suspend / resume support (David Milburn) [759210] - [ata] libsas: drop sata port multiplier infrastructure (David Milburn) [759210] - [ata] libata: export ata_port suspend/resume infrastructure for sas (David Milburn) [759210] - [net] bonding: 802.3ad - fix agg_device_up (Veaceslav Falico) [806081] - [netdrv] mlx4_core: fix race on comm channel (Jay Fenlason) [808926] - [scsi] libfc: cache align struct fc_fcp_pkt fields (Neil Horman) [815984] - [scsi] libfc: cache align fc_exch_pool (Neil Horman) [815984] - [scsi] fcoe: setup default initial value for DDP threshold (Neil Horman) [815984] - [virt] virtio_console: tell host of open ports after resume from s3/s4 (Amit Shah) [816099] - [scsi] st: fix memory leak with 1MB tape I/O (David Milburn) [811703] - [drm] i915: Dont do MTRR setup if PAT is enabled (Adam Jackson) [802539] - [scsi] device_handler: Add Netapp storage array to rdac array list (Rob Evers) [811364] - [netdrv] cnic: Fix parity error code conflict (Mike Christie) [808619] - [sound] alsa: Fix No sound with Conexant CX20585 / Recording fails (Jaroslav Kysela) [798923] - [kernel] default to clocksource unstable switching off (Prarit Bhargava) [804535] - [x86] Backout X86_FEATURE_ARAT checks in hpet initialization (Prarit Bhargava) [804535] - [kernel] clocksource: Make watchdog robust vs. interruption (Prarit Bhargava) [804535] - [fs] cifs: Show various mount options in /proc/mounts (Sachin Prabhu) [815751] - [ata] libata: make ata_print_id atomic numbering fix (David Milburn) [815861] - [md] raid1: Dont set 'fullsync' unnecessarily (Jonathan E Brassow) [813948] - [md] dm-raid: Record and handle missing devices. (Jonathan E Brassow) [809231] - [md] dm-raid: Set recovery flags on resume. (Jonathan E Brassow) [811669] - [netdrv] bnx2x: changed initial dcb configuration (Michal Schmidt) [812612] - [netdrv] tg3: Fix NVRAM writes on newer devices (John Feeney) [808617] [2.6.32-268.el6] - [x86] efi: Remove unnecessary error message (Matthew Garrett) [788428] - [hid] wacom: Add serial and id reporting for Wacom Intuos4 WL (Aristeu Rozanski) [769676] - [hid] wacom: fix proximity tool release (Aristeu Rozanski) [769676] - [hid] wacom: report distance for Intuos4 WL (Aristeu Rozanski) [769676] - [hid] wacom: Add pad buttons reporting on Intuos4 WL (Aristeu Rozanski) [769676] - [hid] wacom: set ABS_MISC bit for Intuos4 WL (Aristeu Rozanski) [769676] - [hid] wacom: introduce support for Intuos4 bluetooth (Aristeu Rozanski) [769676] - [hid] wacom: introduce sysfs interface to control the device reporting speed (Aristeu Rozanski) [769676] - [hid] wacom: separate mode switching function (Aristeu Rozanski) [769676] - [hid] wacom: add missing events for pad buttons (Aristeu Rozanski) [769676] - [bluetooth] hidp: implement raw output support for HIDP layer (Aristeu Rozanski) [769676] - [fs] nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (J. Bruce Fields) [813070] - [fs] nfsd: rename 'int access' to 'int may_flags' in nfsd_open() (J. Bruce Fields) [813070] - [fs] ext4: return 32/64-bit dir name hash according to usage type (J. Bruce Fields) [813070] - [fs] add new FMODE flags FMODE_32bithash and FMODE_64bithash (J. Bruce Fields) [813070] - [fs] nfsd: Remove check for a 32-bit cookie in nfsd4_readdir() (J. Bruce Fields) [813070] - [net] bonding: remove entries for master_ip and vlan_ip and query devices instead (Andy Gospodarek) [810299] - [net] netfilter: place conntrack in source hash after SNAT is done (Neil Horman) [740747] - [netdrv] tg3: Fix RSS ring refill race condition (John Feeney) [808247] - [scsi] Revert: rdac: Add dynamic match to rdac handler (Jarod Wilson) [811364] [2.6.32-267.el6] - [x86] therm_throt: Dont report power limit and package level thermal throttle events in mcelog (Naoya Horiguchi) [803913] - [x86] Use this_cpu_has for thermal_interrupt current cpu (Naoya Horiguchi) [803913] - [x86] percpu: add this_cpu_has() macro (Naoya Horiguchi) [803913] - [virt] KVM: lock slots_lock around device assignment (Alex Williamson) [811653] - [virt] kvm: unmap pages from the iommu when slots are removed (Alex Williamson) [811653] {CVE-2012-2121} - [scsi] fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) (David Milburn) [798776] - [scsi] libsas, libata: fix start of life for a sas ata_port (David Milburn) [798776] - [scsi] libsas: continue revalidation (David Milburn) [798776] - [ata] libata: make ata_print_id atomic (David Milburn) [798776] - [scsi] libsas: fix ata_eh clobbering ex_phys via smp_ata_check_ready (David Milburn) [798776] - [scsi] libsas: fix false positive 'device attached' conditions (David Milburn) [798776] - [scsi] libsas: unify domain_device sas_rphy lifetimes (David Milburn) [798776] - [scsi] scsi_transport_sas: fix delete vs scan race (David Milburn) [798776] - [ata] libata: reset once (David Milburn) [798776] - [scsi] libsas: fix sas_get_port_device regression (David Milburn) [798776] - [scsi] libsas: sas_rediscover_dev did not look at the SMP exec status. (David Milburn) [798776] - [scsi] libsas: fix sas_find_bcast_phy() in the presence of 'vacant' phys (David Milburn) [798776] - [scsi] libsas: trim sas_task of slow path infrastructure (David Milburn) [798776] - [scsi] isci: use sas eh strategy handlers (David Milburn) [798776] - [scsi] libsas: use ->lldd_I_T_nexus_reset for ->eh_bus_reset_handler (David Milburn) [798776] - [scsi] libsas: add sas_eh_abort_handler (David Milburn) [798776] - [scsi] libsas: enforce eh strategy handlers only in eh context (David Milburn) [798776] - [scsi] libata, libsas: introduce sched_eh and end_eh port ops (David Milburn) [798776] - [scsi] libsas: cleanup spurious calls to scsi_schedule_eh (David Milburn) [798776] - [scsi] libsas: introduce sas_work to fix sas_drain_work vs sas_queue_work (David Milburn) [798776] - [net] fib: fix BUG_ON in fib_nl_newrule when add new fib rule (Weiping Pan) [814059] - [scsi] isci: fix oem parameter validation on single controller skus (David Milburn) [812415] - [x86] tsc: Dont divide by zero if TSC kHz calibration fails (Richard W.M. Jones) [813413] - [x86] Avoid check hlt for newer cpus (Don Zickus) [812439] [2.6.32-266.el6] - [virt] kvm: Allow adjust_tsc_offset to be in host or guest cycles (Frank Arnold) [807215] - [virt] Revert: x86: Make tsc_delta calculation a function of guest tsc (Frank Arnold) [807215] - [scsi] lpfc: Update lpfc version for 8.3.5.68.2p driver release (Rob Evers) [810522] - [scsi] lpfc: Fix bug with mailbox handling of REG_VFI (Rob Evers) [810522] - [scsi] lpfc: flush PCI function reset register write (Rob Evers) [810522] - [scsi] lpfc: Fixed system panic when extents enabled (Rob Evers) [810522] - [scsi] lpfc: Fixed the system panic during EEH recovery (Rob Evers) [810522] - [scsi] lpfc: Fix resource leak when acc fails (Rob Evers) [810522] - [scsi] lpfc: Fixed SLI4 driver module load and unload test loop (Rob Evers) [810522] - [scsi] lpfc: Fixed missing CVL event (Rob Evers) [810522] - [scsi] lpfc: Fix deadlock during adapter offline request (Rob Evers) [810522] - [scsi] lpfc: Fix same RPI registered multiple times (Rob Evers) [810522] - [scsi] lpfc: Fix handling of XRI Aborted CQE response (Rob Evers) [810522] - [scsi] lpfc: Fixed failure handling SLI4 FC port reset (Rob Evers) [810522] - [scsi] lpfc: Fix not sending a LOGO with vport delete (Rob Evers) [810522] - [scsi] lpfc: Fix for SLI4 Port delivery for BLS ABORT ACC (Rob Evers) [810522] - [scsi] lpfc: Fix ndlp list not empty during unloading (Rob Evers) [810522] - [scsi] lpfc: Fix mailbox and vpi memory leaks (Rob Evers) [810522] - [scsi] lpfc: create char device to take a reference (Rob Evers) [810522] - [scsi] lpfc: Fix for FDISC failures (Rob Evers) [810522] - [scsi] lpfc: Fix for driver using duplicate RPIs (Rob Evers) [810522] - [scsi] lpfc: Fix discovery problem when in pt2pt (Rob Evers) [810522] - [scsi] lpfc: Fixed handling large CQ/EQ ids in an IOV env (Rob Evers) [810522] - [scsi] lpfc: Fix Locking code raising IRQ twice (Rob Evers) [810522] - [scsi] lpfc: Fix not returning when bad ndlp found (Rob Evers) [810522] - [scsi] lpfc: Fix bug with driver returning the wrong ndlp (Rob Evers) [810522] - [scsi] lpfc: Fix driver behavior when receiving an ADISC (Rob Evers) [810522] - [scsi] lpfc: Fixed unbounded firmware revision string (Rob Evers) [810522] - [scsi] lpfc: Fix dump command type 4 using 16Gb FC Adapter (Rob Evers) [810522] - [scsi] lpfc: Fix port not reset when needed during fw_dump (Rob Evers) [810522] - [scsi] lpfc: Fix ELS FDISC failing local rej./inv. RPI (Rob Evers) [810522] - [scsi] lpfc: Fix SLI4 FC port internal loopback (Rob Evers) [810522] - [scsi] lpfc: Fix REG_RPI fails on SLI4 HBA (Rob Evers) [810522] - [scsi] lpfc: Fix els command using 16Gb FC Adapter (Rob Evers) [810522] - [scsi] lpfc: Fix NMI seen due to CQE starvation (Rob Evers) [810522] - [scsi] lpfc: Fixed SLI4 FC port obtained link-type/num (Rob Evers) [810522] - [scsi] lpfc: Fixed SLI4 FC port int. loopback without SFP (Rob Evers) [810522] - [scsi] lpfc: Fix incorrect fcpCdb during scsi command prep (Rob Evers) [810522] - [drm] i915: Do not set 'Enable Panel Fitter' on SNB pageflips (Adam Jackson) [731632] - [drm] radeon: fix load detect on rn50 with hardcoded EDIDs. (Dave Airlie) [813962] - [fs] ext4: change return value from int to ssize_t in ext4_file_write (Eric Sandeen) [814302] - [netdrv] iwlwifi: add option to disable 5GHz band (Stanislaw Gruszka) [812259] - [scsi] rdac: Add dynamic match to rdac handler (Rob Evers) [811364] - [virt] xenfv: fix hangs when kdumping (Andrew Jones) [811815] - [netdrv] mlx4: allocate just enough pages instead of always 4 pages (Steve Best) [812470] - [mm] Prevent panic while reading /proc/vmallocinfo (Larry Woodman) [767889] [2.6.32-265.el6] - [fs] GFS2: Instruct DLM to avoid queue convert slowdowns (Robert S Peterson) [799165] - [fs] GFS2: Allow caching of rindex glock (Robert S Peterson) [799165] - [fs] GFS2: Dont use a try lock when promoting to a higher mode (Robert S Peterson) [799165] - [fs] GFS2: Make sure rindex is uptodate before starting transactions (Robert S Peterson) [799165] - [netdrv] p54spi: Release GPIO lines and IRQ on error in p54spi_probe (John Linville) [808571] - [netdrv] iwlwifi: always monitor for stuck queues (John Linville) [808571] - [netdrv] rt2x00: Add support for D-Link DWA-127 to rt2800usb (John Linville) [808571] - [netdrv] iwl3945: fix possible il->txq NULL pointer dereference in delayed works (John Linville) [808571] - [netdrv] rt2x00: fix random stalls (John Linville) [808571] - [netdrv] iwlwifi: fix key removal (John Linville) [808571] - [netdrv] ath9k_hw: prevent writes to const data on AR9160 (John Linville) [808571] - [net] mac80211: zero initialize count field in ieee80211_tx_rate (John Linville) [808571] - [netdrv] ath9k: stop on rates with idx -1 in ath9k rate controls .tx_status (John Linville) [808571] - [net] mac80211: Fix a rwlock bad magic bug (John Linville) [808571] - [net] mac80211: timeout a single frame in the rx reorder buffer (John Linville) [808571] - [netdrv] ath9k_hw: fix a RTS/CTS timeout regression (John Linville) [808571] - [netdrv] ath9k: fix a WEP crypto related regression (John Linville) [808571] - [netdrv] ath9k: Fix kernel panic during driver initilization (John Linville) [808571] - [netdrv] bnx2x: fix memory leak in bnx2x_init_firmware() (Michal Schmidt) [811231] - [netdrv] bnx2x: fix a crash on corrupt firmware file (Michal Schmidt) [811231] - [netdrv] bnx2x: FCoE statistics id fixed (Michal Schmidt) [811231] - [netdrv] bnx2x: dcb bit indices flags used as bits (Michal Schmidt) [811231] - [netdrv] bnx2x: added cpu_to_le16 when preparing ramrods data (Michal Schmidt) [811231] - [netdrv] bnx2x: pfc statistics counts pfc events twice (Michal Schmidt) [811231] - [fs] dlm: fix QUECVT when convert queue is empty (David Teigland) [809986] - [netdrv] bnx2x: correction to firmware interface (Michal Schmidt) [810296] [2.6.32-264.el6] - [net] Fix netdevice reference leak (Thomas Graf) [719600] [2.6.32-263.el6] - [net] ipmr: Enable multiple multicast routing tables (Thomas Graf) [631984] - [net] ipmr: Dont leak memory if fib lookup fails (Thomas Graf) [631984] - [net] ipmr: dont corrupt lists (Thomas Graf) [631984] - [net] ipmr: off by one in __ipmr_fill_mroute() (Thomas Graf) [631984] - [net] IPv4: unresolved multicast route cleanup (Thomas Graf) [631984] - [net] ipmr: add support for dumping routing tables over netlink (Thomas Graf) [631984] - [net] rtnetlink: decouple rtnetlink address families from real address families (Thomas Graf) [631984] - [net] ipv4: ipmr: fix NULL pointer deref during unres queue destruction (Thomas Graf) [631984] - [net] ipv4: ipmr: fix invalid cache resolving when adding a non-matching entry (Thomas Graf) [631984] - [net] ipv4: ipmr: support multiple tables (Thomas Graf) [631984] - [net] ipv4: ipmr: move mroute data into seperate structure (Thomas Graf) [631984] - [net] ipv4: ipmr: convert struct mfc_cache to struct list_head (Thomas Graf) [631984] - [net] ipv4: ipmr: remove net pointer from struct mfc_cache (Thomas Graf) [631984] - [net] ipv4: ipmr: move unres_queue and timer to per-namespace data (Thomas Graf) [631984] - [net] fib_rules: decouple address families from real address families (Thomas Graf) [631984] - [net] fib_rules: set family in fib_rule_hdr centrally (Thomas Graf) [631984] - [net] fib_rules: consolidate IPv4 and DECnet ->default_pref() functions (Thomas Graf) [631984] - [net] ipmr/ip6mr: prevent out-of-bounds vif_table access (Thomas Graf) [631984] - [fs] direct-io.c: fix truncation error in dio_complete() return (Vivek Goyal) [783992] - [net] add sysctl to accept packets with local source addresses (Weiping Pan) [719600] - [scsi] Model description fixes for Brocade adapters (Rob Evers) [808558] - [x86] kdump: No need to disable ioapic in crash path (Don Zickus) [783322] - [kernel] uevent: send events in correct order according to seqnum (Naoya Horiguchi) [801694] - [net] SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up() (Steve Dickson) [809928] - [mm] Fix race in process_vm_rw_core (Kyle McMartin) [739136] - [mm] Backport Cross Memory Attach patch from upstream (Larry Woodman) [739136] - [drm] enable CONFIG_VGA_SWITCHEROO (Dave Airlie) [632635] [2.6.32-262.el6] - [net] bonding: send igmp report for its master (Weiping Pan) [797780] - [net] allow to get master bridge device for bridge port (Weiping Pan) [797780] - [s390x] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [808487] - [net] fix vlan gro path (Jiri Pirko) [720611] - [net] bonding: emit event when bonding changes MAC (Veaceslav Falico) [800231] - [net] sctp: Fix getsockopt with SCTP_EVENTS regression and allow sctp_event_subscribe to grow (Thomas Graf) [808086] - [net] vlan: Avoid broken offload configuration when reorder_hdr is disabled (Michal Schmidt) [781652] - [virt] xen: Revert 'xen: mask MTRR feature from guest' (Andrew Jones) [810222] [2.6.32-261.el6] - [x86] Dont inject GP for non-XSAVE enabled guests (Don Dugger) [705242] - [drm] i915: suspend fbdev device around suspend/hibernate (Dave Airlie) [746169] - [fs] cifs: Add mount options backupuid and backugid. (Sachin Prabhu) [806336] - [kernel] genirq: Respect NUMA node affinity in setup_affinity() (Prarit Bhargava) [788579] - [netdrv] iwlwifi: do not nulify ctx->vif on reset (Stanislaw Gruszka) [801730] - [virt] VMX: vmx_set_cr0 expects kvm->srcu locked (Marcelo Tosatti) [807507] {CVE-2012-1601} - [virt] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings (Marcelo Tosatti) [807507] {CVE-2012-1601} - [virt] virtio-pci: S3 support (Amit Shah) [803187] - [virt] virtio-pci: drop restore_common() (Amit Shah) [803187] - [virt] virtio: drop thaw PM operation (Amit Shah) [803187] - [virt] virtio: balloon: Allow stats update after restore from S4 (Amit Shah) [803187] [2.6.32-260.el6] - [scsi] be2iscsi: fix include order (Mike Christie) [738043] - [scsi] be2iscsi: Get Port State and Speed of the Adapter (Mike Christie) [738043] - [scsi] be2iscsi: adding functionality to change network settings using iscsiadm (Mike Christie) [738043] - [scsi] be2iscsi: Adding bsg interface for be2iscsi (Mike Christie) [738043] - [scsi] be2iscsi: Get Initiator Name for the iSCSI_Host (Mike Christie) [738043] - [scsi] be2iscsi: Return async handle of unknown opcode to free list (Mike Christie) [738043] - [scsi] be2iscsi: Check ASYNC PDU Handle corresponds to HDR/DATA Handle (Mike Christie) [738043] - [scsi] be2iscsi: Bump the driver Version (Mike Christie) [738043] - [scsi] be2iscsi: Update in Copyright information (Mike Christie) [738043] - [scsi] be2iscsi: Fix the function return values (Mike Christie) [738043] - [scsi] be2iscsi: Code cleanup, removing the goto statement (Mike Christie) [738043] - [scsi] be2iscsi: Fix double free of MCCQ info memory (Mike Christie) [738043] - [scsi] be2iscsi: Set num_cpu = 1 if pci_enable_msix fails (Mike Christie) [738043] - [scsi] be2iscsi:Fix typo function name mismatch (Mike Christie) [738043] - [scsi] be2iscsi: Freeing of WRB and SGL Handle in cleanup task (Mike Christie) [738043] - [scsi] be2iscsi: WRB Initialization and Failure code path change (Mike Christie) [738043] - [scsi] be2iscsi: Fix in ASYNC PDU stitching logic (Mike Christie) [738043] - [scsi] be2iscsi: Fix in the Asynchronous Code Path (Mike Christie) [738043] - [net] ipv4: Constrain UFO fragment sizes to multiples of 8 bytes (Jiri Benc) [797731] - [net] ipv4: Dont use ufo handling on later transformed packets (Jiri Benc) [797731] - [net] udp: Add UFO to NETIF_F_GSO_SOFTWARE (Jiri Benc) [797731] - [fs] Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [808036] - [net] bond: Make LRO flag follow slave settings (Neil Horman) [794647] - [net] make dev_disable_lro use physical device if passed a vlan dev (Andy Gospodarek) [713641] - [net] move is_vlan_dev into public header file (Andy Gospodarek) [713641] [2.6.32-259.el6] - [mm] memcg: fix coalescing uncharge during truncate (Johannes Weiner) [717803] - [mm] thp: allow a hwpoisoned head page to be put back to LRU (Dean Nelson) [795574] - [block] md: Avoid OOPS when reshaping raid1 to raid0 (Jes Sorensen) [805857] - [net] bridge: fix use after free of skb in bridge when netpoll in use (Neil Horman) [769725] - [scsi] fcoe: Move destroy_work to a private work queue (Neil Horman) [806119] - [virt] xen: only check xen_platform_pci_unplug if hvm (Andrew Jones) [807354] [2.6.32-258.el6] - [fs] epoll: kabi fixups for epoll limit wakeup paths (Jason Baron) [681689] {CVE-2011-1083} - [fs] epoll: limit paths (Jason Baron) [681689] {CVE-2011-1083} - [perf] tool: Fix diff command to work with new hists design (Jiri Olsa) [794689] - [x86] call restore_sched_clock_state after gs is initialized (Marcelo Tosatti) [803132] - [virt] virtio-scsi: fix whitespace in fix TMF use-after-free patch (Paolo Bonzini) [802127] - [netdrv] macvtap: add ioctl to modify vnet header size (Michael S. Tsirkin) [789362] - [netdrv] firmware: add bnx2x FW 7.2.16 (Michal Schmidt) [798316] - [netdrv] cnic: update for FW 7.2.xx (Michal Schmidt) [798316] - [netdrv] bnx2fc: HSI dependent changes for 7.2.xx FW (Michal Schmidt) [798316] - [netdrv] bnx2x: use FW 7.2.16 (Michal Schmidt) [798316] - [fs] GFS2: put glock reference in error patch of read_rindex_entry (Robert S Peterson) [803384] - [infiniband] rdmacm: fix initialization bug (Doug Ledford) [805996] - [pci] Dont touch ASPM at all when its forcibly disabled (Matthew Garrett) [801877] [2.6.32-257.el6] - [security] Fix negative key error handling (David Howells) [806393] - [char] ipmi: Increase KCS timeouts (Matthew Garrett) [803378] - [scsi] cxgb3: Add latest upstream firmware (Neil Horman) [747139] - [scsi] cxgb3 driver update to latest upstream (Neil Horman) [747139] - [x86] uv_mmrs.h cleanup patch (George Beshers) [737747] - [x86] reduce clock calibration time during slave cpu startup (George Beshers) [737747] - [x86] uv: Fix uninitialized spinlocks (George Beshers) [737747] - [x86] uv: Fix uv_gpa_to_soc_phys_ram() shift (George Beshers) [737747] - [x86] UV2: Add accounting for BAU strong nacks (George Beshers) [737747] - [x86] UV2: Ack BAU interrupt earlier (George Beshers) [737747] - [x86] UV2: Remove stale no-resources test for UV2 BAU (George Beshers) [737747] - [x86] UV2: Work around BAU bug (George Beshers) [737747] - [x86] UV2: Fix BAU destination timeout initialization (George Beshers) [737747] - [x86] UV2: Fix new UV2 hardware by using native UV2 broadcast mode (George Beshers) [737747] - [x86] UV: Update Boot messages for SGI UV2 platform (George Beshers) [737747] - [x86] UV: Fix UV2 hub part number (George Beshers) [737747] - [mm] vmstat.c: cache align vm_stat (George Beshers) [737747] - [x86] uv2: Workaround for UV2 Hub bug (George Beshers) [737747] - [x86] UV: Remove UV delay in starting slave cpus (George Beshers) [737747] - [x86] UV: Clean up uv_mmrs.h (George Beshers) [737747] - [net] ehash_size cleanup in tcp (George Beshers) [737748] - [x86] print EST-capable warning message only once (George Beshers) [737748] - [mm] Overflow computing _hash_mask (George Beshers) [737748] - [x86] ACPI: Remove repeated cooling_device messages (George Beshers) [737748] - [fs] vfs: fix panic in __d_lookup() (George Beshers) [737748] - [x86] Fix bootmem allocator large bitmap (George Beshers) [737748] - [net] Limit sysctl_tcp_mem and sysctl_udp_mem initializers (George Beshers) [737748] - [mm] alloc_large_system_hash() printk overflow on 16TB boot (George Beshers) [737748] - [fs] On a 16TB machine, max_user_watches has an integer overflow (George Beshers) [737748] - [fs] allow for more than 2^31 file (George Beshers) [737748] - [netdrv] bnx2x: consistent statistics after internal driver reload (Michal Schmidt) [747522] - [netdrv] netxen_nic: Sysfs support for firmware dump (Veaceslav Falico) [801653] [2.6.32-256.el6] - [kernel] sched: Fix ancient race in do_exit() (Motohiro Kosaki) [784758] - [virt] xen: initialize platform_pci even if xen_emul_unplug=never (Igor Mammedov) [803239] - [virt] virtio-scsi: fix TMF use-after-free (Paolo Bonzini) [802127] - [virt] KVM: increase max vcpu count to 160 (Marcelo Tosatti) [748946] - [scsi] sd: Unmap discard alignment needs to be converted to bytes (Mike Snitzer) [805519] - [scsi] sd: Fix VPD buffer allocations (Mike Snitzer) [805519] - [scsi] isci: improvements in driver unloading routine (David Milburn) [805530] - [scsi] isci: improve phy event warnings (David Milburn) [805530] - [scsi] isci: debug, provide state-enum-to-string conversions (David Milburn) [805530] - [scsi] scsi_transport_sas: 'enable' phys on reset (David Milburn) [805530] - [scsi] libsas: dont recover end devices attached to disabled phys (David Milburn) [805530] - [scsi] libsas: fixup target_port_protocols for expanders that dont report sata (David Milburn) [805530] - [scsi] libsas: set attached device type and target protocols for local phys (David Milburn) [805530] - [scsi] isci: T10 DIF support (David Milburn) [805530] - [scsi] isci: enable clock gating (David Milburn) [805530] - [scsi] isci: Fix NULL ptr dereference when no firmware is being loaded (David Milburn) [805530] - [fs] Pstore supplies a wrong header to kmsg files (Seiji Aguchi) [804789] - [fs] nfs: Try using machine credentials for RENEW calls (Sachin Prabhu) [795441] - [kernel] perf/x86/kvm: Fix Host-Only/Guest-Only counting with SVM disabled (Gleb Natapov) [805496] [2.6.32-255.el6] - [fs] jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) [748713] {CVE-2011-4086} - [kernel] sched: Call tick_check_idle before __irq_enter (George Beshers) [635817] - [kernel] sched: Increment cache_nice_tries only on periodic lb (George Beshers) [635817] - [cpuidle] menu: fixed wrapping timers at 4.294 seconds (George Beshers) [635817] - [kernel] sched: Fix softirq time accounting (George Beshers) [635817] - [x86] UV: Lower UV rtc clocksource rating (George Beshers) [635817] - [infiniband] mlx4_core: fix bug in modify_cq wrapper for resize flow (Doug Ledford) [801111] - [infiniband] mlx4_core: remove buggy sched_queue masking (Doug Ledford) [801111] - [infiniband] mlx4_core: Fixing array indexes when setting port types (Doug Ledford) [801111] - [infiniband] mlx4: Setting new port types after all interfaces unregistered (Doug Ledford) [801111] - [infiniband] mlx4: Replacing pool_lock with mutex (Doug Ledford) [801111] - [infiniband] mlx4_core: Do not map BF area if capability is 0 (Doug Ledford) [801111] - [infiniband] mlx4: add unicast steering entries to resource_tracker (Doug Ledford) [801111] - [infiniband] mlx4: fix QP tree trashing (Doug Ledford) [801111] - [infiniband] mlx4: fix buffer overrun (Doug Ledford) [801111] - [infiniband] mlx4: Fix kcalloc parameters swapped (Doug Ledford) [801111] - [net] net_sched: qdisc_alloc_handle() can be too slow (Jiri Pirko) [785891] - [net] RFC3069, private VLAN proxy arp support (Weiping Pan) [786544] - [scsi] aio: fix the 'too late munmap()' race (Jeff Moyer) [801528] - [scsi] aio: fix io_setup/io_destroy race (Jeff Moyer) [801528] - [scsi] aio: fix rcu ioctx lookup (Jeff Moyer) [801528] [2.6.32-254.el6] - [fs] GFS2: Change truncate page allocation to be GFP_NOFS (Robert S Peterson) [796017] - [fs] GFS2: Remove a __GFP_NOFAIL allocation (Robert S Peterson) [796017] - [fs] GFS2: flush work when clearing inode (Robert S Peterson) [796017] - [scsi] hpsa: change version string (Tomas Henzl) [785262] - [scsi] hpsa: rename HPSA_MAX_SCSI_DEVS_PER_HBA (Tomas Henzl) [785262] - [scsi] hpsa: update device attributes when they change (Tomas Henzl) [785262] - [scsi] hpsa: improve naming on external target device functions (Tomas Henzl) [785262] - [scsi] hpsa: eliminate 8 external target limitation (Tomas Henzl) [785262] - [scsi] hpsa: fix potential array overflow in hpsa_update_scsi_devices (Tomas Henzl) [785262] - [scsi] hpsa: refactor hpsa_figure_bus_target_lun (Tomas Henzl) [785262] - [scsi] hpsa: make target and lun match what SCSI REPORT LUNs returns (Tomas Henzl) [785262] - [scsi] hpsa: Fix problem with MSA2xxx devices (Tomas Henzl) [785262] - [scsi] hpsa: add P2000 to list of shared SAS devices (Tomas Henzl) [785262] - [virt] KVM: PMU: Fix raw event check (Gleb Natapov) [803620] - [virt] KVM: PMU: warn when pin control is set in eventsel msr (Gleb Natapov) [803620] - [virt] x86 emulator: correctly mask pmc index bits in RDPMC instruction emulation (Gleb Natapov) [803620] - [powerpc] perf: Fix frequency calculation for overflowing counters (Steve Best) [804608] - [security] keys: add a 'logon' key type (David Howells) [788634] - [security] KEYS: testing wrong bit for KEY_FLAG_REVOKED (David Howells) [788634] - [security] KEYS: Permit key_serial() to be called with a const key pointer (David Howells) [788634] - [security] keys: fix user_defined key sparse messages (David Howells) [788634] - [security] keys: fix trusted/encrypted keys sparse rcu_assign_pointer messages (David Howells) [788634] - [security] KEYS: Add missing smp_rmb() primitives to the keyring search code (David Howells) [788634] - [security] KEYS: Make garbage collector nonreentrant under RHEL-6 (David Howells) [788634] - [security] KEYS: Correctly destroy key payloads when their keytype is removed (David Howells) [788634] - [security] KEYS: The dead key link reaper should be non-reentrant (David Howells) [788634] - [security] KEYS: Make the key reaper non-reentrant (David Howells) [788634] - [security] KEYS: Move the unreferenced key reaper to the keys garbage collector file (David Howells) [788634] - [security] KEYS: __key_link() should use the RCU deref wrapper for keyring payloads (David Howells) [788634] - [security] KEYS: keyctl_get_keyring_ID() should create a session keyring if create flag set (David Howells) [788634] - [security] KEYS: If install_session_keyring() is given a keyring, it should install it (David Howells) [788634] - [security] KEYS: Fix error handling in construct_key_and_link() (David Howells) [788634] - [security] KEYS: Dont return EAGAIN to keyctl_assume_authority() (David Howells) [788634] - [security] KEYS: Make request_key() and co. return an error for a negative key (David Howells) [788634] - [security] KEYS: Improve /proc/keys (David Howells) [788634] - [security] KEYS: Add an iovec version of KEYCTL_INSTANTIATE (David Howells) [788634] - [security] KEYS: Add a new keyctl op to reject a key with a specified error code (David Howells) [788634] - [security] KEYS: Add an RCU payload dereference macro (David Howells) [788634] - [security] KEYS: Fix __key_link_end() quota fixup on error (David Howells) [788634] - [security] KEYS: Fix up comments in key management code (David Howells) [788634] - [security] KEYS: Do some style cleanup in the key management code (David Howells) [788634] - [security] KEYS: Dont call up_write() if __key_link_begin() returns an error (David Howells) [788634] - [security] Add a dummy printk function for the maintenance of unused printks (David Howells) [788634] - [security] KEYS: request_key() should return -ENOKEY if the constructed key is negative (David Howells) [788634] - [security] KEYS: Reinstate lost passing of process keyring ID in call_sbin_request_key() (David Howells) [788634] - [security] KEYS: Use the variable 'key' in keyctl_describe_key() (David Howells) [788634] - [security] KEYS: Make /proc/keys check to see if a key is possessed before security check (David Howells) [788634] - [security] KEYS: Authorise keyctl_set_timeout() on a key if we have its authorisation key (David Howells) [788634] - [security] KEYS: Propagate error code instead of returning -EINVAL (David Howells) [788634] - [security] keyctl_session_to_parent(): use thread_group_empty() to check singlethreadness (David Howells) [788634] - [security] KEYS: Do preallocation for __key_link() (David Howells) [788634] - [security] KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links (David Howells) [788634] - [security] whitespace coding style fixes (David Howells) [788634] - [security] key: keyring: fix some code style issues (David Howells) [788634] - [security] Fix some coding styles in security/keys/keyring.c (David Howells) [788634] - [x86] EFI: Only set regions uncacheable if they support it (Matthew Garrett) [767291] - [virt] KVM: Fix fetch fault error code (Avi Kivity) [802453] - [netdrv] add myri10ge firmware (Stanislaw Gruszka) [796099] - [fs] xfs: fix inode lookup race (Dave Chinner) [796277] - [x86] amd: Fix L1i and L2 cache sharing information for AMD family 15h processors (Frank Arnold) [798399] - [x86] cache_info: Update calculation of AMD L3 cache indices (Frank Arnold) [798399] - [x86] cache_info: Remove bogus free of amd_l3_cache data (Frank Arnold) [798399] - [hwmon] k10temp: Add support for Fam15h Bulldozer (Frank Arnold) [798209] - [hwmon] k10temp: add support for AMD Family 12h/14h CPUs (Frank Arnold) [798209] - [x86] AMD, PCI: Add AMD northbridge PCI device id for CPU families 12h and 14h (Frank Arnold) [798209] - [netdrv] pch_gbe: modify Kconfig/Makefile and config-generic (Veaceslav Falico) [728177] - [netdrv] pch_gbe: new network driver from upstream (Veaceslav Falico) [728177] - [x86] Ivy Bridge kernel rdrand support (Jay Fenlason) [696442] [2.6.32-253.el6] - [net] gro: more generic L2 header check (Doug Ledford) [789123] - [infiniband] IPoIB: Stop lying about hard_header_len and use skb->cb to stash LL addresses (Doug Ledford) [789123] - [net] Make qdisc_skb_cb upper size bound explicit (Doug Ledford) [789123] - [fs] GFS2: Invalidate directory hash table on inode deallocate (Robert S Peterson) [801171] - [fs] GFS2: Fix a use-after-free that coverity spotted (Robert S Peterson) [801171] - [kernel] lkdtm: avoid calling lkdtm_do_action() with spinlock held (Prarit Bhargava) [770621] - [x86] Fix printk levels for panic, softlockups and stack dumps (Prarit Bhargava) [770621] - [kernel] lkdtm.c: fix race when crashpoint is hit multiple times before checking count (Prarit Bhargava) [770621] - [kernel] lkdtm: prefix enum constants (Prarit Bhargava) [770621] - [kernel] lkdtm: use generic_file_llseek in debugfs (Prarit Bhargava) [770621] - [kernel] param: remove unnecessary writable charp (Prarit Bhargava) [770621] - [kernel] lktdm: add support for hardlockup, softlockup and hung task crashes (Prarit Bhargava) [770621] - [kernel] lkdtm: add debugfs access and loosen KPROBE ties (Prarit Bhargava) [770621] - [scsi] aacraid: Fixes kernel oops in 'aac_eh_abort' (Tomas Henzl) [760396] - [kernel] sys_poll: fix incorrect type for 'timeout' parameter (Oleg Nesterov) [794681] - [kernel] kdump: round up total_size to 128M for crashkernel reserving threshold (Dave Young) [798727] - [block] loop: fix partial read infomation leak (Dave Young) [761418] - [netdrv] mlx4: Dont show RoCE interfaces if the hpn channel is not installed (Doug Ledford) [753004] - [mm] thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) [800328] - [target] fix build on i386 (Andy Grover) [765982] - [target] Backport from stable-3.2.6 (Andy Grover) [765982] [2.6.32-252.el6] - [dm] fixing test for NULL pointer testing (Paolo Bonzini) [752380] {CVE-2011-4127} - [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752380] {CVE-2011-4127} - [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752380] {CVE-2011-4127} - [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752380] {CVE-2011-4127} - [kernel] regset: Return -EFAULT, not -EIO, on host-side memory fault (Jerome Marchand) [799213] {CVE-2012-1097} - [kernel] regset: Prevent null pointer reference on readonly regsets (Jerome Marchand) [799213] {CVE-2012-1097} - [scsi] qla4xxx: update version (Mike Christie) [800664] - [scsi] iscsi class: fix gfp use in ping compl and host event (Mike Christie) [800664] - [scsi] iscsi if: Removed packed attr from struct iscsi_chap_rec (Mike Christie) [800664] - [scsi] iscsi_transport: Added error status code for ping comp event (Mike Christie) [800664] - [scsi] fix system lock up from scsi error flood (Neil Horman) [800555] - [scsi] libcxgbi: do not print a message when memory allocation fails (Steve Best) [800114] - [infiniband] iser: post initial receive buffers before sending the final login request (Mike Christie) [800041] - [sound] ALSA: pcm midlevel code - add time check for (Jaroslav Kysela) [798984] - [fs] GFS2: call gfs2_write_alloc_required for each fallocate chunk (Benjamin Marzinski) [801141] [2.6.32-251.el6] - [scsi] lpfc: Update lpfc version for 8.3.5.58.1p driver release (Rob Evers) [738037] - [virt] VMX: VMXON/VMXOFF usage changes (Avi Kivity) [704173] - [virt] VMX: VMCLEAR/VMPTRLD usage changes (Avi Kivity) [704173] - [virt] VMX: Some minor changes to code structure (Avi Kivity) [704173] - [virt] VMX: Define new functions to wrapper direct call of asm code (Avi Kivity) [704173] - [net] bonding: move dev_addr cpy to bond_enslave (Thomas Graf) [799794] - [net] bonding: move slave MTU handling from sysfs (Thomas Graf) [799794] - [ppc] Implement CONFIG_STRICT_DEVMEM (Steve Best) [655689] - [scsi] fcoe: Only define ndo_fcoe_get_hbainfo if fcoe is configured (Neil Horman) [789086] - [x86] ACPI / PM: Fix build problem for !CONFIG_ACPI related to NVS rework (Myron Stowe) [708447] - [x86] ips: use interruptible waits in ips-monitor (Neil Horman) [727944] - [x86] kvmclock: abstract save/restore sched_clock_state (Marcelo Tosatti) [694801] - [virt] fix a merge problem in 'KVM steal time suspend/resume bugfix' series (Aristeu Rozanski) [612320] - [virt] reapply 'KVM steal time suspend/resume bugfix' series (Aristeu Rozanski) MODERATE Copyright 2012 Oracle, Inc. CVE-2011-1083 CVE-2011-4131 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [5.1.61-4] - Add backported patch for CVE-2012-2102 Resolves: #812435 [5.1.61-3] - Enable innodb plugin, but only on x86 and x86_64 architectures Resolves: #740224 LOW Copyright 2012 Oracle, Inc. CVE-2012-2102 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [1:5.5-41] - moved /var/lib/net-snmp fro net-snmp to net-snmp-libs package (#822480) [1:5.5-40] - fixed CVE-2012-2141 (#820100) [1:5.5-39] - fixed proxying of out-of-tree GETNEXT requests (#799291) [1:5.5-38] - fixed snmpd crashing with many AgentX subagent (#749227) - fixed SNMPv2-MIB::sysObjectID value when sysObjectID config file option with long OID was used (#786931) - fixed value of BRIDGE-MIB::dot1dBasePortIfIndex.1 (#740172) - fixed parsing of proxy snmpd.conf option not to enable verbose logging by default (#746903) - added new realStorageUnits config file option to support disks > 16 TB in hrStorageTable (#741789) - added vxfs, reiserfs and ocfs2 filesystem support to hrStorageTable (#746903) - fixed snmpd sigsegv when embedded perl script registers one handler twice (#748907) - fixed setting of SNMP-TARGET-MIB::snmpTargetAddrRowStatus via SNMP-SET request on 64-bit platforms (#754275) - fixed crash when /var/lib/net-snmp/mib_indexes/ files have wrong SELinux context (#754971) - fixed memory leak when agentx subagent disconnects in the middle of request processing (#736580) - fixed slow (re-)loads of TCP-MIB::tcpConnectionTable (#789909) - removed 'error finding row index in _ifXTable_container_row_restore' error message (#788954) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2141 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [1:4.6.2-24] - Resolves: bz#734444, list of trusted CA certificates should not be compiled into library [1:4.6.2-23] - Resolves: bz#805433, CVE-2011-3922 [1:4.6.2-22] - Resolves: bz#694684, phonon crash [1:4.6.2-21] - Resolves: #rhbz757793, add OpenGL 3.1, 3.2, 3.3 and 4.0 recognition to QGLFormat MODERATE Copyright 2012 Oracle, Inc. CVE-2011-3922 CVE-2010-5076 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [5.3p1-81] - fixes in openssh-5.3p1-required-authentications.patch (#657378) [5.3p1-79] - fix forward on non-localhost ports with IPv6 (#732955) [5.3p1-78] - clear SELinux exec context before exec passwd (#814691) [5.3p1-77] - prevent post-auth resource exhaustion (#809938) [5.3p1-76] - don't escape backslah in a banner (#809619) [5.3p1-75] - fix various issues in openssh-5.3p1-required-authentications.patch (#805901) [5.3p1-74] - fix out-of-memory killer patch (#744236) [5.3p1-73] - remove openssh-4.3p2-no-v6only.patch (#732955) - adjust Linux out-of-memory killer (#744236) - fix sshd init script - check existence of crypto (#797384) - add RequiredAuthentications[12] (#657378) - run privsep slave process as the users SELinux context (#798241) [5.3p1-72] - drop CAVS test driver (#782091) [5.3p1-71] - enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI (#756929) - add CAVS test driver for the aes-ctr ciphers (#782091) LOW Copyright 2012 Oracle, Inc. CVE-2011-5000 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [2.4.23-26] - fix: MozNSS CA cert dir does not work together with PEM CA cert file (#818844) - fix: memory leak: def_urlpre is not freed (#816168) - fix update: Default SSL certificate bundle is not found by openldap library (#742023) [2.4.23-25] - fix update: Default SSL certificate bundle is not found by openldap library (#742023) [2.4.23-24] - fix update: Default SSL certificate bundle is not found by openldap library (#742023) - fix: memberof overlay on the frontend database causes server segfault (#730745) [2.4.23-23] - security fix: CVE-2012-1164: assertion failure by processing search queries requesting only attributes for particular entry (#813162) [2.4.23-22] - fix: libraries leak memory when following referrals (#807363) [2.4.23-21] - fix: ldapsearch crashes with invalid parameters (#743781) - fix: replication (syncrepl) with TLS causes segfault (#783445) - fix: openldap server in MirrorMode sometimes fails to resync via syncrepl (#784211) - use portreserve to reserve LDAPS port (636/tcp+udp) (#790687) - fix: missing options in manual pages of client tools (#745470) - fix: SASL_NOCANON option missing in ldap.conf manual page (#732916) - fix: slapd segfaults when certificate key cannot be loaded (#796808) - Jan Synacek <jsynacek@redhat.com> + fix: overlay constraint with count option work bad with modify operation (#742163) + fix: Default SSL certificate bundle is not found by openldap library (#742023) + fix: Duplicate close() calls in OpenLDAP (#784203) LOW Copyright 2012 Oracle, Inc. CVE-2012-1164 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [4.8.1-10] - mount.cifs: don't allow unprivileged users to mount onto dirs they can't chdir into (bz 812782) [4.8.1-9] - cifs.upcall: use krb5_sname_to_principal to construct principal name (bz 805490) [4.8.1-8] - mount.cifs: add backupuid=/backupgid= mount options (bz 806337) [4.8.1-7] - RFE: Improve selection of SPNs with cifs.upcall (bz 748757) - mount.cifs does not use KRB5_CONFIG (bz 748756) [creates additional entries in /etc/mtab (bz 770004)] - mount.cifs does not honor the uid/gid=username option, only the uid/gid=# option (bz 796463) [4.8.1-6] - undocumented mount.cifs options (bz 769923) LOW Copyright 2012 Oracle, Inc. CVE-2012-1586 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [1.10.6-1] - xserver 1.10.6 - Use git-style patch names - compsize.h, glxcmds.h: Copy from upstream git since they fell out of the upstream tarball [1.10.4-15] - Undo regression introduced in Patch8007 (#732467) [1.10.4-14] - xserver-1.10.4-sync-revert.patch: Revert an edge-case change in IDLETIME that appears to be more wrong than right. (#748704) [1.10.4-13] - xserver-1.10.4-randr-corner-case.patch: Fix a corner case in initial mode selection. (#657580) - xserver-1.10.4-vbe-no-cache-ddc-support.patch: Only interpret complete non-support for DDC extension as 'DDC unavailable'. (#657580) [1.10.4-11] - xserver-1.10.4-dix-when-rescaling-from-master-rescale-from-desktop-.patch: fix rescaling from master to slave if the pointer (#732467) [1.10.4-10] - Add patches to change the screen crossing behaviour for multiple ScreenRecs (#732467) - remove the xorg.conf.man page from our .gitignore - we need to patch it now and its part of the upstream distribution [1.10.4-9] - xserver-1.10.4-no-24bpp-xaa-composite.patch: Disable Composite at 24bpp in XAA (#651934) [1.10.4-8] - xserver-1.10.4-fb-picture-crash.patch: Fix crash on invalid pictures (#722680) [1.10.4-7] - fix xephyr rendering when using two screens (#757792) LOW Copyright 2012 Oracle, Inc. CVE-2011-4028 CVE-2011-4029 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [2.2-29.0.1.el6] - Direct traceroute to linux.oracle.com (John Haxby) [orabug 11713272] - Disable --upload option as it will not work with Oracle support - Check oraclelinux-release instead of redhat-release to get OS version (John Haxby) [bug 11681869] - Remove RH ftp URL and support email - add sos-oracle-enterprise.patch [2.2-29.el6] - Collect the swift configuration directory in gluster module Resolves: bz822442 - Update IPA module and related plug-ins Resolves: bz812395 [2.2-28.el6] - Collect mcelog files in the hardware module Resolves: bz810702 [2.2-27.el6] - Add nfs statedump collection to gluster module Resolves: bz752549 [2.2-26.el6] - Use wildcard to match possible libvirt log paths Resolves: bz814474 [2.2-25.el6] - Add forbidden paths for new location of gluster private keys Resolves: bz752549 [2.2-24.el6] - Fix katello and aeolus command string syntax Resolves: bz752666 - Remove stray hunk from gluster module patch Resolves: bz784061 [2.2-22.el6] - Correct aeolus debug invocation in CloudForms module Resolves: bz752666 - Update gluster module for gluster-3.3 Resolves: bz784061 - Add additional command output to gluster module Resolves: bz768641 - Add support for collecting gluster configuration and logs Resolves: bz752549 [2.2-19.el6] - Collect additional diagnostic information for realtime systems Resolves: bz789096 - Improve sanitization of RHN user and case number in report name Resolves: bz771393 - Fix verbose output and debug logging Resolves: bz782339 - Add basic support for CloudForms data collection Resolves: bz752666 - Add support for Subscription Asset Manager diagnostics Resolves: bz752670 [2.2-18.el6] - Collect fence_virt.conf in cluster module Resolves: bz760995 - Fix collection of /proc/net directory tree Resolves: bz730641 - Gather output of cpufreq-info when present Resolves: bz760424 - Fix brctl showstp output when bridges contain multiple interfaces Resolves: bz751273 - Add /etc/modprobe.d to kernel module Resolves: bz749919 - Ensure relative symlink targets are correctly handled when copying Resolves: bz782589 - Fix satellite and proxy package detection in rhn plugin Resolves: bz749262 - Collect stderr output from external commands Resolves: bz739080 - Collect /proc/cgroups in the cgroups module Resolve: bz784874 - Collect /proc/irq in the kernel module Resolves: bz784862 - Fix installed-rpms formatting for long package names Resolves: bz767827 - Add symbolic links for truncated log files Resolves: bz766583 - Collect non-standard syslog and rsyslog log files Resolves: bz771501 - Use correct paths for tomcat6 in RHN module Resolves: bz749279 - Obscure root password if present in anacond-ks.cfg Resolves: bz790402 - Do not accept embedded forward slashes in RHN usernames Resolves: bz771393 - Add new sunrpc module to collect rpcinfo for gluster systems Resolves: bz784061 LOW Copyright 2012 Oracle, Inc. CVE-2012-2664 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 nspr [4.9-1] - Resolves: rhbz#799193 - Update to 4.9 nss [3.13.3-6.0.1.el6] - Added nss-vendor.patch to change vendor - Use blank image instead of clean.gif in tar ball [3.13.3-6] - Resolves: #rhbz#805232 PEM module may attempt to free uninitialized pointer [3.13.3-5] - Resolves: rhbz#717913 - [PEM] various flaws detected by Coverity - Require nss-util 3.13.3 [3.13.3-4] - Resolves: rhbz#772628 nss_Init leaks memory [3.13.3-3] - Resolves: rhbz#746632 - pem_CreateObject mem leak on non existing file name - Use completed patch per code review [3.13.3-2] - Resolves: rhbz#746632 - pem_CreateObject mem leak on non existing file name - Resolves: rhbz#768669 - PEM unregistered callback causes SIGSEGV [3.13.3-1] - Update to 3.13.3 - Resolves: rhbz#798539 - Distrust MITM subCAs issued by TrustWave - Remove builtins-nssckbi_1_88_rtm.patch which the rebase obsoletes nss-util [3.13.3-2] - Resolves: rhbz#799192 - Update to 3.13.3 - Update minimum nspr version for Requires and BuildRequires to 4.9 - Fix version/release in changelog to match the Version and Release tags, now 3.13.3-2 [3.13.1-5] - Resolves: rhbz#799192 - Update to 3.13.3 MODERATE Copyright 2012 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:3:base Oracle Linux 6 [2.1.3-2] - Fix possible XML Hash DoS Resolves: #803391 [2.1.3] - Update to sblim-cim-client2-2.1.3 [2.0.9.2-1] - Initial support LOW Copyright 2012 Oracle, Inc. CVE-2012-2328 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:3:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.2.10.2-18] - Resolves: Bug 830001 - unhashed#user#password visible after changing password -- patch 0020 disallows users' direct modify on unhashed#user#password [1.2.10.2-17] - Resolves: Bug 830001 - unhashed#user#password visible after changing password -- patch 0019 fixes deref issue. [1.2.10.2-16] - Resolves: Bug 830001 - unhashed#user#password visible after changing password - Resolves: Bug 830256 - Audit log - clear text password in user changes MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2678 CVE-2012-2746 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.7.0.5-2.2.1.0.1.el6] - Modify DISTRO_NAME for Oracle [1.7.0.5-2.2.1.el6] - Updated priority to be > 17000 and to depend on buildver variable - Variable buildver increased to 5 as it should be - Resolves: rhbz#828759 [1.7.0.3-2.2.1.el6] - Used newly prepared tarball with security fixes - Bump to icedtea7-forest-2.2.1 - _mandir/man1/jcmd-name.1 added to alternatives - Updated rhino.patch - Updated java-1.7.0-openjdk-java-access-bridge-security.patch - Modified partially upstreamed patch302 - systemtap.patch - Temporarly disabled patch102 - java-1.7.0-openjdk-size_t.patch - Removed already upstreamed patches 104,108,109,301,110: - java-1.7.0-openjdk-arm-ftbfs.patch - java-1.7.0-openjdk-system-zlib.patch - java-1.7.0-openjdk-remove-mimpure-opt.patch - systemtap-alloc-size-workaround.patch - java-1.7.0-fix-gio-detection.patch - Access gnome bridge jar forced to be 644 - Added patch303 - java-1.7.0-openjdk-jstack.patch which resolved RH804632 for openjdk6 - Resolves: rhbz#828759 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1726 CVE-2012-1719 CVE-2012-1725 CVE-2012-1713 CVE-2012-1716 CVE-2012-1723 CVE-2012-1711 CVE-2012-1717 CVE-2012-1718 CVE-2012-1724 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [8.4.12-1] - Update to PostgreSQL 8.4.12, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-12.html including the fixes for CVE-2012-2143, CVE-2012-2655 Resolves: #830723 [8.4.11-2] - Add patches for CVE-2012-2143, CVE-2012-2655 Resolves: #830723 [8.4.11-1] - Update to PostgreSQL 8.4.11, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.postgresql.org/docs/8.4/static/release-8-4-10.html including the fixes for CVE-2012-0866, CVE-2012-0867, CVE-2012-0868 Resolves: #812077 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2143 CVE-2012-2655 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [5.3.3-14] - add security fix for CVE-2010-2950 [5.3.3-13] - fix tests for CVE-2012-2143, CVE-2012-0789 [5.3.3-12] - add fix for CVE-2012-2336 [5.3.3-11] - add security fixes for CVE-2012-0781, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2386 [5.3.3-9] - correct detection of = in CVE-2012-1823 fix (#818607) [5.3.3-8] - add security fix for CVE-2012-1823 (#818607) [5.3.3-7] - add security fix for CVE-2012-0830 (#786744) [5.3.3-6] - merge Joe's changes: - improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH - add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740732) [5.3.3-5] - remove extra php.ini-prod/devel files caused by %patch -b [5.3.3-4] - add security fixes for CVE-2011-4885, CVE-2011-4566 (#769755) MODERATE Copyright 2012 Oracle, Inc. CVE-2010-2950 CVE-2012-1172 CVE-2012-0057 CVE-2012-2336 CVE-2011-4153 CVE-2012-0781 CVE-2012-0789 CVE-2012-2143 CVE-2012-2386 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [3.9.4-6] - Add fixes for CVE-2012-2088, CVE-2012-2113 Resolves: #835748 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2113 CVE-2012-2088 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-279.1.1.el6] - [kernel] Prevent keyctl new_session from causing a panic (David Howells) [833433 827424] {CVE-2012-2745} - [net] ipv6/netfilter: fix null pointer dereference in nf_ct_frag6_reasm() (Petr Matousek) [833410 833412] {CVE-2012-2744} - [fs] nfs: Map minor mismatch error to protocol not support error (Steve Dickson) [832365 796352] - [fs] ext4: Fix overflow caused by missing cast in ext4_fallocate() (Lukas Czerner) [833034 830209] - [ata] libata: Add 2GB ATA Flash Disk/ADMA428M to DMA blacklist (Prarit Bhargava) [832363 812904] - [netdrv] r8169: fix typo in firmware filenames (Ivan Vecera) [832359 829211] IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2744 CVE-2012-2745 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.3-8] - Apply patches for CVE-2009-5030, CVE-2012-3358 Resolves: #831561 - Include -DCMAKE_INSTALL_LIBDIR in cmake call; fixes FTBFS with recent versions of cmake IMPORTANT Copyright 2012 Oracle, Inc. CVE-2009-5030 CVE-2012-3358 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.7.4p5-12] - added patch for CVE-2012-2337 Resolves: rhbz#829756 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2337 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 firefox [10.0.6-1.0.1.el6_3] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-3] - Enabled WebM [10.0.5-2] - Added fix for mozbz#703633, rhbz#818341 xulrunner [10.0.6-1.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-3] - Added fix for rhbz#808136 (mozbz#762301) [10.0.5-2] - Enabled WebM (rhbz#798880) CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1966 CVE-2012-1951 CVE-2012-1965 CVE-2012-1957 CVE-2012-1958 CVE-2012-1964 CVE-2012-1953 CVE-2012-1955 CVE-2012-1959 CVE-2012-1962 CVE-2012-1967 CVE-2012-1950 CVE-2012-1961 CVE-2012-1954 CVE-2012-1948 CVE-2012-1952 CVE-2012-1963 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [10.0.6-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.6-1] - Update to 10.0.6 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1951 CVE-2012-1952 CVE-2012-1963 CVE-2012-1964 CVE-2012-1955 CVE-2012-1954 CVE-2012-1958 CVE-2012-1962 CVE-2012-1948 CVE-2012-1953 CVE-2012-1959 CVE-2012-1961 CVE-2012-1957 CVE-2012-1967 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 nspr [4.9.1-2] - Related: rhbz#833762 - Update License to MPLv2.0 [4.9.1-1] - Resolves: rhbz#833762 - Update to NSPR_4_9_1_RTM nss [3.13.5-1.0.1.el6_3 ] - Added nss-vendor.patch to change vendor - Use blank image instead of clean.gif in tar ball [3.13.5-1] - Resolves: rhbz#834100 - Update to 3.13.5 for mozilla 10.0.6 nss-util [3.13.5-1] - Resolves: rhbz#833763 - Update to 3.13.5 for Mozilla 10.0.6 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0441 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.12-1.80.el6_3.3] - Fix incorrect/corrupt patchfile for 833716. Did not affect generated code, but tests were missing (#833716). [2.12-1.80.el6_3.2] - Fix regression after patch for BZ804630 (#837026). [2.12-1.80.el6_3.1] - Fixes an unbound alloca and related problems. (#833716) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3404 CVE-2012-3406 CVE-2012-3405 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.7.9-5.el6.2] - Add patch for CVE-2011-2485 (RH bug #837561). [2.7.9-5.el6.1] - Add patch for CVE-2012-1178 (RH bug #837560). - Add patch for CVE-2012-2318 (RH bug #837560). - Add patch for CVE-2012-3374 (RH bug #837560). [2.7.9-5.el6] - Add patch for CVE-2011-4602 (RH bug #766453). [2.7.9-4.el6] - Add patch for CVE-2011-4601 (RH bug #766453). MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2318 CVE-2012-3374 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.15.1-4] - Resolves: rhbz#841131 (CVE-2012-1151) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-1151 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [32:9.8.2-0.10.rc1.2] - fix CVE-2012-3817 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3817 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.9-33.2] - pull up the patch to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013, #827517) [1.9-33.1] - add candidate patch from upstream to fix freeing uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1015, #839859) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1015 CVE-2012-1013 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.2.1-1] - Updated to 1.2.1 - Resolves: CVE-2012-3422 - Resolves: CVE-2012-3423 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3422 CVE-2012-3423 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [3.4.5.2-16.1.0.1.el6_3 ] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [3.4.5.2-16.1] - Resolves: rhbz#839867 CVE-2012-2665 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2665 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.1.0-0.9.b1.1] - fix CVE-2012-3429 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3429 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [12:4.1.1-31.P1.0.1.el6_3.1] - Added oracle-errwarn-message.patch [12:4.1.1-31.P1.1] - An error in the handling of malformed client identifiers can cause a denial-of-service condition in affected servers. (CVE-2012-3571, #843120) - Memory Leaks Found In ISC DHCP (CVE-2012-3954, #843120) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3954 CVE-2012-3571 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.4.23-26.2] - CVE-2012-2668 (#825875) cipher suite selection by name can be ignored default cipher suite is always selected [2.4.23-26.1] - fix: smbk5pwd module computes invalid LM hashes (#820278) LOW Copyright 2012 Oracle, Inc. CVE-2012-2668 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-279.5.1.el6] - [net] 8021q/vlan: filter device events on bonds (Neil Horman) [842429 841983] [2.6.32-279.4.1.el6] - [fs] proc: stats: Use arch_idle_time for idle and iowait times if available (Steve Best) [841579 841149] - [drm] i915: fix integer overflow in i915_gem_execbuffer2() (Jacob Tanenbaum) [824553 824555] {CVE-2012-2383} - [usb] core: change the memory limits in usbfs URB submission (Don Zickus) [841667 828271] - [usb] core: unify some error pathways in usbfs (Don Zickus) [841667 828271] - [netdrv] ixgbe: BIT_APP_UPCHG not set by ixgbe_copy_dcb_cfg() (Andy Gospodarek) [840156 814044] - [netdrv] ixgbe: driver fix for link flap (Andy Gospodarek) [840156 814044] - [net] bridge: Fix enforcement of multicast hash_max limit (Thomas Graf) [840023 832575] - [net] bluetooth: fix sco_conninfo infoleak (Jacob Tanenbaum) [681307 681308] {CVE-2011-1078} - [wireless] ipw2200: remove references to CFG80211_WEXT config option (John Linville) [841406 839311] - [netdrv] be2net: enable GRO by default (Ivan Vecera) [838821 837230] - [virt] kvm/vmx: Fix KVM_SET_SREGS with big real mode segments (Orit Wasserman) [841411 756044] - [fs] writeback: merge for_kupdate and !for_kupdate cases (Eric Sandeen) [832360 818172] - [fs] writeback: fix queue_io() ordering (Eric Sandeen) [832360 818172] - [fs] writeback: don't redirty tail an inode with dirty pages (Eric Sandeen) [832360 818172] [2.6.32-279.3.1.el6] - [fs] ext4: properly dirty split extent nodes (David Jeffery) [840052 838640] MODERATE Copyright 2012 Oracle, Inc. CVE-2011-1078 CVE-2012-2383 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2:2.6.9-4.3] - fix overflow in GIF loader (#847303) [2:2.6.9-4.2] - fix overflows in GIF, CEL loaders (#727800, #839020) MODERATE Copyright 2012 Oracle, Inc. CVE-2011-2896 CVE-2012-3481 CVE-2012-3403 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [libvirt-0.9.10-21.0.1.el6_3.4] - Replace docs/et.png in tarball with blank image [libvirt-0.9.10-21.el6_3.4] - daemon: Fix crash in virTypedParameterArrayClear (rhbz#844735) - remote: Fix locking in stream APIs (rhbz#847946) - Using virOnce for global initialization is desirable (rhbz#847959) - json: Fix interface locale dependency (rhbz#847959) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3445 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.7.3-5] - fix group permissions in serve.py Resolves: CVE-2012-0878 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-0878 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.12-1.80.el6_3.5] - Fix integer overflow leading to buffer overflow in strto* and related out of bounds array index (#847931) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3480 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox [10.0.7-1.0.1.el6_3] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.7-1] - Update to 10.0.7 ESR xulrunner [10.0.7-1.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.7-1] - Update to 10.0.7 ESR [10.0.6-2] - Added fix for rhbz#770276 - Firefox segfaults, should have a font dependency CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1975 CVE-2012-3958 CVE-2012-3961 CVE-2012-3964 CVE-2012-3968 CVE-2012-3969 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-1972 CVE-2012-1976 CVE-2012-3956 CVE-2012-3963 CVE-2012-1970 CVE-2012-3966 CVE-2012-3957 CVE-2012-3970 CVE-2012-1973 CVE-2012-1974 CVE-2012-3959 CVE-2012-3960 CVE-2012-3962 CVE-2012-3967 CVE-2012-3980 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [10.0.7-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.7-1] - Update to 10.0.7 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1975 CVE-2012-3956 CVE-2012-3958 CVE-2012-3962 CVE-2012-3966 CVE-2012-1973 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3959 CVE-2012-1970 CVE-2012-1976 CVE-2012-3978 CVE-2012-1974 CVE-2012-3957 CVE-2012-3961 CVE-2012-3964 CVE-2012-3960 CVE-2012-1972 CVE-2012-3963 CVE-2012-3972 CVE-2012-3980 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1:1.6.0.0-1.49.1.11.4] - Updated to latest IedTea6 1.11.4 - Resolves: rhbz#853345 [1:1.6.0.0-1.48.1.11.3] - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz#828752 [1:1.6.0.0-1.47.1.11.3] - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added also to package.definition - Resolves: rhbz#828752 [1:1.6.0.0-1.46.1.11.3] - Updated to IcedTea6 1.11.3 - Removed upstreamed patch8 - java-1.6.0-openjdk-jirafix_2820_2821.patch - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added to patch - Resolves: rhbz#828752 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-1682 CVE-2012-0547 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.7.0.5-2.2.1.0.1.el6_3.3] - Modify DISTRO_NAME for Oracle [1.7.0.5-2.2.1.el6.3] - Removed patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch - Applied upstream patches for same issue: patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch - Resolves: rhbz#852299 [1.7.0.5-2.2.1.1.el6] - Added patch 304 java-1.7.0-openjdk-beans-isPackageAccessible.patch to fix vulnerability until it is fixed in upstream sources. - Resolves: rhbz#852299 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0547 CVE-2012-3136 CVE-2012-1682 CVE-2012-4681 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.12.1.2-2.295.el6_3.2] - kvm-console-bounds-check-whenever-changing-the-cursor-du.patch [bz#851257 - Resolves: bz#851257 (EMBARGOED CVE-2012-3515 qemu/kvm: VT100 emulation vulnerability [rhel-6.3.z]) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3515 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [0.6.21-5] - Update to version 0.6.21 fixing many bugs and CVEs - Remove upstreamed patches - Resolves: #839915 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2813 CVE-2012-2836 CVE-2012-2837 CVE-2012-2812 CVE-2012-2814 CVE-2012-2840 CVE-2012-2841 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [8.70-14:.1] - Added inputChan lower-bounds checking to icclib (bug #854227, CVE-2012-4405). MODERATE Copyright 2012 Oracle, Inc. CVE-2012-4405 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.99.15-7.2] - improve fix for CVE-2011-3325 [0.99.15-7.1] - fix CVE-2011-3323 - fix CVE-2011-3324 - fix CVE-2011-3325 - fix CVE-2011-3326 - fix CVE-2011-3327 - fix CVE-2012-0255 - fix CVE-2012-0249 and CVE-2012-0250 - fix CVE-2012-1820 [0.99.15-7] - Resolves: #684751 - CVE-2010-1674 CVE-2010-1675 quagga various flaws [0.99.15-6] - Resolves: #644832 - CVE-2010-2948 CVE-2010-2949 quagga various flaws MODERATE Copyright 2012 Oracle, Inc. CVE-2011-3323 CVE-2011-3327 CVE-2012-0255 CVE-2012-1820 CVE-2011-3325 CVE-2011-3324 CVE-2012-0249 CVE-2012-0250 CVE-2011-3326 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1:1.2.24-7.0.1.el6_3 ] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.2.24-7] - Resolves: #854821 [1:1.2.24-6] - Apply patches for CVE-2011-2200 - Resolves: #725314 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3524 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 Oracle Linux 5 [8.4.13-1] - Update to PostgreSQL 8.4.13, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-13.html including the fixes for CVE-2012-3488, CVE-2012-3489 Resolves: #852020 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3488 CVE-2012-3489 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.1.26-2.0.2.el6_3.1] - Increment release to avoid ULN conflict with previous release. [1.1.26-2.0.1.el6_3.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.26-2.el6_3.1] - fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 - Fix direct pattern matching bug - Fix popping of vars in xsltCompilerNodePop - Fix bug 602515 - Fix generate-id() to not expose object addresses (CVE-2011-1202) - Fix some case of pattern parsing errors (CVE-2011-3970) - Fix a bug in selecting XSLT elements (CVE-2012-2825) - Fix portability to upcoming libxml2-2.9.0 - Fix default template processing on namespace nodes (CVE-2012-2871) - Cleanup of the pattern compilation code (CVE-2012-2870) - Hardening of code checking node types in various entry point (CVE-2012-2870) - Hardening of code checking node types in EXSLT (CVE-2012-2870) - Fix system-property with unknown namespace - Xsltproc should return an error code if xinclude fails - Fix a dictionary string usage - Avoid a heap use after free error IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 CVE-2011-1202 CVE-2011-3970 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [32:9.8.2-0.10.rc1.3] - fix CVE-2012-4244 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-4244 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 python-qpid [0.14-11] - BZs: 825078 - Resolves: rhbz#840053 qpid-cpp [0.14-22.0.1.el6_3 ] - Update summary and description in specfile to be product neutral [0.14-22] - BZs: 609685, 849654, 854004 [0.14-21] - BZs: 831365, 840982, 844618 [0.14-20] - BZs: 683711, 689408, 825078, 834608, 841196, 841488 [0.14-19] - BZs: 609685, 683711, 693444, 707682, 729311, 801465, 808090, 809357, 811481, 817283, 826989, 831365, 835628 [0.14-18] - BZs: 609685, 729311, 808090, 809357, 817283 qpid-qmf [0.14-14.0.1.el6_3] - Change build vendor [0.14-14] - BZs: 693845, 773700, 806869, 847331 qpid-tools [0.14-6] - Resolves: rhbz#840058 - Fixed: Bug 850111 - qpid-stat -c mech column data missing MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2145 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.3-9] - Apply patch for CVE-2012-3535 Resolves: CVE-2012-3535 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3535 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [0.11-11.el6_3.1] - Fix version for Z-stream Related: rhbz#854823 [0.11-12] - Add patch fixing CVE-2012-3524 Resolves: rhbz#854823 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-4425 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.7.6-8.0.1.el6_3.3 ] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-8.el6_3.3] - Change the XPath code to percolate allocation error (CVE-2011-1944) [2.7.6-8.el6_3.2] - Fix an off by one pointer access (CVE-2011-3102) [2.7.6-8.el6_3.1] - Fix a failure to report xmlreader parsing failures - Fix parser local buffers size problems (rhbz#843741) - Fix entities local buffers size problems (rhbz#843741) - Fix an error in previous commit (rhbz#843741) - Do not fetch external parsed entities - Impose a reasonable limit on attribute size (rhbz#843741) - Impose a reasonable limit on comment size (rhbz#843741) - Impose a reasonable limit on PI size (rhbz#843741) - Cleanups and new limit APIs for dictionaries (rhbz#843741) - Introduce some default parser limits (rhbz#843741) - Implement some default limits in the XPath module - Fixup limits parser (rhbz#843741) - Enforce XML_PARSER_EOF state handling through the parser - Avoid quadratic behaviour in some push parsing cases (rhbz#843741) - More avoid quadratic behaviour (rhbz#843741) - Strengthen behaviour of the push parser in problematic situations (rhbz#843741) - More fixups on the push parser behaviour (rhbz#843741) - Fix a segfault on XSD validation on pattern error - Fix an unimplemented part in RNG value validation [2.7.6-8.el6] - remove chunk in patch related to configure.in as it breaks rebuild - Resolves: rhbz#788846 [2.7.6-7.el6] - fix previous build to force compilation of randomization code - Resolves: rhbz#788846 [2.7.6-6.el6] - adds randomization to hash and dict structures CVE-2012-0841 - Resolves: rhbz#788846 [2.7.6-5.el6] - Make sure the parser returns when getting a Stop order CVE-2011-3905 - Fix an allocation error when copying entities CVE-2011-3919 - Resolves: rhbz#771910 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2807 CVE-2011-3102 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [2.6.32-279.9.1.el6] - [md] raid1, raid10: avoid deadlock during resync/recovery. (Dave Wysochanski) [845464 835613] - [fs] dlm: fix deadlock between dlm_send and dlm_controld (David Teigland) [849051 824964] - [ata] libata: Add space to fix 2GB ATA Flash Disk/ADMA428M blacklist (Prarit Bhargava) [851445 843849] - [fs] nfs: nfs_attr_use_mounted_on_file() missing return value (Frantisek Hrbata) [847945 842312] - [fs] gfs2: Make gfs2_write_end not dirty the inode with every write (Robert S Peterson) [849551 844814] - [net] sched/act_mirred: do not drop packets when fails to mirror it (Jason Wang) [851444 846585] - [net] sched: fix race in mirred device removal (Jason Wang) [851444 846585] - [net] sched: printk message severity (Jason Wang) [851444 846585] - [net] sched: act_mirred cleanup (Jason Wang) [851444 846585] - [kernel] sched: Fix signed unsigned comparison in check_preempt_tick() (Frederic Weisbecker) [843102 835797] - [netdrv] be2net: reduce gso_max_size setting to account for ethernet header (Ivan Vecera) [842757 834185] - [powerpc] Fix wrong divisor in usecs_to_cputime backport (Steve Best) [847727 821374] - [fs] procfs: do not confuse jiffies with cputime64_t (Frantisek Hrbata) [847727 821374] - [kernel] time: Add nsecs_to_cputime64 interface for asm-generic (Steve Best) [847727 821374] - [powerpc] Fix wrong divisor in usecs_to_cputime (Steve Best) [847727 821374] [2.6.32-279.8.1.el6] - [netdrv] e1000e: prevent oops when adapter is being closed and reset simultaneously (Dean Nelson) [847045 826375] - [net] tcp: clear hints to avoid a stale one (Andy Gospodarek) [846832 807704] - [md] dm-raid1: Fix mirror crash when discard request is sent and sync is in progress (Mikulas Patocka) [846839 837607] - [netdrv] bond_alb: dont disable softirq under bond_alb_xmit (Jiri Pirko) [846216 841987] - [x86] ioapic: Fix kdump race with migrating irq (Don Zickus) [812962 783322] - [net] rds: set correct msg_namelen (Weiping Pan) [822729 822731] {CVE-2012-3430} - [x86] amd_iommu: Fix SRIOV and hotplug devices (Stefan Assmann) [846838 832009] - [mm] hugetlb: fix resv_map leak in error path (Motohiro Kosaki) [824350 824351] {CVE-2012-2390} - [netdrv] dl2k: fix unfiltered netdev rio_ioctl access by users (Jacob Tanenbaum) [818824 818825] {CVE-2012-2313} - [drm] i915: fix integer overflow in i915_gem_do_execbuffer() (Jacob Tanenbaum) [824561 824563] {CVE-2012-2384} - [virt] kvm: handle last_boosted_vcpu = 0 case (Rik van Riel) [847042 827031] - [md] raid5: Reintroduce locking in handle_stripe() to avoid racing (Jes Sorensen) [846836 828065] - [kernel] timekeeping: Fix leapsecond triggered load spike issue (Prarit Bhargava) [847366 840950 836803 836748] - [kernel] hrtimer: Provide clock_was_set_delayed() (Prarit Bhargava) [847366 840950 836803 836748] - [kernel] ntp: Add ntp_lock to replace xtime_locking (Prarit Bhargava) [847366 840950 836803 836748] - [fs] proc/stat: fix whitespace damage in use arch_idle_time patch (Steve Best) [841579 841149] [2.6.32-279.7.1.el6] - [net] netconsole: fix deadlock on network restart (Jiri Benc) [842982 839266] [2.6.32-279.6.1.el6] - [net] ipv4: add RCU protection to inet->opt (Jiri Pirko) [844274 829109] - [net] tun: allow tap iface in netconsoled bridge (Jiri Benc) [842984 838025] MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2384 CVE-2012-2313 CVE-2012-3430 CVE-2012-3552 CVE-2012-2390 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.1.12-4] - resolves: bug#855316 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3547 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 firefox [10.0.8-1.0.2.el6_3] - Updated firefox-oracle-default-prefs.js based on latest firefox-redhat-default-prefs.js [10.0.8-1.0.1.el6_3] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.8-1] - Update to 10.0.8 ESR xulrunner [10.0.8-1.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.8-1] - Update to 10.0.8 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-4180 CVE-2012-4181 CVE-2012-4185 CVE-2012-4186 CVE-2012-3986 CVE-2012-3982 CVE-2012-4179 CVE-2012-4187 CVE-2012-3990 CVE-2012-4183 CVE-2012-3993 CVE-2012-3988 CVE-2012-3991 CVE-2012-3992 CVE-2012-1956 CVE-2012-3994 CVE-2012-3995 CVE-2012-4182 CVE-2012-4184 CVE-2012-4188 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [10.0.8-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.8-1] - Update to 10.0.8 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-3992 CVE-2012-4182 CVE-2012-1956 CVE-2012-3993 CVE-2012-3995 CVE-2012-4179 CVE-2012-4188 CVE-2012-3986 CVE-2012-4180 CVE-2012-3994 CVE-2012-4184 CVE-2012-4185 CVE-2012-3982 CVE-2012-3988 CVE-2012-4181 CVE-2012-3991 CVE-2012-4187 CVE-2012-3990 CVE-2012-4183 CVE-2012-4186 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [libvirt-0.9.10-21.0.1.el6_3.5] - Replace docs/et.png in tarball with blank image [libvirt-0.9.10-21.el6_3.5] - security: Fix libvirtd crash possibility (CVE-2012-4423) - Fix augeas test of shared sanlock leases (rhbz#858988) - qemu augeas: Add spice_tls/spice_tls_x509_cert_dir (rhbz#858988) - Fix mistakes in augeas lens (rhbz#858988) - qemu: Fix failure path in disk hotplug (rhbz#859376) - blockjob: Relabel entire existing chain (rhbz#860720) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-4423 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [10.0.8-2.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.8-2] - Added patches from 10.0.9 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-4193 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [10.0.8-2.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.8-2] - Added patches from 10.0.9 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-4193 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [32:9.8.2-0.10.rc1.5] - fix CVE-2012-5166 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-5166 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [2.6.32-279.11.1.el6] - [net] core: Fix napi_gro_frags vs netpoll path (Amerigo Wang) [857854 845347] - [netdrv] benet: disable BH in callers of be_process_mcc() (Amerigo Wang) [857854 845347] - [net] bonding: remove IFF_IN_NETPOLL flag (Amerigo Wang) [857854 845347] - [mm] fix contig_page_data kABI breakage and related memory corruption (Satoru Moriya) [857012 853007] - [net] sctp: backport sctp cache ipv6 source after route lookup (Michele Baldessari) [858284 855759] - [net] sctp: backport support of sctp multi-homing ipv6 source address selection (Michele Baldessari) [858284 855759] - [net] ipv6: backport RTA_PREFSRC ipv6 source route selection support (Michele Baldessari) [858285 851118] - [netdrv] sfc: Fix maximum number of TSO segments and minimum TX queue size (Nikolay Aleksandrov) [845556 845557] {CVE-2012-3412} - [s390] zfcp: No automatic port_rescan on events (Hendrik Brueckner) [856316 855131] - [fs] xfs: push the AIL from memory reclaim and periodic sync (Dave Chinner) [856686 855139] [2.6.32-279.10.1.el6] - [mm] hugetlbfs: close race during teardown of hugetlbfs shared page tables (Rafael Aquini) [857334 856325] - [mm] hugetlbfs: Correctly detect if page tables have just been shared (Rafael Aquini) [857334 856325] - [kernel] sched: fix divide by zero at {thread_group,task}_times (Stanislaw Gruszka) [856703 843771] IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3412 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1:1.6.0.0-1.50.1.11.5] - Changed permissions of sa-jdi.jar to correct 644 - Resolves: rhbz#865045 [1:1.6.0.0-1.49.1.11.5] - Updated to IcedTea6 1.11.5 - Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-3216 CVE-2012-5086 CVE-2012-4416 CVE-2012-5068 CVE-2012-5089 CVE-2012-5069 CVE-2012-5077 CVE-2012-5084 CVE-2012-5071 CVE-2012-5073 CVE-2012-5085 CVE-2012-5075 CVE-2012-5072 CVE-2012-5081 CVE-2012-5079 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.7.0.9-2.3.3.0.1.el6_3.1] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.3.el6.1] - Changed permissions of sa-jdi.jar to correct 644 - Resolves: rhbz#865050 [1.7.0.9-2.3.3.el6] - Updated to 2.3.3 - Updated java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568 [1.7.0.5-2.3.2.el6.1] - Cleanup before security release - Updated to latest IcedTea7-forest 2.3 - Resolves: rhbz#852299 [1.7.0.5-2.2.1.1.el6.4] - Cleanup before security release - Removed patches: patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch - Resolves: rhbz#852299 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-5068 CVE-2012-5070 CVE-2012-5079 CVE-2012-5071 CVE-2012-5074 CVE-2012-5077 CVE-2012-5072 CVE-2012-5084 CVE-2012-5086 CVE-2012-5087 CVE-2012-3216 CVE-2012-5069 CVE-2012-5073 CVE-2012-5075 CVE-2012-5076 CVE-2012-5081 CVE-2012-5085 CVE-2012-5088 CVE-2012-5089 CVE-2012-4416 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox [10.0.10-1.0.1.el6_3] - Replaced firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.10-1] - Update to 10.0.10 ESR [10.0.8-2] - Fixed rhbz#865284 - add the storage.nfs_filesystem config key to property list - disable OOP for wrapped plugins (nspluginwrapper) xulrunner [10.0.10-1.0.1.el6_3] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.10-1] - Added patches from 10.0.10 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-4195 CVE-2012-4196 CVE-2012-4194 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [10.0.10-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [10.0.10-1] - Update to 10.0.10 ESR IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-4194 CVE-2012-4196 CVE-2012-4195 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [6:4.3.4-14.2] - fix multilib conflict [6:4.3.4-14.1] - Resolves: bz#866228, CVE-2012-4512 CVE-2012-4513 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-4512 CVE-2012-4513 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [6:4.3.4-19.0.1] - rebuild it with new rules add build requirement of installing libXdmcp-devel [6:4.3.4-19] - fix multilib conflict [6:4.3.4-18] - Resolves: bz#866230, CVE-2012-4512 CVE-2012-4513 [4.3.4-17] - Resolves: bz#754161, bz#587016, bz#682611, bz#734734, bz#826114, respin [6:4.3.4-16] - Resolves: bz#754161, stop/warn when a subdir is not accessible when copying [6:4.3.4-15] - Resolves: bz#587016, print dialogue does not remember previous settings - Resolves: bz#682611, Konqueror splash page in zh_TW is wrong - Resolves: bz#734734, plasma eating up cpu-time when systemtray some icon - Resolves: bz#826114, konqueror crash when trying to add 'Terminal Emulator' to main menu bar CRITICAL Copyright 2013 Oracle, Inc. CVE-2012-4513 CVE-2012-4512 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-279.14.1.el6] - [usb] usbhid: Fix use-after-free in USBHID (James Paradis) [864827 857518] - [usb] Add kernel parameter to force io_watchdog for Intel EHCI HCD (James Paradis) [865713 846024] - [block] Fix hanging kernel threads in blk_execute_rq() (James Paradis) [865308 855984] - [mm] hugetlb: do not use vma_hugecache_offset() for vma_prio_tree_foreach (Frederic Weisbecker) [843034 843035] {CVE-2012-2133} - [mm] hugepages: fix use after free bug in 'quota' handling (Frederic Weisbecker) [843034 843035] {CVE-2012-2133} - [mm] hugetlb: fix pgoff computation when unmapping page from vma (Frederic Weisbecker) [843034 843035] {CVE-2012-2133} - [mm] hugetlb: fix ENOSPC returned by handle_mm_fault() (Frederic Weisbecker) [843034 843035] {CVE-2012-2133} - [fs] gfs2: Write out dirty inode metadata in delayed deletes (Frantisek Hrbata) [859326 748827] - [usb] core: Fix device removal race condition (James Paradis) [864821 849188] - [mm] x86_32: fix SHLIB_BASE address typo (Aristeu S. Rozanski F) [804955 804956] {CVE-2012-1568} - [hid] hidraw: fix window in hidraw_release (Don Zickus) [841824 839973] - [hid] hidraw: protect hidraw_disconnect() better (Don Zickus) [841824 839973] - [hid] hidraw: remove excessive _EMERG messages from hidraw (Don Zickus) [841824 839973] - [hid] hidraw: fix hidraw_disconnect() (Don Zickus) [841824 839973] - [hid] fix a NULL pointer dereference in hidraw_write (Don Zickus) [841824 839973] - [hid] fix a NULL pointer dereference in hidraw_ioctl (Don Zickus) [841824 839973] - [hid] remove BKL from hidraw (Don Zickus) [841824 839973] - [mm] x86_32: randomize SHLIB_BASE (Aristeu Rozanski) [804955 804956] {CVE-2012-1568} - [block] fix up use after free in __blkdev_get (Jeff Moyer) [853943 847838] - [scsi] remove no longer valid BUG_ON in scsi_lld_busy (Jeff Garzik) [860640 842881] - [scsi] fix NULL request_queue in scsi_requeue_run_queue() (Jeff Garzik) [860640 842881] - [net] svcrpc: fix BUG() in svc_tcp_clear_pages (J. Bruce Fields) [856106 769045] - [scsi] lpfc: Fixed SCSI device reset escalation (Rob Evers) [861390 827566] - [scsi] lpfc: Fix abort status (Rob Evers) [861390 827566] - [kernel] cgroup: add cgroup_root_mutex (Frederic Weisbecker) [858954 844531] - [mm] Hold a file reference in madvise_remove (Jerome Marchand) [849738 849739] {CVE-2012-3511} - [base] driver-core: fix device_register race (Rob Evers) [860784 833098] - [netdrv] e1000e: drop check of RXCW.CW to eliminate link going up and down (Dean Nelson) [857055 847310] - [scsi] be2iscsi: Format the MAC_ADDR with sysfs (Rob Evers) [863147 827594] - [usb] usbdevfs: Add a USBDEVFS_GET_CAPABILITIES ioctl (Don Zickus) [841667 828271] - [fs] udf: fix retun value on error path in udf_load_logicalvol (Nikola Pajkovsky) [843142 843143] {CVE-2012-3400} - [fs] udf: Improve table length check to avoid possible overflow (Nikola Pajkovsky) [843142 843143] {CVE-2012-3400} - [fs] udf: Fortify loading of sparing table (Nikola Pajkovsky) [843142 843143] {CVE-2012-3400} - [fs] udf: Avoid run away loop when partition table length is corrupted (Nikola Pajkovsky) [843142 843143] {CVE-2012-3400} - [fs] udf: Use 'ret' instead of abusing 'i' in udf_load_logicalvol() (Nikola Pajkovsky) [843142 843143] {CVE-2012-3400} - [netdrv] bnx2x: Add remote-fault link detection (Michal Schmidt) [852450 814877] - [net] sunrpc: svc_xprt sends on closed socket should stop immediately (J. Bruce Fields) [853257 849702] - [mm] Never OOM kill tasks outside of memory cgroup when memory.limit_in_bytes is exceeded by a Transparent Huge Page (Larry Woodman) [860942 811255] - [powerpc] pseries: Support lower minimum entitlement for virtual processors (Steve Best) [860165 822651] - [usbhid] hiddev: Consolidate device existence checks in hiddev_ioctl (Don Zickus) [841824 839973] - [usbhid] hiddev: Fix race between disconnect and hiddev_ioctl (Don Zickus) [841824 839973] - [usbhid] hiddev: protect against disconnect/NULL-dereference race (Don Zickus) [841824 839973] - [crypto] algapi: Move larval completion into algboss (Herbert Xu) [854476 832135] - [fs] xfs: disable xfsaild idle mode (Brian Foster) [860787 813137] - [fs] xfs: fix the logspace waiting algorithm (Brian Foster) [860787 813137] - [fs] xfs: add AIL pushing tracepoints (Brian Foster) [860787 813137] - [fs] xfs: force the log if we encounter pinned buffers in .iop_pushbuf (Brian Foster) [860787 813137] - [fs] xfs: do not update xa_last_pushed_lsn for locked items (Brian Foster) [860787 813137] [2.6.32-279.13.1.el6] - [net] sctp: Implement quick failover draft from tsvwg (Neil Horman) [861953 830716] - [net] sctp: be more restrictive in transport selection on bundled sacks (Neil Horman) [861953 830716] [2.6.32-279.12.1.el6] - [netdrv] mlx4: check promisc on proper port (Doug Ledford) [858955 854052] - [netdrv] mlx4: attach multicast with correct flag (Doug Ledford) [858956 854376] - [netdrv] mlx4: remove redundant adding of steering type to gid (Doug Ledford) [859436 854053] - [netdrv] Revert: Fix a merge issue (Doug Ledford) [859436 854053] MODERATE Copyright 2012 Oracle, Inc. CVE-2012-1568 CVE-2012-2133 CVE-2012-3400 CVE-2012-3511 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.2.2-1] - Updated to 1.2.2 - Resolves: CVE-2012-4540 CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-4540 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.1.2-4] - avoid buffer overflow in ppm loader (CVE-2012-4433) MODERATE Copyright 2012 Oracle, Inc. CVE-2012-4433 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [1.4.4-1] - Rebase the package to latest upstream - Added Adobe reader fix (#645599) LOW Copyright 2012 Oracle, Inc. CVE-2011-2486 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [0.3.0-3] - Fix CVE-2012-4505 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-4505 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [5.1.66-1] - Update to 5.1.66, for assorted upstream bugfixes including CVEs announced in July and October 2012 Resolves: #871813 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-1690 CVE-2012-3158 CVE-2012-3180 CVE-2012-0540 CVE-2012-2749 CVE-2012-3166 CVE-2012-3167 CVE-2012-1703 CVE-2012-3150 CVE-2012-1734 CVE-2012-3163 CVE-2012-3173 CVE-2012-3177 CVE-2012-1688 CVE-2012-3160 CVE-2012-3197 CVE-2012-1689 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 firefox [10.0.11-1.0.1.el6_3] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [10.0.11-1] - Update to 10.0.11 ESR xulrunner [10.0.11-1.0.1.el6_3] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.11-1] - Update to 10.0.11 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-5833 CVE-2012-5839 CVE-2012-4202 CVE-2012-4207 CVE-2012-4214 CVE-2012-4216 CVE-2012-5830 CVE-2012-5840 CVE-2012-5835 CVE-2012-5829 CVE-2012-4201 CVE-2012-5841 CVE-2012-5842 CVE-2012-4209 CVE-2012-4210 CVE-2012-4215 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [10.0.11-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [10.0.11-1] - Update to 10.0.11 ESR CRITICAL Copyright 2012 Oracle, Inc. CVE-2012-4201 CVE-2012-4215 CVE-2012-4209 CVE-2012-4216 CVE-2012-5830 CVE-2012-5840 CVE-2012-5835 CVE-2012-5841 CVE-2012-5842 CVE-2012-4202 CVE-2012-5833 CVE-2012-5839 CVE-2012-4207 CVE-2012-5829 CVE-2012-4214 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.7.6-8.0.1.el6_3.4 ] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-8.el6_3.4] - fix out of range heap access (CVE-2012-5134) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-5134 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [32:9.8.2-0.10.rc1.6] - fix CVE-2012-5688 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-5688 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.1.66-2] - Add backported patch for CVE-2012-5611 Resolves: CVE-2012-5611 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-5611 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [2.6.32-279.19.1.el6] - [drm] i915: dont clobber the pipe param in sanitize_modesetting (Frantisek Hrbata) [876549 857792] - [drm] i915: Sanitize BIOS debugging bits from PIPECONF (Frantisek Hrbata) [876549 857792] - [net] fix divide by zero in tcp algorithm illinois (Flavio Leitner) [871920 866514] {CVE-2012-4565} - [fs] xfs: fix reading of wrapped log data (Dave Chinner) [876499 874322] - [x86] mm: fix signedness issue in mmap_rnd() (Petr Matousek) [876496 875036] - [net] WARN if struct ip_options was allocated directly by kmalloc (Jiri Pirko) [877950 872799] - [fs] block_dev: Fix crash when block device is read and block size is changed at the same time (Frantisek Hrbata) [864826 855906] - [mm] tracing: Move include of trace/events/kmem.h out of header into slab.c (Jeff Moyer) [864826 855906] - [mm] slab: Move kmalloc tracepoint out of inline code (Jeff Moyer) [864826 855906] - [netdrv] bnx2x: organize BDs calculation for stop/resume (Frantisek Hrbata) [874022 819842] - [netdrv] bnx2x: fix panic when TX ring is full (Michal Schmidt) [874022 819842] [2.6.32-279.18.1.el6] - [scsi] sd: fix crash when UA received on DIF enabled device (Ewan Milne) [876487 865682] - [mm] hugetlb: fix non-atomic enqueue of huge page (Rafael Aquini) [876101 869750] - [x86] amd_iommu: attach device fails on the last pci device (Don Dutile) [876493 861164] - [net] nfs: Fix buffer overflow checking in __nfs4_get_acl_uncached (Frantisek Hrbata) [811794 822871] {CVE-2012-2375} - [net] nfs: Fix the acl cache size calculation (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] nfs: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] nfs: nfs_getaclargs.acl_len is a size_t (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] nfs: Dont use private xdr_stream fields in decode_getacl (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] nfs: Fix pointer arithmetic in decode_getacl (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] nfs: Simplify the GETATTR attribute length calculation (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] sunrpc: Add the helper xdr_stream_pos (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] sunrpc: Dont decode beyond the end of the RPC reply message (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] sunrpc: Clean up xdr_set_iov() (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [net] sunrpc: xdr_read_pages needs to clear xdr->page_ptr (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [fs] nfs: Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [fs] nfs: Avoid reading past buffer when calling GETACL (Sachin Prabhu) [811794 822871] {CVE-2012-2375} - [scsi] ibmvfc: Fix double completion on abort timeout (Steve Best) [876088 865115] - [net] core: allocate skbs on local node (Andy Gospodarek) [876491 843163] [2.6.32-279.17.1.el6] - [mm] Prevent kernel panic in NUMA related system calls after memory hot-add (Larry Woodman) [875382 870350] {CVE-2012-5517} - [md] Dont truncate size at 4TB for RAID0 and Linear (Jes Sorensen) [866470 865637] - [fs] ext4: fix undefined bit shift result in ext4_fill_flex_info (Lukas Czerner) [809690 809691] {CVE-2012-2100} - [fs] ext4: fix undefined behavior in ext4_fill_flex_info() (Lukas Czerner) [809690 809691] {CVE-2012-2100} - [kernel] sched_rt: Ignore RT queue throttling if idle task has RT policy (Igor Mammedov) [853950 843541] - [kernel] sched: Create special class for stop/migrate work (Igor Mammedov) [853950 843541] - [net] ipv6: fix overlap check for fragments (Amerigo Wang) [874550 819952] {CVE-2012-4444} - [net] ipv6: discard overlapping fragment (Jiri Pirko) [874550 819952] {CVE-2012-4444} [2.6.32-279.16.1.el6] - [lib] Fix rwsem to not hang the system (David Howells) [871854 852847] [2.6.32-279.15.1.el6] - [netdrv] mlx4: Re-design multicast attachments flow (Doug Ledford) [866795 859533] MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2100 CVE-2012-2375 CVE-2012-4444 CVE-2012-4565 CVE-2012-5517 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [3.9.4-9] - Still more fixes to make test case for CVE-2012-5581 work on all platforms Resolves: #885310 [3.9.4-8] - Fix incomplete patch for CVE-2012-3401 - Add libtiff-tiffinfo-exif.patch so that our test case for CVE-2012-5581 works with pre-4.0.2 libtiff Resolves: #885310 [3.9.4-7] - Add fixes for CVE-2012-3401, CVE-2012-4447, CVE-2012-4564, CVE-2012-5581 Resolves: #885310 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-4447 CVE-2012-4564 CVE-2012-5581 CVE-2012-3401 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 [2.6.32-300.7.1.el6uek] - Revert "proc: enable writing to /proc/pid/mem" [orabug 13619701] {CVE-2012-0056} - [PATCH] x86, tsc: Skip TSC synchronization checks for tsc=reliable (Suresh Siddha) [2.6.32-300.6.1.el6uek] - tracing: Fix null pointer deref with SEND_SIG_FORCED (Oleg Nesterov) [orabug 13611655] [2.6.32-300.5.1.el6uek] - sched, x86: Avoid unnecessary overflow in sched_clock (Salman Qazi) [orabug 13604567] - [x86]: Don't resume/restore cpu if not of the expected cpu (Joe Jin) [orabug 13492670] - drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow (Chris Wilson) [CVE-2010-296] - x2apic: Enable the bios request for x2apic optout (Suresh Siddha) [orabug 13565303] - fuse: split queues to scale I/O throughput (Srinivas Eeda) [orabug 10004611] - fuse: break fc spinlock (Srinivas Eeda) [orabug 10004611] IMPORTANT Copyright 2012 Oracle, Inc. CVE-2010-2962 CVE-2012-0056 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:5:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.11.1.el6uek] - [fs] xfs: Fix possible memory corruption in xfs_readlink (Carlos Maiolino) {CVE-2011-4077} - [scsi] increase qla2xxx firmware ready time-out (Joe Jin) - [scsi] qla2xxx: Module parameter to control use of async or sync port login (Joe Jin) - [net] tg3: Fix single-vector MSI-X code (Joe Jin) - [net] qlge: fix size of external list for TX address descriptors (Joe Jin) - [net] e1000e: Avoid wrong check on TX hang (Joe Jin) - crypto: ghash - Avoid null pointer dereference if no key is set (Nick Bowler) {CVE-2011-4081} - jbd/jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) {CVE-2011-4132} - KVM: Device assignment permission checks (Joe Jin) {CVE-2011-4347} - KVM: x86: Prevent starting PIT timers in the absence of irqchip support (Jan Kiszka) {CVE-2011-4622} - xfs: validate acl count (Joe Jin) {CVE-2012-0038} - KVM: x86: fix missing checks in syscall emulation (Joe Jin) {CVE-2012-0045} - KVM: x86: extend 'struct x86_emulate_ops' with 'get_cpuid' (Joe Jin) {CVE-2012-0045} - igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Ben Hutchings) {CVE-2012-0207} - ipv4: correct IGMP behavior on v3 query during v2-compatibility mode (David Stevens) - fuse: fix fuse request unique id (Srinivas Eeda) [orabug 13816349] [2.6.32-300.10.1.el6uek] - net: remove extra register in ip_gre (Guru Anbalagane) [Orabug: 13633287] [2.6.32-300.9.1.el6uek] - [netdrv] fnic: return zero on fnic_reset() success (Joe Jin) - [e1000e] Add entropy generation back for network interrupts (John Sobecki) - [nfs4] LINUX CLIENT TREATS NFS4ERR_GRACE AS A PERMANENT ERROR [orabug 13476821] (John Sobecki) - [nfs] NFS CLIENT CONNECTS TO SERVER THEN DISCONNECTS [orabug 13516759] (John Sobecki) - [sunrpc] Add patch for a mount crash in __rpc_create_common [orabug 13322773] (John Sobecki) [2.6.32-300.8.1.el6uek] - SPEC: fix dependency on firmware/mkinitrd (Guru Anbalagane) [orabug 13637902] - xfs: fix acl count validation in xfs_acl_from_disk() (Dan Carpenter) - [SCSI] scsi_dh: check queuedata pointer before proceeding further (Moger Babu) [orabug 13615419] IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-0207 CVE-2012-0045 CVE-2012-0038 CVE-2011-4622 CVE-2011-4347 CVE-2011-4077 CVE-2011-4132 CVE-2011-4081 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.21.1.el6uek] - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) CVE-2012-1097 - regset: Prevent null pointer reference on readonly regsets (H. Peter Anvin) CVE-2012-1097 - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) CVE-2012-1090 - block: Fix io_context leak after failure of clone with CLONE_IO (Louis Rilling) CVE-2012-0879 MODERATE Copyright 2012 Oracle, Inc. CVE-2012-1090 CVE-2012-1097 CVE-2012-0879 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-100.6.1] - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) {CVE-2012-1097} - regset: Prevent null pointer reference on readonly regsets (H. Peter Anvin) {CVE-2012-1097} - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) {CVE-2012-1090} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-1097 CVE-2012-1090 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-100.7.1.el6uek] - KVM: Ensure all vcpus are consistent with in-kernel irqchip settings (Avi Kivity) [Bugdb: 13871] {CVE-2012-1601} - jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) [Bugdb: 13871] {CVE-2011-4086} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-1601 CVE-2011-4086 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek: [2.6.32-300.25.1.el6uek] - jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) [Bugdb: 13871] {CVE-2011-4086} MODERATE Copyright 2012 Oracle, Inc. CVE-2011-4086 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 kernel-uek: [2.6.32-300.27.1.el6uek] - net: sock: validate data_len before allocating skb (Jason Wang) [Bugdb: 13966]{CVE-2012-2136} - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123} - Revert 'nfs: when attempting to open a directory, fall back on normal lookup (Todd Vierling) [Orabug 14141154] [2.6.32-300.26.1.el6uek] - mptsas: do not call __mptsas_probe in kthread (Maxim Uvarov) [Orabug: 14175509] - mm: check if any page in a pageblock is reserved before marking it MIGRATE_RESERVE (Maxim Uvarov) [Orabug: 14073214] - mm: reduce the amount of work done when updating min_free_kbytes (Mel Gorman) [Orabug: 14073214] - vmxnet3: Updated to el6-u2 (Guangyu Sun) [Orabug: 14027961] - xen: expose host uuid via sysfs. (Zhigang Wang) - sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13946210] - x86, boot: Wait for boot cpu to show up if nr_cpus limit is about to hit (Zhenzhong Duan) [Orabug: 13629087] - smp: Use nr_cpus= to set nr_cpu_ids early (Zhenzhong Duan) [Orabug: 13629087] - net: ipv4: relax AF_INET check in bind() (Maxim Uvarov) [Orabug: 14054411] ofa-2.6.32-300.27.1.el6uek: [1.5.1-4.0.58] - Add Patch 158-169 IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-2123 CVE-2012-2136 cpe:/a:oracle:linux:6:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-100.10.1.el6uek] - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (Andrea Arcangeli) [Orabug: 14217003] [2.6.39-100.9.1.el6uek] - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (Andrea Arcangeli) [Bugdb: 13966] {CVE-2012-2373} - mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) {CVE-2012-1179} - KVM: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [Bugdb: 13966] {CVE-2012-2137} - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [Bugdb: 13966] {CVE-2012-2136} - KVM: lock slots_lock around device assignment (Alex Williamson) [Bugdb: 13966] {CVE-2012-2121} - KVM: unmap pages from the iommu when slots are removed (Alex Williamson) [Bugdb: 13966] {CVE-2012-2121} - KVM: introduce kvm_for_each_memslot macro (Xiao Guangrong) [Bugdb: 13966] - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123} [2.6.39-100.8.1.el6uek] - net: ipv4: relax AF_INET check in bind() (Eric Dumazet) [Orabug: 14054411] IMPORTANT Copyright 2012 Oracle, Inc. cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-200.24.1.el5uek] - Revert 'Add Oracle VM guest messaging driver' (Guru Anbalagane) [Orabug: 14233627} [2.6.39-200.23.1.el5uek] - SPEC: add block/net modules to list used by installer (Guru Anbalagane) [Orabug: 14224837] [2.6.39-200.22.1.el5uek] - NFSv4: include bitmap in nfsv4 get acl data (Andy Adamson) {CVE-2011-4131} - ocfs2:btrfs: aio-dio-loop changes broke setrlimit behavior [orabug 14207636] (Dave Kleikamp) - Add Oracle VM guest messaging driver (Zhigang Wang) - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (Andrea Arcangeli) [Orabug: 14217003] [2.6.39-200.21.0.el5uek] - KVM: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [Bugdb: 13966] {CVE-2012-2137} - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [Bugdb: 13966] {CVE-2012-2136} - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (Andrea Arcangeli) [Bugdb: 13966] {CVE-2012-2373} - KVM: lock slots_lock around device assignment (Alex Williamson) [Bugdb: 13966] {CVE-2012-2121} - KVM: unmap pages from the iommu when slots are removed (Alex Williamson) [Bugdb: 13966] {CVE-2012-2121} - KVM: introduce kvm_for_each_memslot macro (Xiao Guangrong) [Bugdb: 13966] - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123} [2.6.39-200.20.0.el5uek] - Update lpfc version for 8.3.5.68.6p driver release (Martin K. Petersen) - Fix system hang due to bad protection module parameters (CR 130769) (Martin K. Petersen) - oracleasm: Data integrity support (Martin K. Petersen) - sd: Allow protection_type to be overridden (Martin K. Petersen) - SCSI: Fix two bugs in DIX retry handling (Martin K. Petersen) - sd: Avoid remapping bad reference tags (Martin K. Petersen) - block: Fix bad range check in bio_sector_offset (Martin K. Petersen) [2.6.39-200.19.0.el5uek] - xen/netback: Calculate the number of SKB slots required correctly (Simon Graham) [2.6.39-200.18.0.el5uek] - e1000e: disable rxhash when try to enable jumbo frame also rxhash and rxcsum have enabled (Joe Jin) [2.6.39-200.17.0.el5uek] - mm: reduce the amount of work done when updating min_free_kbytes (Mel Gorman) [Orabug: 14073214] - ocfs2: clear unaligned io flag when dio fails (Junxiao Bi) [Orabug: 14063941] - aio: make kiocb->private NUll in init_sync_kiocb() (Junxiao Bi) [Orabug: 14063941] - vmxnet3: cap copy length at size of skb to prevent dropped frames on tx (Neil Horman) [Orabug: 14159701] - mm/mempolicy.c: refix mbind_range() vma issue (KOSAKI Motohiro) [Orabug: 14149364] - mm/mempolicy.c: fix pgoff in mbind vma merge (Caspar Zhang) [Orabug:14149364] [2.6.39-200.16.0.el5uek] - xen/gntdev: Fix merge error. (Konrad Rzeszutek Wilk) [2.6.39-200.15.0.el5uek] - xen: expose host uuid via sysfs. (Zhigang Wang) [2.6.39-200.14.0.el5uek] - SPEC: upgrade preserve rhck as a boot kernel (Kevin Lyons) [Orabug: 14065209] - hxge: update driver to 1.3.4 (Maxim Uvarov) [Orabug: 14134149] - SPEC: v2.6.39-200.12.0 (Maxim Uvarov) - Revert 'bnx2x: correction to firmware interface' (Joe Jin) - cnic: fix bnx2fc_constants.h path (Maxim Uvarov) - bnx2x: PFC fix (Yaniv Rosner) - cnic: Fix parity error code conflict (Michael Chan) - bnx2x: Clear MDC/MDIO warning message (Yaniv Rosner) - bnx2x: Fix BCM578x0-SFI pre-emphasis settings (Yaniv Rosner) - bnx2x: Fix BCM57810-KR AN speed transition (Yaniv Rosner) - cnic: Re-init dev->stats_addr after chip reset (Michael Chan) - config: turn on CONFIG_HVC_XEN_FRONTEND (Maxim Uvarov) [Orabug: 14064174] - ixgbe: Dont set ip checksum if did not enable tso. (Joe Jin) - Revert 'x86, efi: Pass a minimal map to SetVirtualAddressMap()' (Maxim Uvarov) [Orabug: 14076004] - r8169: add firmware files (Joe Jin) - e1000e: fix build warning. (Joe Jin) - bnx2x: file build warning (Joe Jin) - 8139too: Add 64bit statistics (Junchang Wang) - net: export netdev_stats_to_stats64 (Eric Dumazet) - r8169: enable transmit time stamping. (Joe Jin) - r8169: stop using net_device.{base_addr, irq}. (Francois Romieu) - r8169: move the driver removal method to the end of the driver file. (Francois Romieu) - r8169: fix unsigned int wraparound with TSO (Julien Ducourthial) - 8139cp: set intr mask after its handler is registered (Jason Wang) - r8169: enable napi on resume. (Artem Savkov) - r8169: runtime resume before shutdown. (francois romieu) - r8169: add 64bit statistics. (Junchang Wang) - r8169: corrupted IP fragments fix for large mtu. (francois romieu) - r8169: spinlock redux. (Francois Romieu) - r8169: avoid a useless work scheduling. (Francois Romieu) - r8169: move task enable boolean to bitfield. (Francois Romieu) - r8169: bh locking redux and task scheduling. (Francois Romieu) - r8169: fix early queue wake-up. (Francois Romieu) - r8169: remove work from irq handler. (Joe Jin) - r8169: missing barriers. (Francois Romieu) - r8169: irq mask helpers. (Francois Romieu) - r8169: factor out IntrMask writes. (Francois Romieu) - r8169: stop delaying workqueue. (Francois Romieu) - r8169: remove rtl8169_reinit_task. (Francois Romieu) - r8169: remove hardcoded PCIe registers accesses. (Francois Romieu) - 8139cp: fix missing napi_gro_flush. (francois romieu) - 8139cp/8139too: do not read into reserved registers (Jason Wang) - r8169: fix Config2 MSIEnable bit setting. (francois romieu) - r8169: fix Rx index race between FIFO overflow recovery and NAPI handler. (francois romieu) - r8169: Rx FIFO overflow fixes. (francois romieu) - corral some wayward N/A fw_version dust bunnies (Rick Jones) - ethernet: Convert MAC_ADDR_LEN uses to ETH_ALEN (Joe Jin) - sweep the floors and convert some .get_drvinfo routines to strlcpy (Joe Jin) - r8169: check firmware content sooner. (Francois Romieu) - r8169: support new firmware format. (Hayes Wang) - r8169: explicit firmware format check. (Francois Romieu) - r8169: move the firmware down into the device private data. (Francois Romieu) - r8169: increase the delay parameter of pm_schedule_suspend (hayeswang) - r8169: fix wrong eee setting for rlt8111evl (hayeswang) - r8169: fix driver shutdown WoL regression. (francois romieu) - Add ethtool -g support to 8139cp (Rick Jones) - sc92031: use standard #defines from mii.h. (francois romieu) - r8169: jumbo fixes. (Francois Romieu) - r8169: expand received packet length indication. (Francois Romieu) - r8169: support new chips of RTL8111F (Hayes Wang) - r8169: do not enable the TBI for anything but the original 8169. (Francois Romieu) - r8169: remove erroneous processing of always set bit. (Francois Romieu) - r8169: fix WOL setting for 8105 and 8111evl (Hayes Wang) - r8169: add MODULE_FIRMWARE for the firmware of 8111evl (Hayes Wang) - r8169: fix the reset setting for 8111evl (Hayes Wang) - r8169: define the early size for 8111evl (Hayes Wang) - r8169: convert to SKB paged frag API. (Ian Campbell) - 8139cp: convert to SKB paged frag API. (Ian Campbell) - net: remove use of ndo_set_multicast_list in realtek drivers (Joe Jin) - r8169 : MAC address change fix for the 8168e-vl. (francois romieu) - r8169: use pci_dev->subsystem_{vendor|device} (Sergei Shtylyov) - r8169: fix sticky accepts packet bits in RxConfig. (Francois Romieu) - r8169: adjust the RxConfig settings. (Hayes Wang) - r8169: dont enable rx when shutdown. (Hayes Wang) - r8169: fix wake on lan setting for non-8111E. (Hayes Wang) - r8169: support RTL8111E-VL. (Hayes Wang) - r8169: add ERI functions. (Hayes Wang) - r8169: modify the flow of the hw reset. (Hayes Wang) - r8169: adjust some registers. (Hayes Wang) - r8169: remove unnecessary read of PCI_CAP_ID_EXP (Jon Mason) - ixgbevf: print MAC via printk format specifier (Danny Kukawka) - ixgbevf: Update copyright notices (Greg Rose) - ixgbevf: Fix mailbox interrupt ack bug (Greg Rose) - ixgbevf: make operations tables const (Stephen Hemminger) - ixgbevf: fix sparse warnings (Stephen Hemminger) - ixgbevf: make ethtool ops and strings const (Stephen Hemminger) - ixgbevf: Prevent possible race condition by checking for message (Greg Rose) - ixgbevf: Fix register defines to correctly handle complex expressions (Alexander Duyck) - ixgbevf: Update release version (Greg Rose) - ixgbevf: Fix broken trunk vlan (Greg Rose) - ixgbevf: convert to ndo_fix_features (Joe Jin) - ixgbevf: Check if EOP has changed before using it (Greg Rose) - ixgbe: Correct flag values set by ixgbe_fix_features (Joe Jin) - ixgbe: fix typo in enumeration name (Don Skidmore) - ixgbe: Add support for enabling UDP RSS via the ethtool rx-flow-hash command (Joe Jin) - ixgbe: Whitespace cleanups (Joe Jin) - ixgbe: Two minor fixes for RSS and FDIR set queues functions (Alexander Duyck) - ixgbe: drop err_eeprom tag which is at same location as err_sw_init (Alexander Duyck) - ixgbe: Move poll routine in order to improve readability (Alexander Duyck) - ixgbe: cleanup logic for the service timer and VF hang detection (Alexander Duyck) - ixgbe: Fix issues with SR-IOV loopback when flow control is disabled (Alexander Duyck) - ixgbe: Place skb on first buffer_info structure to avoid using stack space (Joe Jin) - ixgbe: Use packets to track Tx completions instead of a seperate value (Alexander Duyck) - ixgbe: Modify setup of descriptor flags to avoid conditional jumps (Alexander Duyck) - ixgbe: Make certain that all frames fit minimum size requirements (Alexander Duyck) - ixgbe: cleanup logic in ixgbe_change_mtu (Alexander Duyck) - ixgbe: dcb: use DCB config values for FCoE traffic class on open (John Fastabend) - ixgbe: Fix race condition where RX buffer could become corrupted. (Atita Shirwaikar) - ixgbe: use typed min/max functions where possible (Jesse Brandeburg) - ixgbe: fix obvious return value bug. (Don Skidmore) - ixgbe: Replace eitr_low and eitr_high with static values in ixgbe_update_itr (Alexander Duyck) - ixgbe: Do not disable read relaxed ordering when DCA is enabled (Alexander Duyck) - ixgbe: Simplify logic for ethtool loopback frame creation and testing (Alexander Duyck) - ixgbe: Add iterator for cycling through rings on a q_vector (Alexander Duyck) - ixgbe: Allocate rings as part of the q_vector (Alexander Duyck) - ixgbe: Drop unnecessary napi_schedule_prep and spare blank line from ixgbe_intr (Alexander Duyck) - ixgbe: Default to queue pairs when number of queues is less than CPUs (Alexander Duyck) - ixgbe: Correct Adaptive Interrupt Moderation so that it will change values (Alexander Duyck) - ixgbe: Address issues with Tx WHTRESH value not being set correctly (Alexander Duyck) - ixgbe: Reorder adapter contents for better cache utilization (Joe Jin) - ixgbe: Do no clear Tx status bits since eop_desc provides enough info (Alexander Duyck) - ixgbe: remove tie between NAPI work limits and interrupt moderation (Jeff Kirsher) - ixgbe: dcb: check setup_tc return codes (John Fastabend) - ixgbe: Fix comments that are out of date or formatted incorrectly (Alexander Duyck) - ixgbe: fix spelling errors (Don Skidmore) - ixgbe: Minor formatting and comment corrections for ixgbe_xmit_frame_ring (Alexander Duyck) - ixgbe: Combine post-DMA processing of sk_buff fields into single function (Alexander Duyck) - ixgbe: Drop the _ADV of descriptor macros since all ixgbe descriptors are ADV (Alexander Duyck) - ixgbe: Add function for testing status bits in Rx descriptor (Alexander Duyck) - ixgbe: Let the Rx buffer allocation clear status bits instead of cleanup (Joe Jin) - ixgbe: Address fact that RSC was not setting GSO size for incoming frames (Alexander Duyck) - ixgbe: Minor refactor of RSC (Alexander Duyck) - ixgbe: ethtool: stats user buffer overrun (John Fastabend) - ixgbe: dcb: up2tc mapping lost on disable/enable CEE DCB state (John Fastabend) - ixgbe: do not update real num queues when netdev is going away (Yi Zou) - ixgbe: Fix broken dependency on MAX_SKB_FRAGS being related to page size (Alexander Duyck) - ixgbe: Fix case of Tx Hang in PF with 32 VFs (Greg Rose) - ixgbe: fix vf lookup (Greg Rose) - ixgbe: Fix typo in ixgbe_common.h (Masanari Iida) - ixgbe: make ethtool strings table const (Stephen Hemminger) - ixgbe: Add warning when no space left for more MAC filters (Joe Jin) - ixgbe: update copyright to 2012 (Don Skidmore) - ixgbe: Add module parameter to allow untested and unsafe SFP+ modules (Peter P Waskiewicz Jr) - ixgbe: Fix register defines to correctly handle complex expressions (Alexander Duyck) - ixgbe: add support for new 82599 device. (Don Skidmore) - ixgbe: add support for new 82599 device id (Emil Tantilov) - ixgbe: add write flush in ixgbe_clock_out_i2c_byte() (Emil Tantilov) - ixgbe: fix typos (Stephen Hemminger) - ixgbe: fix incorrect PHY register reads (Emil Tantilov) - ixgbe: Remove function prototype for non-existent function (Greg Rose) - ixgbe: DCB: IEEE transitions may fail to reprogram hardware. (John Fastabend) - ixgbe: DCBnl set_all, order of operations fix (Joe Jin) - ixgbe: fix LED blink logic to check for link (Emil Tantilov) - ixgbe: Fix compile for kernel without CONFIG_PCI_IOV defined (Rose, Gregory V) - ixgbe: DCB, return max for IEEE traffic classes (John Fastabend) - ixgbe: fix reading of the buffer returned by the firmware (Emil Tantilov) - ixgbe: Fix compiler warnings (Greg Rose) - ixgbe: fix smatch splat due to missing NULL check (John Fastabend) - ixgbe: fix disabling of Tx laser at probe (Emil Tantilov) - ixgbe: Fix link issues caused by a reset while interface is down (Emil Tantilov) - ixgbe: change the eeprom version reported by ethtool (Emil Tantilov) - ixgbe: allow eeprom writes via ethtool (Emil Tantilov) - ixgbe: fix endianess when writing driver version to firmware (Emil Tantilov) - ixgbe: fix skb truesize underestimation (Eric Dumazet) - ixgbe: Correct check for change in FCoE priority (Mark Rustad) - ixgbe: Add FCoE DDP allocation failure counters to ethtool stats. (Amir Hanania) - ixgbe: Add protection from VF invalid target DMA (Greg Rose) - ixgbe: bump version number (Don Skidmore) - ixgbe: X540 devices RX PFC frames pause traffic even if disabled (John Fastabend) - ixgbe: DCB X540 devices support max traffic class of 4 (John Fastabend) - ixgbe: fixup hard dependencies on supporting 8 traffic classes (Joe Jin) - ixgbe: Fix PFC mask generation (Mark Rustad) - ixgbe: remove instances of ixgbe_phy_aq for 82598 and 82599 (Emil Tantilov) - ixgbe: get pauseparam autoneg (Mika Lansirinne) - ixgbe: do not disable flow control in ixgbe_check_mac_link (Emil Tantilov) - ixgbe: send MFLCN to ethtool (Emil Tantilov) - ixgbe: add support for new 82599 device (Emil Tantilov) - ixgbe: fix driver version initialization in firmware (Jacob Keller) - ixgbe: remove return code for functions that always return 0 (Emil Tantilov) - ixgbe: clear the data field in ixgbe_read_i2c_byte_generic (Emil Tantilov) - ixgbe: prevent link checks while resetting (Emil Tantilov) - ixgbe: add ECC warning for legacy interrupts (Don Skidmore) - ixgbe: cleanup ixgbe_setup_gpie() for X540 (Don Skidmore) - ixgbe add thermal sensor support for x540 hardware (Jacob Keller) - ixgbe: update {P}FC thresholds to account for X540 and loopback (John Fastabend) - ixgbe: disable LLI for FCoE (Vasu Dev) - ixgbe: Cleanup q_vector interrupt throttle rate logic (Emil Tantilov) - ixgbe: remove global reset to the MAC (Emil Tantilov) - ixgbe: add WOL support for X540 (Emil Tantilov) - ixgbe: avoid HW lockup when adapter is reset with Tx work pending (Emil Tantilov) - ixgbe: dcb, set priority to traffic class mappings (John Fastabend) - ixgbe: cleanup X540 interrupt enablement (Don Skidmore) - ixgbe: DCB, do not call set_state() from IEEE mode (Joe Jin) - ixgbe: Reconfigure SR-IOV Init (Greg Rose) - ixgbe: remove duplicate netif_tx_start_all_queues (Emil Tantilov) - ixgbe: fix FCRTL/H register dump for X540 (Emil Tantilov) - ixgbe: cleanup some register reads (Emil Tantilov) - ixgbe: Make better use of memory allocations in one-buffer mode w/ RSC (Alexander Duyck) - ixgbe: drop adapter from ixgbe_fso call documentation (Alexander Duyck) - ixgbe: Add SFP support for missed 82598 PHY (Alexander Duyck) - ixgbe: Add missing code for enabling overheat sensor interrupt (Alexander Duyck) - ixgbe: make ixgbe_up and ixgbe_up_complete void functions (Alexander Duyck) - v2 ixgbe: Update packet buffer reservation to correct fdir headroom size (Alexander Duyck) - ixgbe: remove redundant configuration of tx_sample_rate (Alexander Duyck) - ixgbe: Correctly name and handle MSI-X other interrupt (Alexander Duyck) - ixgbe: cleanup configuration of EITRSEL and VF reset path (Alexander Duyck) - ixgbe: cleanup reset paths (Alexander Duyck) - ixgbe: Update TXDCTL configuration to correctly handle WTHRESH (Alexander Duyck) - ixgbe: combine PCI_VDEVICE and board declaration to same line (Alexander Duyck) - ixgbe: Drop unnecessary adapter->hw dereference in loopback test setup (Alexander Duyck) - ixgbe: commonize ixgbe_map_rings_to_vectors to work for all interrupt types (Alexander Duyck) - ixgbe: Use ring->dev instead of adapter->pdev->dev when updating DCA (Alexander Duyck) - ixgbe: cleanup allocation and freeing of IRQ affinity hint (Alexander Duyck) - v2 ixgbe: consolidate all MSI-X ring interrupts and poll routines into one (Alexander Duyck) - ixgbe: Change default Tx work limit size to 256 buffers (Alexander Duyck) - ixgbe: clear RNBC only for 82598 (Emil Tantilov) - ixgbe: add check for supported modes (Emil Tantilov) - ixgbe: fix ixgbe_fc_autoneg_fiber bug (Don Skidmore) - ixgbe: cleanup feature flags in ixgbe_probe (Don Skidmore) - ixgbe: PFC not cleared on X540 devices (John Fastabend) - ixgbe: consolidate, setup for multiple traffic classes (John Fastabend) - ixgbe: remove unneeded fdir pb alloc case (John Fastabend) - ixgbe: fixup remaining call sites for arbitrary TCs (John Fastabend) - ixgbe: Always tag VLAN tagged packets (Alexander Duyck) - ixgbe: Add support for setting CC bit when SR-IOV is enabled (Alexander Duyck) - ixgbe: convert rings from q_vector bit indexed array to linked list (Alexander Duyck) - ixgbe: Simplify transmit cleanup path (Alexander Duyck) - ixgbe: Cleanup FCOE and VLAN handling in xmit_frame_ring (Alexander Duyck) - ixgbe: replace reference to CONFIG_FCOE with IXGBE_FCOE (Alexander Duyck) - ixgbe - DDP last user buffer - error to warn (Amir Hanania) - ixgbe: remove unused fcoe.tc field and fcoe_setapp() (John Fastabend) - ixgbe: complete FCoE initialization from setapp() routine (John Fastabend) - ixgbe: DCB, remove unneeded ixgbe_dcb_txq_to_tc() routine (John Fastabend) - ixgb: Remove unnecessary defines, use pr_debug (Joe Perches) - ixgb: finish conversion to ndo_fix_features (Michal Miroslaw) - ixgb: eliminate checkstack warnings (Jesse Brandeburg) - ixgb: convert to ndo_fix_features (Michal Miroslaw) - igbvf: fix the bug when initializing the igbvf (Samuel Liao) - rename dev_hw_addr_random and remove redundant second (Joe Jin) (Jeff Kirsher) - igbvf: Use ETH_ALEN (Joe Perches) - igbvf: reset netdevice addr_assign_type if changed (Danny Kukawka) - igbvf: refactor Interrupt Throttle Rate code (Mitch A Williams) - igbvf: change copyright date (Mitch A Williams) - igbvf: Remove unnecessary irq disable/enable (Joe Jin) - igbvf: remove unneeded cast (Stephen Hemminger) (Jeff Kirsher) - igbvf: Bump version number (Williams, Mitch A) - igbvf: Update module identification strings (Williams, Mitch A) - igbvf: fix truesize underestimation (Eric Dumazet) - igbvf: Fix trunk vlan (Greg Rose) - igbvf: convert to ndo_fix_features (Michal Miroslaw) - igb: fix rtnl race in PM resume path (Benjamin Poirier) - igb: fix warning about unused function (Emil Tantilov) - igb: fix vf lookup (Greg Rose) - igb: Update Copyright on all Intel copyrighted files. (Carolyn Wyborny) - igb: make local functions static (Stephen Hemminger) - igb: reset PHY after recovering from PHY power down (Koki Sanagi) - igb: add basic runtime PM support (Yan, Zheng) - igb: Add flow control advertising to ethtool setting. (Carolyn Wyborny) - igb: Update DMA Coalescing threshold calculation. (Matthew Vick) - igb: Convert bare printk to pr_notice (Joe Perches) (Jeff Kirsher) - igb: Fix for I347AT4 PHY cable length unit detection (Kantecki, Tomasz) - igb: VFTA Table Fix for i350 devices (Carolyn Wyborny) - igb: Move DMA Coalescing init code to separate function. (Carolyn Wyborny) - igb: Fix for Alt MAC Address feature on 82580 and later devices (Carolyn Wyborny) - igb: fix a compile warning (RongQing Li) - igb: Check if subordinate VFs are assigned to virtual machines (Greg Rose) - pci: Add flag indicating device has been assigned by KVM (Greg Rose) - igb: enable l4 timestamping for v2 event packets (Jacob Keller) - igb: fix skb truesize underestimation (Eric Dumazet) - igb: Version bump. (Carolyn Wyborny) - igb: Loopback functionality supports for i350 devices (Akeem G. Abodunrin) - igb: fix static function warnings reported by sparse (Emil Tantilov) - igb: Add workaround for byte swapped VLAN on i350 local traffic (Alexander Duyck) - igb: Drop unnecessary write of E1000_IMS from igb_msix_other (Alexander Duyck) - igb: Fix features that are currently 82580 only and should also be i350 (Alexander Duyck) - igb: Make certain one vector is always assigned in igb_request_irq (Alexander Duyck) - igb: avoid unnecessarily creating a local copy of the q_vector (Alexander Duyck) - igb: add support for NETIF_F_RXHASH (Alexander Duyck) - igb: move TX hang check flag into ring->flags (Alexander Duyck) - igb: fix recent VLAN changes that would leave VLANs disabled after reset (Alexander Duyck) - igb: leave staterr in place and instead us a helper function to check bits (Alexander Duyck) - igb: retire the RX_CSUM flag and use the netdev flag instead (Alexander Duyck) - igb: cleanup IVAR configuration (Alexander Duyck) - igb: Move ITR related data into work container within the q_vector (Alexander Duyck) - igb: Consolidate all of the ring feature flags into a single value (Alexander Duyck) - igb: avoid unnecessary conversions from u16 to int (Alexander Duyck) - igb: Use node specific allocations for the q_vectors and rings (Alexander Duyck) - igb: push data into first igb_tx_buffer sooner to reduce stack usage (Alexander Duyck) - igb: consolidate creation of Tx buffer info and data descriptor (Alexander Duyck) - igb: Combine all flag info fields into a single tx_flags structure (Alexander Duyck) - igb: Cleanup protocol handling in transmit path (Alexander Duyck) - igb: Create separate functions for generating cmd_type and olinfo (Alexander Duyck) - igb: Make first and tx_buffer_info->next_to_watch into pointers (Alexander Duyck) - igb: Consolidate creation of Tx context descriptors into a single function (Alexander Duyck) - intel: convert to SKB paged frag API. (Ian Campbell) - ixgbe: Refactor transmit map and cleanup routines (Alexander Duyck) - igb: split buffer_info into tx_buffer_info and rx_buffer_info (Alexander Duyck) - igb: Make Tx budget for NAPI user adjustable (Alexander Duyck) - igb: Alternate MAC Address Updates for Func2&3 (Akeem G. Abodunrin) - igb: Alternate MAC Address EEPROM Updates (Akeem G. Abodunrin) - igb: Code to prevent overwriting SFP I2C (Akeem G. Abodunrin) - igb: Remove multi_tx_table and simplify igb_xmit_frame (Alexander Duyck) - igb: drop the 'adv' off function names relating to descriptors (Joe Jin) - igb: Replace E1000_XX_DESC_ADV with IGB_XX_DESC (Alexander Duyck) - igb: Refactor clean_rx_irq to reduce overhead and improve performance (Alexander Duyck) - igb: update ring and adapter structure to improve performance (Alexander Duyck) - igb: streamline Rx buffer allocation and cleanup (Alexander Duyck) - igb: drop support for single buffer mode (Alexander Duyck) - igb: Update max_frame_size to account for an optional VLAN tag if present (Alexander Duyck) - igb: Update RXDCTL/TXDCTL configurations (Alexander Duyck) - igb: remove duplicated #include (Huang Weiyi) - igb: Fix for DH89xxCC near end loopback test (Robert Healy) - igb: do vlan cleanup (Jiri Pirko) - igb: Add support of SerDes Forced mode for certain hardware (Carolyn Wyborny) - igb: Update copyright on all igb driver files. (Carolyn Wyborny) - net: igb: Use is_multicast_ether_addr helper (Tobias Klauser) - igb: remove unnecessary reads of PCI_CAP_ID_EXP (Jon Mason) - igb: convert to ndo_fix_features (Michal Miroslaw) - igb: Change version to remove number after -k in kernel versions. (Carolyn Wyborny) - e1000e: Fix default interrupt throttle rate not set in NIC HW (Jeff Kirsher) - e1000e: MSI interrupt test failed, using legacy interrupt (Prasanna S Panchamukhi) - e1000e: issues in Sx on 82577/8/9 (Joe Jin) - e1000e: Guarantee descriptor writeback flush success. (Matthew Vick) - e1000e: prevent oops when adapter is being closed and reset simultaneously (Bruce Allan) - e1000e: use msleep instead of mdelay (Joe Jin) - e1000e: cleanup goto statements to exit points without common work (Bruce Allan) - e1000e: potentially incorrect return for e1000e_setup_fiber_serdes_link (Bruce Allan) - e1000e: potentially incorrect return for e1000_init_hw_ich8lan (Bruce Allan) - e1000e: cleanup: minor whitespace addition (insert blank line separator) (Bruce Allan) - e1000e: cleanup: remove unnecessary variable initializations (Bruce Allan) - e1000e: cleanup: remove unnecessary test and return (Bruce Allan) - e1000e: cleanup: remove unnecessary variable ret_val (Bruce Allan) - e1000e: cleanup: remove unreachable statement (Bruce Allan) - e1000e: potentially incorrect return for e1000_set_d3_lplu_state_ich8lan (Bruce Allan) - e1000e: cleanup: always return 0 (Bruce Allan) - e1000e: cleanup: remove unnecessary assignments just before returning (Bruce Allan) - e1000e: potential incorrect return for e1000_setup_copper_link_80003es2lan (Bruce Allan) - e1000e: potentially incorrect return for e1000_cfg_kmrn_10_100_80003es2lan (Bruce Allan) - e1000e: cleanup: rename goto labels to be more meaningful (Bruce Allan) - e1000e: cleanup: use goto for common work needed by multiple exit points (Bruce Allan) - e1000e: replace '1' with 'true' for boolean get_link_status (Bruce Allan) - e1000e: pass pointer to hw struct for e1000_init_mac_params_XXX() (Bruce Allan) - e1000e: use true/false for bool autoneg_false (Bruce Allan) - e1000e: remove unnecessary parentheses (Bruce Allan) - e1000e: remove unnecessary returns from void functions (Bruce Allan) - e1000e: remove test that is always false (Bruce Allan) - e1000e: WoL fails on device ID 0x1501 (Joe Jin) - e1000e: WoL can fail on 82578DM (Bruce Allan) - e1000e: remove redundant reverse dependency on CRC32 (Bruce Allan) - e1000e: minor whitespace and indentation cleanup (Bruce Allan) - e1000e: fix sparse warnings with -D__CHECK_ENDIAN__ (Bruce Allan) - e1000e: fix checkpatch warning from MINMAX test (Bruce Allan) - e1000e: cleanup - use braces in both branches of a conditional statement (Bruce Allan) - e1000e: cleanup e1000_set_phys_id (Bruce Allan) - e1000e: cleanup e1000_init_mac_params_82571() (Bruce Allan) - e1000e: cleanup e1000_init_mac_params_80003es2lan() (Bruce Allan) - e1000e: rename es2lan.c to 80003es2lan.c (Joe Jin) - e1000e: cleanup - check return values consistently (Bruce Allan) - e1000e: add missing initializers reported when compiling with W=1 (Bruce Allan) - e1000e: update copyright year (Bruce Allan) - e1000e: split lib.c into three more-appropriate files (Bruce Allan) - e1000e: call er16flash() instead of __er16flash() (Bruce Allan) - e1000e: increase version number (Joe Jin) - e1000e: convert final strncpy() to strlcpy() (Bruce Allan) - e1000e: concatenate long debug strings which span multiple lines (Bruce Allan) - e1000e: conditionally restart autoneg on 82577/8/9 when setting LPLU state (Bruce Allan) - e1000e: increase Rx PBA to prevent dropping received packets on 82566/82567 (Bruce Allan) - e1000e: ICHx/PCHx LOMs should use LPLU setting in NVM when going to Sx (Joe Jin) - e1000e: update workaround for 82579 intermittently disabled during S0->Sx (Bruce Allan) - e1000e: disable Early Receive DMA on ICH LOMs (Bruce Allan) - e1000e: Need to include vmalloc.h (David S. Miller) - e1000e: 82574/82583 Tx hang workaround (Bruce Allan) - e1000e: use hardware default values for Transmit Control register (Bruce Allan) - e1000e: use default settings for Tx Inter Packet Gap timer (Bruce Allan) - e1000e: 82579: workaround for link drop issue (Bruce Allan) - e1000e: always set transmit descriptor control registers the same (Bruce Allan) - e1000e: re-factor ethtool get/set ring parameter (Bruce Allan) - e1000e: pass pointer to ring struct instead of adapter struct (Joe Jin) - e1000e: add Receive Packet Steering (RPS) support (Joe Jin) - e1000e: convert to netdev features/hw_features API (Joe Jin) - e1000e: cleanup Rx checksum offload code (Bruce Allan) - e1000e: convert head, tail and itr_register offsets to __iomem pointers (Bruce Allan) - e1000e: re-enable alternate MAC address for all devices which support it (Bruce Allan) - e1000e: default IntMode based on kernel config & available hardware support (Bruce Allan) - e1000e: convert to real ndo_set_rx_mode (Joe Jin) - net: introduce IFF_UNICAST_FLT private flag (Joe Jin) - e1000e: remove use of ndo_set_multicast_list in drivers (Joe Jin) (Jeff Kirsher) - e1000e: demote a debugging WARN to a debug log message (Bruce Allan) - e1000e: fix skb truesize underestimation (Eric Dumazet) - e1000e: locking bug introduced by commit 67fd4fcb (Bruce Allan) - e1000e: bad short packets received when jumbos enabled on 82579 (Bruce Allan) - e1000e: convert driver to use extended descriptors (Joe Jin) - drivers/net: Add module.h to drivers who were implicitly using it (Joe Jin) - e1000e: hitting BUG_ON() from napi_enable (Bruce Allan) - e1000: Silence sparse warnings by correcting type (Andrei Emeltchenko) - v2 e1000: Neaten e1000_dump function (Tushar Dave) - e1000: Neaten e1000_config_dsp_after_link_change (Joe Perches) - e1000: fix vlan processing regression (Joe Jin) - e1000: Remove unnecessary k.alloc/v.alloc OOM messages (Joe Jin) - e1000: add dropped DMA receive enable back in for WoL (Dean Nelson) - e1000: Adding e1000_dump function (Tushar Dave) - e1000: dont enable dma receives until after dma address has been setup (Dean Nelson) - e1000: save skb counts in TX to avoid cache misses (Dean Nelson) - e1000: cleanup CE4100 MDIO registers access (Florian Fainelli) - e1000: unmap ce4100_gbe_mdio_base_virt in e1000_remove (Florian Fainelli) - e1000: fix lockdep splat in shutdown handler (Jesse Brandeburg) - e1000e/ixgb: fix assignment of 0/1 to bool variables. (Joe Jin) - intel: Convert <FOO>_LENGTH_OF_ADDRESS to ETH_ALEN (Joe Perches) - e1000: fix skb truesize underestimation (Eric Dumazet) - e1000: convert to private mutex from rtnl (Jesse Brandeburg) - e1000: convert mdelay to msleep (Jesse Brandeburg) - e1000: convert hardware management from timers to threads (Jesse Brandeburg) - e100: Remove alloc_etherdev error messages (Joe Jin) - net: Remove Intel NICs unnecessary driver assignments of ethtool_ringparam fields to zero (Joe Jin) - e100: Show short v/s long rx length errors in ethtool stats. (Ben Greear) - e100: Fix rx-over-length statistics. (Ben Greear) - e100: make sure vlan support isnt advertised on old adapters (Jesse Brandeburg) - 8139cp: properly config rx mode after resuming (Jason Wang) - bnx2x: add bnx2x firmware 7.2.16 (Joe Jin) - bnx2fc: Remove bh disable in softirq context (Neil Horman) - bnx2fc: HSI dependent changes for 7.2.xx FW (Bhanu Prakash Gollapudi) - bnx2fc: Bumped version to 1.0.10 (Bhanu Prakash Gollapudi) - bnx2fc: NPIV ports go offline when interface is brought down & up (Bhanu Prakash Gollapudi) - bnx2fc: Handle LOGO flooding from the target (Bhanu Prakash Gollapudi) - bnx2fc: fix panic in bnx2fc_post_io_req (Bhanu Prakash Gollapudi) - bnx2fc: Bumped version to 1.0.9 (Bhanu Prakash Gollapudi) - bnx2fc: Handle SRR LS_ACC drop scenario (Bhanu Prakash Gollapudi) - bnx2fc: Handle ABTS timeout during ulp timeout (Bhanu Prakash Gollapudi) - bnx2fc: Bumped version to 1.0.8 (Bhanu Prakash Gollapudi) - bnx2fc: Return error statistics of remote peer (Bhanu Prakash Gollapudi) - bnx2fc: call ctlr_link_up only when the interface is enabled (Bhanu Prakash Gollapudi) - bnx2fc: Bumped version to 1.0.7 (Bhanu Prakash Gollapudi) - bnx2fc: Handle bnx2fc_map_sg failure (Bhanu Prakash Gollapudi) - bnx2fc: Replace scsi_dma_map() with dma_map_sg(). (Bhanu Prakash Gollapudi) - bnx2fc: Bumped version to 1.0.6 (Bhanu Prakash Gollapudi) - bnx2fc: Fix FW assert during RSCN stress tests (Bhanu Prakash Gollapudi) - bnx2fc: Fix panic caused because of incorrect errror handling in create(). (Bhanu Prakash Gollapudi) - bnx2fc: Avoid calling bnx2fc_if_destroy with unnecessary locks (Bhanu Prakash Gollapudi) - bnx2fc: Validate vlan id in NETDEV_UNREGISTER handler (Nithin Nayak Sujir) - bnx2fc: No abort issued for REC when it times out (Bhanu Prakash Gollapudi) - bnx2fc: Send solicitation only after vlan discovery is complete (Bhanu Prakash Gollapudi) - bnx2fc: Reset max receive frame size during link up (Bhanu Prakash Gollapudi) - bnx2fc: Need not schedule destroy_work from __bnx2fc_destroy (Bhanu Prakash Gollapudi) - bnx2fc: Bump version to 1.0.5 (Bhanu Prakash Gollapudi) - bnx2fc: Prevent creating of NPIV port with duplicate WWN (Bhanu Prakash Gollapudi) - bnx2fc: Obtain WWNN/WWPN from the shared memory (Bhanu Prakash Gollapudi) - [SCSI] fcoe,libfcoe: Move common code for fcoe_get_lesb to fcoe_transport (Bhanu Prakash Gollapudi) - [SCSI] fcoe: Move common functions to fcoe_transport library (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Drop incoming ABTS (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: code cleanup in bnx2fc_offload_session (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Fix NULL pointer deref during arm_cq. (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: IO errors when receiving unsolicited LOGO (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Do not reuse the fcoe connection id immediately (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Clear DESTROY_CMPL flag after firmware destroy (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Handle NETDEV_UNREGISTER for vlan devices (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Reorganize cleanup code between interface_cleanup and if_destory (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Change function names of bnx2fc_netdev_setup/bnx2fc_netdev_cleanup (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Do not attempt destroying NPIV port twice (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Remove erroneous kref_get on IO request (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Enable bsg_request support for bnx2fc (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Bug fixes in percpu_thread_create/destroy (Bhanu Prakash Gollapudi) - [SCSI] bnx2fc: Reset the max receive frame size (Bhanu Prakash Gollapudi) - [SCSI] bnx2i: Fixed the override of the error_mask module param (Eddie Wai) - [SCSI] bnx2i: use kthread_create_on_node() (Eric Dumazet) - [SCSI] bnx2i: Fixed kernel panic caused by unprotected task->sc->request deref (Eddie Wai) - [SCSI] bnx2i: Fixed the endian on TTT for NOP out transmission (Eddie Wai) - [SCSI] bnx2i: Fixed kernel panic due to illegal usage of sc->request->cpu (Eddie Wai) - cnic: Fix select dependencies in bnx2fc/bnx2i Kconfig. (David S. Miller) - bnx2x: Fix 578xx link LED (Yaniv Rosner) - bnx2x: Enable FEC for 57810-KR (Yaniv Rosner) - bnx2x: disable dcb on 578xx since not supported yet (Dmitry Kravkov) - bnx2x: decrease print level to debug (Dmitry Kravkov) - bnx2x: fix BRB thresholds for dropless_fc mode (Dmitry Kravkov) - bnx2x: fix cl_id allocation for non-eth clients for NPAR mode (Dmitry Kravkov) - bnx2x: Fix for a host coalescing bug which impared latency. (Ariel Elior) - bnx2x: fix select_queue when FCoE is disabled (Vladislav Zolotarov) - bnx2x: fix WOL by enablement PME in config space (Dmitry Kravkov) - bnx2x: Fix XMAC loopback test (Yaniv Rosner) - bnx2x: init FCOE FP only once (Vladislav Zolotarov) - bnx2x: Remove fiber remote fault detection (Yaniv Rosner) - cnic: update for FW 7.2.xx (Michael Chan) - bnx2x: correction to firmware interface (Yuval Mintz) - bnx2x: fix vector traveling while looking for an empty entry (Dmitry Kravkov) - bnx2x: mark functions as loaded on shared memory (Yuval Mintz) - bnx2x: fix memory leak in bnx2x_init_firmware() (Michal Schmidt) - bnx2x: fix a crash on corrupt firmware file (Michal Schmidt) - bnx2x: make bnx2x_close() static again (Michal Schmidt) - bnx2x: removed code re-checking memory base after device open (Mintz Yuval) - bnx2x: allow BCM84833 phy to advertise 100Base-T speeds (Mintz Yuval) - bnx2x: notify cnic of address of info-to-the-mcp (Mintz Yuval) - bnx2x: allocate smaller Rx rings for 1G functions (Mintz Yuval) - bnx2x: allocate memory dynamically in ethtool self-test. (Merav Sicron) - bnx2x: force 10G on 84833 phy should be autoneg with only 10G advertised (Yaniv Rosner) - bnx2x: added autoneg-restart after link advertisement changes (Yaniv Rosner) - bnx2x: ethtool publishes link partners speed and FC (Mintz Yuval) - bnx2x: half duplex support added for several boards (Yaniv Rosner) - bnx2x: remove the 'poll' module option (Michal Schmidt) - bnx2x: fix bnx2x_storm_stats_update() on big endian (Eric Dumazet) - bnx2x: Fix mem leak in bnx2x_tpa_stop() if build_skb() fails. (Jesper Juhl) - bnx2x: Update version to 1.72.0 and copyrights (Ariel Elior) - bnx2x: Recoverable and unrecoverable error statistics (Ariel Elior) - bnx2x: Recovery flow bug fixes (Ariel Elior) - bnx2x: init fw_seq after undi_unload is done (Dmitry Kravkov) - bnx2x: Track active PFs with bitmap (Ariel Elior) - bnx2x: Lock PF-common resources (Ariel Elior) - bnx2x: dont reset device while reading its configuration. (Dmitry Kravkov) - bnx2x: Loaded Firmware Version Validation (Ariel Elior) - bnx2x: Function Level Reset Final Cleanup (Ariel Elior) - bnx2x: Obtain Bus Device Function from register (Ariel Elior) - bnx2x: Removing indirect register access (Ariel Elior) - bnx2x: Support Queue Per Cos in 5771xx devices (Ariel Elior) - bnx2x: Remove 100Mb force speed for BCM84833 (Yaniv Rosner) - bnx2x: Fix ethtool advertisement (Yaniv Rosner) - bnx2x: unlock before returning an error (Dan Carpenter) - bnx2x: fix compilation error with SOE in fw_dump (Yuval Mintz) - bnx2x: handle CHIP_REVISION during init_one (Ariel Elior) - bnx2x: dont access removed registers on 57712 and above (Dmitry Kravkov) - bnx2x: properly clean indirect addresses (Dmitry Kravkov) - bnx2x: allow user to change ring size in ISCSI SD mode (Dmitry Kravkov) - bnx2x: fix Big-Endianess in ethtool -t (Dmitry Kravkov) - bnx2x: fixed ethtool statistics for MF modes (Yuval Mintz) - bnx2x: credit-leakage fixup on vlan_mac_del_all (Yuval Mintz) - bnx2x: Disable AN KR work-around for BCM57810 (Yaniv Rosner) - bnx2x: Remove AutoGrEEEn for BCM84833 (Yaniv Rosner) - bnx2x: Fix PFC setting on BCM57840 (Yaniv Rosner) - bnx2x: Fix Super-Isolate mode for BCM84833 (Yaniv Rosner) - bnx2x: handle vpd data longer than 128 bytes (Barak Witkowski) - bnx2x: properly update skb when mtu > 1500 (Dmitry Kravkov) - bnx2x: properly initialize L5 features (Joe Jin) - bnx2x: fix typo in fcoe stats collection (Barak Witkowski) - bnx2x: Fix compile errors if CONFIG_CNIC is not set (Michael Chan) - bnx2x, cnic: support DRV_INFO upon FW request (Barak Witkowski) - bnx2x: support classification config query (Ariel Elior) - bnx2x: add fcoe statistics (Barak Witkowski) - bnx2x: add PFC statistics (Barak Witkowski) - bnx2x: Use kcalloc instead of kzalloc to allocate array (Thomas Meyer) - bnx2x: handle iSCSI SD mode (Dmitry Kravkov) - bnx2x: fix rx ring size report (Vladislav Zolotarov) - bnx2x: Change value comparison order (Yaniv Rosner) - bnx2x: Cosmetic changes (Yaniv Rosner) - bnx2x: Fix self test of BCM57800 (Yaniv Rosner) - bnx2x: Add known PHY type check (Yaniv Rosner) - bnx2x: Change Warpcore MDIO work around mode (Yaniv Rosner) - bnx2x: Fix BCM84833 link and LED behavior (Yaniv Rosner) - bnx2x: Warpcore HW reset following fan failure (Yaniv Rosner) - bnx2x: ETS changes (Yaniv Rosner) - bnx2x: Fix ETS bandwidth (Yaniv Rosner) - bnx2x: PFC changes (Yaniv Rosner) - bnx2x: Fix 5461x LED (Yaniv Rosner) - bnx2x: cache-in compressed fw image (Dmitry Kravkov) - bnx2x: add endline at end of message (Dmitry Kravkov) - bnx2x: uses build_skb() in receive path (Eric Dumazet) - net: introduce build_skb() (Eric Dumazet) - net: more accurate skb truesize (Eric Dumazet) - bnx2x: update driver version to 1.70.35-0 (Dmitry Kravkov) - bnx2x: Remove on-stack napi struct variable (Ariel Elior) - bnx2x: prevent race in statistics flow (Dmitry Kravkov) - bnx2x: add fan failure event handling (Ariel Elior) - bnx2x: remove unused #define (Dmitry Kravkov) - bnx2x: simplify definition of RX_SGE_MASK_LEN and use it. (Dmitry Kravkov) - bnx2x: propagate DCBX negotiation (Dmitry Kravkov) - bnx2x: fix MF for 4-port devices (Dmitry Kravkov) - bnx2x: DCBX: use #define instead of magic (Dmitry Kravkov) - bnx2x: separate FCoE and iSCSI license initialization. (Joe Jin) - bnx2x: remove unused variable (Dmitry Kravkov) - bnx2x: use rx_queue index for skb_record_rx_queue() (Dmitry Kravkov) - bnx2x: allow FCoE and DCB for 578xx (Joe Jin) - bnx2x: update driver version to 1.70.30-0 (Dmitry Kravkov) - bnx2x: use FW 7.0.29.0 (Dmitry Kravkov) - bnx2x: add bnx2x FW 7.0.29 (Joe Jin) - bnx2x: Enable changing speed when port type is PORT_DA (Yaniv Rosner) - bnx2x: Fix 54618se LED behavior (Yaniv Rosner) - bnx2x: Fix RX/TX problem caused by the MAC layer (Yaniv Rosner) - bnx2x: Add link retry to 578xx-KR (Yaniv Rosner) - bnx2x: Fix LED blink rate for 578xx (Yaniv Rosner) - bnx2x: fix skb truesize underestimation (Eric Dumazet) - bnx2x: remove some dead code (Dan Carpenter) - bnx2x: Fix build error (Dmitry Kravkov) - bnx2x: Add new PHY BCM54616 (Yaniv Rosner) - bnx2x: resurrect RX hashing (Joe Jin) - bnx2x: convert to SKB paged frag API. (Ian Campbell) - net: add APIs for manipulating skb page fragments. (Ian Campbell) - bnx2x: Use pr_fmt and message logging cleanups (Joe Jin) - bnx2x: Coalesce pr_cont uses and fix DP typos (Joe Perches) - bnx2x: Remove local defines for %pM and mac address (Joe Perches) - bnx2x: Clear MDIO access warning during first driver load (Yaniv Rosner) - bnx2x: Fix BCM578xx MAC test (Yaniv Rosner) - bnx2x: Fix BCM54618se invalid link indication (Yaniv Rosner) - bnx2x: Fix BCM84833 link (Yaniv Rosner) - bnx2x: Fix link issue with DAC over 578xx (Yaniv Rosner) - bnx2x: Fix LED behavior (Yaniv Rosner) - bnx2x: Fix BCM578xx-B0 MDIO access (Yaniv Rosner) - bnx2x: Fix remote fault handling (Yaniv Rosner) - bnx2x: Fix chip hanging due to TX pipe stall. (Yaniv Rosner) - bnx2x: Fix missing pause on for 578xx (Yaniv Rosner) - bnx2x: Prevent restarting Tx during bnx2x_nic_unload (Vladislav Zolotarov) - bnx2x: use pci_pcie_cap() (Vladislav Zolotarov) - bnx2x: fix bnx2x_stop_on_error flow in bnx2x_sp_rtnl_task (Vladislav Zolotarov) - bnx2x: enable internal target-read for 57712 and up only (Shmulik Ravid) - bnx2x: count statistic ramrods on EQ to prevent MC assert (Vladislav Zolotarov) - bnx2x: fix loopback for non 10G link (Yaniv Rosner) - bnx2x: dcb - send all unmapped priorities to same COS as L2 (Dmitry Kravkov) - bnx2x: Broken self-test in SF mode on 578xx (Vladislav Zolotarov) - bnx2x: Parity errors recovery for 578xx (Vladislav Zolotarov) - bnx2x: Read FIP mac from SHMEM in single function mode (Vladislav Zolotarov) - bnx2x: Fixed ethtool -d for 578xx (Vladislav Zolotarov) - bnx2x: disable FCoE for 578xx devices since not yet supported (Dmitry Kravkov) - bnx2x: fix memory barriers (Vladislav Zolotarov) - bnx2x: use BNX2X_Q_FLG_TPA_IPV6 for TPA queue configuration (Vladislav Zolotarov) - bnx2x: disable loacal BH when scheduling FCOE napi (Vladislav Zolotarov) - bnx2x: fix MB index for 4-port devices (Dmitry Kravkov) - bnx2x: DCB rework (Dmitry Kravkov) - bnx2x: remove unnecessary dma_sync (Vladislav Zolotarov) - bnx2x: stop tx before CNIC_STOP (Vladislav Zolotarov) - bnx2x: add missing command in error handling flow (Dmitry Kravkov) - bnx2x: use correct dma_sync function (Vladislav Zolotarov) - bnx2x: Fix compilation when CNIC is not selected in config (Dmitry Kravkov) - bnx2x: Multiple concurrent l2 traffic classes (Ariel Elior) - bnx2x: Renaming the 'reset_task' to 'sp_rtnl_task' (Ariel Elior) - bnx2x: Add dcbnl notification (Shmulik Ravid) - dcbnl: Add CEE notification (Shmulik Ravid) - dcbnl: Aggregated CEE GET operation (Shmulik Ravid) - dcb: use nlmsg_free() instead of kfree() (Dan Carpenter) - dcb: Add missing error check in dcb_ieee_set() (John Fastabend) - dcb: fix return type on dcb_setapp() (John Fastabend) - dcb: Add dcb_ieee_getapp_mask() for drivers to query APP settings (John Fastabend) - dcb: Add ieee_dcb_delapp() and dcb op to delete app entry (Joe Jin) - dcb: Add ieee_dcb_setapp() to be used for IEEE 802.1Qaz APP data (John Fastabend) - net: dcbnl, add multicast group for DCB (John Fastabend) - dcb: Add DCBX capabilities bitmask to the get_ieee response (John Fastabend) - bnx2x: Fix warning message during 57712/8727 initialization (Yaniv Rosner) - bnx2x: Add autogrEEEn support (Yaniv Rosner) - bnx2x: Fix BCM84833 initialization (Yaniv Rosner) - bnx2x: Fix false link indication at link partner when DAC is used (Yaniv Rosner) - bnx2x: Reset PHY due to fan failure for 578xx (Yaniv Rosner) - bnx2x: Add CL37 BAM for Warpcore (Yaniv Rosner) - bnx2x: Change BCM54616S to BCM54618SE (Yaniv Rosner) - bnx2x: PFC fixes (Yaniv Rosner) - bnx2x: remove unnecessary read of PCI_CAP_ID_EXP (Jon Mason) - cnic: Update VLAN ID during ISCSI_UEVENT_PATH_UPDATE (Eddie Wai) - cnic: set error flag when iSCSI connection fails (Jeffrey Huang) - cnic: Add FCoE parity error recovery (Michael Chan) - cnic: Improve error recovery on bnx2x devices (Michael Chan) - cnic: Add timeout for ramrod replies. (Michael Chan) - cnic, bnx2fc: Increase maximum FCoE sessions. (Michael Chan) - bnx2: Update driver to use new mips firmware. (Joe Jin) - bnx2: Add missing memory barrier in bnx2_start_xmit() (Joe Jin) - bnx2: Add support for ethtool --show-channels|--set-channels (Michael Chan) - bnx2: fix skb truesize underestimation (Eric Dumazet) - bnx2: dont request firmware when theres no userspace. (francois romieu) - tg3: Avoid panic from reserved statblk field access (Matt Carlson) - tg3: Use mii_advertise_flowctrl (Matt Carlson) - tg3: Fix advertisement handling (Joe Jin) - tg3: Add 57766 ASIC rev support (Matt Carlson) - tg3: Make the TX BD DMA limit configurable (Matt Carlson) - tg3: Track LP advertising (Matt Carlson) - tg3: Integrate flowctrl check into AN adv check (Joe Jin) - net: Change mii to ethtool advertisement function names (Matt Carlson) - net: Add ethtool to mii advertisment conversion helpers (Joe Jin) - tg3: fix ipv6 header length computation (Eric Dumazet) - tg3: Break out RSS indir table init and assignment (Matt Carlson) - tg3: Update version to 3.122 (Matt Carlson) - tg3: Return flowctrl config through ethtool (Matt Carlson) - tg3: Save stats across chip resets (Matt Carlson) - tg3: Remove ethtool stats member from dev struct (Matt Carlson) - tg3: Scale back code that modifies MRRS (Matt Carlson) - tg3: Fix TSO CAP for 5704 devs w / ASF enabled (Matt Carlson) - tg3: Add MDI-X reporting (Matt Carlson) - tg3: Restrict large prod ring cap devices (Matt Carlson) - tg3: Adjust BD replenish thresholds (Matt Carlson) - tg3: Make 1000Base-X FC resolution look like 1000T (Matt Carlson) - tg3: Update version to 3.121 (Matt Carlson) - tg3: Eliminate timer race with reset_task (Matt Carlson) - tg3: Schedule at most one tg3_reset_task run (Joe Jin) - tg3: Obtain PCI function number from device (Matt Carlson) - tg3: Fix irq alloc error cleanup path (Matt Carlson) - tg3: Fix 4k skb error recovery path (Matt Carlson) - tg3: Fix 4k tx bd segmentation code (Joe Jin) - tg3: Fix APE mutex init and use (Matt Carlson) - tg3: add tx_dropped counter (Joe Jin) - tg3: fix tigon3_dma_hwbug_workaround() (Eric Dumazet) - tg3: Remove unnecessary driver assignments of ethtool_ringparam fields to zero (Joe Jin) - tg3: Code movement (Matt Carlson) - tg3: Eliminate tg3_halt_cpu() prototype (Matt Carlson) - tg3: Eliminate tg3_write_sig_post_reset() prototype (Matt Carlson) - tg3: Eliminate tg3_stop_fw() prototype (Matt Carlson) - tg3: Remove tp->rx_offset term when unneeded (Matt Carlson) - tg3: Fix missed MSI workaround (Matt Carlson) - tg3: Workaround tagged status update bug (Matt Carlson) - tg3: Add ability to turn off 1shot MSI (Matt Carlson) - tg3: Check all adv bits when checking config (Matt Carlson) - tg3: Update version to 3.120 (Matt Carlson) - tg3: Add external loopback support to selftest (Matt Carlson) - net: add external loopback test in ethtool self test (Amit Kumar Salecha) - tg3: Restructure tg3_test_loopback (Matt Carlson) - tg3: Pull phy int lpbk setup into separate func (Matt Carlson) - tg3: Consilidate MAC loopback code (Matt Carlson) - tg3: Remove dead code (Matt Carlson) - tg3: Remove 5719 jumbo frames and TSO blocks (Matt Carlson) - tg3: Break larger frags into 4k chunks for 5719 (Matt Carlson) - tg3: Add tx BD budgeting code (Matt Carlson) - tg3: Consolidate code that calls tg3_tx_set_bd() (Matt Carlson) - tg3: Add partial fragment unmapping code (Matt Carlson) - tg3: Generalize tg3_skb_error_unmap() (Matt Carlson) - tg3: Remove short DMA check for 1st fragment (Matt Carlson) - tg3: Simplify tx bd assignments (Matt Carlson) - tg3: Reintroduce tg3_tx_ring_info (Matt Carlson) - tg3: Fix NVRAM selftest failures for 5720 devs (Matt Carlson) - tg3: Add more selfboot formats to NVRAM selftest (Matt Carlson) - tg3: Return size from tg3_vpd_readblock() (Matt Carlson) - tg3: Fix RSS indirection table distribution (Matt Carlson) - tg3: Fix link down notify failure when EEE disabled (Matt Carlson) - tg3: Fix link flap at 100Mbps with EEE enabled (Matt Carlson) - tg3: Match power source to driver state (Matt Carlson) - tg3: Add function status reporting (Matt Carlson) - tg3: Create critical section around GPIO toggling (Matt Carlson) - tg3: Determine PCI function number in one place (Matt Carlson) - tg3: Check transitions to D0 power state (Matt Carlson) - tg3: Create funcs for power source switching (Matt Carlson) - tg3: Move power state transitions to init_one (Matt Carlson) - tg3: Detect APE enabled devs earlier (Matt Carlson) - tg3: remove unnecessary read of PCI_CAP_ID_EXP (Jon Mason) - tg3: Migrate phy preprocessor defs to system defs (Matt Carlson) - tg3: Show flowctrl settings through get_settings() (Matt Carlson) - tg3: Remove 4G_DMA_BNDRY_BUG flag (Matt Carlson) - tg3: Remove 40BIT_DMA_LIMIT_BUG (Matt Carlson) - [SCSI] hpsa: use find_first_zero_bit (Akinobu Mita) - [SCSI] hpsa: combine hpsa_scsi_detect and hpsa_register_scsi (Stephen M. Cameron) - [SCSI] hpsa: removed unneeded structure member max_sg_entries and fix badly named constant MAXSGENTRIES (Stephen M. Cameron) - [SCSI] hpsa: fix per device memory leak on driver unload (Stephen M. Cameron) - [SCSI] hpsa: do not sleep in atomic context in rmmod path. (Stephen M. Cameron) - [SCSI] hpsa: fix flush cache transfer length (Stephen M. Cameron) - [SCSI] hpsa: set max sectors instead of taking the default (Stephen M. Cameron) - [SCSI] hpsa: detect controller lockup (Stephen M. Cameron) - [SCSI] hpsa: remove unused busy_initializing and busy_scanning (Stephen M. Cameron) - cciss: fix flush cache transfer length (Stephen M. Cameron) - cciss: auto engage SCSI mid layer at driver load time (Stephen M. Cameron) - The Windows driver .inf disables ASPM on all cciss devices. Do the same. (Matthew Garrett) - cciss: add transport mode attribute to sys (Joe Handzik) - cciss: Adds simple mode functionality (Joseph Handzik) - [SCSI] hpsa: update device attributes when they change (Scott Teel) - [SCSI] hpsa: improve naming on external target device functions (Scott Teel) - [SCSI] hpsa: eliminate 8 external target limitation (Scott Teel) - [SCSI] hpsa: fix potential array overflow in hpsa_update_scsi_devices (Scott Teel) - [SCSI] hpsa: rename HPSA_MAX_SCSI_DEVS_PER_HBA (Scott Teel) - [SCSI] hpsa: refactor hpsa_figure_bus_target_lun (Stephen M. Cameron) - [SCSI] hpsa: make target and lun match what SCSI REPORT LUNs returns (Stephen M. Cameron) - [SCSI] hpsa: Fix problem with MSA2xxx devices (Stephen M. Cameron) - [scsi] hpsa: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (Joe Jin) [2.6.39-200.13.0.el5uek] - drm/i915: fix integer overflow in i915_gem_do_execbuffer() (Xi Wang) [Orabug: 14107456] {CVE-2012-2384} - drm/i915: fix integer overflow in i915_gem_execbuffer2() (Xi Wang) [Orabug: 14107445] {CVE-2012-2383} [2.6.39-200.12.0.el5uek] - Revert 'x86, efi: Pass a minimal map to SetVirtualAddressMap()' (Maxim Uvarov) [Orabug: 14076004] - config: turn on CONFIG_HVC_XEN_FRONTEND (Maxim Uvarov) [Orabug: 14064174] - xen/hvc: Check HVM_PARAM_CONSOLE_[EVTCHN|PFN] for correctness. (Konrad Rzeszutek Wilk) - xen/hvc: Fix error cases around HVM_PARAM_CONSOLE_PFN (Konrad Rzeszutek Wilk) - xen/hvc: Collapse error logic. (Konrad Rzeszutek Wilk) [2.6.39-200.11.0.el5uek] - [dm] do not forward ioctls from logical volumes to the underlying device (Joe Jin) {CVE-2011-4127} - [block] fail SCSI passthrough ioctls on partition devices (Joe Jin) {CVE-2011-4127} - [block] add and use scsi_blk_cmd_ioctl (Joe Jin) [Orabug: 14056755] {CVE-2011-4127} [2.6.39-200.10.0.el5uek] - net: ipv4: relax AF_INET check in bind() (Eric Dumazet) [Orabug: 14054411] - xen-netback: fix the number of skb slots calculation. (Adnan Misherfi) - KVM: Ensure all vcpus are consistent with in-kernel irqchip settings (Avi Kivity) {CVE-2012-1601} - kabi update whitelist for OCFS (Maxim Uvarov) [Orabug: 14055758] [2.6.39-200.9.0.el5uek] - [SCSI] scsi_dh_rdac: Fix for unbalanced reference count (Moger, Babu) [Orabug: 14059970] - [SCSI] scsi_dh_rdac: Adding couple more vendor product ids (Moger, Babu) [Orabug: 14059970] - [SCSI] dh_rdac: Associate HBA and storage in rdac_controller to support partitions in storage (Chandra Seetharaman) [Orabug: 14059970] - [SCSI] dh_rdac: Use WWID from C8 page instead of Subsystem id from C4 page to identify storage (Chandra Seetharaman) [Orabug: 14059970] - kernel config: turn on sxge and sxgevf drivers (Maxim Uvarov) - sxge/sxgevf: add new driver (Maxim Uvarov) [Orabug: 13444150] - be2iscsi: adding functionality to change network settings using iscsiadm (root) - be2iscsi: Adding bsg interface for be2iscsi (root) - be2iscsi: Get Initiator Name for the iSCSI_Host (root) - be2iscsi: Return async handle of unknown opcode to free list. (root) - be2iscsi: Check ASYNC PDU Handle corresponds to HDR/DATA Handle (root) - be2iscsi:Bump the driver Version (root) - be2iscsi: Update in Copyright information (root) - be2iscsi:Fix the function return values. (root) - be2iscsi:Code cleanup, removing the goto statement (root) - be2iscsi:Fix double free of MCCQ info memory. (root) - be2iscsi:Set num_cpu = 1 if pci_enable_msix fails (root) - be2iscsi:Fix typo function name mismatch (root) - be2iscsi:Freeing of WRB and SGL Handle in cleanup task (root) - be2iscsi: WRB Initialization and Failure code path change (root) - be2iscsi: Fix in the Asynchronous Code Path (root) - be2iscsi: cleanup a min_t() call (root) - qlge: driver update to v1.0.0.30 (Maxim Uvarov) [Orabug: 14045380] - netxen: driver update to v4.0.78 (Maxim Uvarov) [Orabug: 14045367] - qlcnic: driver update to v5.0.28.1 (Maxim Uvarov) [Orabug: 14055720] [2.6.39-200.8.0.el5uek] - Revert 'xen-blkfront: set pages are FOREIGN_FRAME when sharing them' (Konrad Rzeszutek Wilk) [2.6.39-200.7.0.el5uek] - Revert 'x86/ioapic: Add register level checks to detect bogus io-apic entries' (Maxim Uvarov) - qla2xxx: Updated the driver version to 8.04.00.03.39.0-k. (Giridhar Malavali) - qla2xxx: Dont attach driver with function. (Giridhar Malavali) - qla2xxx: Proper detection of firmware abort error code for ISP82xx. (Giridhar Malavali) - qla2xxx: Fix typo in bus-reset handler. (Andrew Vasquez) - qla2xxx: Correct link-reset regressions introduced during 83xx porting. (Andrew Vasquez) - qla2xxx: Handle device mapping changes due to device logout. (Arun Easi) - qla2xxx: Avoid invalid request queue dereference for bad response packets. (Arun Easi) - qla2xxx: Stop iteration after first failure in *_id functions. (Arun Easi) - qla2xxx: Fix incorrect register access in qla2x00_start_iocbs(). (Arun Easi) - qla2xxx: Fix to update proper command completion upon command retries. (Andrew Vasquez) - qla2xxx: Hard code the number of loop entries at 128. (Chad Dupuis) - Revert 'qla2xxx: Return N-port id to firmware on logout.' (Giridhar Malavali) - qla2xxx: Reference proper scsi_qla_host structure for processing non-scsi SRB commands. (Giridhar Malavali) - qla2xxx: Fix wrong decrement, null sp access. (Arun Easi) - qla2xxx: Further consolidation of SRB related code changes. (Giridhar Malavali) - qla2xxx: Complete mailbox command timedout to avoid initialization failures during next reset cycle. (Giridhar Malavali) - qla2xxx: Add ha->max_fibre_devices to keep track of the maximum number of targets. (Chad Dupuis) - qla2xxx: Cache swl during fabric discovery. (Andrew Vasquez) - qla2xxx: Remove EDC sysfs interface. (Joe Carnuccio) - qla2xxx: Perform firmware dump procedure on mailbox command timeout. (Chad Dupuis) - qla2xxx: Change the log message when previous dump is available to retrieve for ISP82xx. (Giridhar Malavali) - qla2xxx: Log messages to use correct vha. (Arun Easi) - qla2xxx: Add new message when a new loopid is assigned. (Chad Dupuis) - qla2xxx: Fix ql_dbg arguments. (Arun Easi) - qla2xxx: Use ql_log* #defines in ql_log() and ql_log_pci(). (Chad Dupuis) - qla2xxx: Convert remaining printks to ql_log format. (Chad Dupuis) - qla2xxx: Print mailbox command opcode and return code when a command times out. (Chad Dupuis) - qla2xxx: Remove check for null fcport from host reset handler. (Michael Christie) - qla2xxx: Correct out of bounds read of ISP2200 mailbox registers. (Andrew Vasquez) - qla2xxx: Remove errant clearing of MBX_INTERRUPT flag during CT-IOCB processing. (Andrew Vasquez) - qla2xxx: Reduce mbx-command timeout for Login/Logout requests. (Andrew Vasquez) - qla2xxx: Clear options-flags while issuing stop-firmware mbx command. (Andrew Vasquez) - qla2xxx: Prep zero-length BSG data-transfer requests. (Andrew Vasquez) - qla2xxx: Perform implicit logout during rport tear-down. (Andrew Vasquez) - qla2xxx: Return N-port id to firmware on logout. (Joe Carnuccio) - qla2xxx: Handle failure cases during fabric_login (Chad Dupuis) - qla2xxx: Increase speed of flash access in ISP82xx adapters to improve firmware load speed. (Chad Dupuis) - qla2xxx: Handle change notifications based on switch scan results. (Arun Easi) - qla2xxx: Correct print format for edc ql_log() calls. (Joe Carnuccio) - qla2xxx: Use consistent DL mask for ELS/CT passthru requests. (Andrew Vasquez) - qla2xxx: Consolidation of SRB processing. (Giridhar Malavali) - qla2xxx: Use proper VPD/NVRAM regions with ISP8031 parts. (Andrew Vasquez) - qla2xxx: Remove ql2xfwloadbin assignment to 0. (Chad Dupuis) - qla2xxx: Call MPI reset for 81xx adapters only. (Andrew Vasquez) - qla2xxx: Driver need to do HotReset instead of FundamentalReset for ISP83XX (Andrew Vasquez) - qla2xxx: Use default semantic for firmware load. (Saurav Kashyap) - qla2xxx: Enhancements to support ISP83xx. (Giridhar Malavali) - qla2xxx: Enhanced the dump routines to capture multiple request and response queues. (Giridhar Malavali) - qla2xxx: Update the driver version to 8.03.07.13.39.0-k. (Saurav Kashyap) - qla2xxx: Fixed typos and misc issues. (Saurav Kashyap) - qla2xxx: Fix byte swapping in IPE print statement. (Chad Dupuis) - qla2xxx: Add an 'is reset active' helper. (Andrew Vasquez) - qla2xxx: Disable generating pause frames when firmware hang detected for ISP82xx. (Giridhar Malavali) - qla2xxx: Use a valid enode-mac if none defined. (Andrew Vasquez) - qla2xxx: Remove resetting memory during device initialization for ISP82xx. (Shyam Sundar) - qla2xxx: Propagate up abort failures. (Arun Easi) - qla2xxx: Add check for null fcport references in qla2xxx_queuecommand. (Chad Dupuis) - [mpt2sas] Bump driver vesion to 13.100.00.00 (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] fix NULL pointer at ioc->pfacts (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] A hard drive is going OFFLINE when there is a hard reset issued and simultaneously another hard drive is hot unplugged (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] Set the phy identifier of the end device to to the phy number of the parent device it is linked to (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] While enabling phy, read the current port number from sas iounit page 0 instead of page 1 (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] Fix several endian issues found by runing sparse (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] Modify the source code as per the findings reported by the source code analysis tool (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] Improvement were made to better protect the sas_device, raid_device, and expander_device lists (Nagalakshmi Nandigama) - [mpt2sas] Perform Target Reset instead of HBA reset when a SATA_PASSTHROUGH cmd timeout happens (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] Added multisegment mode support for Linux BSG Driver (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] remove the global mutex (Nagalakshmi Nandigama) [Orabug: 14040678] - [mpt2sas] MPI next revision header update (Nagalakshmi Nandigama) [Orabug: 14040678] - Update lpfc version for 8.3.5.68.4p driver release (Vaios Papadimitriou) - Fix bug with mailbox handling of REG_VFI and cable pull (CR 127762) (Vaios Papadimitriou) - Use PCI configure space read to flush PCI function reset register write to avoid MMIO issues (CR 128101) (Vaios Papadimitriou) - Fixed system panic when extents enabled with large number of small blocks (CR 128010) (Vaios Papadimitriou) - Fixed the system panic during EEH recovery (CR 127062) (Vaios Papadimitriou) - Fix resource leak when acc fails for received plogi (CR 127847) (Vaios Papadimitriou) - Fixed SLI4 driver module load and unload test in a loop crashes the system (CR 126397) (Vaios Papadimitriou) - Fixed missing CVL event causing round-robin FCF failover process to stop (CR 123367) (Vaios Papadimitriou) - Fix deadlock during adapter offline request (CR 127217) (Vaios Papadimitriou) - Fix same RPI registered multiple times after HBA reset (CR 127176) (Vaios Papadimitriou) - Fix driver handling of XRI Aborted CQE response (CR 127345) (Vaios Papadimitriou) - Fixed port and system failure in handling SLI4 FC port function reset (CR 126551) (Vaios Papadimitriou) - Fix bug with driver not sending a LOGO with vport delete (CR 126625) (Vaios Papadimitriou) - Fix for SLI4 Port delivery for BLS ABORT ACC (CR 126289) (Vaios Papadimitriou) - Fix ndlp nodelist not empty wait timeout during driver unloading (CR 127052) (Vaios Papadimitriou) - Fix mailbox and vpi memory leaks (CR 126818) (Vaios Papadimitriou) - Fix management communication issues by creating character device to take a reference on the driver (CR 126082) (Vaios Papadimitriou) - Fix for FDISC failures after firmware reset or link bounce (CR 126779) (Vaios Papadimitriou) - Fix for driver using duplicate RPIs after LPe16000 port reset (CR 126723) (Vaios Papadimitriou) - Fix discovery problem when in pt2pt (CR 126887) (Vaios Papadimitriou) - Fixed failure in handling large CQ/EQ identifiers in an IOV environment (CR 126856) (Vaios Papadimitriou) - Fix Locking code raising IRQ twice (Vaios Papadimitriou) - Fix driver not returning when bad ndlp found in abts error event handling (CR 126209) (Vaios Papadimitriou) - Fix bug with driver returning the wrong ndlp (CR 125743) (Vaios Papadimitriou) - Fix driver behavior when receiving an ADISC (CR 126654) (Vaios Papadimitriou) - Fix bug with driver processing dump command type 4 using 16Gb FC Adapter (CR 126406) (Vaios Papadimitriou) - Fix driver does not reset port when reset is needed during fw_dump (CR 125807) (Vaios Papadimitriou) - Fix ELS FDISC failing with local reject / invalid RPI (CR 126350) (Vaios Papadimitriou) - Fix SLI4 FC port internal loopback (CR 126409) (Vaios Papadimitriou) - Fix REG_RPI fails on SLI4 HBA putting NPort into NPR state (CR 126230) (Vaios Papadimitriou) - Fix bug with driver processing an els command using 16Gb FC Adapter (CR 126345) (Vaios Papadimitriou) - Fix NMI seen due to CQE starvation (CR 126149) (Vaios Papadimitriou) - Fixed SLI4 FC port obtained link type and number dependent on link connection (CR 126264) (Vaios Papadimitriou) - Fixed SLI4 FC port internal loopback without SFP and external link/loopback plug (CR 125843) (Vaios Papadimitriou) - Fix driver incorrectly building fcpCdb during scsi command prep (CR 126209) (Vaios Papadimitriou) - be2net: make be_vlan_add_vid() void (Maxim Uvarov) - be2net: Record receive queue index in skb to aid RPS. (Somnath Kotur) - be2net: Fix FW download for BE (Padmanabh Ratnakar) - be2net: Fix traffic stall INTx mode (Padmanabh Ratnakar) - be2net: fix ethtool get settings (Ajit Khaparde) - be2net: fix programming of VLAN tags for VF (Ajit Khaparde) - be2net: reset queue address after freeing (Sathya Perla) - be2net: fix tx completion cleanup (Sathya Perla) - be2net: refactor/cleanup vf configuration code (Maxim Uvarov) - be2net: event queue re-design (Maxim Uvarov) - be2net: update the driver version (Sarveshwar Bandi) - be2net: Fix EEH error reset before a flash dump completes (Somnath Kotur) - be2net: Ignore status of some ioctls during driver load (Ajit Khaparde) - be2net: Fix wrong status getting returned for MCC commands (Padmanabh Ratnakar) - be2net: Fix Lancer statistics (Padmanabh Ratnakar) - be2net: Fix ethtool self test for Lancer (Padmanabh Ratnakar) - be2net: Fix FW download in Lancer (Padmanabh Ratnakar) - be2net: Fix VLAN/multicast packet reception (Padmanabh Ratnakar) - be2net: Fix number of vlan slots in flex mode (Ajit Khaparde) - be2net: enable WOL by default if h/w supports it (Ajit Khaparde) - be2net: Remove unused OFFSET_IN_PAGE() macro (Roland Dreier) - be2net: enable RSS for ipv6 pkts (Sathya Perla) - be2net: Use new implementation of get mac list command (Padmanabh Ratnakar) - be2net: Fix link status query command (Padmanabh Ratnakar) - ethtool: Null-terminate filename passed to ethtool_ops::flash_device (Ben Hutchings) - be2net: add descriptions for stat counters reported via ethtool (Sathya Perla) - be2net: allocate more headroom in incoming skbs (Eric Dumazet) - netdev: make net_device_ops const (stephen hemminger) - be2net: fix be_vlan_add/rem_vid (Ajit Khaparde) - be2net: Fix INTx processing for Lancer (Padmanabh Ratnakar) - be2net: Add support for Skyhawk cards (Ajit Khaparde) - be2net: fix ethtool ringparam reporting (Sathya Perla) - be2net: workaround to fix a bug in BE (Ajit Khaparde) - be2net: update some counters to display via ethtool (Ajit Khaparde) - net: make vlan ndo_vlan_rx_[add/kill]_vid return error value (Jiri Pirko) - be2net: netpoll support (Ivan Vecera) - xen/pci: dont use PCI BIOS service for configuration space accesses (David Vrabel) - xen/Kconfig: fix Kconfig layout (Andrew Morton) - xen/pte: Fix crashes when trying to see non-existent PGD/PMD/PUD/PTEs (Konrad Rzeszutek Wilk) - xen/apic: Return the APIC ID (and version) for CPU 0. (Konrad Rzeszutek Wilk) - drivers/video/xen-fbfront.c: add missing cleanup code (Julia Lawall) - xen/x86: Workaround 'x86/ioapic: Add register level checks to detect bogus io-apic entries' (Konrad Rzeszutek Wilk) - xen/acpi: Workaround broken BIOSes exporting non-existing C-states. (Konrad Rzeszutek Wilk) - xen/enlighten: Disable MWAIT_LEAF so that acpi-pad wont be loaded. (Konrad Rzeszutek Wilk) - drivers/video/xen-fbfront.c: add missing cleanup code (Julia Lawall) - xen: correctly check for pending events when restoring irq flags (David Vrabel) - xen/smp: Fix crash when booting with ACPI hotplug CPUs. (Konrad Rzeszutek Wilk) - xen: use the pirq number to check the pirq_eoi_map (Stefano Stabellini) [2.6.39-200.6.0.el5uek] - [USB] cdc-acm: Increase number of devices to 64 (Joe Jin) [Orabug: 13693812] - git-changelog: generate date entry (Maxim Uvarov) - [scsi] hpsa: Remove some PCI IDs if for OL5. (Joe Jin) - [block] cciss: fix incorrect PCI IDs and add two new ones (Joe Jin) - [scsi] hpsa: add some older controllers to the kdump blacklist (Joe Jin) - [block] cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (Joe Jin) - [block] cciss: add some older controllers to the kdump blacklist (Joe Jin) [2.6.39-200.5.0.el5uek] - be2net: query link status in be_open() (Sarveshwar Bandi) [Orabug: 13231] [2.6.39-200.4.0.el5uek] - Revert 'xen/p2m: m2p_find_override: use list_for_each_entry_safe' (Konrad Rzeszutek Wilk) - xen/blkback: Fix warning error. (Konrad Rzeszutek Wilk) - xen/blkback: Make optional features be really optional. (Konrad Rzeszutek Wilk) - xen-blkfront: module exit handling adjustments (Jan Beulich) - xen-blkfront: properly name all devices (Jan Beulich) - xen-blkfront: set pages are FOREIGN_FRAME when sharing them (Stefano Stabellini) - xen: EXPORT_SYMBOL set_phys_to_machine (Stefano Stabellini) - xen-blkfront: make blkif_io_lock spinlock per-device (Steven Noonan) - xen/blkfront: dont put bdev right after getting it (Andrew Jones) - xen-blkfront: use bitmap_set() and bitmap_clear() (Akinobu Mita) - xen/blkback: Enable blkback on HVM guests (Daniel De Graaf) - xen/blkback: use grant-table.c hypercall wrappers (Daniel De Graaf) - xen/p2m: m2p_find_override: use list_for_each_entry_safe (Stefano Stabellini) - xen/gntdev: do not set VM_PFNMAP (Stefano Stabellini) - xen/grant-table: add error-handling code on failure of gnttab_resume (Julia Lawall) - xen: only check xen_platform_pci_unplug if hvm (Igor Mammedov) - xen: initialize platform-pci even if xen_emul_unplug=never (Igor Mammedov) - xen kconfig: relax INPUT_XEN_KBDDEV_FRONTEND deps (Andrew Jones) - xen: support pirq_eoi_map (Stefano Stabellini) - xen/smp: Remove unnecessary call to smp_processor_id() (Srivatsa S. Bhat) - xen/smp: Fix bringup bug in AP code. (Konrad Rzeszutek Wilk) - xen/tmem: cleanup (Jan Beulich) - xen: constify all instances of 'struct attribute_group' (Jan Beulich) - xen/xenbus: ignore console/0 (Stefano Stabellini) - hvc_xen: introduce HVC_XEN_FRONTEND (Stefano Stabellini) - hvc_xen: implement multiconsole support (Stefano Stabellini) - hvc_xen: support PV on HVM consoles (Stefano Stabellini) - xen: use this_cpu_xxx replace percpu_xxx funcs (Alex Shi) - xenbus: dont free other end details too early (Jan Beulich) - xen/resume: Fix compile warnings. (Konrad Rzeszutek Wilk) - xen/xenbus: Add quirk to deal with misconfigured backends. (Konrad Rzeszutek Wilk) - xenbus: address compiler warnings (Jan Beulich) - xen/pcifront: avoid pci_frontend_enable_msix() falsely returning success (Jan Beulich) - xen/pciback: fix XEN_PCI_OP_enable_msix result (Jan Beulich) - xen/pciback: Support pci_reset_function, aka FLR or D3 support. (Konrad Rzeszutek Wilk) - PCI: Introduce __pci_reset_function_locked to be used when holding device_lock. (Konrad Rzeszutek Wilk) - xen/acpi: Fix Kconfig dependency on CPU_FREQ (Konrad Rzeszutek Wilk) - xen/acpi-processor: Do not depend on CPU frequency scaling drivers. (Konrad Rzeszutek Wilk) - xen/cpufreq: Disable the cpu frequency scaling drivers from loading. (Konrad Rzeszutek Wilk) - provide disable_cpufreq() function to disable the API. (Konrad Rzeszutek Wilk) - xen-netback: make ops structs const (stephen hemminger) - netback: fix typo in comment (Wei Liu) - netback: remove redundant assignment (Wei Liu) - netback: Fix alert message. (Wei Liu) - xen-netback: use correct index for invalidation in xen_netbk_tx_check_gop() (Jan Beulich) - net: xen-netback: correctly restart Tx after a VM restore/migrate (David Vrabel) - xen/netback: Add module alias for autoloading (Bastian Blank) [2.6.39-200.3.0.el5uek] - loop: loop_thread needs to set the PF_LESS_THROTTLE flag (Dave Kleikamp) - iov_iter: missing assignment of ii_bvec_ops.ii_shorten (Dave Kleikamp) [2.6.39-200.2.0.el5uek] - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) {CVE-2012-1097} - regset: Prevent null pointer reference on readonly regsets (H. Peter Anvin) {CVE-2012-1097} - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) {CVE-2012-1090} - git-changelog: add brackets around cve (Maxim Uvarov) - git-changelog: parse Oracle bug (Maxim Uvarov) - NFSv4: Save the owner/group name string when doing open (Trond Myklebust) [Oracle bug: 13842440 (from 13459986)] - ext4: flush any pending end_io requests before DIO reads w/dioread_nolock (Jiaying Zhang) - NFSv4: Return the delegation if the server returns NFS4ERR_OPENMODE (Trond Myklebust) - NFS: Properly handle the case where the delegation is revoked (Trond Myklebust) - nfsd: dont allow zero length strings in cache_parse() (Dan Carpenter) - x86, tls: Off by one limit check (Dan Carpenter) - x86, tsc: Skip refined tsc calibration on systems with reliable TSC (Alok Kataria) - lockd: fix arg parsing for grace_period and timeout. (NeilBrown) - xfrm: Access the replay notify functions via the registered callbacks (Steffen Klassert) - Remove printk from rds_sendmsg (Dave Jones) - net: fix napi_reuse_skb() skb reserve (Eric Dumazet) - net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() (Eric Dumazet) - Fix pppol2tp getsockname() (Benjamin LaHaise) - slub: Do not hold slub_lock when calling sysfs_slab_add() (Christoph Lameter) - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (Jan Kara) - dm exception store: fix init error path (Andrei Warkentin) - dm crypt: add missing error handling (Mikulas Patocka) - dm crypt: fix mempool deadlock (Mikulas Patocka) - vfs: fix d_ancestor() case in d_materialize_unique (Michel Lespinasse) - udf: Fix deadlock in udf_release_file() (Jan Kara) - ext4: check for zero length extent (Theodore Tso) - ext4: ignore EXT4_INODE_JOURNAL_DATA flag with delalloc (Lukas Czerner) - jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) - e1000e: Avoid wrong check on TX hang (Jeff Kirsher) - hwmon: (fam15h_power) Correct sign extension of running_avg_capture (Andreas Herrmann) - proc-ns: use d_set_d_op() API to set dentry ops in proc_ns_instantiate(). (Pravin B Shelar) - x86-32: Fix endless loop when processing signals for kernel tasks (Dmitry Adamushko) - usbnet: dont clear urb->dev in tx_complete (tom.leiming) - SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up() (Trond Myklebust) - cifs: fix issue mounting of DFS ROOT when redirecting from one domain controller to the next (Jeff Layton) - xfs: fix inode lookup race (Dave Chinner) - firewire: ohci: fix too-early completion of IR multichannel buffers (Clemens Ladisch) - pata_legacy: correctly mask recovery field for HT6560B (Sergei Shtylyov) - target: Fix 16-bit target ports for SET TARGET PORT GROUPS emulation (Roland Dreier) - target: Dont set WBUS16 or SYNC bits in INQUIRY response (Roland Dreier) - md/raid1,raid10: avoid deadlock during resync/recovery. (NeilBrown) - md/bitmap: ensure to load bitmap when creating via sysfs. (NeilBrown) - tcm_fc: Fix fc_exch memory leak in ft_send_resp_status (Nicholas Bellinger) - hugetlbfs: avoid taking i_mutex from hugetlbfs_read() (Aneesh Kumar K.V) - bootmem/sparsemem: remove limit constraint in alloc_bootmem_section (Nishanth Aravamudan) - mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) {CVE-2012-1179} - x86/ioapic: Add register level checks to detect bogus io-apic entries (Suresh Siddha) - rtc: Disable the alarm in the hardware (v2) (Rabin Vincent) - genirq: Fix incorrect check for forced IRQ thread handler (Alexander Gordeev) - genirq: Fix long-term regression in genirq irq_set_irq_type() handling (Russell King) - uevent: send events in correct order according to seqnum (v3) (Andrew Vagin) - ntp: Fix integer overflow when setting time (Sasha Levin) - math: Introduce div64_long (Sasha Levin) - sysfs: Fix memory leak in sysfs_sd_setsecdata(). (Masami Ichikawa) - futex: Cover all PI opcodes with cmpxchg enabled check (Thomas Gleixner) - usb: musb: Reselect index reg in interrupt context (Supriya Karanth) - USB: ftdi_sio: fix problem when the manufacture is a NULL string (Greg Kroah- Hartman) [2.6.39-200.0.15.el5uek] - directio: account for extra page IOs for unaligned request (Dave Kleikamp) [Orabug: 13916031] [2.6.39-200.0.14.el5uek] - update kabi (Maxim Uvarov) - adjust kernel configs (Maxim Uvarov) - usb: fix number of mapped SG DMA entries (Clemens Ladisch) - svcrpc: destroy server sockets all at once (J. Bruce Fields) - PCI: Rework ASPM disable code (Matthew Garrett) - net: fix NULL dereferences in check_peer_redir() (Eric Dumazet) - lib: proportion: lower PROP_MAX_SHIFT to 32 on 64-bit kernel (Wu Fengguang) - writeback: fix dereferencing NULL bdi->dev on trace_writeback_queue (Wu Fengguang) - net: Make qdisc_skb_cb upper size bound explicit. (David S. Miller) - ipv4: Save nexthop address of LSRR/SSRR option to IPCB. (Maxim Uvarov) - compat: use sys_sendfile64() implementation for sendfile syscall (Chris Metcalf) - ext4: implement ext4_file_write_iter (Dave Kleikamp) [2.6.39-200.0.13.el5uek] - fix git merge: vlan: allow nested vlan_do_receive() (Maxim Uvarov) - SPEC: update and turn on kabi (Maxim Uvarov) [2.6.39-200.0.12.el5uek] - remove unused mutex hpidebuglock (Maxim Uvarov) - add hxge-1.3.3 driver (Maxim Uvarov) [2.6.39-200.0.11.el5uek] - vlan: allow nested vlan_do_receive() (Maxim Uvarov) - net: allow vlan traffic to be received under bond (John Fastabend) - net: vlan: goto another_round instead of calling __netif_receive_skb (Jiri Pirko) [2.6.39-200.0.10.el5uek] - ocfs2/cluster: Fix output in file elapsed_time_in_ms (Sunil Mushran) [2.6.39-200.0.9.el5uek] - Revert 'loop: increase default number of loop devices to 512' (Maxim Uvarov) - Revert 'loop: set default number of loop devices to 200' (Maxim Uvarov) - ocfs2/dlm: dlmlock_remote() needs to account for remastery (Sunil Mushran) - ocfs2/dlm: Take inflight reference count for remotely mastered resources too (Maxim Uvarov) - ocfs2/dlm: Clean up refmap helpers (Maxim Uvarov) - ocfs2/dlm: Cleanup dlm_wait_for_node_death() and dlm_wait_for_node_recovery() (Sunil Mushran) - ocfs2/dlm: Cleanup up dlm_finish_local_lockres_recovery() (Sunil Mushran) - ocfs2/dlm: Trace insert/remove of resource to/from hash (Sunil Mushran) - ocfs2/dlm: Clean up messages in o2dlm (Sunil Mushran) - ocfs2/cluster: Cluster up now includes network connections too (Sunil Mushran) - ocfs2/cluster: Clean up messages in o2net (Sunil Mushran) - ocfs2/cluster: Abort heartbeat start on hard-ro devices (Sunil Mushran) [2.6.39-200.0.8.el5uek] - loop: set default number of loop devices to 200 (Maxim Uvarov) - SPEC OL5: fix xen support (Maxim Uvarov) [2.6.39-200.0.6.el5uek] - ocfs2: Rollback commit ea455f8ab68338ba69f5d3362b342c115bea8e13 (Sunil Mushran) [orabug: 13555276] - ocfs2: Rollback commit f7b1aa69be138ad9d7d3f31fa56f4c9407f56b6a (Sunil Mushran) [orabug: 13555276] - ocfs2: Rollback commit 5fd131893793567c361ae64cbeb28a2a753bbe35 (Sunil Mushran) [orabug: 13555276] - ocfs2/cluster: Fix o2net_fill_node_map() (Sunil Mushran) - ocfs2/cluster: Add new function o2net_fill_node_map() (Sunil Mushran) - ocfs2: Tighten free bit calculation in the global bitmap (Sunil Mushran) - ocfs2/trivial: Limit unaligned aio+dio write messages to once per day (Sunil Mushran) - btrfs: btrfs_direct_IO_bvec() needs to check for sector alignment (Dave Kleikamp) - loop: increase default number of loop devices to 512 (Dave Kleikamp) - xen/merge error: Re-introduce xen-platform-pci driver. (Konrad Rzeszutek Wilk) - x86/PCI: reduce severity of host bridge window conflict warnings (Bjorn Helgaas) - xen/acpi: Remove the WARNs as they just create noise. (Konrad Rzeszutek Wilk) [2.6.39-200.0.5.el5uek] - btrfs: create btrfs_file_write_iter() (Dave Kleikamp) [2.6.39-200.0.4.el5uek] - ocfs2/trivial: Print message indicating unaligned aio+dio write (Sunil Mushran) - ocfs2: Avoid livelock in ocfs2_readpage() (Jan Kara) - ocfs2: serialize unaligned aio (Mark Fasheh) - ocfs2: null deref on allocation error (Dan Carpenter) - ocfs2: Bugfix for hard readonly mount (Tiger Yang) [2.6.39-200.0.3.el5uek] - xen/blkback: Disable DISCARD support for loopback device (but leave for phy). (Konrad Rzeszutek Wilk) - block: fix patch import error in max_discard_sectors check (Jens Axboe) - block: eliminate potential for infinite loop in blkdev_issue_discard (Mike Snitzer) - config: Use the xen-acpi-processor instead of the cpufreq-xen driver. (Konrad Rzeszutek Wilk) - xen/acpi-processor: C and P-state driver that uploads said data to hypervisor. (Konrad Rzeszutek Wilk) - Revert 'Merge branch 'stable/cpufreq-xen.v6.rebased' into uek2-merge' (Konrad Rzeszutek Wilk) [2.6.39-200.0.2.el5uek] - xen: make page table walk hugepages aware (Dave McCracken) [Orabug: 13719997] - x86/PCI: Preserve existing pci=bfsort whitelist for Dell systems (Narendra_K) [2.6.39-200.0.1.el5uek] - disable kabicheck for uek2 update 1 beta - nfs: only dirty user pages in direct read code (Dave Kleikamp) - config: Enable Xens PV USB, SCSI, MCE and Xen CPU freq driver (Konrad Rzeszutek Wilk) - [CPUFREQ] xen: governor for Xen hypervisor frequency scaling. (Konrad Rzeszutek Wilk) - xen/enlighten: Expose MWAIT and MWAIT_LEAF if hypervisor OKs it. (Konrad Rzeszutek Wilk) - Revert 'Merge branch 'stable/processor-passthru.v5.rebased' into uek2-merge' (Konrad Rzeszutek Wilk) - xen/processor-passthru: threads arent suppose to leave on their own. (Konrad Rzeszutek Wilk) - config: Enable Xens PV USB, SCSI, MCE and Processor-Passthru (Konrad Rzeszutek Wilk) - Xen: Export host physical CPU information to dom0 (Liu Jinsong) - xen/mce: Change the machine check point (Liu Jinsong) - Add mcelog support from xen platform (Liu Jinsong) - usb: xen pvusb driver (Nathanael Rensen) - xen/processor-passthru: Provide an driver that passes struct acpi_processor data to the hypervisor. (Konrad Rzeszutek Wilk) - xen/enlighten: Expose MWAIT and MWAIT_LEAF if hypervisor OKs it. (Konrad Rzeszutek Wilk) - xen/setup/pm/acpi: Remove the call to boot_option_idle_override. (Konrad Rzeszutek Wilk) - xen/acpi: Domain0 acpi parser related platform hypercall (Yu Ke) - xen/pm_idle: Make pm_idle be default_idle under Xen. (Konrad Rzeszutek Wilk) - cpuidle: stop depending on pm_idle (Len Brown) - cpuidle: replace xen access to x86 pm_idle and default_idle (Len Brown) - cpuidle: create bootparam 'cpuidle.off=1' (Len Brown) - Revert 'Merge branch 'stable/acpi-cpufreq.v3.rebased' into uek2-merge' (Konrad Rzeszutek Wilk) - x86/microcode: check proper return code. (Ben Guthro) - xen: add CPU microcode update driver (Jeremy Fitzhardinge) - xen: add dom0_op hypercall (Jeremy Fitzhardinge) - xen/acpi: Domain0 acpi parser related platform hypercall (Yu Ke) - nfs: add support for read_iter, write_iter (Dave Kleikamp) - xenbus_dev: add missing error check to watch handling (Jan Beulich) - xen/pci[front|back]: Use %d instead of %1x for displaying PCI devfn. (Konrad Rzeszutek Wilk) - xen pvhvm: do not remap pirqs onto evtchns if !xen_have_vector_callback (Stefano Stabellini) - xen/smp: Fix CPU online/offline bug triggering a BUG: scheduling while atomic. (Konrad Rzeszutek Wilk) - xen/bootup: During bootup suppress XENBUS: Unable to read cpu state (Konrad Rzeszutek Wilk) - Merge conflict resolved. Somehow the letter 's' slipped in the Makefile. This fixes the compile issues. (Konrad Rzeszutek Wilk) - xen/events: BUG() when we cant allocate our event->irq array. (Konrad Rzeszutek Wilk) - xen/granttable: Disable grant v2 for HVM domains. (Konrad Rzeszutek Wilk) - xen-blkfront: Use kcalloc instead of kzalloc to allocate array (Thomas Meyer) - xen/pciback: Expand the warning message to include domain id. (Konrad Rzeszutek Wilk) - xen/pciback: Fix 'device has been assigned to X domain!' warning (Konrad Rzeszutek Wilk) - xen/xenbus: dont reimplement kvasprintf via a fixed size buffer (Ian Campbell) - xenbus: maximum buffer size is XENSTORE_PAYLOAD_MAX (Ian Campbell) - xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. (Ian Campbell) - Xen: consolidate and simplify struct xenbus_driver instantiation (Jan Beulich) - xen-gntalloc: introduce missing kfree (Julia Lawall) - xen/xenbus: Fix compile error - missing header for xen_initial_domain() (Konrad Rzeszutek Wilk) - xen/netback: Enable netback on HVM guests (Daniel De Graaf) - xen/grant-table: Support mappings required by blkback (Daniel De Graaf) - xenbus: Use grant-table wrapper functions (Daniel De Graaf) - xenbus: Support HVM backends (Daniel De Graaf) - xen/xenbus-frontend: Fix compile error with randconfig (Konrad Rzeszutek Wilk) - xen/xenbus-frontend: Make error message more clear (Bastian Blank) - xen/privcmd: Remove unused support for arch specific privcmp mmap (Bastian Blank) - xen: Add xenbus_backend device (Bastian Blank) - xen: Add xenbus device driver (Bastian Blank) - xen: Add privcmd device driver (Bastian Blank) - xen/gntalloc: fix reference counts on multi-page mappings (Daniel De Graaf) - xen/gntalloc: release grant references on page free (Daniel De Graaf) - xen/events: prevent calling evtchn_get on invalid channels (Daniel De Graaf) - xen/granttable: Support transitive grants (Annie Li) - xen/granttable: Support sub-page grants (Annie Li) - xen/granttable: Improve comments for function pointers (Annie Li) - xen/ia64: fix build breakage because of conflicting u64 guest handles (Tony Luck) - xen/granttable: Keep code format clean (Annie Li) - xen/granttable: Grant tables V2 implementation (Annie Li) - xen/granttable: Refactor some code (Annie Li) - xen/granttable: Introducing grant table V2 stucture (Annie Li) - Xen: update MAINTAINER info (Jeremy Fitzhardinge) - xen/event: Add reference counting to event channels (Daniel De Graaf) - xen/gnt{dev,alloc}: reserve event channels for notify (Daniel De Graaf) - xen/gntalloc: Change gref_lock to a mutex (Daniel De Graaf) - xen: document backend sysfs files (David Vrabel) - xen: document balloon driver sysfs files (David Vrabel) - btrfs: add support for read_iter, write_iter, and direct_IO_bvec (Dave Kleikamp) - ext4: add support for read_iter, write_iter, and direct_IO_bvec (Dave Kleikamp) - ocfs2: add support for read_iter, write_iter, and direct_IO_bvec (Dave Kleikamp) - ext3: add support for .read_iter and .write_iter (Dave Kleikamp) - bio: add bvec_length(), like iov_length() (Dave Kleikamp) - aio: add aio support for iov_iter arguments (Zach Brown) - aio: add aio_kernel_() interface (Dave Kleikamp) - fs: pull iov_iter use higher up the stack (Dave Kleikamp) - dio: add __blockdev_direct_IO_bdev() (Dave Kleikamp) - dio: add dio_post_submission() helper function (Dave Kleikamp) - dio: add dio_lock_and_flush() helper (Dave Kleikamp) - dio: add sdio_init() helper function (Dave Kleikamp) - dio: add dio_alloc_init() helper function (Dave Kleikamp) - dio: create a dio_aligned() helper function (Zach Brown) - iov_iter: let callers extract iovecs and bio_vecs (Zach Brown) - iov_iter: add a shorten call (Zach Brown) - iov_iter: add bvec support (Zach Brown) - iov_iter: hide iovec details behind ops function pointers (Zach Brown) - fuse: convert fuse to use iov_iter_copy_[to|from]_user (Dave Kleikamp) - iov_iter: add copy_to_user support (Zach Brown) - iov_iter: move into its own file (Zach Brown) - xen/scsi[front|back]: consolidate and simplify struct xenbus_driver instantiation (Konrad Rzeszutek Wilk) - xen/scsiback: allow RESERVE/RELEASE commands (James Harper) - xen/scsiback: vscsi >2TB patch (Samuel Kvasnica) - xen-scsi[front|back]: Fix warnings and bugs. (Konrad Rzeszutek Wilk) - xen/scsi[front|back]: Forgot .owner attribute. (Konrad Rzeszutek Wilk) - xen/scsi[front|back]: Initial commit from Novell SLES11SP1 2.6.32 tree. (Konrad Rzeszutek Wilk) - xen/pci:use hypercall PHYSDEVOP_restore_msi_ext to restore MSI/MSI-X vectors (Liang Tang) - xen/acpi/sleep: Register to the acpi_suspend_lowlevel a callback. (Konrad Rzeszutek Wilk) - xen/acpi/sleep: Enable ACPI sleep via the __acpi_override_sleep (Konrad Rzeszutek Wilk) - xen/acpi: Domain0 acpi parser related platform hypercall (Yu Ke) - xen: Utilize the restore_msi_irqs hook. (Konrad Rzeszutek Wilk) - x86/acpi/sleep: Provide registration for acpi_suspend_lowlevel. (Liang Tang) - x86, acpi, tboot: Have a ACPI sleep override instead of calling tboot_sleep. (Konrad Rzeszutek Wilk) - x86: Expand the x86_msi_ops to have a restore MSIs. (Konrad Rzeszutek Wilk) IMPORTANT Copyright 2012 Oracle, Inc. cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_base cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-200.29.2] - epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375} - Don't limit non-nested epoll paths (Jason Baron) - epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083} - epoll: limit paths (Jason Baron) {CVE-2011-1083} - cred: copy_process() should clear child->replacement_session_keyring (Oleg Nesterov) {CVE-2012-2745} IMPORTANT Copyright 2012 Oracle, Inc. cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.29.2] - epoll: epoll_wait() should not use timespec_add_ns() (Eric Dumazet) - epoll: clear the tfile_check_list on -ELOOP (Joe Jin) {CVE-2012-3375} - Don't limit non-nested epoll paths (Jason Baron) - epoll: kabi fixups for epoll limit wakeup paths (Joe Jin) {CVE-2011-1083} - epoll: limit paths (Jason Baron) {CVE-2011-1083} - eventpoll: fix comment typo 'evenpoll' (Paul Bolle) - epoll: fix compiler warning and optimize the non-blocking path (Shawn Bohrer) - epoll: move ready event check into proper inline (Davide Libenzi) - epoll: make epoll_wait() use the hrtimer range feature (Shawn Bohrer) - select: rename estimate_accuracy() to select_estimate_accuracy() (Andrew Morton) - cred: copy_process() should clear child->replacement_session_keyring (Oleg Nesterov) {CVE-2012-2745} IMPORTANT Copyright 2012 Oracle, Inc. CVE-2011-1083 CVE-2012-2745 CVE-2012-3375 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-200.32.1] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14680245] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14680284] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14680018] {CVE-2012-3430} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2390 CVE-2012-2313 CVE-2012-3430 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.32.3] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2313 CVE-2012-3430 CVE-2012-2390 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.37.1.] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} [2.6.32-300.36.1.] - dl2k: Clean up rio_ioctl (Stephan Mueller) [Orabug: 14675306] {CVE-2012-2313} - hugetlb: fix resv_map leak in error path (Christoph Lameter) [Orabug: 14676403] {CVE-2012-2390} - rds: set correct msg_namelen (Jay Fenlason) [Orabug: 14676504] {CVE-2012-3430} [2.6.32-300.35.1.] - oracleasm: Bring driver in sync with UEK2 (Martin K. Petersen) - Fix system hang due to bad protection module parameters (CR 130769) (Martin K. Petersen) - sd: Avoid remapping bad reference tags (Martin K. Petersen) - block: Fix bad range check in bio_sector_offset (Martin K. Petersen) [2.6.32-300.34.1.] - htrimer: fix kabi breakage (Joe Jin) - 2.6.32.x: timekeeping: Add missing update call in timekeeping_resume() (Thomas Gleixner) - 2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt (John Stultz) - 2.6.32.x: timekeeping: Provide hrtimer update function (Thomas Gleixner) - 2.6.32.x: hrtimers: Move lock held region in hrtimer_interrupt() (Thomas Gleixner) - 2.6.32.x: timekeeping: Maintain ktime_t based offsets for hrtimers (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix leapsecond triggered load spike issue (John Stultz) - 2.6.32.x: hrtimer: Provide clock_was_set_delayed() (John Stultz) - 2.6.32.x: time: Move common updates to a function (Thomas Gleixner) - 2.6.32.x: timekeeping: Fix CLOCK_MONOTONIC inconsistency during leapsecond (John Stultz) - 2.6.32.x: ntp: Correct TAI offset during leap second (Richard Cochran) - 2.6.32.x: ntp: Fix leap-second hrtimer livelock (John Stultz) - Revert '2.6.32.x: hrtimer: Fix clock_was_set so it is safe to call from irq context' (Joe Jin) - Revert '2.6.32.x: time: Fix leapsecond triggered hrtimer/futex load spike issue' (Joe Jin) - Revert '2.6.32.x: hrtimer: Update hrtimer base offsets each hrtimer_interrupt' (Joe Jin) [2.6.32-300.33.1.] - mpt2sas: Update mpt2sas to 120.105.11.00 (Guru Anbalagane) [Orabug: 14376481] - Revert 'mpt2sas: update to 12.105.11.00' (Maxim Uvarov) IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3412 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-200.33.1] - sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE (Ben Hutchings) [Orabug: 14769994] - CVE-2012-3412 sfc: Fix maximum number of TSO segments and minimum TX queue size (Ben Hutchings) [Orabug: 14769994] {CVE-2012-3412} IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3412 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-200.34.1] - [net/sfc] limit number of segments per skb on tx (Maxim Uvarov) [Orabug: 14769994] {CVE-2012-3412} IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3412 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.38.1] - [net/sfc] limit number of segments per skb on tx (Maxim Uvarov) [Orabug: 14769994] {CVE-2012-3412} IMPORTANT Copyright 2012 Oracle, Inc. CVE-2012-3412 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-300.17.2] - hugepages: fix use after free bug in 'quota' handling [Orabug: 15845276] {CVE-2012-2133} - udf: Fortify loading of sparing table [Orabug: 15845302] {CVE-2012-3400} - udf: Avoid run away loop when partition table length is corrupt [Orabug: 15845302] {CVE-2012-3400} - mm: Hold a file reference in madvise_remove [Orabug: 15846025] {CVE-2012-3511} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3400 CVE-2012-2133 CVE-2012-3511 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.39.1] - hugepages: fix use after free bug in 'quota' handling [15842385] {CVE-2012-2133} - mm: Hold a file reference in madvise_remove [15842884] {CVE-2012-3511} - udf: Fortify loading of sparing table [15843730] {CVE-2012-3400} - udf: Avoid run away loop when partition table length is corrupt [15843730] {CVE-2012-3400} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-3511 CVE-2012-3400 CVE-2012-2133 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-300.17.3] - mm/hotplug: correctly add new zone to all other nodes zone lists (Jiang Liu) [Orabug: 16020976 Bug-db: 14798] {CVE-2012-5517} - Divide by zero in TCP congestion control Algorithm. (Jesper Dangaard Brouer) [Orabug: 16020656 Bug-db: 14798] {CVE-2012-4565} - Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [Bug- db: 14798] {CVE-2012-2375} - Avoid reading past buffer when calling GETACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} - Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-2375 CVE-2012-5517 CVE-2012-4565 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.39.2] - ext4: fix undefined behavior in ext4_fill_flex_info() (Xi Wang) [orabug 16020245] {CVE-2012-2100} - Divide by zero in TCP congestion control Algorithm (Jesper Dangaard Brouer) [orabug 16020447] {CVE-2012-4565} - ipv6: discard overlapping fragment (Luis Henriques) [orabug 16021354] {CVE-2012-4444} MODERATE Copyright 2012 Oracle, Inc. CVE-2012-4565 CVE-2012-2100 CVE-2012-4444 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 firefox [10.0.12-1.0.1.el6_3] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [10.0.12-1] - Update to 10.0.12 ESR xulrunner [10.0.12-1.0.1.el6_3] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.12-1] - Update to 10.0.12 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0748 CVE-2013-0762 CVE-2013-0744 CVE-2013-0746 CVE-2013-0750 CVE-2013-0754 CVE-2013-0759 CVE-2013-0758 CVE-2013-0769 CVE-2013-0753 CVE-2013-0766 CVE-2013-0767 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [10.0.12-3.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [10.0.12-3] - Update to 10.0.12 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0753 CVE-2013-0758 CVE-2013-0767 CVE-2013-0746 CVE-2013-0759 CVE-2013-0748 CVE-2013-0766 CVE-2013-0744 CVE-2013-0750 CVE-2013-0762 CVE-2013-0754 CVE-2013-0769 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.7.0.9-2.3.4.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.4.1.el6] - Rewerted to IcedTea 2.3.4 - rewerted patch105: java-1.7.0-openjdk-disable-system-lcms.patch - removed jxmd and idlj to alternatives - make NOT executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - re-applied patch302 and restored systemtap.patch - buildver set to 9 - icedtea_version set to 2.3.4 - unapplied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - restored tmp-patches source tarball - removed /lib/security/US_export_policy.jar and lib/security/local_policy.jar - java-1.7.0-openjdk-java-access-bridge-security.patch's path moved from java.security-linux back to java.security - Resolves: rhbz#895033 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Resolves: rhbz#895033 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0422 CVE-2012-3174 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.28.1-8] - Remove spurious 'e' from glib2-devel requirement [2.28.1-7] - Bump version number [2.28.1-6] - Bump version number [2.28.1-5] - Add reachability.patch Remove UI about whether the is only reachable locally or not. Fix for CVE-2011-1164 - Bug #553477 [2.28.1-5] - Add upnp.patch Fix for CVE-2011-1165 - Bug #678846 [2.28.1-5] - Add clipboard-leak.patch Fix for CVE-2012-4429 - Bug #857250 [2.28.1-5] - Add vino-2.8.1-sanity-check-fb-update.patch Fix for CVE-2011-0904 and CVE-2011-0904 - Bugs #694456, #694455 [2.28.1-4] - Translation updates. Related: rhbz 575682 MODERATE Copyright 2013 Oracle, Inc. CVE-2011-0905 CVE-2011-1164 CVE-2012-4429 CVE-2011-0904 CVE-2011-1165 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [2.2.0-17.el6_3.1] - Fix changelog issue. The dist tag was in each entry and changing the build release changed history. (#878219) [2.2.0-17.el6_3] - Use a secure method to distribute the IPA CA to clients, CVE-2012-5484 (#878219) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5484 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [libvirt-0.9.10-21.0.1.el6_3.8] - Replace docs/et.png in tarball with blank image [0.9.10-21.el6_3.8] - rpc: Fix crash on error paths of message dispatching (CVE-2013-0170) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0170 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 nspr [4.9.2-0.1] - Retagging to ensure n-v-r is lower than the one for rhel-6.4 - Resolves: rhbz#891661 - [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR [4.9.2-1] - Resolves: rhbz#891661 - [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR nss [3.13.6-2.0.1.el6_3] - Added nss-vendor.patch to change vendor [3.13.6-2] - Retagging for rhel-6.3 z-stream - Update to NSS_3_13_6_RTM - Resolves: rhbz#891663 - Update to 3.13.5 for mozilla 10.0.6 - Resolves: rhbz#891151 [CVE-2013-0743] [3.13.6-1] - Update to NSS_3_13_6_RTM - Resolves: rhbz#891663 - Update to 3.13.5 for mozilla 10.0.6 - Resolves: rhbz#891151 [CVE-2013-0743] nss-util [3.13.6-1] - Update to NSS_3_13_6_RTM - Resolves: rhbz#891670 - [RFE] Rebase to NSS-UTIL >= 3.13.6 [3.13.5-1] - Resolves: rhbz#833763 - Update to 3.13.5 for Mozilla 10.0.6 IMPORTANT Copyright 2013 Oracle, Inc. cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 abrt [2.0.8-6.0.1.el6_3.2] - Add abrt-oracle-enterprise.patch to be product neutral - Remove abrt-plugin-rhtsupport dependency for cli and desktop - Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot [2.0.8-6.2] - rebuild against new libreport (brew bug) - Related: #895442 [2.0.8-6.1] - don't follow symlinks - Related: #895442 libreport [2.0.9-5.0.1.el6_3.2] - Add oracle-enterprise.patch - Remove libreport-plugin-rhtsupport pkg [2.0.9-5.2] - in same cases we have to follow symlinks - Related: #895442 [2.0.9-5.1] - don't follow symlinks - Resolves: #895442 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5659 CVE-2012-5660 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.3.11-14.el6_3.1] - Fix CVE-2012-5669 (Use correct array size for checking 'glyph_enc') - Resolves: #903542 [2.3.11-14] - A little change in configure part - Related: #723468 [2.3.11-13] - Fix CVE-2012-{1126, 1127, 1130, 1131, 1132, 1134, 1136, 1137, 1139, 1140, 1141, 1142, 1143, 1144} - Properly initialize array 'result' in FT_Outline_Get_Orientation() - Check bytes per row for overflow in _bdf_parse_glyphs() - Resolves: #806269 [2.3.11-12] - Add freetype-2.3.11-CVE-2011-3439.patch (Various loading fixes.) - Resolves: #754012 [2.3.11-11] - Add freetype-2.3.11-CVE-2011-3256.patch (Handle some border cases.) - Resolves: #747084 [2.3.11-10] - Use -fno-strict-aliasing instead of __attribute__((__may_alias__)) - Resolves: #723468 [2.3.11-9] - Allow FT_Glyph to alias (to pass Rpmdiff) - Resolves: #723468 [2.3.11-8] - Add freetype-2.3.11-CVE-2011-0226.patch (Add better argument check for 'callothersubr'.) - based on patches by Werner Lemberg, Alexei Podtelezhnikov and Matthias Drochner - Resolves: #723468 [2.3.11-7] - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid 'runcnt' values.) - Resolves: #651762 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5669 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [2.7.6-6] - Synchronize patch-set with mainline-version. - Bump version to 5, 6. Related: rhbz#891477 [2.7.6-4] - Change release number to 4. - Added patch libxml2-Fix-an-off-by-one-pointer-access.patch - Added patch libxml2-Fix-a-segfault-on-XSD-validation-on-pattern-error.patch - Added patch libxml2-Fix-entities-local-buffers-size-problems.patch - Added patch libxml2-gnome-bug-561340-fix.patch - Added patch for CVE-2012-0841 - Added patch for CVE-2011-0216 - Added patch for CVE-2011-2834 - Added patch for CVE-2011-3919 - Added patch for CVE-2011-1944 - Added patch for CVE-2011-3905 Related: rhbz#891477 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-0841 CVE-2011-1944 CVE-2011-2821 CVE-2011-3102 CVE-2011-3919 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-2834 CVE-2011-3905 CVE-2012-5134 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.0.14-14.el6] - backport of upstream commit 30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741 support _ASYNC io calls and interrupt handling (busy wait) Related: #888364 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0241 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.1.67-1] - Update to 5.1.67, for assorted upstream bugfixes including CVEs announced in January 2013 Resolves: #901380 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-0574 CVE-2013-0384 CVE-2012-0572 CVE-2012-1705 CVE-2012-1702 CVE-2013-0389 CVE-2013-0383 CVE-2013-0375 CVE-2013-0385 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-279.22.1] - [virt] kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set (Petr Matousek) [862903 862904] {CVE-2012-4461} - [fs] fuse: optimize __fuse_direct_io() (Brian Foster) [865305 858850] - [fs] fuse: optimize fuse_get_user_pages() (Brian Foster) [865305 858850] - [fs] fuse: use get_user_pages_fast() (Brian Foster) [865305 858850] - [fs] fuse: pass iov[] to fuse_get_user_pages() (Brian Foster) [865305 858850] - [fs] mm: minor cleanup of iov_iter_single_seg_count() (Brian Foster) [865305 858850] - [fs] fuse: use req->page_descs[] for argpages cases (Brian Foster) [865305 858850] to fuse_req (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_do_ioctl() (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_perform_write() (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_readpages() (Brian Foster) [865305 858850] - [fs] fuse: categorize fuse_get_req() (Brian Foster) [865305 858850] - [fs] fuse: general infrastructure for pages[] of variable size (Brian Foster) [865305 858850] - [fs] exec: do not leave bprm->interp on stack (Josh Poimboeuf) [880145 880146] {CVE-2012-4530} - [fs] exec: use -ELOOP for max recursion depth (Josh Poimboeuf) [880145 880146] {CVE-2012-4530} - [scsi] have scsi_internal_device_unblock take new state (Frantisek Hrbata) [878774 854140] - [scsi] add new SDEV_TRANSPORT_OFFLINE state (Chris Leech) [878774 854140] - [kernel] cpu: fix cpu_chain section mismatch (Frederic Weisbecker) [876090 852148] - [kernel] sched: Don't modify cpusets during suspend/resume (Frederic Weisbecker) [876090 852148] - [kernel] sched, cpuset: Drop __cpuexit from cpu hotplug callbacks (Frederic Weisbecker) [876090 852148] - [kernel] sched: adjust when cpu_active and cpuset configurations are updated during cpu on/offlining (Frantisek Hrbata) [876090 852148] - [kernel] cpu: return better errno on cpu hotplug failure (Frederic Weisbecker) [876090 852148] - [kernel] cpu: introduce cpu_notify(), __cpu_notify(), cpu_notify_nofail() (Frederic Weisbecker) [876090 852148] - [fs] nfs: Properly handle the case where the delegation is revoked (Steve Dickson) [846840 842435] - [fs] nfs: Move cl_delegations to the nfs_server struct (Steve Dickson) [846840 842435] - [fs] nfs: Introduce nfs_detach_delegations() (Steve Dickson) [846840 842435] - [fs] nfs: Fix a number of RCU issues in the NFSv4 delegation code (Steve Dickson) [846840 842435] [2.6.32-279.21.1] - [scsi] mpt2sas: fix for driver fails EEH recovery from injected pci bus error (Tomas Henzl) [888818 829149] - [net] bonding: Bonding driver does not consider the gso_max_size setting of slave devices (Ivan Vecera) [886618 883643] - [netdrv] tg3: Do not set TSS for 5719 and 5720 (John Feeney) [888215 823371] - [kernel] kmod: make __request_module() killable (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] kmod: introduce call_modprobe() helper (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] call_usermodehelper: simplify/fix UMH_NO_WAIT case (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] wait_for_helper: SIGCHLD from user-space can lead to use-after-free (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [net] sunrpc: Ensure that rpc_release_resources_task() can be called twice (Jeff Layton) [880928 878204] - [scsi] qla2xxx: Don't toggle RISC interrupt bits after IRQ lines are attached. (Chad Dupuis) [886760 826565] - [kernel] rcu: Remove function versions of __kfree_rcu and offset (Doug Ledford) [880085 873949] - [kernel] rcu: define __rcu address space modifier for sparse (Doug Ledford) [880085 873949] - [kernel] rcu: Add rcu_access_pointer and rcu_dereference_protected (Doug Ledford) [880085 873949] - [kernel] rcu: Add lockdep checking to rhel (Doug Ledford) [880085 873949] - [kernel] rcu: Make __kfree_rcu() less dependent on compiler choices (Doug Ledford) [880085 873949] - [kernel] rcu: introduce kfree_rcu() (Doug Ledford) [880085 873949] - [net] rcu: add __rcu API for later sparse checking (Doug Ledford) [880085 873949] - [infiniband] ipoib: Fix AB-BA deadlock when deleting neighbours (Doug Ledford) [880085 873949] - [infiniband] ipoib: Fix memory leak in the neigh table deletion flow (Doug Ledford) [880085 873949] - [infiniband] ipoib: Fix RCU pointer dereference of wrong object (Doug Ledford) [880085 873949] - [misc] Make rcu_dereference_bh work (Doug Ledford) [880085 873949] - [infiniband] ipoib: Use a private hash table for path lookup in xmit path (Doug Ledford) [880085 873949] [2.6.32-279.20.1] - [scsi] hpsa: Use LUN reset instead of target reset (Tomas Henzl) [884422 875091] - [char] tty: Fix possible race in n_tty_read() (Stanislaw Gruszka) [891580 765665] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4461 CVE-2012-4398 CVE-2012-4530 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1:1.6.0.0-1.54.1.11.6] - removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch - added patch8: 7201064.patch to be reverted - added patch9: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906707 [1:1.6.0.0-1.53.1.11.6] - added patch8 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906707 [1:1.6.0.0-1.51.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906707 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0425 CVE-2013-0429 CVE-2013-0441 CVE-2013-0443 CVE-2013-0445 CVE-2013-1480 CVE-2013-0427 CVE-2013-0434 CVE-2013-0435 CVE-2013-0450 CVE-2013-1478 CVE-2013-0424 CVE-2013-0433 CVE-2013-1475 CVE-2013-0440 CVE-2013-0442 CVE-2013-1476 CVE-2013-0426 CVE-2013-0428 CVE-2013-0432 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.7.0.9-2.3.5.3.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.5.3.el6_3] - Sync logging fixes with upstream (icedtea7-forest and jdk7u) [1.7.0.9-2.3.5.1.el6_3] - Removed 6664509 backout and added 8005615 to fix the issue [1.7.0.9-2.3.5.el6_3.1] - Backed out 6664509 and 7201064.patch which cause regressions [1.7.0.9-2.3.5.el6_3] - Bumped to 2.3.5 - Changed BR to java7-devel >= 1:1.7.0 as required by CORBA changes in 2.3.5 - Resolves: rhbz#906707 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0441 CVE-2013-0434 CVE-2013-0442 CVE-2013-0426 CVE-2013-0433 CVE-2013-0424 CVE-2013-0427 CVE-2013-0431 CVE-2013-0450 CVE-2013-1480 CVE-2013-0428 CVE-2013-0429 CVE-2013-0435 CVE-2013-0440 CVE-2013-1475 CVE-2013-1476 CVE-2013-0425 CVE-2013-0432 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-1478 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [0.12-0.21.pre5] - do not delegate GSSAPI credentials (CVE-2012-4545) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4545 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0:1.2.1-7.3] - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5784 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5784 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 [1:3.1-0.7] - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5783 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 firefox [17.0.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-4] - Added NM preferences [17.0.2-3] - Update to 17.0.2 ESR [17.0.1-2] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.2.b4] - Update to 17 Beta 4 [17.0-0.1.beta1] - Update to 17 Beta 1 libproxy [0.3.0-4] - Rebuild against newer gecko xulrunner [17.0.3-1.0.2] - Increase release number and rebuild. [17.0.3-1.0.1] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-5] - Fixed NetworkManager preferences - Added fix for NM regression (mozbz#791626) [17.0.2-2] - Added fix for rhbz#816234 - NFS fix [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-3] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.6.b5] - Update to 17 Beta 5 - Updated fix for rhbz#872752 - embeded crash [17.0-0.5.b4] - Added fix for rhbz#872752 - embeded crash [17.0-0.4.b4] - Update to 17 Beta 4 [17.0-0.3.b3] - Update to 17 Beta 3 - Updated ppc(64) patch (mozbz#746112) [17.0-0.2.b2] - Built with system nspr/nss [17.0-0.1.b2] - Update to 17 Beta 2 [17.0-0.1.b1] - Update to 17 Beta 1 yelp [2.28.1-17] - Rebuild against gecko 17.0.2 [2.28.1-15] - Build fixes for gecko 17 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0780 CVE-2013-0783 CVE-2013-0776 CVE-2013-0782 CVE-2013-0775 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [17.0.3-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-2] - Update to 17.0.2 ESR [17.0-2] - Update to 17.0 ESR [17.0b2-0.1] - Update to 17.0b2 [17.0b1-0.1] - Rebase to 17 beta 1 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0783 CVE-2013-0776 CVE-2013-0775 CVE-2013-0782 CVE-2013-0780 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1:1.6.0.0-1.56.1.11.8] - Rebuild with updated sources - Resolves: rhbz#911524 [1:1.6.0.0-1.55.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but working - Resolves: rhbz#911524 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1486 CVE-2013-0169 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [libvirt-0.10.2-18.0.1.el6] - Replace docs/et.png in tarball with blank image [0.10.2-18] - rpc: Fix crash on error paths of message dispatching (CVE-2013-0170) - spec: Disable libssh2 support (rhbz#513363) [0.10.2-17] - storage: Fix lvcreate parameter for backingStore. (rhbz#896398) - qemu: Don't return success if creation of snapshot save file fails (rhbz#896403) - qemu: Reject attempts to create snapshots with names containig '/' (rhbz#896403) [0.10.2-16] - qemu_agent: Remove agent reference only when disposing it (rhbz#892079) - Add RESUME event listener to qemu monitor. (rhbz#894085) [0.10.2-15] - snapshot: conf: Make virDomainSnapshotIsExternal more reusable (rhbz#889407) - snapshot: qemu: Separate logic blocks with newlines (rhbz#889407) - snapshot: qemu: Fix segfault and vanishing snapshots when redefining (rhbz#889407) - snapshot: qemu: Allow redefinition of external snapshots (rhbz#889407) - util: Prepare helpers for unpriv_sgio setting (rhbz#878578) - qemu: Add a hash table for the shared disks (rhbz#878578) - docs: Add docs and rng schema for new XML tag sgio (rhbz#878578) - conf: Parse and format the new XML (rhbz#878578) - qemu: Set unpriv_sgio when starting domain and attaching disk (rhbz#878578) - qemu: Check if the shared disk's cdbfilter conflicts with others (rhbz#878578) - qemu: Relax hard RSS limit (rhbz#891653) [0.10.2-14] - util: Add missing error log messages when failing to get netlink VFINFO (rhbz#889319) - util: Fix functions that retrieve SRIOV VF info (rhbz#889319) - util: Fix botched check for new netlink request filters (rhbz#889319) - blockjob: Fix memleak that prevented block pivot (rhbz#888426) - sanlock: Chown lease files as well (rhbz#820173) [0.10.2-13] - network: Prevent dnsmasq from listening on localhost (rhbz#886821) - sanlock: Re-add lockspace unconditionally (rhbz#820173) - Fix 'virsh create' example (rhbz#887187) - docs: Fix some typos in examples (rhbz#887187) - network: Don't require private addresses if dnsmasq uses SO_BINDTODEVICE (rhbz#882265) [0.10.2-12] - qemu: Eliminate bogus error log when changing netdev's bridge (rhbz#885838) - remote: Avoid the thread race condition (rhbz#866524) - storage: Error out earlier if the volume target path already exists (rhbz#832302) - dnsmasq: Fix parsing of the version number (rhbz#885727) - qemu: Restart CPUs with valid async job type when doing external snapshots (rhbz#885081) - examples: Fix balloon event callback (rhbz#884650) - util: Don't fail virGetGroupIDByName when group not found (rhbz#883832) - util: Don't fail virGetUserIDByName when user not found (rhbz#883832) - util: Rework error reporting in virGet(User|Group)IDByName (rhbz#883832) - util: Fix warning message in previous patch (rhbz#883832) [0.10.2-11] - Fix uninitialized variable in virLXCControllerSetupDevPTS (rhbz#880064) - storage: Fix device detach regression with cgroup ACLs (rhbz#876828) - storage: Fix bug of fs pool destroying (rhbz#878400) - qemu: Fix a crash when save file can't be opened (rhbz#880919) - bitmap: Fix typo to use UL type of integer constant in virBitmapIsAllSet (rhbz#876415) - virsh: Rewrite cmdDomDisplay (rhbz#878779) - network: Fix crash when portgroup has no name (rhbz#879473) - util: Capabilities detection for dnsmasq (rhbz#882265) - util: New virSocketAddrIsPrivate function (rhbz#882265) - network: Use dnsmasq --bind-dynamic when available (rhbz#882265) - storage: Fix scsi detach regression with cgroup ACLs (rhbz#876828) - libssh2_session: Support DSS keys as well (rhbz#878376) - virsh: Fix error messages in iface-bridge (rhbz#878376) - virsh: Check the return value of virStoragePoolGetAutostart (rhbz#878376) - conf: Check the return value of virXPathNodeSet (rhbz#878376) - conf: snapshot: Check return value of virDomainSnapshotObjListNum (rhbz#878376) - util: Fix virBitmap allocation in virProcessInfoGetAffinity (rhbz#878376) - virsh: Use correct sizeof when allocating cpumap (rhbz#878376) - rpc: Don't destroy xdr before creating it in virNetMessageEncodeHeader (rhbz#878376) - virsh: Do timing even for unusable connections (rhbz#878376) - conf: Fix uninitialized variable in virDomainListSnapshots (rhbz#878376) - Fix error handling in virSecurityManagerGetMountOptions (rhbz#878376) - conf: Prevent crash with no uuid in cephx auth secret (rhbz#878376) - conf: Fix virDomainNetGetActualDirect*() and BridgeName() (rhbz#881480) - virsh: Report errors if arguments of the schedinfo command are incorrect (rhbz#882915) - systemd: Require dbus service (rhbz#830201) - spec: Require dbus-daemon when using libvirtd in Fedora (rhbz#830201) - qemu: Don't free PCI device if adding it to activePciHostdevs fails (rhbz#877095) - util: Slightly refactor PCI list functions (rhbz#877095) - qemu: Fix memory (and FD) leak on PCI device detach (rhbz#877095) - util: Do not keep PCI device config file open (rhbz#877095) - node_memory: Improve the docs (rhbz#872656) - node_memory: Do not fail if there is parameter unsupported (rhbz#872656) - node_memory: Fix bug of node_memory_tune (rhbz#872656) [0.10.2-10] - Add note about numeric domain names to manpage (rhbz#824253) - Use virNetServerRun instead of custom main loop (rhbz#867246) - qemu: Fix RBD attach regression (rhbz#878862) - qemu: Stop recursive detection of image chains when an image is missing (rhbz#878862) - Fix exiting of libvirt_lxc program on container quit (rhbz#879360) - snapshot: qemu: Add support for external inactive snapshots (rhbz#876816) - conf: Fix private symbols exported by files in conf (rhbz#876816) - snapshot: qemu: Fix detection of external snapshots when deleting (rhbz#876816) - snapshot: Require user to supply external memory file name (rhbz#876816) - snapshot: Add two more filter sets to API (rhbz#876817) - snapshot: Add virsh back-compat support for new filters (rhbz#876817) - snapshot: Implement new filter sets (rhbz#876817) - snapshot: Expose location through virsh snapshot-info (rhbz#876817) - sanlock: Retry after EINPROGRESS (rhbz#820173) - storage: Fix logical volume cloning (rhbz#879780) - cpu: Add Intel Haswell cpu model (fix previous downstream definition) (rhbz#879282) - virsh: Report error when taking a snapshot with empty --memspec argument (rhbz#879130) - lxc: Don't crash if no security driver is specified in libvirt_lxc (rhbz#880064) - lxc: Avoid segfault of libvirt_lxc helper on early cleanup paths (rhbz#880064) [0.10.2-9] - util: Improve error reporting from absolutePathFromBaseFile helper (rhbz#874860) - storage: Fix broken backing chain (rhbz#874860) - nodeinfo: Add check and workaround to guarantee valid cpu topologies (rhbz#874050) - nodeinfotest: Add test data for 2 processor host with broken NUMA (rhbz#874050) - nodeinfotest: Add test data from a AMD bulldozer machine. (rhbz#874050) - virsh: save: Report an error if XML file can't be read (rhbz#876868) - virsh: Fix uninitialized variable in cmdSnapshotEdit (rhbz#877303) - qemu: Allow larger discrepency between memory & currentMemory in domain xml (rhbz#873134) [libvirt-0.10.2-8.el6] - iohelper: Don't report errors on special FDs (rhbz#866369) - esx: Yet another connection fix for 5.1 (rhbz#873538) - qemu: Don't corrupt pointer in qemuDomainSaveMemory() (rhbz#873537) - build: Place attributes in correct location (rhbz#873934) - Introduce new VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR event (rhbz#866388) - qemu: Emit event if 'cont' fails (rhbz#866388) - virsh: Make ,, escape parsing common (rhbz#874171) - virsh: Add snapshot-create-as memspec support (rhbz#874171) - qemu: Fix domain ID numbering race condition (rhbz#874330) - qemu: Allow migration to be cancelled at prepare phase (rhbz#873792) - AbortJob: Fix documentation (rhbz#873792) [libvirt-0.10.2-7.el6] - sanlock: Introduce 'user' and 'group' conf variables (rhbz#820173) - esx: Fix connection to ESX 5.1 (rhbz#865670) - cpu: Fix definition of flag smap (rhbz#797283) - util: Do a better job of matching up pids with their binaries (rhbz#871201) - qemu: Fix EmulatorPinInfo without emulatorpin (rhbz#871312) - build: Fix RPM build for non-x86 platforms (rhbz#820173) - qemu: Report errors from iohelper (rhbz#866369) - build: Fix linking with systemtap probes (rhbz#866369) - iohelper: Fdatasync() at the end (rhbz#866369) - net-update docs: S/domain/network/ (rhbz#872104) - cpu: Add newly added cpu flags (rhbz#838127) - cpu: Add AMD Opteron G5 cpu model (rhbz#838127) - cpu: Add Intel Haswell cpu model (rhbz#843087) - snapshot: New XML for external system checkpoint (rhbz#638512) - snapshot: Improve disk align checking (rhbz#638512) - snapshot: Populate new XML info for qemu snapshots (rhbz#638512) - snapshot: Merge pre-snapshot checks (rhbz#638512) - qemu: Fix possible race when pausing guest (rhbz#638512) - qemu: Clean up snapshot retrieval to use the new helper (rhbz#638512) - qemu: Split out domain memory saving code to allow reuse (rhbz#638512) - snapshot: Add flag to enable creating checkpoints in live state (rhbz#638512) - snapshot: qemu: Add async job type for snapshots (rhbz#638512) - snapshot: qemu: Rename qemuDomainSnapshotCreateActive (rhbz#638512) - snapshot: qemu: Add support for external checkpoints (rhbz#638512) - snapshot: qemu: Remove restrictions preventing external checkpoints (rhbz#638512) [libvirt-0.10.2-6.el6] - xml: Omit domain name from comment if it contains double hyphen (rhbz#868692) - cpu: Add recently added cpu feature flags. (rhbz#797283) - esx: Update version checks for vSphere 5.1 (rhbz#865670) - qemu: Add helper to prepare cpumap for affinity setting (rhbz#869096) - qemu: Keep the affinity when creating cgroup for emulator thread (rhbz#869096) - qemu: Prohibit chaning affinity of domain process if placement is 'auto' (rhbz#870099) - network: Fix networkValidate check for default portgroup and vlan (rhbz#868483) - qemu: Fix attach/detach of netdevs with matching mac addrs (rhbz#862515) - snapshot: Improve snapshot-list error message (rhbz#869100) - virsh: Remove --flags from nodesuspend (rhbz#869508) - virsh: Fix POD syntax (rhbz#870273) - xml: Print uuids in the warning (rhbz#868692) - blockjob: Support both RHEL and upstream qemu drive-mirror (rhbz#871055) [libvirt-0.10.2-5.el6] - qemu: Clear async job when p2p migration fails early (rhbz#867412) - qemu: Pin the emulator when only cpuset is specified (rhbz#867372) - qemu: Correctly wait for spice to migrate (rhbz#867724) - qemu: Fixed default machine detection in qemuCapsParseMachineTypesStr (rhbz#867764) - conf: Make tri-state feature options more universal (rhbz#864606) - conf: Add support for HyperV Enlightenment features (rhbz#864606) - qemu: Add support for HyperV Enlightenment feature 'relaxed' (rhbz#864606) - network: Set to NULL after virNetworkDefFree() (rhbz#866364) - qemu: Always format CPU topology (rhbz#866999) - qemu: Don't fail without emulatorpin or cpumask (rhbz#867372) - qemu: Allow migration with host USB devices (rhbz#843560) - qemu: Do not require hostuuid in migration cookie (rhbz#863059) - network: Free/null newDef if network fails to start (rhbz#866364) - migrate: v2: Use VIR_DOMAIN_XML_MIGRATABLE when available (rhbz#856864) - qemu: Avoid holding the driver lock in trivial snapshot API's (rhbz#772088) - storage: List more file types (rhbz#772088) - storage: Treat 'aio' like 'raw' at parse time (rhbz#772088) - storage: Match RNG to supported driver types (rhbz#772088) - storage: Use enum for default driver type (rhbz#772088) - storage: Use enum for disk driver type (rhbz#772088) - storage: Use enum for snapshot driver type (rhbz#772088) - storage: Don't probe non-files (rhbz#772088) - storage: Get entire metadata chain in one call (rhbz#772088) - storage: Don't require caller to pre-allocate metadata struct (rhbz#772088) - storage: Remember relative names in backing chain (rhbz#772088) - storage: Make it easier to find file within chain (rhbz#772088) - storage: Cache backing chain while qemu domain is live (rhbz#772088) - storage: Use cache to walk backing chain (rhbz#772088) - blockjob: Remove unused parameters after previous patch (rhbz#772088) - blockjob: Manage qemu block-commit monitor command (rhbz#772088) - blockjob: Wire up online qemu block-commit (rhbz#772088) - blockjob: Implement shallow commit flag in qemu (rhbz#772088) - blockjob: Refactor qemu disk chain permission grants (rhbz#772088) - blockjob: Properly label disks for qemu block-commit (rhbz#772088) - blockjob: Avoid segv on early error (rhbz#772088) - blockjob: Accommodate early RHEL backport naming (rhbz#772088) - virsh: Fix segfault of snapshot-list (rhbz#837544) - network: Always create dnsmasq hosts and addnhosts files, even if empty (rhbz#868389) - network: Don't allow multiple default portgroups (rhbz#868483) - selinux: Use raw contexts (rhbz#851981) - selinux: Add security selinux function to label tapfd (rhbz#851981) - selinux: Use raw contexts 2 (rhbz#851981) - selinux: Fix wrong tapfd relablling (rhbz#851981) - selinux: Remove unused variables in socket labelling (rhbz#851981) - selinux: Relabel tapfd in qemuPhysIfaceConnect (rhbz#851981) - storage: Let format probing work on root-squash NFS (rhbz#856247) - snapshot: Sanity check when reusing file for snapshot (rhbz#856247) - blockjob: Add qemu capabilities related to block jobs (rhbz#856247) - blockjob: React to active block copy (rhbz#856247) - blockjob: Return appropriate event and info (rhbz#856247) - blockjob: Support pivot operation on cancel (rhbz#856247) - blockjob: Make drive-reopen safer (rhbz#856247) - blockjob: Implement block copy for qemu (rhbz#856247) - blockjob: Allow for existing files in block-copy (rhbz#856247) - blockjob: Allow mirroring under SELinux and cgroup (rhbz#856247) - blockjob: Relabel entire existing chain (rhbz#856247) [libvirt-0.10.2-4.el6] - node_memory: Add new parameter field to tune the new sysfs knob (rhbz#840113) - daemon: Fix removing abstract namespaces (rhbz#859331) - tests: Fix domain-events python test (rhbz#839661) - conf: Fix crash with cleanup (rhbz#866288) - spec: Add runtime requirement for libssh2 (rhbz#866508) - spec: Require newer sanlock on recent distros (rhbz#832156) - spec: Require newer sanlock on recent distros 2 (rhbz#832156) [libvirt-0.10.2-3.el6] - conf: Rename life cycle actions to event actions (rhbz#832156) - conf: Add on_lockfailure event configuration (rhbz#832156) - locking: Add const char * parameter to avoid ugly typecasts (rhbz#832156) - locking: Pass hypervisor driver name when acquiring locks (rhbz#832156) - locking: Add support for lock failure action (rhbz#832156) - locking: Implement lock failure action in sanlock driver (rhbz#832156) - conf: Add support for startupPolicy for USB devices (rhbz#843560) - qemu: Introduce qemuFindHostdevUSBDevice (rhbz#843560) - qemu: Add option to treat missing USB devices as success (rhbz#843560) - qemu: Implement startupPolicy for USB passed through devices (rhbz#843560) - Add MIGRATABLE flag for virDomainGetXMLDesc (rhbz#843560) - qemu: Make save/restore with USB devices usable (rhbz#843560) - conf: Mark missing optional USB devices in domain XML (rhbz#843560) - security: Also parse user/group names instead of just IDs for DAC labels (rhbz#860519) - doc: Update description about security labels on formatdomain.html (rhbz#860519) - util: Extend virGetUserID and virGetGroupID to support names and IDs (rhbz#860519) - security: Update user and group parsing in security_dac.c (rhbz#860519) - doc: Update description about user/group in qemu.conf (rhbz#860519) - Fix kvm_pv_eoi with kvmclock (rhbz#860971) - Change qemuSetSchedularParameters to use AFFECT_CURRENT (rhbz#852260) - Fix handling of itanium arch name in QEMU driver (rhbz#863115) - Add a qemu capabilities cache manager (rhbz#863115) - Switch over to use cache for building QEMU capabilities (rhbz#863115) - Remove probing of flags when launching QEMU guests (rhbz#863115) - Remove probing of machine types when canonicalizing XML (rhbz#863115) - Remove probing of CPU models when launching QEMU guests (rhbz#863115) - Make qemuCapsProbeMachineTypes & qemuCapsProbeCPUModels static (rhbz#863115) - Remove xenner support (rhbz#863115) - Refactor guest init to support qemu-system-i386 binary too (rhbz#863115) - Add a qemuMonitorGetVersion() method for QMP query-version command (rhbz#863115) - Add a qemuMonitorGetMachines() method for QMP query-machines command (rhbz#863115) - Add a qemuMonitorGetCPUDefinitions method for QMP query-cpu-definitions command (rhbz#863115) - Add a qemuMonitorGetCommands() method for QMP query-commands command (rhbz#863115) - Add a qemuMonitorGetEvents() method for QMP query-events command (rhbz#863115) - Add a qemuMonitorGetObjectTypes() method for QMP qom-list-types command (rhbz#863115) - Add a qemuMonitorGetObjectProps() method for QMP device-list-properties command (rhbz#863115) - Add a qemuMonitorGetTargetArch() method for QMP query-target command (rhbz#863115) - Remove some unused includes in QEMU code (rhbz#863115) - Move command/event capabilities detection out of QEMU monitor code (rhbz#863115) - Fix regression starting QEMU instances without query-events (rhbz#863115) - Refactor qemuCapsParseDeviceStr to work from data tables (rhbz#863115) - Fix QEMU test with 1.2.0 help output (rhbz#863115) - Ignore error from query-cpu-definitions (rhbz#863115) - Fix potential deadlock when agent is closed (rhbz#859712) - Fix (rare) deadlock in QEMU monitor callbacks (rhbz#859712) - Convert virLXCMonitor to use virObject (rhbz#864336) - Remove pointless virLXCProcessMonitorDestroy method (rhbz#864336) - Simplify some redundant locking while unref'ing objects (rhbz#859712) - Fix deadlock in handling EOF in LXC monitor (rhbz#864336) - Avoid bogus I/O event errors when closing the QEMU monitor (rhbz#859712) - qemu: Fix parsing of x86 CPU models (rhbz#864097) - python: Keep consistent handling of Python integer conversion (rhbz#816609) - esx: Fix and improve esxListAllDomains function (rhbz#864384) - virsh: Block SIGINT while getting BlockJobInfo (rhbz#845448) - spec: Add support for libssh2 transport (rhbz#513363) - Revert 'Use XDG Base Directories instead of storing in home directory' (rhbz#859331) [(rhbz#855218)] - conf: Ignore vcpupin for not onlined vcpus when parsing (rhbz#855218) - conf: Initialize the pinning policy for vcpus (rhbz#855218) - qemu: Create or remove cgroup when doing vcpu hotpluging (rhbz#857013) - qemu: Initialize cpuset for hotplugged vcpu as def->cpuset (rhbz#855218) - conf: Ignore emulatorpin if vcpu placement is auto (rhbz#855218) - qemu: Ignore def->cpumask if emulatorpin is specified (rhbz#855218) [(rhbz#855218)] - conf: Fix virDevicePCIAddressEqual args (rhbz#805071) - conf: VirDomainDeviceInfoCopy utility function (rhbz#805071) - qemu: Reorganize qemuDomainChangeNet and qemuDomainChangeNetBridge (rhbz#805071) - Add support for SUSPEND_DISK event (rhbz#839661) [libvirt-0.10.2-2.el6] - qemu: Wait for SPICE to migrate (rhbz#836135) - lxc: Correctly report active cgroups (rhbz#860907) - network: Backend for virNetworkUpdate of interface list (rhbz#844404) - Fix start of containers with custom root filesystem (rhbz#861564) - Correct checking of virStrcpyStatic() return value (rhbz#864122) [libvirt-0.10.2-1.el6] - New build based on upstream release 0.10.2 (rhbz#836934) - network: define new API virNetworkUpdate - add support for QEmu sandbox support - blockjob: add virDomainBlockCommit - New APIs to get/set Node memory parameters - new API virConnectListAllSecrets - new API virConnectListAllNWFilters - new API virConnectListAllNodeDevices - new API virConnectListAllInterfaces - new API virConnectListAllNetworks - new API virStoragePoolListAllVolumes - Add PMSUSPENDED life cycle event - new API virStorageListAllStoragePools - Add per-guest S3/S4 state configuration - qemu: Support for Block Device IO Limits - a lot of bug fixes, improvements and portability work [libvirt-0.10.2-0rc1.el6] - New build based on upstream release candidate 1 of 0.10.2 (rhbz#836934) [libvirt-0.10.1-2.el6] - Don't assume use of /sys/fs/cgroup (rhbz#842979) [libvirt-0.10.1-1.el6] - New build based on upstream release 0.10.1 (rhbz#836934) - many fixes on top of 0.10.0 [libvirt-0.10.0-1.el6] - New build based on upstream release 0.10.0 (rhbz#836934) - agent: add qemuAgentArbitraryCommand() for general qemu agent command - Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo functions - network: use firewalld instead of iptables, when available - network: make network driver vlan-aware - esx: Implement network driver - Various LXC improvements - Add virDomainGetHostname - a lot of bug fixes, improvements and portability work [libvirt-0.10.0-0rc1.el6] - New build based on upstream snapshot 0.10.0-0rc1 (rhbz#836934) [libvirt-0.10.0-0rc0.el6] - New build based on upstream snapshot 0.10.0-0rc0 (rhbz#836934) - Cleanup and rebase of the few RHEL-only patches [libvirt-0.9.13-3.el6] - fix the package split to be similar to 6.3 one instead of upstream [libvirt-0.9.13-2.el6] - fix a package dependency problem making -1 uninstallable [libvirt-0.9.13-1.el6] - first rebase for 6.4 more to come - kvm-guest failed to start; double-close bug in libvirt (rhbz#823716) - potential to deadlock libvirt on EPIPE (rhbz#827234) - fix keepalive issues (rhbz#832081) - CPU topology parsing bug on special NUMA platform (rhbz#828729) - libvirtd will crash when tight loop of hotplug/unplug PCI device (rhbz#822373) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-3411 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.48-13] - Fix the DHCP RELEASE problem when two or more dnsmasq instances are running (rhbz#887156) [2.48-12] - Fixing initscript restart stop functions (rhbz#850944) [2.48-11] - Revert previous changes because of many problems with --bind-dynamic option backport. - Dropping dnsmasq-2.48-add-bind-dynamic-option.patch - Set SO_BINDTODEVICE socket option when using --bind-interfaces (rhbz#884957) [2.48-10] - Fixed dnsmasq-2.48-add-bind-dynamic-option.patch - the option --bind-dynamic was not set correctly when used [2.48-9] - Added cc flag -fno-strict-aliasing to solve Testsuite regressions [2.48-8] - Fix CVE-2012-3411 (rhbz#882251) [2.48-7] - Fix lease-change script (rhbz#815819) - Check tftp-root exists and is accessible at startup (rhbz#824214) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-3411 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.6.32-358.el6] - [fs] Fix sget() race with failing mount (Eric Sandeen) [883276] [2.6.32-357.el6] - [virt] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests (Andrew Jones) [896050] {CVE-2013-0190} - [block] sg_io: use different default filters for each device class (Paolo Bonzini) [875361] {CVE-2012-4542} - [block] sg_io: prepare for adding per-device-type filters (Paolo Bonzini) [875361] {CVE-2012-4542} - [virt] virtio-blk: Don't free ida when disk is in use (Asias He) [870344] - [netdrv] mlx4: Remove FCS bytes from packet length (Doug Ledford) [893707] - [net] netfilter: nf_ct_reasm: fix conntrack reassembly expire code (Amerigo Wang) [726807] [2.6.32-356.el6] - [char] ipmi: use a tasklet for handling received messages (Prarit Bhargava) [890160] - [char] ipmi: handle run_to_completion properly in deliver_recv_msg() (Prarit Bhargava) [890160] - [usb] xhci: Reset reserved command ring TRBs on cleanup (Don Zickus) [843520] - [usb] xhci: handle command after aborting the command ring (Don Zickus) [874541] - [usb] xhci: cancel command after command timeout (Don Zickus) [874541] - [usb] xhci: add aborting command ring function (Don Zickus) [874541] - [usb] xhci: add cmd_ring_state (Don Zickus) [874541] - [usb] xhci: Fix Null pointer dereferencing with non-DMI systems (Don Zickus) [874542] - [usb] xhci: Intel Panther Point BEI quirk (Don Zickus) [874542] - [usb] xhci: Increase XHCI suspend timeout to 16ms (Don Zickus) [874542] - [powerpc] Revert: pseries/iommu: remove default window before attempting DDW manipulation (Steve Best) [890454] - [serial] 8250_pnp: add Intermec CV60 touchscreen device (Mauro Carvalho Chehab) [894445] - [char] ipmi: apply missing hunk from upstream commit 2407d77a (Tony Camuso) [882787] - [acpi] Fix broken kernel build if CONFIG_ACPI_DEBUG is enabled (Lenny Szubowicz) [891948] - [scsi] qla2xxx: Test and clear FCPORT_UPDATE_NEEDED atomically (Chad Dupuis) [854736] - [mm] vmalloc: remove guard page from between vmap blocks (Johannes Weiner) [873737] - [mm] vmalloc: vmap area cache (Johannes Weiner) [873737] - [fs] vfs: prefer EEXIST to EROFS when creating on an RO filesystem (Eric Sandeen) [878091] - [scsi] qla2xxx: change queue depth ramp print to debug print (Rob Evers) [893113] - [fs] nfs: Fix umount when filelayout DS is also the MDS (Steve Dickson) [895194] - [fs] nfs/pnfs: add set-clear layoutdriver interface (Steve Dickson) [895194] - [fs] nfs: Don't call nfs4_deviceid_purge_client() unless we're NFSv4.1 (Steve Dickson) [895194] - [fs] nfs: Wait for session recovery to finish before returning (Steve Dickson) [895176] - [mm] compaction: validate pfn range passed to isolate_freepages_block (Johannes Weiner) [889456 890498] - [drm] nouveau: ensure legacy vga is re-enabled during POST (Ben Skeggs) [625441] - [netdrv] be2net: Remove stops to further access to BE NIC on UE bits (Ivan Vecera) [894344] - [virt] kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set (Petr Matousek) [862904] {CVE-2012-4461} [2.6.32-355.el6] - [netdrv] qlge: remove NETIF_F_TSO6 flag (Amerigo Wang) [891839] - [fs] ext3: Remove BKL from ext3_put_super() and ext3_remount() (Carlos Maiolino) [885945] - [lib] switch the protection of percpu_counter list to spinlock (Carlos Maiolino) [885945] - [virt] hv: Add Hyper-V balloon driver (Jason Wang) [885572] - [mm] export a function to get vm committed memory (Jason Wang) [885572] - [drm] nouveau: extend prevent display switching issues by disabling pageflip (Ben Skeggs) [853226] - [netdrv] mlx4: Fix advertisement of wrong PF context behaviour (Alex Williamson) [894060] [2.6.32-354.el6] - [char] ipmi: add new kernel options to prevent automatic ipmi init (Tony Camuso) [877177] - [usb] xhci: New system added for Compliance Mode Patch on SN65LVPE502CP (Don Zickus) [856709] - [x86] quirks: Mark Haswell HDMI Audio as unsupported (Prarit Bhargava) [883428] - [scsi] bfa: fix crash in bfa_cb_ioim_done when performing failover/failback tests (Vijay Guvva) [878618] - [fs] autofs4: Fix sparse warning: context imbalance in autofs4_d_automount() different lock contexts for basic block (Ian Kent) [876795] - [fs] jbd, jbd2: don't wake kjournald unnecessarily (Eric Sandeen) [886318] - [scsi] qla4xxx: v5.03.00.00.06.04-k2 (Rob Evers) [890727] - [scsi] qla4xxx: Correct the validation to check in get_sys_info mailbox (Rob Evers) [890727] - [scsi] qla4xxx: Pass correct function param to qla4_8xxx_rd_direct (Rob Evers) [890727] - [scsi] qla4xxx: v5.03.00.00.06.04-k1 (Chad Dupuis) [878048] - [scsi] qla4xxx: update copyrights in LICENSE.qla4xxx (Chad Dupuis) [878048] - [scsi] qla4xxx: Disable generating pause frames for ISP83XX (Chad Dupuis) [878048] - [scsi] qla4xxx: Fix double clearing of risc_intr for ISP83XX (Chad Dupuis) [878048] - [scsi] qla4xxx: IDC implementation for Loopback (Chad Dupuis) [878048] - [scsi] qla4xxx: Fix panic while rmmod (Chad Dupuis) [878048] - [scsi] qla4xxx: Fail probe_adapter if IRQ allocation fails (Chad Dupuis) [878048] - [scsi] qla4xxx: Prevent MSI/MSI-X falling back to INTx for ISP82XX (Chad Dupuis) [878048] - [scsi] qla4xxx: Update idc reg in case of PCI AER (Chad Dupuis) [878048] - [scsi] qla4xxx: Fix double IDC locking in qla4_8xxx_error_recovery (Chad Dupuis) [878048] - [scsi] qla4xxx: Clear interrupt while unloading driver for ISP83XX (Chad Dupuis) [878048] - [scsi] qla4xxx: Print correct IDC version (Chad Dupuis) [878048] - [scsi] qla4xxx: Added new mbox cmd to pass driver version to FW (Chad Dupuis) [878048] - [scsi] qla4xxx: fix various printk and comment typos (Chad Dupuis) [878048] - [fs] autofs4: use simple_empty() for empty directory check (Ian Kent) [876795] - [fs] autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (Ian Kent) [876795] - [fs] gfs2: Fix race in gfs2_rs_alloc (Abhijith Das) [878476] - [fs] xfs: fix broken error handling in xfs_vm_writepage (Dave Chinner) [874539] - [drm] radeon: force rn50 chip to always report connected on analog output (Jerome Glisse) [892723] - [sound] alsa: add support for Teradici 2200 host card audio (Jaroslav Kysela) [890581] - [md] dm-raid: Fix RAID10's check for sufficient redundancy (Jonathan E Brassow) [889358] - [scsi] hpsa: update version number to 3.2.0 (Tomas Henzl) [891935] - [netdrv] cxgb4: Initialize data structures before using (Steve Best) [885756] [2.6.32-353.el6] - [mm] pageattr: prevent PSE and GLOABL leftovers to confuse pmd/pte_present and pmd_huge (Andrea Arcangeli) [878877] - [fs] gfs2: Fix FITRIM argument handling (Abhijith Das) [866932] - [fs] gfs2: Require user to provide argument for FITRIM (Abhijith Das) [866932] - [fs] exec: do not leave bprm->interp on stack (Josh Poimboeuf) [880146] {CVE-2012-4530} - [fs] exec: use -ELOOP for max recursion depth (Josh Poimboeuf) [880146] {CVE-2012-4530} - [fs] btrfs: close exclusive opens with close_bdev_exclusive() (Zach Brown) [874505] - [kernel] sched_rt: Fix hang where umount is stuck in synchronize_sched_expedited (Larry Woodman) [814768] [2.6.32-352.el6] - [md] raid10: Do not call md_raid10_unplug_device while holding spinlock (Jonathan E Brassow) [886658] - [md] dm-thin: commit before gathering status (Mike Snitzer) [882426] - [md] dm-thin: cleanup dead code (Mike Snitzer) [882426] - [md] dm-thin: rename cell_defer_except to cell_defer_no_holder (Mike Snitzer) [882426] - [md] dm-thin: emit 'ignore_discard' in status if discards are disabled (Mike Snitzer) [882426] - [md] dm-thin: wake the worker when a discard is prepared (Mike Snitzer) [882426] - [md] dm-thin: fix race between simultaneous io and discards to same block (Mike Snitzer) [882426] - [md] dm-thin: replace calls to cell_release_singleton with cell_defer_except (Mike Snitzer) [882426] - [mm] Revert: ksm: numa awareness sysfs knob (Jarod Wilson) [743643] - [fs] gfs2: Reset rd_last_alloc when it reaches the end of the rgrp (Robert S Peterson) [882381] - [fs] gfs2: Stop looking for free blocks at end of rgrp (Robert S Peterson) [882381] - [drm] nouveau: cache ramcfg value for RAM_RESTRICT_ZM_GROUP (Ben Skeggs) [878384] - [drm] nouveau: disable use of tesla/fermi copy engines for buffer moves (Ben Skeggs) [878384] - [fs] xfs: fix direct IO nested transaction deadlock (Dave Chinner) [876426] [2.6.32-351.el6] - [kernel] ptrace-utrace: fix PTRACE_GETEVENTMSG(pid) in sub-namespace (Oleg Nesterov) [782330] - [scsi] mpt2sas: fix for driver fails EEH recovery from injected pci bus error (Tomas Henzl) [829149] - [mm] memcontrol: propagate LRU accounting state when splitting THP (Johannes Weiner) [881714] - [net] sctp: proc: protect bind_addr->address_list accesses with rcu_read_lock() (Thomas Graf) [706038] - [net] sctp: Add RCU protection to assoc->transport_addr_list (Thomas Graf) [706038] - [s390] zfcp: Adapt to new FC_PORTSPEED semantics (Hendrik Brueckner) [855128] - [virt] virtio_net: allow to change mac when iface is running (Jiri Pirko) [882868] - [virt] kvm: Minimal hyper-v support (Vadim Rozenfeld) [871350] - [fs] gfs2: Journal DLM lock has wrong label (Steven Whitehouse) [884822] - [mm] huge_memory: fix typo in transparent_hugepage sysfs symlink (Jeremy Eder) [887308] - [mm] ksm: numa awareness sysfs knob (Petr Holasek) [743643] - [fs] btrfs: handle IS_ERR(inode) in btrfs_lookup() (Zach Brown) [870944] - [kernel] sched: Add irq_{enter,exit}() to scheduler_ipi() (Stanislaw Gruszka) [836964] - [kernel] panic: fix a possible deadlock in panic() (Tatsuya Kitamura) [871939] [2.6.32-350.el6] - [powerpc] perf: power_pmu_start restores incorrect values, breaking frequency events (Jiri Olsa) [880525] - [netdrv] mlx4: Allow choosing flow steering mode (Doug Ledford) [885191] - [netdrv] mlx4: Adjustments to Flow Steering activation logic for SRIOV (Doug Ledford) [885191] - [netdrv] mlx4: Fix wrong error flow in the flow steering wrapper (Doug Ledford) [885191] - [netdrv] mlx4: Add QPN enforcement for flow steering rules set by VFs (Doug Ledford) [885191] - [infiniband] mlx4: 64-byte CQE/EQE support (Doug Ledford) [885191] - [netdrv] mlx4: Fix potential deadlock in mlx4_eq_int() (Doug Ledford) [885191] - [infiniband] mlx4: Fix spinlock order to avoid lockdep warnings (Doug Ledford) [885191] - [netdrv] mlx4: Removing reserve vectors (Doug Ledford) [885191] - [netdrv] mlx4: Fix double-release-range in tx-rings (Doug Ledford) [885191] - [infiniband] mlx4: Fix QP1 P_Key processing in the Primary Physical Function (PPF) (Doug Ledford) [885191] - [infiniband] mlx4: Synchronize cleanup of MCGs in MCG paravirtualization (Doug Ledford) [885191] - [net] bonding: Bonding driver does not consider the gso_max_size setting of slave devices (Ivan Vecera) [883643] - [net] tcp: Fix >4GB writes on 64-bit (Daniel Borkmann) [885238] - [net] bridge: skip forwarding delay if not using STP (Thomas Graf) [881682] - [fs] nfs: Fix open(O_TRUNC) and ftruncate() error handling (Steve Dickson) [884263] - [fs] nfsd: add proc file listing kernel's gss_krb5 enctypes (Steve Dickson) [877113] - [fs] nfs: add nfs_sb_deactive_async to avoid deadlock (Steve Dickson) [871968] - [fs] nfs: fix page dirtying in NFS DIO read codepath (Jeff Layton) [876514] - [fs] nfs: don't zero out the rest of the page if we hit the EOF on a DIO READ (Jeff Layton) [876514] - [fs] handle null sb in get_super_thawed (Eric Sandeen) [874521] - [scsi] Fix race when removing SCSI devices (Tomas Henzl) [820880] - [netdrv] be2net: enable GRO by default (Ivan Vecera) [849930] - [netdrv] igb: fix compile warning if CONFIG_IGB_PTP is not set (Stefan Assmann) [886519] - [netdrv] bnx2x: Prevent link flaps when booting from SAN (Michal Schmidt) [881068] - [netdrv] bnx2x: Activate LFA (Michal Schmidt) [881068] - [acpi] apei: Fixup common access width firmware bug (Prarit Bhargava) [880465] - [acpi] apei: Avoid too much error reporting in runtime (Prarit Bhargava) [880465] - [acpi] apei: Fix incorrect APEI register bit width check and usage (Prarit Bhargava) [880465] - [virt] vhost: fix length for cross region descriptor (Michael S. Tsirkin) [862265] - [fs] nfs: Use FS-Cache invalidation (David Howells) [699931] - [fs] cachefiles: Implement invalidation (David Howells) [699931] - [fs] vfs: Make more complete truncate operation available to CacheFiles (David Howells) [699931] - [fs] fscache: Provide proper invalidation (David Howells) [699931] - [fs] fscache: Fix operation state management and accounting (David Howells) [699931] - [fs] fscache: Make cookie relinquishment wait for outstanding reads (David Howells) [699931] - [fs] cachefiles: Make some debugging statements conditional (David Howells) [699931] - [fs] fscache: Check cookie is still correct in __fscache_read_or_alloc_pages() (David Howells) [699931] - [fs] fscache: Check that there are no read ops when cookie relinquished (David Howells) [699931] - [fs] cachefiles: Downgrade the requirements passed to the allocator (David Howells) [699931] - [fs] fscache: Validate page mapping pointer value (David Howells) [699931] - [fs] fscache: Fix the marking of cached pages (David Howells) [699931] - [fs] fscache: nfs_migrate_page() does not wait for FS-Cache to finish with a page (David Howells) [699931] - [fs] fscache: Fix __fscache_uncache_all_inode_pages()'s outer loop (David Howells) [699931] - [fs] fscache: Add a helper to bulk uncache pages on an inode (David Howells) [699931] - [scsi] qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low (Chad Dupuis) [829739] - [scsi] qla2xxx: Determine the number of outstanding commands based on available resources (Chad Dupuis) [829739] - [s390] zfcp: return early from slave_destroy if slave_alloc returned early (Hendrik Brueckner) [878372] - [scsi] fcoe: fix fcoe enable on link toggle while it is still disabled (Neil Horman) [875271] - [scsi] Log thin provisioning threshold event (Ewan Milne) [847998] - [netdrv] qlge: NETIF_F_GRO needs to be part of hw_features instead of features (John Green) [849749] - [s390] qeth: set new mac even if old mac is gone (Hendrik Brueckner) [883458] - [s390] qeth: Fix IPA_CMD_QIPASSIST return code handling (Hendrik Brueckner) [882792] [2.6.32-349.el6] - [redhat] kabi: additional whitelist symbols for RHEL-6.4 (Jiri Olsa) [866427] [2.6.32-348.el6] - [ipc] mqueue: Prevent mq_send/receive memory corruption (Larry Woodman) [885030] - [fs] nfs: prevent delegreturn attr deadlock (David Jeffery) [870142] - [netdrv] tg3: Do not set TSS for 5719 and 5720 (John Feeney) [823371] - [scsi] lpfc: Update lpfc version for 8.3.5.86.1p driver release (Rob Evers) [877149] - [scsi] lpfc: Fixed setting sequential delivery bit in a service class that is not valid (Rob Evers) [877149] - [scsi] lpfc: Fixed boot from san failure when SLI4 FC device presented on the same PCI bus (Rob Evers) [877149] - [scsi] lpfc: Add LOGO support after ABTS compliance (Rob Evers) [877149] - [scsi] lpfc: Fixed not reporting logical link speed to SCSI midlayer when QoS not on (Rob Evers) [877149] - [scsi] lpfc: Fixed SCSI host create showing wrong link speed on SLI3 HBA ports (Rob Evers) [877149] - [scsi] lpfc: Fixed kernel warning on spinlock usage on some distributions (Rob Evers) [877149] - [scsi] lpfc: Fixed Linux generic firmware download on SLI4 devices with longer module names (Rob Evers) [877149] - [scsi] lpfc: Fix error with fabric service parameters causing performance issues (Rob Evers) [877149] - [scsi] lpfc: Fixed messages for misconfigured port errors (Rob Evers) [877149] - [scsi] lpfc: Fix FCP2 Retries for non-r/w commands (Rob Evers) [877149] - [scsi] lpfc: Fix incorrect comment in T10 DIF attributes (Rob Evers) [877149] - [scsi] lpfc: Correct missing queue destroy on function reset (Rob Evers) [877149] - [scsi] lpfc: Added checking BMBX register for RDY bit before writing the first address in (Rob Evers) [877149] - [scsi] lpfc: Misc changes to optimize critical path (Rob Evers) [877149] - [s390] qdio: fix kernel panic for zfcp 31-bit (Hendrik Brueckner) [878380] - [s390] zcrypt: msgType50 (RSA-CRT) fix (Hendrik Brueckner) [875977] - [netdrv] ixgbe: fix uninitialized event.type in ixgbe_ptp_check_pps_event (Andy Gospodarek) [884369] - [netdrv] ixgbe: (PTP) Fix PPS interrupt code (Andy Gospodarek) [884369] - [netdrv] ixgbe: Fix PTP X540 SDP alignment code for PPS signal (Andy Gospodarek) [884369] - [s390] zfcp: support for hardware data router (Hendrik Brueckner) [823016] - [s390] qdio: base support for hardware data router with zfcp (Hendrik Brueckner) [823016] - [s390] qdio: Split SBAL entry flags (Hendrik Brueckner) [823016] - [net] netfilter/ipset: Check and reject crazy /0 input parameters (Thomas Graf) [880920] - [kernel] kmod: make __request_module() killable (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] kmod: introduce call_modprobe() helper (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] call_usermodehelper: simplify/fix UMH_NO_WAIT case (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] wait_for_helper: SIGCHLD from user-space can lead to use-after-free (Oleg Nesterov) [819529] {CVE-2012-4398} - [netdrv] qlge: Backport offload features to vlan interfaces (John Green) [849749] - [netdrv] igbvf: work around i350 erratum (Stefan Assmann) [870638] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0190 CVE-2013-0309 CVE-2013-0311 CVE-2013-0310 CVE-2012-4508 CVE-2012-4542 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2:2.3.14-38] - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port - Resolves: #883653 [2:2.3.14-37] - Fix changelog entry - Related: #809271 [2:2.3.14-36] - Fix: Service disabled due to bind failure - Resolves: #809271 LOW Copyright 2013 Oracle, Inc. CVE-2012-0862 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [3.12.4-4] - Applied patch to fix CVE-2013-0200, temporary file vulnerability (bug #902163). - Fixed hpijs-marker-supply patch. [3.12.4-3] - Make 'hp-check' check for hpaio set-up correctly (bug #683007). [3.12.4-2] - Added more fixes from Fedora (bug #731900). [3.12.4-1] - Re-based to 3.12.4 with fixes from Fedora (bug #731900). No longer need no-system-tray, openPPD, addgroup, emit-SIGNAL, fab-root-crash, newline, hpaio-segfault, dbus-threads, or cups-web patches. [3.10.9-4] - The hpijs sub-package no longer requires cupsddk-drivers (which no longer exists as a real package), but cups >= 1.4 (bug #829453). LOW Copyright 2013 Oracle, Inc. CVE-2011-2722 CVE-2013-0200 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 xorg-x11-apps [7.6-6] - x11perf 1.5.4 (CVE-2011-2504) [7.6-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [7.6-4] - Move xinput and xkill to xorg-x11-server-utils [7.6-3] - Rebuild for libpng 1.5 [7.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [7.6-1] - x11perf 1.5.3 [7.5-5] - xeyes 1.1.1 [7.5-4] - xinput 1.5.3 - xkill 1.0.3 [7.5-3] - xclipboard 1.1.1 [7.5-2] - oclock 1.0.2 - xclock 1.0.5 - xconsole 1.0.4 - xbiff 1.0.2 - luit 1.1.0 - x11perf 1.5.2 - xcursorgen 1.0.4 - xeyes 1.1.0 - xload 1.1.0 - xlogo 1.0.3 - xmag 1.0.4 - xmessage 1.0.3 - xfd 1.1.0 - xfontsel 1.0.3 - xvidtune 1.0.2 [7.5-1] - xwd 1.0.4 - xwud 1.0.3 [7.4-14] - xinput 1.5.2 [7.4-13] - xinput 1.5.1 [7.4-12] - Add missing BR xorg-x11-xbitmaps [7.4-11] - Don't steal directory owned by filesystem package xorg-x11-server-utils [7.5-13] - xinput 1.6.0 [7.5-12] - Add libXinerama-devel requires for new xinput [7.5-11] - xinput 1.5.99.901 [7.5-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [7.5-9] - xinput 1.5.4 [7.5-8] - Move xinput and xkill here from xorg-x11-apps [7.5-7] - Fix BuildRequires ... xbitmaps-devel does not exist anymore (RHBZ #744751) - Upgrade to the latest upstream iceauth, rgb, sessreg, and xrandr [7.5-6] - xset 1.2.2 xorg-x11-utils [7.5-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [7.5-5] - xlsclients 1.1.2 - Rebuild for new xcb-util [7.5-4] - xdpyinfo 1.3.0 [7.5-3] - xprop 1.2.1 [7.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [7.5-1] - xvinfo 1.1.1 - xev 1.1.0 - xdpyinfo 1.2.0 - xwininfo 1.1.0 - xlsclients 1.1.0 - xlsfonts 1.0.3 [7.4-10] - xlsatoms 1.1.0 - xlsclients 1.1.0 [7.4-9] - edid-decode snapshot LOW Copyright 2013 Oracle, Inc. CVE-2011-2504 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.2.11.15-11] - Resolves: Bug 896256 - updating package touches configuration files [1.2.11.15-10] - Resolves: Bug 889083 - For modifiersName/internalModifiersName feature, internalModifiersname is not working for DNA plugin [1.2.11.15-9] - Resolves: Bug 891930 - DNA plugin no longer reports additional info when range is depleted [1.2.11.15-8] - Resolves: Bug 887855 - RootDN Access Control plugin is missing after upgrade from RHEL63 to RHEL64 [1.2.11.15-7] - Resolves: Bug 830355 - [RFE] improve cleanruv functionality - Resolves: Bug 876650 - Coverity revealed defects - Ticket #20 - [RFE] Allow automember to work on entries that have already been added (Bug 768084) - Resolves: Bug 834074 - [RFE] Disable replication agreements - Resolves: Bug 878111 - ns-slapd segfaults if it cannot rename the logs [1.2.11.15-6] - Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode - use perl-Socket6 on RHEL6 [1.2.11.15-5] - Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode [1.2.11.15-4] - Resolves: Bug 868841 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error - Resolves: Bug 868853 - Winsync: DS error logs report wrong version of Windows AD when winsync is configured. - Resolves: Bug 875862 - crash in DNA if no dnamagicregen is specified - Resolves: Bug 876694 - RedHat Directory Server crashes (segfaults) when moving ldap entry - Resolves: Bug 876727 - Search with a complex filter including range search is slow - Ticket #495 - internalModifiersname not updated by DNA plugin (Bug 834053) [1.2.11.15-3] - Resolves: Bug 870158 - slapd entered to infinite loop during new index addition - Resolves: Bug 870162 - Cannot abandon simple paged result search - c970af0 Coverity defects - 1ac087a Fixing compiler warnings in the posix-winsync plugin - 2f960e4 Coverity defects - Ticket #491 - multimaster_extop_cleanruv returns wrong error codes [1.2.11.15-2] - Resolves: Bug 834063 [RFE] enable attribute that tracks when a password was last set on an entry in the LDAP store; Ticket #478 passwordTrackUpdateTime stops working with subtree password policies - Resolves: Bug 847868 [RFE] support posix schema for user and group sync; Ticket #481 expand nested posix groups - Resolves: Bug 860772 Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl - Resolves: Bug 863576 Dirsrv deadlock locking up IPA - Resolves: Bug 864594 anonymous limits are being applied to directory manager [1.2.11.15-1] - Resolves: Bug 856657 dirsrv init script returns 0 even when few or all instances fail to start - Resolves: Bug 858580 389 prevents from adding a posixaccount with userpassword after schema reload [1.2.11.14-1] - Resolves: Bug 852202 Ipa master system initiated more than a dozen simultaneous replication sessions, shut itself down and wiped out its db - Resolves: Bug 855438 CLEANALLRUV task gets stuck on winsync replication agreement [1.2.11.13-1] - Resolves: Bug 847868 [RFE] support posix schema for user and group sync - fix upgrade issue with plugin config schema - posix winsync has default plugin precedence of 25 [1.2.11.12-1] - Resolves: Bug 800051 Rebase 389-ds-base to 1.2.11 - Resolves: Bug 742054 SASL/PLAIN binds do not work - Resolves: Bug 742381 MOD operations with chained delete/add get back error 53 on backend config - Resolves: Bug 746642 [RFE] define pam_passthru service per subtree - Resolves: Bug 757836 logconv.pl restarts count on conn=0 instead of conn=1 - Resolves: Bug 768084 [RFE] Allow automember to work on entries that have already been added - Resolves: Bug 782975 krbExtraData is being null modified and replicated on each ssh login - Resolves: Bug 803873 Sync with group attribute containing () fails - Resolves: Bug 818762 winsync should not delete entry that appears to be out of scope - Resolves: Bug 830001 unhashed#user#password visible after changing password [rhel-6.4] - Resolves: Bug 830256 Audit log - clear text password in user changes - Resolves: Bug 830331 ns-slapd exits/crashes if /var fills up - Resolves: Bug 830334 Invalid chaining config triggers a disk full error and shutdown - Resolves: Bug 830335 restore of replica ldif file on second master after deleting two records shows only 1 deletion - Resolves: Bug 830336 db deadlock return should not log error - Resolves: Bug 830337 usn + mmr = deletions are not replicated - Resolves: Bug 830338 Change DS to purge ticket from krb cache in case of authentication error - Resolves: Bug 830340 Make the CLEANALLRUV task one step - Resolves: Bug 830343 managed entry sometimes doesn't delete the managed entry - Resolves: Bug 830344 [RFE] Improve replication agreement status messages - Resolves: Bug 830346 ADD operations not in audit log - Resolves: Bug 830347 389 DS does not support multiple paging controls on a single connection - Resolves: Bug 830348 Slow shutdown when you have 100+ replication agreements - Resolves: Bug 830349 cannot use & in a sasl map search filter - Resolves: Bug 830353 valgrind reported memleaks and mem errors - Resolves: Bug 830355 [RFE] improve cleanruv functionality - Resolves: Bug 830356 coverity 12625-12629 - leaks, dead code, unchecked return - Resolves: Bug 832560 [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) - Resolves: Bug 833202 transaction retries need to be cache aware - Resolves: Bug 833218 ldapmodify returns Operations error - Resolves: Bug 833222 memberOf attribute and plugin behaviour between sub-suffixes - Resolves: Bug 834046 [RFE] Add nsTLS1 attribute to schema and objectclass nsEncryptionConfig - Resolves: Bug 834047 Fine Grained Password policy: if passwordHistory is on, deleting the password fails. - Resolves: Bug 834049 [RFE] Add schema for DNA plugin - Resolves: Bug 834052 [RFE] limiting Directory Manager (nsslapd-rootdn) bind access by source host (e.g. 127.0.0.1) - Resolves: Bug 834053 [RFE] Plugins - ability to control behavior of modifyTimestamp/modifiersName - Resolves: Bug 834054 Should only update modifyTimestamp/modifiersName on MODIFY ops - Resolves: Bug 834056 Automembership plugin fails in a MMR setup, if data and config area mixed in the plugin configuration - Resolves: Bug 834057 ldap-agent crashes on start with signal SIGSEGV - Resolves: Bug 834058 [RFE] logconv.pl : use of getopts to parse commandline options - Resolves: Bug 834060 passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions - Resolves: Bug 834061 [RFE] RHDS: Implement SO_KEEPALIVE in network calls. - Resolves: Bug 834063 [RFE] enable attribute that tracks when a password was last set on an entry in the LDAP store - Resolves: Bug 834064 dnaNextValue gets incremented even if the user addition fails - Resolves: Bug 834065 Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied - Resolves: Bug 834074 [RFE] Disable replication agreements - Resolves: Bug 834075 logconv.pl reporting unindexed search with different search base than shown in access logs - Resolves: Bug 835238 Account Usability Control Not Working - Resolves: Bug 836386 slapi_ldap_bind() doesn't check bind results - Resolves: Bug 838706 referint modrdn not working if case is different - Resolves: Bug 840153 Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled - Resolves: Bug 841600 Referential integrity plug-in does not work when update interval is not zero - Resolves: Bug 842437 dna memleak reported by valgrind - Resolves: Bug 842438 Report during startup if nsslapd-cachememsize is too small - Resolves: Bug 842440 memberof performance enhancement - Resolves: Bug 842441 'Server is unwilling to perform' when running ldapmodify on nsds5ReplicaStripAttrs - Resolves: Bug 847868 [RFE] support posix schema for user and group sync - Resolves: Bug 850683 nsds5ReplicaEnabled can be set with any invalid values. - Resolves: Bug 852087 [RFE] add attribute nsslapd-readonly so we can reference it in acis - Resolves: Bug 852088 server to server ssl client auth broken with latest openldap - Resolves: Bug 852839 variable dn should not be used in ldbm_back_delete MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4450 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [12:4.1.1-34.P1.0.1.el6] - Added oracle-errwarn-message.patch [12:4.1.1-34.P1] - Reducing the expiration time for an IPv6 lease may cause the server to crash (CVE-2012-3955, #858130) [12:4.1.1-33.P1] - Use getifaddrs() for interface discovery code on Linux (#803540) - dhclient-script: do not backup&restore /etc/resolv.conf (#824622) [12:4.1.1-32.P1] - An error in the handling of malformed client identifiers can cause a denial-of-service condition in affected servers. (CVE-2012-3571, #843122) - Memory Leaks Found In ISC DHCP (CVE-2012-3954, #843122) LOW Copyright 2013 Oracle, Inc. CVE-2012-3955 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [7:3.1.10-16] - Resolves: #888198 - CVE-2012-5643: improved upstream patch [7:3.1.10-15] - Reverts: #861062 - Squid delays on FQDNs that don't contains AAAA record [7:3.1.10-14] - Resolves: #888198 - CVE-2012-5643: patch [7:3.1.10-13] - Resolves: #888198 - CVE-2012-5643: DoS (excessive resource consumption) [7:3.1.10-12] - Resolves #861062 - add configure directive --enable-internal-dns [7:3.1.10-11 ] - Resolves #861062 - Squid delays on FQDNs that don't contains AAAA record [7:3.1.10-10] - Resolves #798090 - Client timeout uses server-side 'read_timeout' - Resolves #833086 - Private md5 hash function does not comply FIPS - Resolves #782732 - Squid crashes by segfault when it reboots - Resolves #797571 - Squid userid is not added to wbpriv group - Disable strict-error-checking on account of squid-fips.patch MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5643 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [4.0.0-55.rc4] - Fix dependencies of samba4-test package. - related: #896142 [4.0.0-54.rc4] - Fix summary and description of dc subpackages. - resolves: #896142 - Remove conflicting libsmbclient.7 manpage. - resolves: #896240 [4.0.0-53.rc4] - Fix provides filter rules to remove conflicting libraries from samba4-libs. - resolves: #895718 [4.0.0-52.rc4] - Fix typo in winbind-krb-locator post uninstall script. - related: #864889 [4.0.0-51.rc4] - Make sure we use the same directory as samba package for the winbind pipe. - resolves: #886157 [4.0.0-50.rc4] - Fix typo in winbind-krb-locator post uninstall script. - related: #864889 [4.0.0-49.rc4] - Fix Netlogon AES encryption. - resolves: #885089 [4.0.0-48.rc4] - Fix IPA trust AD lookup of users. - resolves: #878564 [4.0.0-47.rc4] - Add require for krb5-libs >= 1.10 to samba4-libs. - resolves: #877533 [4.0.0-46.rc4] - Rename /etc/sysconfig/samba4 to name to mach init scripts. - resolves: #877085 [4.0.0-45.rc4] - Don't require samba4-common and samba4-test in samba4-devel package. - related: #871748 [4.0.0-44.rc4] - Make libnetapi and internal library to fix dependencies. - resolves: #873491 [4.0.0-43.rc4] - Move libnetapi and internal printing migration lib to libs package. - related: #766333 [4.0.0-42.rc4] - Fix perl, pam and logrotate dependencies. - related: #766333 [4.0.0-41.rc4] - Fix library dependencies found by rpmdiff. - Update winbind offline logon patch. - related: #766333 [4.0.0-40.rc4] - Move libgpo to samba-common - resolves: #871748 [4.0.0-39.rc4] - Rebase to version 4.0.0rc4. - related: #766333 [4.0.0-38.rc3] - Add missing export KRB5CCNAME in init scripts. - resolves: #868419 [4.0.0-37.rc3] - Move /var/log/samba to samba-common package for winbind which requires it. - resolves: #868248 [4.0.0-36.rc3] - The standard auth modules need to be built into smbd to function. - resolves: #867854 [4.0.0-35.rc3] - Move pam_winbind.conf to the package of the module. - resolves: #867317 [4.0.0-34.rc3] - Built auth_builtin as static module. - related: #766333 [4.0.0-33.rc3] - Add back the AES patches which didn't make it in rc3. - related: #766333 [4.0.0-32.rc3] - Rebase to version 4.0.0rc3. - related: #766333 [4.0.0-31.rc2] - Use alternatives to configure winbind_krb5_locator.so - resolves: #864889 [4.0.0-30.rc2] - Fix multilib package installation. - resolves: #862047 - Filter out libsmbclient and libwbclient provides. - resolves: #861892 - Rebase to version 4.0.0rc2. - related: #766333 [4.0.0-29.rc1] - Fix Requires and Conflicts. - related: #766333 [4.0.0-28.rc1] - Move pam_winbind and wbinfo manpages to the right subpackage. - related: #766333 [4.0.0-27.rc1] - Fix permission for init scripts. - Define a common KRB5CCNAME for smbd and winbind. - Set piddir back to /var/run in RHEL6. - related: #766333 [4.0.0-26.rc1] - Add '-fno-strict-aliasing' to CFLAGS again. - related: #766333 [4.0.0-25.rc1] - Build with syste libldb package which has been just added. - related: #766333 [4.0.0-24.rc1] - Rebase to version 4.0.0rc1. - resolves: #766333 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-1182 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.9.2-82] - Resolves: rhbz#888614 - Failure in memberof can lead to failed database update [1.9.2-81] - Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees [1.9.2-80] - Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders [1.9.2-79] - Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x [1.9.2-78] - Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute. [1.9.2-77] - Resolves: rhbz#902436 - possible segfault when backend callback is removed [1.9.2-76] - Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache [1.9.2-75] - Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps [1.9.2-74] - Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache [1.9.2-73] - Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform [1.9.2-72] - Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit [1.9.2-71] - Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache [1.9.2-70] - Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache [1.9.2-69] - Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work [1.9.2-68] - Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships [1.9.2-67] - Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent [1.9.2-66] - Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts [1.9.2-65] - Resolves: rhbz#892197 - Incorrect principal searched for in keytab [1.9.2-64] - Resolves: rhbz#891356 - Smart refresh doesn't notice 'defaults' addition with OpenLDAP [1.9.2-63] - Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache [1.9.2-62] - Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider [1.9.2-61] - Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work [1.9.2-60] - Resolves: rhbz#874618 - sss_cache: fqdn not accepted [1.9.2-59] - Resolves: rhbz#889182 - crash in memory cache [1.9.2-58] - Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache [1.9.2-57] - Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666) [1.9.2-56] - Resolves: rhbz#886038 - sssd components seem to mishandle sighup [1.9.2-55] - Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function [1.9.2-54] - Resolves: rhbz#888614 - Failure in memberof can lead to failed database update [1.9.2-53] - Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long [1.9.2-52] - Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade [1.9.2-51] - Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal [1.9.2-50] - Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps [1.9.2-49] - Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh [1.9.2-48] - Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076) [1.9.2-47] - Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider [1.9.2-46] - Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname [1.9.2-45] - Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired [1.9.2-44] - Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache [1.9.2-43] - Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule [1.9.2-42] - Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter [1.9.2-41] - Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly [1.9.2-40] - Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507) [1.9.2-39] - Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974) [1.9.2-38] - Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060) [1.9.2-37] - Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507) [1.9.2-36] - Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned [1.9.2-35] - Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds [1.9.2-34] - Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users [1.9.2-33] - Resolves: rhbz#881773 - mmap cache needs update after db changes [1.9.2-32] - Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742) [1.9.2-31] - Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573) [1.9.2-30] - Resolves: rhbz#880140 - sssd hangs at startup with broken configurations [1.9.2-29] - Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set [1.9.2-28] - Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group [1.9.2-27] - Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations [1.9.2-26] - Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130 [1.9.2-25] - Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache [1.9.2-24] - Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password [1.9.2-23] - Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal [1.9.2-22] - Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure [1.9.2-21] - Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections [1.9.2-20] - Related: rhbz#877126 - Bump the release tag [1.9.2-20] - Resolves: rhbz#877126 - subdomains code does not save the proper user/group name [1.9.2-19] - Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid() [1.9.2-18] - Resolves: rhbz#870039 - sss_cache says 'Wrong DB version' [1.9.2-17] - Resolves: rhbz#875740 - 'defaults' entry ignored [1.9.2-16] - Resolves: rhbz#875738 - offline authentication failure always returns System Error [1.9.2-15] - Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11 [1.9.2-14] - Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place [1.9.2-13] - Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment [1.9.2-12] - Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place [1.9.2-11] - Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule [1.9.2-10] - Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running [1.9.2-9] - Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section [1.9.2-8] - Resolves: rhbz#873032 - Move sss_cache to the main subpackage [1.9.2-7] - Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group [1.9.2-6] - Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive [1.9.2-5] - Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443 [1.9.2-4] - BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932 [1.9.2-3] - Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542 [1.9.2-2] - Fix the 'ca' translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 [1.9.2-1] - New upstream release 1.9.2 [1.9.1-1] - Rebase to 1.9.1 [1.9.0-3] - Require the latest libldb [1.9.0-2] - Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 [1.9.0-1.rc1] - Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes [1.8.0-33] - Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds LOW Copyright 2013 Oracle, Inc. CVE-2013-0220 CVE-2013-0219 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 ibacm [1.0.8-0.git7a3adb7] - Update to latest upstream via git repo - Resolves: bz866222, bz866223 ibsim [0.5-7] - Bump and rebuild against latest opensm - Related: bz756396 ibutils [1.5.7-7] - Bump and rebuild against latest opensm - Related: bz756396 infiniband-diags [1.5.12-5] - Bump and rebuild against latest opensm - Pick up fixes done for rhel5.9 - Related: bz756396 [1.5.12-4] - Update the all_hcas patch to resolve several problems - Give a simple help message to the ibnodes script - Resolves: bz818606, bz847129 infinipath-psm [3.0.1-115.1015_open.1] - New upstream releas Resolves: rhbz818789 libibmad [1.3.9-1] - Update to latest upstream version (more SRIOV support) - Related: bz756396 [1.3.8-1] - Update to latest upstream version (for FDR link speed support) - Related: bz750609 [1.3.7-1] - Update to latest upstream version (1.3.4 -> 1.3.7) - Related: bz725016 [1.3.4-1] - New upstream version [1.3.3-2] - ExcludeArch s390(x) as there's no hardware support there [1.3.3-1] - Update to latest upstream release [1.3.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.3.2-1] - Update to latest upstream version - Require the same version of libibumad as our version [1.3.1-1] - Update to latest upstream version [1.2.0-3] - Rebuilt against libtool 2.2 [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.0-1] - Initial package for Fedora review process libibumad [1.3.8-1] - Update to latest upstream release (more SRIOV support) - Related: bz756396 [1.3.7-1] - Update to latest upstream version (1.3.4 -> 1.3.7) - Related: bz725016 [1.3.4-1] - New upstream release [1.3.3-2] - ExcludeArch s390(x) as there is no hardware support there [1.3.3-1] - Update to latest upstream version [1.3.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.3.2-2] - Forgot to remove both instances of the libibcommon requires - Add build requires on glibc-static [1.3.2-1] - Update to latest upstream version - Remove requirement on libibcommon since that library is no longer needed - Fix a problem with man page listing [1.3.1-1] - Update to latest upstream version [1.2.0-3] - Rebuilt against libtool 2.2 [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.0-1] - Initial package for Fedora review process libibverbs [1.1.6-5] - Don't print link state on iWARP links as it's always invalid - Don't try to do ud transfers in excess of port MTU - Resolves: bz822781 libmlx4 [1.0.4-1] - Update to latest upstream version - Related: bz756396 librdmacm [1.0.17-0.git4b5c1aa] - Pre-release version of 1.0.17 - Resolves a CVE vulnerability between librdmacm and ibacm - Fixes various minor bugs in sample programs - Resolves: bz866221, bz816074 opensm [3.3.15-1] - Update to latest upstream source (adds more SRIOV support) - Fix init script when no config files are present - Related: bz756396 [3.3.13-1] - Update to latest upstream release - Add patch to support specifying subnet_prefix on command lien - Update init script to pass unique subnet_prefix's when using the GUID method of starting multiple instances - Fix up LSB init script headers - Resolves: bz754196 [3.3.12-1] - Generate the opensm.conf file instead of shipping a static one as a source - Update to latest upstream release (FDR link speed support) - Resolves: bz750609 [3.3.9-1] - Update to latest upstream version (3.3.5 -> 3.3.9) - Add /etc/sysconfig/opensm for use by opensm init script - Enable the ability to start more than one instance of opensm for multiple fabric support - Enable the ability to start opensm with a priority other than default for support of backup opensm instances - Related: bz725016 - Resolves: bz633392 [3.3.5-1] - Update to latest upstream release. We need various defines in ib_types.h for the latest ibutils package to build properly, and the latest ibutils package is needed because we found licensing problems in the older tarballs during review. [3.3.3-2] - ExcludeArch s390(x) as there's no hardware support there [3.3.3-1] - Update to latest upstream release - Minor tweaks to init script for LSB compliance [3.3.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [3.3.2-1] - Update to latest upstream version [3.3.1-1] - Update to latest upstream version [3.2.1-3] - fix bare elifs to rebuild [3.2.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [3.2.1-1] - Initial package for Fedora review process rdma [3.6-1.0.2] - Add SDP to rdma.conf and rdma.init [3.6-1.0.1] - Support Mellanox OFED 1.5.5 [3.6-1] - Bump version to match final kernel submission [3.6-0.rc5.1] - Bump version to match kernel update submitted for rhel6.4 LOW Copyright 2013 Oracle, Inc. CVE-2012-4517 CVE-2012-4518 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 Oracle Linux 6 [9.0.3-30] - Resolves #902474 - upgrading IPA from 2.2 to 3.0 sees certmonger errors [9.0.3-29] - Resolves #891985 - Increase FreeIPA root CA validity [9.0.3-28] - Resolves #885790 - Multiple cross-site scripting flaws by displaying CRL or processing profile [9.0.3-27] - Resolves #867640 - ipa-replica-install Configuration of CA failed by REVERTING #819111 - Non-existent container breaks replication [9.0.3-26] - Resolves #844459 - Increase audit cert renewal range to 2 years (mharmsen) - Resolves #841663 - serial number incorrectly cast from BigInt to integer in installation wizard (mharmsen) - Resolves #858864 - create/ identify a mechanism for clients to determine that the pki subsystem is up (alee) [9.0.3-25] - Resolves #819111 - Non-existent container breaks replication MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4543 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.2.15-26.0.1.el6] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-26] - htcacheclean: exit with code 4 also for 'restart' action (#805810) [2.2.15-25] - htcacheclean: exit with code 4 if nonprivileged user runs initscript (#805810) - rotatelogs: omit the second arg when invoking a post-rotate program (#876923) [2.2.15-24] - mod_ssl: improved patch for mod_nss fallback (w/mharmsen, #805720) [2.2.15-23] - mod_log_config: fix cookie parsing substring mismatch (#867268) [2.2.15-22] - mod_cache: fix header merging for 304 case, thanks to Roy Badami (#868283) - mod_cache: fix handling of 304 responses (#868253) [2.2.15-21] - mod_proxy_ajp: ignore flushing if headers have not been sent (#853160) - mod_proxy_ajp: do not mark worker in error state when one request timeouts (#864317) - mod_ssl: do not run post script if all files are already created (#752618) [2.2.15-20] - add htcacheclean init script (Jan Kaluza, #805810) [2.2.15-19] - mod_ssl: fall back on another module's proxy hook if mod_ssl proxy is not configured. (#805720) [2.2.15-18] - add security fix for CVE-2012-2687 (#850794) [2.2.15-17] - mod_proxy: allow change BalancerMember state in web interface (#748400) - mod_proxy: Tone down 'worker [URL] used by another worker' warning (#787247) - mod_proxy: add support for 'failonstatus' option (#824571) - mod_proxy: avoid DNS lookup on hostname from request URI if ProxyRemote* is configured (#837086) - rotatelogs: create files even if they are empty (#757739) - rotatelogs: option to rotate files into a custom location (#757735) - rotatelogs: add support for -L option (#838493) - fix handling of long chunk-line (#842376) - add server aliases to 'httpd -S' output (#833092) - omit %posttrans daemon restart if /etc/sysconfig/httpd-disable-posttrans exists (#833064) - mod_ldap: treat LDAP_UNAVAILABLE as a transient error (#829689) - ab: fix double free when SSL request fails in verbose mode (#837613) - mod_cache: do not cache partial results (#822587) - mod_ldap: add LDAPReferrals directive alias (#796958) - mod_ssl: add _userID DN variable suffix for NID_userId (#842375) - mod_ssl: fix test for missing decrypted private keys, and ensure that the keypair matches (#848954) - mod_authnz_ldap: set AUTHORIZE_* variables in LDAP authorization (#828896) - relax checks for status-line validity (#853348) [2.2.15-16] - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787599) - obviates fix for CVE-2011-3638, patch removed LOW Copyright 2013 Oracle, Inc. CVE-2012-2687 CVE-2008-0455 CVE-2012-4557 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.3.3-22] - php-xml provides php-xmlreader and php-xmlwriter (#874987) - fix possible NULL derefence and buffer overflow (#879179) - fix zend garbage collector (#848186, #868375) [5.3.3-21] - fix CVE reference in previous changelog entry [5.3.3-20] - remove reproducer from security fix for CVE-2012-0781 [5.3.3-19] - add FastCGI Process Manager (php-fpm) SAPI (#806132, #824293) [5.3.3-18] - php script hangs when it exceeds max_execution_time when inside an ODBC call (#864951) [5.3.3-17] - add security fixes for CVE-2012-2688, CVE-2012-0831, CVE-2011-1398 [5.3.3-16] - fix stream support in fileinfo (#858653) - fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859371) [5.3.3-15] - fix permission on source files (#676364) - fix negative keys with var_export (#771738) - fix setDate when DateTime created from timestamp (#812819) - add php(language) and missing provides (#837042) - use arch-specific requires (#833545) - fix possible buffer overflow in pdo_odbc (#836264) - fix possible segfault in pdo_mysql (#824199) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2688 CVE-2011-1398 CVE-2012-0831 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 evolution-mapi [0.28.3-12] - Add patch for RH bug #903241 (Double-free on message copy/move) [0.28.3-11] - Add patch for RH bug #902932 (Cannot connect with latest samba) [0.28.3-10] - Drop multilib by obsoleting evolution-mapi < 0.28.3-9 (RH bug #886914). [0.28.3-9] - Adapt to OpenChange 1.0 (RH bug #767678). [0.28.3-8] - Add patch for RH bug #680061 (crash while setting props). openchange [1.0-4] - Use current version (1.0-4) for a multilib obsolete (RH bug #881698). [1.0-3] - Add patch to be able to send large messages (RH bug #870405) [1.0-2] - Drop multilib by obsoleting openchange < 0.9 (RH bug #881698). [1.0-1] - Rebase to 1.0 using the rpm spec from Fedora 18. MODERATE Copyright 2013 Oracle, Inc. CVE-2012-1182 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.28.3-30.el6] - Update patch for RH bug #707526 (Prints QP-encoded email encoded) [2.28.3-29.el6] - Add patch for RH bug #890642 (Crash due to implicit function declarations) [2.28.3-28.el6] - Add patch for RH bug #885558 (CVE 2011-3201). [2.28.3-27.el6] - Add patch for RH bug #805239 (calendar alarm notifications). [2.28.3-26.el6] - Add patch for RH bug #707526 (contact_list_editor_render_destination) LOW Copyright 2013 Oracle, Inc. CVE-2011-3201 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.17.2-12.9] - fix #892471 - CVE-2013-0157 mount folder existence information disclosure [2.17.2-12.8] - fix #679833 - [RFE] tailf should support - fix #719927 - [RFE] add adjtimex --compare functionality to hwclock - fix #730272 - losetup does not warn if backing file is < 512 bytes - fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors - fix #736245 - lscpu segfault on non-uniform cpu configuration - fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong - fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte - fix #818621 - lsblk should not open device it prints info about - fix #819945 - hwclock --systz causes a system time jump - fix #820183 - mount(8) man page should include relatime in defaults definition - fix #823008 - update to the latest upstream lscpu and chcpu - fix #837935 - lscpu coredumps on a system with 158 active processors - fix #839281 - inode_readahead for ext4 should be inode_readahead_blks - fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail - fix #845971 - while reading /etc/fstab, mount command returns a device before a directory - fix #858009 - login doesn't update /var/run/utmp properly - fix #809449 - Backport inverse tree (-s) option for lsblk and related patches - fix #809139 - lsblk option -D missing in manpage LOW Copyright 2013 Oracle, Inc. CVE-2013-0157 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.3p1-84.1] - Add a 'netcat mode' (ssh -W) (#860809) [5.3p1-83] - fix the required authentications patch (#869903) [5.3p1-82] - check return value of PK11_Authenticate in ssh-add -n (#782912) - document available methods to RequiredAuthentications[12] (#821641) - fix ssh-copy-id (#836650) - fix segmentation fault in ssh client (#836655) - update pam_ssh_agent_auth to 0.9.3 upstream version - fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent is not running (#834404) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5536 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [1:2.0.9-5] - script-login did not drop privileges correctly (#709095) - fix directory traversal due to not obeying chroot directive (#709097) - check proxy destination host against SSL certificate name (#754980) [1:2.0.9-4] - dovecot may not set correct premissions for mail folder (#697620) [1:2.0.9-3] - fix potential crash when parsing header names that contain NUL characters (#728673) LOW Copyright 2013 Oracle, Inc. CVE-2011-2167 CVE-2011-4318 CVE-2011-2166 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.1.1-13] - fix environment file handling problems - CVE-2011-3148 (#746619) and CVE-2011-3148 (#746620) [1.1.1-12] - add character sequence test to pam_cracklib - drop unused difignore option from pam_cracklib (#811243) - add enforce_for_root option to pam_cracklib (#588893) - mention limits.d in the limits.conf(5) manpage (#723297) - add ability to lock out inactive accounts to pam_lastlog - fix require_selinux option in pam_namespace (#750601) - add mntopts flag for tmpfs polyinstantiation method - preserve authtok_type in pam_get_authtok() (#811168) - fix username mismatch in pam_unix remember feature (#815516) - relax restriction of root in pam_pwhistory - relax soft nproc limit for root in 90-nproc.conf [1.1.1-11] - additional password checks in pam_cracklib MODERATE Copyright 2013 Oracle, Inc. CVE-2011-3148 CVE-2011-3149 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [7.2-60.el6] - Fix CVE-2011-4355 gdb: arbitrary code execution via .debug_gdb_scripts' (Jan Kratochvil, RH BZ 756116). [7.2-58.el6] - Fix Backport gdb fix to handle identical binaries via additional build-id symlinks' (RH BZ 836966). MODERATE Copyright 2013 Oracle, Inc. CVE-2011-4355 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.3.9.6] - CVE-2010-4530 patch [1.3.9-5] - Fix dist tag [1.3.9-4] - Check multiple voltages, even if we started with 5V. LOW Copyright 2013 Oracle, Inc. CVE-2010-4530 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.5.2-11] - fix overflow issue introduced in 1.5.2-5 and incorrectly corrected in 1.5.2-6 [1.5.2-10] - CVE-2010-4531 [1.5.2-9] - Bump version number so it doesn't get confused with z stream build. MODERATE Copyright 2013 Oracle, Inc. CVE-2010-4531 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.11.1-4] - remove BR dependency on java-devel-openjdk [1.11.1-3] - fix for CVE-2012-3386 -- 'make distcheck' was making the directory distdir world-readable (#848469) LOW Copyright 2013 Oracle, Inc. CVE-2012-3386 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [3.0.0-25.el6] - Filter generated winbind dependencies so the right version of samba can be installed. (#905594) [3.0.0-24.el6] - Add certmonger condrestart to server post scriptlet (#903758) - Make certmonger a (pre) Requires (#903758) - Add selinux-policy to Requires(pre) to avoid post scriptlet AVCs (#903758) - Set minimum version of pki-ca to 9.0.3-30 and add to Requires(pre) to pick up certmonger upgrade fix (#902474) - Update anonymous access ACI to protect secret attributes (#902481) [3.0.0-23.el6] - Installer should not connect to 127.0.0.1. (#895561) - Don't initialize NSS if we don't have to. (#878220) [3.0.0-22.el6] - Set minimum version of bind-dyndb-ldap to 2.3-2 to pick up missing DNS zone SOA serial fix (#894131) - Stopped named service crashed ipa-upgradeconfig program (#895298) - ipa-replica-prepare crashed when manipulating DNS zone without SOA serial (#894143) - Use new certmonger locking to prevent NSS database corruption during CA subsystem renewal (#883484) - Set minimum selinux-policy to 3.7.19-193 to allow certmonger to talk to dbus in an rpm scriptlet. (related #883484) - Set minimum vresion of certmonger to 0.61-3 for new locking scheme (related #883484) [3.0.0-21.el6] - Properly handle migrated uniqueMember attributes (#894090) - ipa permission-find using valid targetgroup throws internal error (#893827) - Fix migration of CRLs to new directory location (#893722) - Installing IPA with a single realm component sometimes fails (#893187) [3.0.0-20.el6] - Set maxbersize to a large value to accomondate large CRLs during replica installation. (#888956) - Set minimum version of pki-ca, pki-slient and pki-setup to 9.0.3-29 to pick up default CA validity period of 20 years. (#891980) [3.0.0-19.el6] - Client installation crashes when Kerberos SRV record is not found (#889583) - Fix typo in patch 0048 for CVE-2012-5484 (#878220) [3.0.0-18.el6] - Cookie Expires date should be locale insensitive to avoid CLI errors (#888915) [3.0.0-17.el6] - ipa delegation-find --group option returns internal error (#888524) - Add missing Requires for python-crypto replacement (#878969) [3.0.0-16.el6] - sssd is not enabled on client/server install (#888124) [3.0.0-15.el6] - ipa-server-install --uninstall doesn't clear certmonger dirs, which leads to install failing (#817080) [3.0.0-14.el6] - Compliant client side session cookie behavior. CVE-2012-5631. (#886371) [3.0.0-13.el6] - Use secure method to retrieve IPA CA during client enrollment. CVE-2012-5484 (#878220) - Reformat patch 0044 so it works with git-am [3.0.0-12.el6] - Include /var/lib/sss/pubconf/krb5.include.d/ for domain-realm mappings in krb5.conf (#883166) - Set minimum selinux-policy >= 3.7.19-184 to allow domains that can read sssd_public_t files to also list the directory (#881413) - Remove dist label from changelog entries. - Fix timestamp on patched files to avoid multilib warnings [3.0.0-11.el6] - Set Requires on httpd 2.2.15-24, mod_nss to 1.0.8-18 and patch to check for existing mod_ssl configuration. These versions allow mod_proxy to simultaneously support SSL servers using mod_ssl and mod_proxy (#761574) - IPA WebUI login for AD Trusted User fails (#875261) - Add 'disable_last_success' and 'disable_lockout' to the ipa_lockout plugin (#824488) [3.0.0-10.el6] - Make default group type POSIX in ui (#880655) - Write replacement for python-crypto (#878969) - ipa trust-add prints misleading information about required DNS setting (#878485) - Lookup user SIDs in external groups (#878480) - Special case NFS related ticket to avoid attaching MS-PACs (#878462) - IPA users are not available after ipa-server-install because sssd not running (#878288) - Incorrect error message when time difference between AD and IPA is too great (#877434) - Missing option to add SSH Public Key in Web UI after upgrade (#877324) [3.0.0-9.el6] - Update minimum BR and Requires of sssd to 1.9.2-25 (related #870278, related #871160, related #878262) - Replication agreement tools report errors with new single instance CA database (#878491) - If time is moved back on the IPA server, ipasam does not invalidate the existing ticket (#866576) [3.0.0-8.el6] - Server installation fails to find A/AAAA record for IPA hostname (#874935) - Out of range error when listing RUV on host with no agreements (#873726) - Tighten dependency on krb5-server to limit to 1.10 (#872707) - Default SELinuxusermaporder needs to mapped with default selinux users list (#870053) - Clarify trust-add help regarding multiple runs against the same domain (#869741) - Improve reliabilityof RA renewal script (#869663) - Add option to disable DNS forwarding by zone (#869658) - Update minimum version of bind-dyndb-ldap to 2.3-1 (#869658) - Improve information on passsync user in man page, command help (#869656) - Resolve external members from trusted domain via Global Catalog (#869616) - Process relative nameserver DNS record correctly (#868956) - ipa-adtrust-install does not reset all information when re-run (#867447) - Fix potential memory leak in KDB backend (#811989) [3.0.0-7.el6] - Fix type conversion of integers when doing modifications (#870446) - Set SECURE_NFS to lowercase yes rather than uppercase (#869654) - Add autofs service to sssd.conf before enabling it (#869649) - Add strict Requires for policycoreutils to avoid user removing them during package lifetime (#869281) - Make internal rename_s() call compatible with python-ldap-2.3.10 (#867902) - Update minimum version of bind-dyndb-ldap to 2.2-1.el6 (related #871583) - Restart httpd after running ipa-adtrust-install (#866966) [3.0.0-6.el6] - Add patch to override xmlrpc request method for session (#786199) - Bad link to Web UI config page after session is expired (#869279) - extdom plugin does not handle Posix UID and GID request (#867676) - ipa-server-install --setup-dns always installs reverse zone (#866978) - Inform user when ipa-upgradeconfig reports errors (#866977) - Certificate request fails when CSR has subjectAltnames (#866955) - ipa-adtrust-install checks for /usr/bin/smbpasswd, which is not required (#866572) - Instructions to uninstall are unclear (#856294) - Inconsistent service naming in ipa-server-install (#856292) - Improve instructions to generate certificate in Web UI (#856282) - /etc/ipa/default.conf is out of date (#855855) - Time synchronization is disabled in ipa-client-install (#854325) - ipa-replica-install httpd restart sometimes fails (#845405) - Improve error messages during ipa-replica-manage del (#835632) - Always log errors from dogtag (#813401) [3.0.0-5.el6] - Update to upstream 3.0.0 GA release (#827602) - Add zip dependency, needed for creating unsigned Firefox extensions - Filter generated winbind dependencies so the right version of samba can be installed. - Remove patch to support python-ldap 2.3.10. Fixed upstream. - Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca (#864533) - Add zip dependency, needed for creating unsigned Firefox extensions [3.0.0-4.el6] - Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so plugin to /dev/null since they cannot be used when trusts are configured (related #864889) - Update BR and Requires of samba4 to 4.0.0-31 to pick up winbind_krb5_locator alternatives change. (related #864889) [3.0.0-3.el6] - Update to upstream 3.0.0.rc2 release (#827602) - Provide new Firefox extension. - Own /etc/ipa/ca.crt [3.0.0-2.el6] - Remove Requires on krb5-pkinit-openssl as part of disabling pkinit code. - Add missing subdirectories in site-packages/ipaserver discovered by rpmdiff. (#827602) [3.0.0-1.el6] - Update to upstream 3.0.0.rc1 release (#827602) - Update BR and Requires of 389-ds-base to 1.2.11.14 - Update BR and Requires of krb5 to 1.10 - Update BR and Requires of samba4 to 4.0.0-24 - Update BR and Requires of sssd to 1.9.0 - Update Requires on policycoreutils to 2.0.83-19.24 - Update Requires on httpd to httpd-2.2.15-17 to pick up #787247 - Update minimum version of bind-dyndb-ldap to 1.1.0-0.9.b1.el6_3.1 - Update minimum version of bind to 9.8.2-0.10.rc1.el6_3.2 - Sync upstream spec file Requires - Add patch to support python-ldap 2.3.10 LOW Copyright 2013 Oracle, Inc. CVE-2012-4546 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [32:9.8.2-0.17.rc1.0.2.el6.3] - bump up version and rebuild [32:9.8.2-0.17.rc1.0.1.el6.3] - add rrl.h into include dirs [32:9.8.2-0.27.rc1.3] - remove one bogus file from /usr/share/doc, introduced by RRL patch [32:9.8.2-0.17.rc1.2] - fix CVE-2012-5689 [32:9.8.2-0.17.rc1.1] - add response rate limit patch (#873624) [32:9.8.2-0.17.rc1] - fix CVE-2012-5688 [32:9.8.2-0.16.rc1] - initscript: silence spurious "named.pid: No such file" error [32:9.8.2-0.15.rc1] - fix CVE-2012-5166 [32:9.8.2-0.14.rc1] - allow forward{,ers} statement in static-stub zones [32:9.8.2-0.13.rc1] - fix CVE-2012-4244 [32:9.8.2-0.12.rc1] - fix CVE-2012-3817 [32:9.8.2-0.11.rc1] - fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5689 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [2.6.32-358.0.1] - [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0871 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [0.73-11] - Add patch to fix CVE-2013-0292 - Resolves: #913072 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0292 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 5 Oracle Linux 6 [1:1.4.2-50:.4] - Added BrowseLDAPCACertFile and PrintcapGUI to restricted options list. [1:1.4.2-50:.3] - Fix for CVE-2012-5519 patch: handle blacklisted lines that have no value part gracefully. [1:1.4.2-50:.2] - Added documentation for new CVE-2012-5519 option. [1:1.4.2-50:.1] - Applied patch to fix CVE-2012-5519 (privilege escalation for users in SystemGroup or with equivalent polkit permission). This prevents HTTP PUT requests with paths under /admin/conf/ other than that for cupsd.conf, and also prevents such requests altering certain configuration directives such as PageLog and FileDevice (bug #875898). [1:1.4.2-50] - Fixed LDAP browsing issues (bug #870386). [1:1.4.2-49] - Avoid 'forbidden' error when moving job between queues via web UI (bug #834445). MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5519 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base Oracle Linux 5 Oracle Linux 6 [2.7.6-12.0.1.el6_4.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-12.el6_4.1] -detect and stop excessive entities expansion upon replacement (rhbz#912574) [2.7.6-12.el6] - fix out of range heap access (CVE-2012-5134) [2.7.6-11.el6] - Change the XPath code to percolate allocation error (CVE-2011-1944) [2.7.6-10.el6] - Fix an off by one pointer access (CVE-2011-3102) [2.7.6-9.el6] - Fix a failure to report xmlreader parsing failures - Fix parser local buffers size problems (rhbz#843742) - Fix entities local buffers size problems (rhbz#843742) - Fix an error in previous commit (rhbz#843742) - Do not fetch external parsed entities - Impose a reasonable limit on attribute size (rhbz#843742) - Impose a reasonable limit on comment size (rhbz#843742) - Impose a reasonable limit on PI size (rhbz#843742) - Cleanups and new limit APIs for dictionaries (rhbz#843742) - Introduce some default parser limits (rhbz#843742) - Implement some default limits in the XPath module - Fixup limits parser (rhbz#843742) - Enforce XML_PARSER_EOF state handling through the parser - Avoid quadratic behaviour in some push parsing cases (rhbz#843742) - More avoid quadratic behaviour (rhbz#843742) - Strengthen behaviour of the push parser in problematic situations (rhbz#843742) - More fixups on the push parser behaviour (rhbz#843742) - Fix a segfault on XSD validation on pattern error - Fix an unimplemented part in RNG value validation MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0338 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0166 CVE-2012-4929 CVE-2013-0169 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [2.8.5-10.1] - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1619 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.7.1-3.1] - fix CVE-2013-0308 [1.7.1-3] - fix CVE-2010-3906 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0308 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.7.5-18.1] - Apply upstream r1926 to resolve FD_SET array index error - Resolves: rhbz#915361 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0288 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.7.0.9-2.3.8.0.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.8.0el6] - Revert to rhel 6.3 version of spec file - Revert to icedtea7 2.3.8 forest - Resolves: rhbz#917183 [1.7.0.11-2.4.0.pre5.el6] - Update to latest snapshot of icedtea7 2.4 forest - Resolves: rhbz#917183 [1.7.0.9-2.4.0.pre4.3.el6] - Updated to icedtea 2.4.0.pre4, - Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre3.3.el6] - Updated to icedtea 2.4.0.pre3, updated! - Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre2.3.el6] - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.4.0.pre2, updated? - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911530 [1.7.0.11-2.4.0.2.el6] - Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch - Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch - Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch - Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch - NSS enabled by default - enable_nss set to 1 - rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch - rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch - Resolves: rhbz#831734 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Disabled nss - enable_nss set to 0 - Resolves: rhbz#895034 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0809 CVE-2013-1493 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1:1.6.0.0-1.57.1.11.9] - Updated to icedtea6 1.11.9 - Resolves: rhbz#917179 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1493 CVE-2013-0809 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [qemu-kvm-0.12.1.2-2.355.el6_4.2] - kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910841] - kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910841] - Resolves: bz#910841 (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-6.4.z]) [qemu-kvm-0.12.1.2-2.355.el6_4.1] - kvm-Revert-e1000-no-need-auto-negotiation-if-link-was-do.patch [bz#907397] - Resolves: bz#907397 (Patch 'e1000: no need auto-negotiation if link was down' may break e1000 guest) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6075 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.8.7.352-10] - escaping vulnerability about Exception#to_s / NameError#to_s * ruby-1.8.7-p371-CVE-2012-4481.patch - Related: rhbz#915379 [1.8.7.352-9] - Fix regression introduced by fix for entity expansion DOS vulnerability in REXML (https://bugs.ruby-lang.org/issues/7961) * ruby-2.0.0-add-missing-rexml-require.patch - Related: rhbz#915379 [1.8.7.352-8] - Addresses entity expansion DoS vulnerability in REXML. * ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch - Resolves: rhbz#915379 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4481 CVE-2013-1821 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.3-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-2] - Added fix for #848644 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0787 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0:6.0.24-52] - Related: rhbz 882010 rhbz 883692 rhbz 883705 - Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate - to avoid building on ppc64, ppc, and x390x. [0:6.0.24-50] - Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 - three DIGEST authentication issues - Resolves: rhbz 883692 CVE-2012-4534 Denial of service when using - SSL NIO sendfile - Resolves: rhbz 883705 CVE-2012-3546 Bypass of Realm security constraints IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5885 CVE-2012-5887 CVE-2012-5886 CVE-2012-3546 CVE-2012-4534 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.3-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-2] - Added fix for #848644 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0787 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.2.11.15-12] - Resolves: Bug 910994 - PamConfig schema not updated during upgrade - Resolves: Bug 910995 - Valgrind reports memleak in modify_update_last_modified_attr - Resolves: Bug 910996 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) - Resolves: Bug 911467 - DNA: use event queue for config update only at the start up - Resolves: Bug 911468 - Error messages encountered when using POSIX winsync - Resolves: Bug 911469 - dse.ldif is 0 length after server kill or machine kill - Resolves: Bug 911474 - Invalid chaining config triggers a disk full error and shutdown - Resolves: Bug 914305 - ns-slapd segfaults while trying to delete a tombstone entry - Resolves: Bug 913228 - unauthenticated denial of service vulnerability in handling of LDAPv3 control data MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0312 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [2.6.32-358.2.1] - [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871} [2.6.32-358.1.1] - [netdrv] mlx4: Set number of msix vectors under SRIOV mode to firmware defaults (Michal Schmidt) [911663 904726] - [netdrv] mlx4: Fix bridged vSwitch configuration for non SRIOV mode (Michal Schmidt) [910998 903644] - [net] rtnetlink: Fix IFLA_EXT_MASK definition (regression) (Thomas Graf) [909815 903220] - [x86] msr: Add capabilities check (Nikola Pajkovsky) [908698 908699] {CVE-2013-0268} - [x86] msr: Remove incorrect, duplicated code in the MSR driver (Nikola Pajkovsky) [908698 908699] {CVE-2013-0268} - [virt] xen: dont assume ds is usable in xen_iret for 32-bit PVOPS (Andrew Jones) [906310 906311] {CVE-2013-0228} - [kernel] cputime: Avoid multiplication overflow on utime scaling (Stanislaw Gruszka) [908794 862758] - [net] sunrpc: When changing the queue priority, ensure that we change the owner (Steve Dickson) [910370 902965] - [net] sunrpc: Ensure we release the socket write lock if the rpc_task exits early (Steve Dickson) [910370 902965] - [fs] nfs: Ensure that we free the rpc_task after read and write cleanups are done (Steve Dickson) [910370 902965] - [net] sunrpc: Ensure that we free the rpc_task after cleanups are done (Steve Dickson) [910370 902965] - [net] sunrpc: Dont allow low priority tasks to pre-empt higher priority ones (Steve Dickson) [910370 902965] - [fs] nfs: Add sequence_priviliged_ops for nfs4_proc_sequence() (Steve Dickson) [910370 902965] - [fs] nfs: The NFSv4.0 client must send RENEW calls if it holds a delegation (Steve Dickson) [910370 902965] - [fs] nfs: nfs4_proc_renew should be declared static (Steve Dickson) [910370 902965] - [fs] nfs: nfs4_locku_done must release the sequence id (Steve Dickson) [910370 902965] - [fs] nfs: We must release the sequence id when we fail to get a session slot (Steve Dickson) [910370 902965] - [fs] nfs: Add debugging messages to NFSv4s CLOSE procedure (Steve Dickson) [910370 902965] - [net] sunrpc: Clear the connect flag when socket state is TCP_CLOSE_WAIT (Steve Dickson) [910370 902965] - [fs] nfs: cleanup DS stateid error handling (Steve Dickson) [910370 902965] - [fs] nfs: handle DS stateid errors (Steve Dickson) [910370 902965] - [fs] nfs: Fix potential races in xprt_lock_write_next() (Steve Dickson) [910370 902965] - [fs] nfs: Ensure correct locking when accessing the 'lock_states' list (Steve Dickson) [910370 902965] - [fs] nfs: Fix the handling of NFS4ERR_SEQ_MISORDERED errors (Steve Dickson) [910370 902965] - [netdrv] be2net: fix unconditionally returning IRQ_HANDLED in INTx (Ivan Vecera) [910373 909464] - [netdrv] be2net: fix INTx ISR for interrupt behaviour on BE2 (Ivan Vecera) [910373 909464] - [netdrv] be2net: fix a possible events_get() race on BE2 (Ivan Vecera) [910373 909464] - [fs] gfs2: Get a block reservation before resizing a file (Robert S Peterson) [908398 875753] - [net] ipv6: do not create neighbor entries for local delivery (Jiri Pirko) [909159 896020] - [net] bonding: check for assigned mac before adopting the slaves mac address (Veaceslav Falico) [908737 905126] - [fs] nfs: nfs4_xdr_enc_layout{commit, return} must return status (Steve Dickson) [908733 907227] - [fs] set s_type before destroy_super in sget() (Eric Sandeen) [909813 904982] - [scsi] ses: Avoid kernel panic when lun 0 is not mapped (Ewan Milne) [908739 886867] - [block] avoid divide-by-zero with zero discard granularity (Mike Snitzer) [911000 901705] - [block] discard granularity might not be power of 2 (Mike Snitzer) [911000 901705] - [netdrv] tg3: Fix crc errors on jumbo frame receive (Ivan Vecera) [909816 895336] - [netdrv] igb: set E1000_IMS_TS interrupt bit in igb_irq_enable (Stefan Assmann) [909818 871795] - [pci] intel-iommu: Prevent devices with RMRRs from being placed into SI Domain (Tony Camuso) [908744 678451] - [scsi] sd: Reshuffle init_sd to avoid crash (Ewan Milne) [911655 888417] - [mm] add numa node symlink for cpu devices in sysfs (Neil Horman) [909814 878708] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0228 CVE-2013-0268 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.7.9-10.el6_4.1] - Fix spec file for disttag [2.7.9-10.el6] - Add patch for CVE-2013-0274 (RH bug #910653). [2.7.9-9.el6] - Add patch for CVE-2013-0273 (RH bug #910653). [2.7.9-8.el6] - Add patch for CVE-2013-0272 (RH bug #910653). [2.7.9-7.el6] - Add patch for CVE-2011-2485 (RH bug #837562). [2.7.9-6.el6] - Add patch for CVE-2012-1178 (RH bug #837560). - Add patch for CVE-2012-2318 (RH bug #837560). - Add patch for CVE-2012-3374 (RH bug #837560). MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.10.3-10.1] - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909) - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917909, CVE-2012-1016) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-1016 CVE-2013-1415 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.9.2-82.4] - Resolves: rhbz#911298 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider [1.9.2-82.3] - Fix pwd_expiration_warning=0 - Resolves: rhbz#914671 - pwd_expiration_warning has wrong default for Kerberos [1.9.2-82.2] - Resolves: rhbz#914671 - pwd_expiration_warning has wrong default for Kerberos - Fix the NVR [1.9.2-82.1] - Resolves: rhbz#907362 - Serious performance regression in sssd MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0287 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [1.41.0-15] - Add in explicit dependences between some boost subpackages [1.41.0-14] - Build with -fno-strict-aliasing [1.41.0-13] - In Boost.Pool, be careful not to overflow allocated chunk size (boost-1.41.0-pool.patch) [1.41.0-12] - Add an upstream patch that fixes computation of CRC in zlib streams. - Resolves: #707624 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2677 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base Oracle Linux 6 [1:4.6.2-26] - Resolves: CVE-2013-0254, QSharedMemory class created shared memory segments with insecure permissions MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0254 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [4:5.10.1-130] - Resolves: #915692 - CVE-2012-5526 (newline injection due to improper CRLF escaping in Set-Cookie and P3P headers) - Resolves: #915692 - CVE-2012-6329 (possible arbitrary code execution via Locale::Maketext) - Resolves: #915692 - CVE-2013-1667 (DoS in rehashing code) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5195 CVE-2013-1667 CVE-2012-5526 CVE-2012-6329 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [0.26.2-5] - Fix bug 914474 (CVE 2013-1591) - Remove openmp.patch MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1591 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [ 32:9.8.2-0.17.rc1.0.2.el6_4.4] - bump release and build for ULN IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2266 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 firefox [17.0.5-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.5-1] - Update to 17.0.5 ESR xulrunner [17.0.5-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.5-1] - Update to 17.0.5 ESR [17.0.3-3] - Added fix for rhbz#916180 - Wrong library directory reference in /usr/bin/xulrunner CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0796 CVE-2013-0800 CVE-2013-0795 CVE-2013-0788 CVE-2013-0793 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.5-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.5-1] - Update to 17.0.5 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0800 CVE-2013-0796 CVE-2013-0788 CVE-2013-0795 CVE-2013-0793 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [4.29-3] Resolves: CVE-2013-1762 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1762 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [1.6.11-9] - add security fixes for CVE-2013-1846, CVE-2013-1847, CVE-2013-1849 (#947372) [1.6.11-8] - add security fix for CVE-2013-1845 (#947372) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1849 CVE-2013-1845 CVE-2013-1847 CVE-2013-1846 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.2.11.15-14] - Resolves: Bug 929107 - ns-slapd crashes sporadically with segmentation fault in libslapd.so (ticket 627) - Resolves: Bug 929114 - cleanAllRUV task fails to cleanup config upon completion (ticket 623) [1.2.11.15-13] - Resolves: Bug 929114 - cleanAllRUV task fails to cleanup config upon completion (ticket 623) - Resolves: Bug 929111 - Coverity issue 13091 - Resolves: Bug 929196 - Deadlock in DNA plug-in (ticket 634) - Resolves: Bug 929107 - ns-slapd crashes sporadically with segmentation fault in libslapd.so (ticket 627) - Resolves: Bug 929115 - crash in aci evaluation (ticket 628) - Resolves: Bug 923240 - unintended information exposure when anonymous access is set to rootdse (ticket 47308) LOW Copyright 2013 Oracle, Inc. CVE-2013-1897 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [2.6.32-358.6.1] - [virt] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes (Petr Matousek) [917020 917021] {CVE-2013-1796} - [char] tty: hold lock across tty buffer finding and buffer filling (Prarit Bhargava) [928686 901780] - [net] tcp: fix for zero packets_in_flight was too broad (Thomas Graf) [927309 920794] - [net] tcp: frto should not set snd_cwnd to 0 (Thomas Graf) [927309 920794] - [net] tcp: fix an infinite loop in tcp_slow_start() (Thomas Graf) [927309 920794] - [net] tcp: fix ABC in tcp_slow_start() (Thomas Graf) [927309 920794] - [netdrv] ehea: avoid accessing a NULL vgrp (Steve Best) [921535 911359] - [net] sunrpc: Get rid of the redundant xprt->shutdown bit field (J. Bruce Fields) [915579 893584] - [virt] kvm: do not #GP on unaligned MSR_KVM_SYSTEM_TIME write (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [drm] i915: bounds check execbuffer relocation count (Nikola Pajkovsky) [920523 920525] {CVE-2013-0913} - [x86] irq: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [911267 887006] - [kvm] Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [kvm] Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [kvm] Fix bounds checking in ioapic indirect register reads (Gleb Natapov) [917030 917032] {CVE-2013-1798} - [kvm] x86: release kvmclock page on reset (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [security] keys: Fix race with concurrent install_user_keyrings() (David Howells) [916681 913258] {CVE-2013-1792} - [virt] hv_balloon: Make adjustments to the pressure report (Jason Wang) [909156 902232] [2.6.32-358.5.1] - [fs] xfs: use maximum schedule timeout when ail is empty (Brian Foster) [921958 883905] - [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_auth() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922386 922387] {CVE-2012-6546} - [net] atm: fix info leak via getsockname() (Thomas Graf) [922386 922387] {CVE-2012-6546} - [fs] nls: improve UTF8 -> UTF16 string conversion routine (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [fs] fat: Fix stat->f_namelen (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [netdrv] tun: fix ioctl() based info leaks (Thomas Graf) [922350 922351] {CVE-2012-6547} - [virt] x86: Add a check to catch Xen emulation of Hyper-V (Andrew Jones) [923204 918239] - [fs] cifs: fix expand_dfs_referral (Sachin Prabhu) [923098 902492] - [fs] cifs: factor smb_vol allocation out of cifs_setup_volume_info (Sachin Prabhu) [923098 902492] - [fs] cifs: have cifs_cleanup_volume_info not take a double pointer (Sachin Prabhu) [923098 902492] - [fs] nfs: Dont allow NFS silly-renamed files to be deleted, no signal (Dave Wysochanski) [920266 905095] [2.6.32-358.4.1] - [fs] NLM: Ensure that we resend all pending blocking locks after a reclaim (Steve Dickson) [921150 913704] - [fs] xfs: remove log force from xfs_buf_cond_lock() (Brian Foster) [921961 896224] - [fs] xfs: recheck buffer pinned status after push trylock failure (Brian Foster) [921961 896224] - [fs] nfs: Ensure that we check lock exclusive/shared type against open modes (Dave Wysochanski) [920268 916324] - [powerpc] pseries: Fix partition migration hang in stop_topology_update (Steve Best) [921963 910597] - [infiniband] qib: correction for faulty sparse warning correction (Jay Fenlason) [922154 901701] - [usb] io_ti: Fix NULL dereference in chase_port() (Nikola Pajkovsky) [916198 916200] {CVE-2013-1774} - [net] bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Nikola Pajkovsky) [914690 914691] {CVE-2013-0349} - [char] tty: set_termios/set_termiox should not return -EINTR (Oleg Nesterov) [921145 904907] - [netdrv] ehea: fix VLAN support (Steve Best) [921535 911359] - [net] xfrm_user: return error pointer instead of NULL (Thomas Graf) [919388 919389] {CVE-2013-1826} - [net] dccp: check ccid before NULL poiter dereference (Weiping Pan) [919187 919188] {CVE-2013-1827} - [mm] tmpfs: fix use-after-free of mempolicy object (Nikola Pajkovsky) [915714 915715] {CVE-2013-1767} - [fs] fuse: set page_descs length in fuse_buffered_write() (Brian Foster) [916957 915135] - [fs] vfs: fix pointer dereference validation in d_validate (Carlos Maiolino) [915583 876600] - [fs] cifs: after upcalling for krb5 creds, invalidate key rather than revoking it (Niels de Vos) [912452 885899] - [fs] cifs: tmp_key_invalidate() should not set key->expiry to 0 (Niels de Vos) [912452 885899] - [block] disable discard request merge temporarily (Mike Snitzer) [911475 907844] [2.6.32-358.3.1] - [net] netfilter: improve out-of-sync situation in TCP tracking (Flavio Leitner) [917690 629857] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6546 CVE-2013-0349 CVE-2013-0913 CVE-2012-6547 CVE-2013-1796 CVE-2013-1798 CVE-2013-1773 CVE-2013-1792 CVE-2013-1797 CVE-2013-1827 CVE-2013-1774 CVE-2012-6537 CVE-2013-1767 CVE-2013-1826 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.10.3-10.2] - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests (CVE-2013-1416, #950342) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1416 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.7.0.19-2.3.9.1.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.19-2.3.9.1.el6] - updated to updated IcedTea 2.3.9 with fix to one of security fixes - fixed font glyph offset - Resolves: rhbz#950380 [1.7.0.9-2.3.9.0.el6] - updated to IcedTea 2.3.9 with latest security patches - buildver sync to b19 - rewritten java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#950380 [1.7.0.19-2.3.8.2.el6] - Added latest Fedora spec changes - Bumped release - Removed patch2 java-1.7.0-openjdk-java-access-bridge-idlj.patch (unapplied) - zlib in BuildReq restricted for 1.2.3-7 or higher - see https://bugzilla.redhat.com/show_bug.cgi?id=904231 - Removed a -icedtea tag from the version - package have less and less connections to icedtea7 - Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb - Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1 - see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details - Removed all fonconfig files. Fonts are now handled differently in JDK and those files are redundant. This is going to be usptreamed. - see https://bugzilla.redhat.com/show_bug.cgi?id=902227 for details - logging.properties marked as config(noreplace) - see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details - classes.jsa marked as ghost on full path - see https://bugzilla.redhat.com/show_bug.cgi?id=918172 for details - nss.cfg was marked as config(noreplace) - Add symlink to default soundfont (see 541466) - Resolves: rhbz#950380 [1.7.0.9-2.3.8.1.el6] - Added and applied patch 116 - patch 116 rh905128-non_block_ciphers.patch - Added and applied patch 117 - patch 117 java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch - to enable handleStartupErrors = ignoreMultipleInitialisation in icedtea 2.3 - Restorered removed nss support - Fixed java-1.7.0-openjdk-nss-config-{1,2} patches to be valid for icedtea 2.3.x - enable_nss switch to 0 - disabled - Resolves: rhbz#950380 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1557 CVE-2013-2424 CVE-2013-2436 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2426 CVE-2013-1558 CVE-2013-2430 CVE-2013-0401 CVE-2013-1488 CVE-2013-2384 CVE-2013-2422 CVE-2013-2431 CVE-2013-1569 CVE-2013-2415 CVE-2013-2423 CVE-2013-2429 CVE-2013-1537 CVE-2013-2417 CVE-2013-1518 CVE-2013-2383 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.2.3-2] - Added (temporally!) posttrans forcing creation of symlinks - should be removed next release - Resolves: rhbz#949094 [1.2.3-1] - fixed postun - removal of alternatives for plugin restricted to (correct) removal process only - fixed date in changelog previous entry - Resolves: rhbz#949094 [1.2.3-0] - Updated to latest ustream release of 1.2 branch - 1.2.3 - Security Updates - CVE-2013-1927, RH884705 - fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 - Plugin - PR1157: Applets can hang browser after fatal exception - Removed upstreamed patch 0- icedtea-web-PR1161.patch - Resolves: rhbz#949094 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1926 CVE-2013-1927 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [1:1.6.0.0-1.61.1.11.11] - added and applied (temporally) patch10 fixToFontSecurityFix.patch. - fixing regression in fonts introduced by one security patch. - Resolves: rhbz#950386 [1:1.6.0.0-1.60.1.11.11] - added and applied (temporally) one more patch to xalan/xerces privileges - patch9 jaxp-backport-factoryfinder.patch - will be upstreamed - Resolves: rhbz#950386 [1:1.6.0.0-1.59.1.11.11] - Updated to icedtea6 1.11.11 - fixed xalan/xerxes privledges - removed patch 8 - removingOfAarch64.patch.patch - fixed upstream - Resolves: rhbz#950386 [1:1.6.0.0-1.58.1.11.10] - Updated to icedtea6 1.11.10 - rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - excluded aarch64.patch - by patch 8 - removingOfAarch64.patch.patch - Resolves: rhbz#950386 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2420 CVE-2013-2422 CVE-2013-2429 CVE-2013-2431 CVE-2013-1537 CVE-2013-2419 CVE-2013-2421 CVE-2013-2424 CVE-2013-2426 CVE-2013-2430 CVE-2013-0401 CVE-2013-1518 CVE-2013-2383 CVE-2013-1488 CVE-2013-1558 CVE-2013-1569 CVE-2013-2417 CVE-2013-1557 CVE-2013-2384 CVE-2013-2415 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [7.19.7-36] - fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1944 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 6 [5.1.69-1] - Update to 5.1.69, for assorted upstream bugfixes including CVEs announced in April 2013 Resolves: #953084 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5614 CVE-2013-1521 CVE-2013-1531 CVE-2013-1555 CVE-2013-2391 CVE-2013-2392 CVE-2013-1532 CVE-2013-1544 CVE-2013-1548 CVE-2013-1552 CVE-2013-2375 CVE-2013-1506 CVE-2013-2378 CVE-2013-2389 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [2.2.15-28.0.1.el6_4] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-28] - mod_rewrite: add security fix for CVE-2013-1862 (#953729) [2.2.15-27] - add security fixes for CVE-2012-3499, CVE-2012-4558 (#915883, #915884) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4558 CVE-2013-1862 CVE-2012-3499 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 firefox [17.0.6-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-2] - Updated XulRunner check xulrunner [17.0.6-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.6-2] - Update to 17.0.6 ESR [17.0.5-2] - Updated nss and nspr versions CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1670 CVE-2013-1676 CVE-2013-0801 CVE-2013-1674 CVE-2013-1677 CVE-2013-1681 CVE-2013-1675 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.6-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.6-2] - Update to 17.0.6 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1670 CVE-2013-1674 CVE-2013-1676 CVE-2013-1677 CVE-2013-1679 CVE-2013-0801 CVE-2013-1675 CVE-2013-1678 CVE-2013-1681 CVE-2013-1680 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [2.6.32-20] Resolves: #960234 - CVE-2013-2053 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2053 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-358.6.2] - [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2094 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.10.2-18.0.1.el6_4.5] - Replace docs/et.png in tarball with blank image [0.10.2-18.el6_4.5] - daemon: Fix leak after listing volumes (CVE-2013-1962) - Don't try to add non-existant devices to ACL (rhbz#958837) - Avoid spamming logs with cgroups warnings (rhbz#958837) - audit: Properly encode device path in cgroup audit (rhbz#958839) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1962 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0:6.0.24-55] - Related: rhbz#955976 CVE-2013-1976. Changed log location - so only root can use it. Touching TOMCAT_LOG is no longer - required [0:6.0.24-54] - Resolves: rhbz#956771 Related: CVE-2012-3439 digest - authentication broken after errata for cve-2012-3439 - patch for 3439 corrected [0:6.0.24-53] - Resolves: rhbz#955976 CVE-2013-1976 improper TOMCAT_LOG - management in init script IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1976 CVE-2013-2051 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.8.5-10.2] - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch (#966754) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2116 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [0.2.1-6_4] - Removed a svc_freeargs() call from svc_dg_freeargs() (bz 953735) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1950 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.12.1.2-2.355.el6_4.5] - kvm-e1000-fix-link-down-handling-with-auto-negotiation.patch [bz#907716] - kvm-e1000-unbreak-the-guest-network-when-migration-to-RH.patch [bz#907716] - kvm-reimplement-error_setg-and-error_setg_errno-for-RHEL.patch [bz#957056] - kvm-qga-set-umask-0077-when-daemonizing-CVE-2013-2007.patch [bz#957056] - kvm-qga-distinguish-binary-modes-in-guest_file_open_mode.patch [bz#957056] - kvm-qga-unlink-just-created-guest-file-if-fchmod-or-fdop.patch [bz#957056] - Resolves: bz#907716 (use set_link to change rtl8139 and e1000 network card's status but fail to make effectively after reboot guest) - Resolves: bz#957056 (CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [rhel-6.4.z]) [0.12.1.2-2.355.el6_4.4] - kvm-virtio-balloon-fix-integer-overflow-in-BALLOON_CHANG.patch [bz#958750] - Resolves: bz#958750 (QMP event shows incorrect balloon value when balloon size is grater than or equal to 4G) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2007 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [9.0-0.8.3] - CVE-2013-1872: Updated patch with testing from upstream (#963063) [9.0-0.8.2] - CVE-2013-1872: Updated patch from upstream (#963063) [9.0-0.8.1] - CVE-2013-1872: Updated patch (#963063) [9.0-0.8] - CVE-2013-1872: memory corruption oob read/write on intel (#963063) - CVE-2013-1993: interger overflows in protocol handling (#961613) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1993 CVE-2013-1872 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [2.6.32-358.11.1] - [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094} [2.6.32-358.10.1] - [scsi] be2iscsi : Fix the NOP-In handling code path (Nikola Pajkovsky) [955504 947550] - [scsi] be2iscsi: Fix memory leak in control path of driver (Rob Evers) [955504 947550] - [virt] kvm: validate userspace_addr of memslot (Petr Matousek) [950496 950498] {CVE-2013-1943} - [virt] kvm: fix copy to user with irq disabled (Michael S. Tsirkin) [949985 906602] {CVE-2013-1935} - [net] veth: Dont kfree_skb() after dev_forward_skb() (Jiri Benc) [957712 957713] {CVE-2013-2017} - [net] tcp: Reallocate headroom if it would overflow csum_start (Thomas Graf) [954298 896233] - [net] tcp: take care of misalignments (Thomas Graf) [954298 896233] - [net] skbuff.c cleanup (Thomas Graf) [954298 896233] - [idle] intel_idle: Initialize driver_data correctly in ivb_cstates on IVB processor (Prarit Bhargava) [960864 953630] - [x86] Prevent panic in init_memory_mapping() when booting more than 1TB on AMD systems (Larry Woodman) [962482 869736] - [mm] enforce mmap_min_addr on x86_64 (Rik van Riel) [961431 790921] - [mm] optional next-fit policy for arch_get_unmapped_area (Rik van Riel) [961431 790921] - [mm] fix quadratic behaviour in get_unmapped_area_topdown (Rik van Riel) [961431 790921] - [scsi] Revert: qla2xxx: Optimize existing port name server query matching (Chad Dupuis) [950529 924804] - [scsi] Revert: qla2xxx: Avoid losing any fc ports when loop id's are exhausted (Chad Dupuis) [950529 924804] - [fs] defer do_filp_open() access checks to may_open() (Eric Sandeen) [928683 920752] - [md] dm thin: bump the target version numbers (Mike Snitzer) [924823 922931] - [md] dm-thin: fix discard corruption (Mike Snitzer) [924823 922931] - [md] persistent-data: rename node to btree_node (Mike Snitzer) [924823 922931] - [md] dm: fix limits initialization when there are no data devices (Mike Snitzer) [923096 908851] [2.6.32-358.9.1] - [fs] nfs: Fix handling of revoked delegations by setattr (Steve Dickson) [960415 952329] - [fs] nfs: Return the delegation if the server returns NFS4ERR_OPENMODE (Steve Dickson) [960415 952329] - [fs] nfs: Fix another potential state manager deadlock (Steve Dickson) [960436 950598] - [fs] nfs: Fix another open/open_recovery deadlock (Steve Dickson) [960433 916806] - [fs] nfs: Hold reference to layout hdr in layoutget (Steve Dickson) [960429 916726] - [fs] nfs: add 'pnfs_' prefix to get_layout_hdr() and put_layout_hdr() (Steve Dickson) [960429 916726] - [fs] nfs: nfs4_open_done first must check that GETATTR decoded a file type (Steve Dickson) [960412 916722] - [net] sunrpc: Dont start the retransmission timer when out of socket space (Steve Dickson) [960426 916735] - [fs] nfs: Dont use SetPageError in the NFS writeback code (Steve Dickson) [960420 912867] - [fs] nfs: Dont decode skipped layoutgets (Steve Dickson) [927294 904025] - [fs] nfs: nfs4_proc_layoutget returns void (Steve Dickson) [927294 904025] - [fs] nfs: defer release of pages in layoutget (Steve Dickson) [927294 904025] - [fs] nfs: Use kcalloc() when allocating arrays (Steve Dickson) [927294 904025] - [fs] nfs: Fix an ABBA locking issue with session and state serialisation (Steve Dickson) [960417 912842] - [fs] nfs: Fix a race in the pNFS return-on-close code (Steve Dickson) [960417 912842] - [fs] nfs: Do not accept delegated opens when a delegation recall is in effect (Steve Dickson) [960417 912842] - [fs] nfs: Fix a reboot recovery race when opening a file (Steve Dickson) [952613 908524] - [fs] nfs: Ensure delegation recall and byte range lock removal don't conflict (Steve Dickson) [952613 908524] - [fs] nfs: Fix up the return values of nfs4_open_delegation_recall (Steve Dickson) [952613 908524] - [fs] nfs: Dont lose locks when a server reboots during delegation return (Steve Dickson) [952613 908524] - [fs] nfs: Move nfs4_wait_clnt_recover and nfs4_client_recover_expired_lease (Steve Dickson) [952613 908524] - [fs] nfs: Add NFSDBG_STATE (Steve Dickson) [952613 908524] - [fs] nfs: nfs_inode_return_delegation() should always flush dirty data (Steve Dickson) [952613 908524] - [fs] nfs: nfs_client_return_marked_delegations cant flush data (Steve Dickson) [952613 908524] - [fs] nfs: Prevent deadlocks between state recovery and file locking (Steve Dickson) [952613 908524] - [fs] nfs: Allow the state manager to mark an open_owner as being recovered (Steve Dickson) [952613 908524] - [kernel] seqlock: Dont smp_rmb in seqlock reader spin loop (Steve Dickson) [952613 908524] - [kernel] seqlock: add 'raw_seqcount_begin()' function (Steve Dickson) [952613 908524] - [kernel] seqlock: optimise seqlock (Steve Dickson) [952613 908524] - [fs] nfs: don't allow nfs_find_actor to match inodes of the wrong type (Jeff Layton) [921964 913660] - [net] sunrpc: Add barriers to ensure read ordering in rpc_wake_up_task_queue_locked (Dave Wysochanski) [956979 840860] [2.6.32-358.8.1] - [fs] raw: don't call set_blocksize when not changing the blocksize (Jeff Moyer) [951406 909482] - [x86] Allow greater than 1TB of RAM on AMD x86_64 sytems (Larry Woodman) [952570 876275] - [netdrv] ixgbe: Only set gso_type to SKB_GSO_TCPV4 as RSC does not support IPv6 (Michael S. Tsirkin) [927292 908196] - [netdrv] bnx2x: set gso_type (Michael S. Tsirkin) [927292 908196] - [netdrv] qlcnic: set gso_type (Michael S. Tsirkin) [927292 908196] - [netdrv] ixgbe: fix gso type (Michael S. Tsirkin) [927292 908196] - [fs] gfs2: Allocate reservation structure before rename and link (Robert S Peterson) [924847 922999] [2.6.32-358.7.1] - [infiniband] ipoib: Add missing locking when CM object is deleted (Doug Ledford) [928817 913645] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1935 CVE-2013-2017 CVE-2013-1943 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [1.10.3-10.3] - pull up fix for UDP ping-pong flaw in kpasswd service (CVE-2002-2443, MODERATE Copyright 2013 Oracle, Inc. CVE-2002-2443 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [1.7.0.25-2.3.10.3.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.25-2.3.10.3.el6] - removed upstreamed patch1000 MBeanFix.patch - updated to newer IcedTea7-forest 2.3.10 with 8010118 fix - Resolves: rhbz#973119 [1.7.0.25-2.3.10.2.el6] - added patch1000 MBeanFix.patch to fix regressions caused by security patches - Resolves: rhbz#973119 [1.7.0.25-2.3.10.1.el6] - build bumped to 25 - Resolves: rhbz#973119 [1.7.0.19-2.3.10.0.el6] - Updated to latest IcedTea7-forest 2.3.10 - patch 107 renamed to 500 for cosmetic purposes - improved handling of patch111 - nss-config-2.patch - removed patch 117, java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch duplicated with patch 108 (java-1.7.0-openjdk-nss-icedtea-e9c857dcb964) - Added client/server directories so they can be owned - Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs - Resolves: rhbz#973119 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1500 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2447 CVE-2013-2459 CVE-2013-2471 CVE-2013-1571 CVE-2013-2456 CVE-2013-2460 CVE-2013-2461 CVE-2013-2448 CVE-2013-2453 CVE-2013-2457 CVE-2013-2465 CVE-2013-2445 CVE-2013-2446 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2454 CVE-2013-2455 CVE-2013-2458 CVE-2013-2463 CVE-2013-2469 CVE-2013-2470 CVE-2013-2472 CVE-2013-2473 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0:6.0.24-57] - Related: CVE-2013-2067 Session fixation [0:6.0.24-56] - Resolves: CVE-2013-2067 session fixation MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2067 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 firefox [17.0.7-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.7-1] - Update to 17.0.7 ESR xulrunner [17.0.7-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.7-1] - Update to 17.0.7 ESR [17.0.6-5] - Added workaround for rhbz#973721 - fixing problem with installation of some addons [17.0.6-4] - Added a workaround for rhbz#961687 - Prelink throws message 'Cannot safely convert .rel.dyn' section from REL to RELA' [17.0.6-3] - Added patch for aliasing issues (mozbz#821502) CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1682 CVE-2013-1697 CVE-2013-1685 CVE-2013-1694 CVE-2013-1690 CVE-2013-1693 CVE-2013-1684 CVE-2013-1686 CVE-2013-1687 CVE-2013-1692 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [17.0.7-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.7-1] - Update to 17.0.7 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1692 CVE-2013-1684 CVE-2013-1685 CVE-2013-1694 CVE-2013-1682 CVE-2013-1686 CVE-2013-1687 CVE-2013-1693 CVE-2013-1690 CVE-2013-1697 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [7.19.7-37] - fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2174 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 Oracle Linux 5 Oracle Linux 6 [1:1.6.0.0-1.62.1.11.11.90] - updated to icedtea6-1.11.11.90.tar.gz - removed upstreamed patch9 jaxp-backport-factoryfinder.patch - removed upstreamed patch10 fixToFontSecurityFix.patch. - modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#973129 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1500 CVE-2013-2455 CVE-2013-2465 CVE-2013-2471 CVE-2013-2443 CVE-2013-2445 CVE-2013-2470 CVE-2013-2446 CVE-2013-2452 CVE-2013-2456 CVE-2013-2459 CVE-2013-2453 CVE-2013-2473 CVE-2013-2461 CVE-2013-1571 CVE-2013-2407 CVE-2013-2448 CVE-2013-2412 CVE-2013-2447 CVE-2013-2457 CVE-2013-2463 CVE-2013-2469 CVE-2013-2450 CVE-2013-2472 CVE-2013-2444 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [5.3.3-23] - add security fix for CVE-2013-4113 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-4113 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-358.14.1] - [x86] apic: Add probe() for apic_flat (Prarit Bhargava) [975086 953342] [2.6.32-358.13.1] - [wireless] b43: stop format string leaking into error msgs (John Linville) [971387 971389] {CVE-2013-2852} - [pci] make sriov work with hotplug remove (Takahiro MUNEDA) [973555 965002] - [net] rtnl: fix info leak on RTM_GETLINK request for VF devices (Flavio Leitner) [923657 923659] {CVE-2013-2634 CVE-2013-2635} - [net] dcbnl: fix various netlink info leaks (Flavio Leitner) [923657 923659] {CVE-2013-2634 CVE-2013-2635} - [net] bonding: fix enslaving in alb mode when link down (Veaceslav Falico) [969306 965132] - [net] tcp: Fix oops from tcp_collapse() when using splice() (Nikola Pajkovsky) [968871 863512] {CVE-2013-2128} - [usb] uhci: fix IRQ race during initialization (Dave Young) [968557 915834] - [netdrv] e1000e: enable VLAN RX/TX in PROMISC mode (Stefan Assmann) [963564 886420] - [netdrv] bnx2x: strip VLAN header in PROMISC mode (Stefan Assmann) [963564 886420] - [net] vlan: handle packets with empty vlan_group via VLAN code (Stefan Assmann) [963564 886420] - [fs] namei.c: Dont allow to create hardlink for deleted file (Brian Foster) [956296 908158] - [fs] gfs2: Reinstate withdraw ack system (Robert S Peterson) [927308 908093] - [fs] nfs: open a file descriptor for fsync in nfs4 recovery (J. Bruce Fields) [964046 915479] - [net] macvlan: remove bogus check in macvlan_handle_frame() (Jiri Pirko) [962370 952785] - [net] macvlan: fix passthru mode race between dev removal and rx path (Jiri Pirko) [962370 952785] - [kernel] rcu: Replace list_first_entry_rcu() with list_first_or_null_rcu() (Jiri Pirko) [962370 952785] - [net] bluetooth/rfcomm: Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Weiping Pan) [955653 955654] {CVE-2013-3225} - [net] bluetooth: fix possible info leak in bt_sock_recvmsg() (Radomir Vrbovsky) [955603 955604] {CVE-2013-3224} - [fs] gfs2: Issue discards in 512b sectors (Robert S Peterson) [927317 922779] - [fs] udf: avoid info leak on export (Nikola Pajkovsky) [922354 922355] {CVE-2012-6548} - [scsi] lpfc: Fixed deadlock between hbalock and nlp_lock use (Rob Evers) [962368 960717] - [kernel] tracing: Fix possible NULL pointer dereferences (Weiping Pan) [952212 952213] {CVE-2013-3301} - [kernel] tracing: Fix panic when lseek() called on 'trace' opened for writing (Weiping Pan) [952212 952213] {CVE-2013-3301} - [net] atm: update msg_namelen in vcc_recvmsg() (Nikola Pajkovsky) [955224 955225] {CVE-2013-3222} - [x86] apic: Work around boot failure on HP ProLiant DL980 G7 Server systems (Prarit Bhargava) [969326 912963] - [x86] apic: Use probe routines to simplify apic selection (Prarit Bhargava) [969326 912963] - [x86] x2apic: Simplify apic init in SMP and UP builds (Prarit Bhargava) [969326 912963] - [kvm] vmx: provide the vmclear function and a bitmap to support VMCLEAR in kdump (Andrew Jones) [962372 908608] - [x86] kexec: VMCLEAR VMCSs loaded on all cpus if necessary (Andrew Jones) [962372 908608] - [fs] ext3: Fix format string issues (Nikola Pajkovsky) [920784 920785] {CVE-2013-1848} - [kernel] signal: always clear sa_restorer on execve (Nikola Pajkovsky) [920505 920506] {CVE-2013-0914} [2.6.32-358.12.1] - [fs] Panic in gfs2_inplace_reserve after fix from BZ#875753 (Robert S Peterson) [924847 922999] - [nfs] sunrpc: Prevent an rpc_task wakeup race (Dave Wysochanski) [956979 840860] - [nfs] sunrpc: clarify comments on rpc_make_runnable (Dave Wysochanski) [956979 840860] - [x86] acpi: Avoid SRAT table checks for Fujitsu Primequest systems (Prarit Bhargava) [973198 966853] - [x86] oprofile: Fix crash when unloading module in nmi timer mode (Don Zickus) [972586 828936] - [block] propagate proper return codes from blk_get_request callers (Jeff Moyer) [958684 927918] - [block] Check the return value from blk_get_request (Jeff Moyer) [958684 927918] - [virt] kvm/mmu: fix hashing for TDP and non-paging modes (Marcelo Tosatti) [966432 908751] - [virt] kvm/mmu: Fix free memory accounting race in mmu_alloc_roots() (Marcelo Tosatti) [966432 908751] - [virt] kvm/mmu: Don't flush shadow when enabling dirty tracking (Marcelo Tosatti) [966432 908751] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1848 CVE-2013-3225 CVE-2012-6548 CVE-2013-0914 CVE-2013-2634 CVE-2013-3224 CVE-2013-3301 CVE-2013-2128 CVE-2013-3222 CVE-2013-2635 CVE-2013-2852 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [1.8.7.352-12] - Fix regression introduced by CVE-2013-4073 https://bugs.ruby-lang.org/issues/8575 * ruby-2.0.0-p255-Fix-SSL-client-connection-crash-for-SAN-marked-critical.patch - Related: rhbz#979300 [1.8.7.352-11] - hostname check bypassing vulnerability in SSL client. * ruby-1.8.7-p374-CVE-2013-4073-fix-hostname-verification.patch - Resolves: rhbz#979300 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4073 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [qemu-kvm-0.12.1.2-2.355.el6_4.6] - kvm-qga-cast-to-int-for-DWORD-type.patch [bz#980758] - kvm-qga-remove-undefined-behavior-in-ga_install_service.patch [bz#980758] - kvm-qga-diagnostic-output-should-go-to-stderr.patch [bz#980758] - kvm-qa_install_service-nest-error-paths-more-idiomatically.patch [bz#980758] - kvm-qga-escape-cmdline-args-when-registering-win32-service.patch [bz#980758] - Resolves: bz#980758 (qemu-kvm: CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path [rhel-6.4.z]) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2231 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [32:9.8.2-0.17.rc1.0.2.el6_4.5] - bump release and build for ULN [32:9.8.2-0.17.rc1.5] - fix CVE-2013-4854 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4854 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.2.11.15.20] - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 5 limits not displayed correctly). (ticket 47427) [1.2.11.15.19] - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 4). (ticket 47427) - Patch was not added [1.2.11.15.19] - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 4). (ticket 47427) [1.2.11.15.19] - Bump version to 1.2.11.15-19 - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 3). (ticket 47427) [1.2.11.15.18] - Bump version to 1.2.11.15-18 - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 2). (ticket 47427) - Resolves: Bug 987850 - Disk Monitoring not checking filesystem with logs (ticket 47741) [1.2.11.15-17] - Resolves: Bug 970995 - DS not shutting down when disk monitoring threshold is reached to half. (Ticket 47385) - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold. (ticket 47427) [1.2.11.15-16] - Resolves: Bug 979514 - CVE-2013-2219 ACLs inoperative in some search scenarios. (Ticket 47405) [1.2.11.15-15] - Resolves: Bug 970995 - RHDS not shutting down when disk monitoring threshold is reached to half. (Ticket 47385) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2219 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 firefox [17.0.8-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.8-1] - Update to 17.0.8 ESR xulrunner [17.0.8-3.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.8-3] - Update to 17.0.8 ESR Build 2 [17.0.8-2] - Added fix for rhbz#990921 - firefox does not build with required nss/nspr [17.0.8-1] - Update to 17.0.8 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1709 CVE-2013-1714 CVE-2013-1710 CVE-2013-1713 CVE-2013-1701 CVE-2013-1717 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [17.0.8-5.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.8-5] - Update to 17.0.8 ESR - Added strict aliasing patch (mozbz#821502) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1701 CVE-2013-1710 CVE-2013-1709 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 nspr [4.9.5-2] - Update to NSPR_4_9_5_RTM - Resolves: rhbz#927186 - Rebase to nspr-4.9.5 - Add upstream URL for an existing patch per packaging guidelines [4.9.5-1] - Resolves: Rebase to nspr-4.9.5 [4.9.2-1] - Update to nspr-4.9.2 - Related: rhbz#863286 nss [3.14.3-4.0.1.el6_4] - Added nss-vendor.patch to change vendor [3.14.3-4] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-3] - Ensure pem uses system freebl as with this update freebl brings in new API's - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-2] - Install sechash.h and secmodt.h which are now provided by nss-devel - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Remove unsafe -r option from commands that remove headers already shipped by nss-util and nss-softoken [3.14.3-1] - Update to NSS_3.14.3_RTM - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Update expired test certificates (fixed in upstream bug 852781) - Sync up pem module's rsawrapr.c with softoken's upstream changes for nss-3.14.3 - Reactivate the aia tests nss-softokn [3.14.3-3] - Add patch to conditionally compile according to old or new sqlite api - new is used on rhel-6 while rhel-5 uses old but we need the same code for both - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue [3.14.3-2] - Revert to using a code patch for relro support - Related: rhbz#927158 [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue - Add export LD_LIBRARY_PATH=//usr/lib before the signing commands in __spec_install_post scriplet to ensure signing tool links with in-tree freebl so verification uses same algorithm as in signing - Add %check section to run the upstream crypto reqression test suite as per packaging guidelines - Don't install sechash.h or secmodt.h which as per 3.14 are provided by nss-devel - Update the licence to MPLv2.0 [3.12.9-12] - Bootstrapping of the builroot in preparation for rebase to 3.14.3 - Remove hasht.h from the %files devel list to prevent update conflicts with nss-util - With 3.14.3 hasht.h will be provided by nss-util-devel - Related: rhbz#927158 - rebase nss-softokn to 3.14.3 nss-util [3.14.3-3] - Resolves: rhbz#984967 - nssutil_ReadSecmodDB leaks memory [3.14.3-2] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927171 - Rebase to 3.14.3 as part of the fix for the lucky-13 issue MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1620 CVE-2013-0791 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [2.2.15-29.0.1.el6_4] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-29] - mod_dav: add security fix for CVE-2013-1896 (#991368) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1896 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.6.32-358.18.1] - [x86] perf/x86: Fix offcore_rsp valid mask for SNB/IVB (Nikola Pajkovsky) [971314 971315] {CVE-2013-2146} - [net] br: fix schedule while atomic issue in br_features_recompute() (Jiri Pirko) [990464 980876] - [scsi] isci: Fix a race condition in the SSP task management path (David Milburn) [990470 978609] - [bluetooth] L2CAP - Fix info leak via getsockname() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544} - [bluetooth] HCI - Fix info leak in getsockopt() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544} - [net] tuntap: initialize vlan_features (Vlad Yasevich) [984524 951458] - [net] af_key: initialize satype in key_notify_policy_flush() (Thomas Graf) [981225 981227] {CVE-2013-2237} - [usb] uhci: fix for suspend of virtual HP controller (Gopal) [982697 960026] - [usb] uhci: Remove PCI dependencies from uhci-hub (Gopal) [982697 960026] - [netdrv] bnx2x: Change MDIO clock settings (Michal Schmidt) [982116 901747] - [scsi] st: Take additional queue ref in st_probe (Tomas Henzl) [979293 927988] - [kernel] audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE (Oleg Nesterov) [982472 962976] - [kernel] audit: avoid negative sleep durations (Oleg Nesterov) [982472 962976] - [fs] ext4/jbd2: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807] - [fs] jbd: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807] - [fs] ext4: fix waiting and sending of a barrier in ext4_sync_file() (Eric Sandeen) [963557 955807] - [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Eric Sandeen) [963557 955807] - [fs] jbd2: fix sending of data flush on journal commit (Eric Sandeen) [963557 955807] - [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [963557 955807] - [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [963557 955807] - [fs] ext4: Rewrite __jbd2_log_start_commit logic to match upstream (Eric Sandeen) [963557 955807] - [net] bridge: Set vlan_features to allow offloads on vlans (Vlad Yasevich) [984524 951458] - [virt] virtio-net: initialize vlan_features (Vlad Yasevich) [984524 951458] - [mm] swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [977668 827548] - [dma] ioat: Fix excessive CPU utilization (John Feeney) [982758 883575] - [fs] vfs: revert most of dcache remove d_mounted (Ian Kent) [974597 907512] - [fs] xfs: don't free EFIs before the EFDs are committed (Carlos Maiolino) [975578 947582] - [fs] xfs: pass shutdown method into xfs_trans_ail_delete_bulk (Carlos Maiolino) [975576 805407] - [net] ipv6: bind() use stronger condition for bind_conflict (Flavio Leitner) [989923 917872] - [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [977680 894683] - [x86] remove BUG_ON(TS_USEDFPU) in __sanitize_i387_state() (Oleg Nesterov) [956054 920445] - [fs] coredump: ensure the fpu state is flushed for proper multi-threaded core dump (Oleg Nesterov) [956054 920445] [2.6.32-358.17.1] - [net] ipv4: fix invalid free in ip_cmsg_send() callers (Petr Matousek) [980144 979788] {CVE-2013-2224} - [net] sctp: Use correct sideffect command in duplicate cookie handling (Daniel Borkmann) [976571 963843] {CVE-2013-2206} - [virt] kvm: limit difference between kvmclock updates (Marcelo Tosatti) [979912 952174] [2.6.32-358.16.1] - [net] ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Jiri Pirko) [981558 981559] - [x86] Revert: Allow greater than 1TB of RAM on AMD x86_64 sytems (Larry Woodman) [982703 970735] - [x86] Revert: Prevent panic in init_memory_mapping() when booting more than 1TB on AMD systems (Larry Woodman) [982703 970735] - [mm] reinstate the first-fit scheme for arch_get_unmapped_area_topdown() (Rafael Aquini) [982571 980273] [2.6.32-358.15.1] - [mm] block: optionally snapshot page contents to provide stable pages during write (Rafael Aquini) [981177 951937] - [mm] only enforce stable page writes if the backing device requires it (Rafael Aquini) [981177 951937] - [mm] bdi: allow block devices to say that they require stable page writes (Rafael Aquini) [981177 951937] - [mm] fix writeback_in_progress() (Rafael Aquini) [981177 951937] - [kernel] sched: Do not account bogus utime (Stanislaw Gruszka) [959930 912662] - [kernel] sched: Avoid cputime scaling overflow (Stanislaw Gruszka) [959930 912662] - [char] n_tty: Remove BUG_ON from n_tty_read() (Stanislaw Gruszka) [982496 848085] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2146 CVE-2013-2237 CVE-2013-2224 CVE-2013-2232 CVE-2013-2206 CVE-2012-6544 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.2.11.15.22] - Resolves: Bug 1000631 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN -- retry [1.2.11.15.21] - Resolves: Bug 1000631 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4283 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.12.0-12.el6_4.3] - Fixes an abort on unsafe client ring access Resolves: rhbz#986298 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4130 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 firefox [17.0.9-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-4] - Added fix for mozbz#601442 - Support the extensions.getAddons.showPane pref again in the Add-ons Manager UI, a part of rhbz#818636 fix. [17.0.8-3] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. [17.0.8-2] - Updated manual page xulrunner [17.0.9-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-5] - Fixed mozbz#633001 - Cannot open ipv6 address with self-signed certificate [17.0.8-4] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1718 CVE-2013-1722 CVE-2013-1730 CVE-2013-1732 CVE-2013-1737 CVE-2013-1736 CVE-2013-1725 CVE-2013-1735 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [17.0.9-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.9-1] - Update to 17.0.9 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1730 CVE-2013-1732 CVE-2013-1736 CVE-2013-1722 CVE-2013-1725 CVE-2013-1737 CVE-2013-1718 CVE-2013-1735 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.96-5] - Actually apply the patch, and modify it to apply to 0.96 - Resolves: #1006262 [0.96-4.el6_4] - Include fix for CVE-2013-4288 - Resolves: #1006262 [0.96-3.el6_4] - Include fixes for CVE-2011-1485 - Resolves: #692942 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4288 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.10.2-18.0.1.el6_4.14] - Replace docs/et.png in tarball with blank image [0.10.2-18.el6_4.14] - spec: Update requirements to pick up rebuilt polkit (CVE-2013-4311) [0.10.2-18.el6_4.13] - spec: Fix messed up dependency on polkit (CVE-2013-4311) [0.10.2-18.el6_4.12] - Introduce APIs for splitting/joining strings (rhbz#1006265) - Rename virKillProcess to virProcessKill (rhbz#1006265) - Rename virPid{Abort, Wait} to virProcess{Abort, Wait} (rhbz#1006265) - Rename virCommandTranslateStatus to virProcessTranslateStatus (rhbz#1006265) - Move virProcessKill into virprocess.{h, c} (rhbz#1006265) - Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h} (rhbz#1006265) - Include process start time when doing polkit checks (rhbz#1006265) - Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) [0.10.2-18.el6_4.11] - Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) [0.10.2-18.el6_4.10] - qemu: Avoid leaking uri in qemuMigrationPrepareDirect (rhbz#984578) - qemu: Fix double free in qemuMigrationPrepareDirect (rhbz#984578) [when parsing a single device (rhbz#1003934)] - Plug leak in virCgroupMoveTask (rhbz#984556) - Fix invalid read in virCgroupGetValueStr (rhbz#984561) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4296 CVE-2013-4311 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.14-7.3] - New build with correct patch for CVE-2013-4324 [0.14-7.2] - Fix race condition in policykit use (CVE-2013-4324) Resolves: CVE-2013-4324 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4324 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [3.12.4-4:.1] - Applied patch to avoid unix-process authorization subject when using polkit as it is racy (CVE-2013-4325). IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4325 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.5-2] - CVE-2013-4326 Resolves: #1007174 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4326 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [2:2.3.14-39] - Honor user and group directives - Resolves: CVE-2013-4342 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4342 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [1.2.11-17.el6_4.1] - fix CVE-2013-4397: buffer overflows by expanding a specially-crafted archive MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4397 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1.13.0-11.1.2] - CVE-2013-4396: Fix use-after free in ImageText requests (#1014561) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4396 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-358.23.2] - [md] dm-snapshot: fix data corruption (Mikulas Patocka) [1004252 1004233] {CVE-2013-4299} [2.6.32-358.23.1] - [md] raid1, raid10: use freeze_array in place of raise_barrier in various places (Jes Sorensen) [1003765 997845] - [scsi] megaraid_sas: megaraid_sas driver init fails in kdump kernel (Nikola Pajkovsky) [1001963 833299] - [char] ipmi: eliminate long delay in ipmi_si on SGI UV2 (Nikola Pajkovsky) [988228 876778] - [net] bridge: Add multicast_querier toggle and disable queries by default (Nikola Pajkovsky) [995334 905561] - [net] bridge: Fix fatal typo in setup of multicast_querier_expired (Nikola Pajkovsky) [995334 905561] - [net] bridge: Restart queries when last querier expires (Nikola Pajkovsky) [995334 905561] - [net] bridge: Add br_multicast_start_querier (Flavio Leitner) [995334 905561] - [kernel] Prevent RT process stall due to missing upstream scheduler bug fix (Larry Woodman) [1006932 1002765] - [fs] nfs: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (Dave Wysochanski) [1006956 998752] - [firmware] efivars: Use correct efi_pstore_info struct when calling pstore_register (Lenny Szubowicz) [993547 867689] - [net] bridge: do not call setup_timer() multiple times (Amerigo Wang) [997746 994430] - [fs] lockd: protect nlm_blocked list (David Jeffery) [993544 967095] - [net] ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Jiri Benc) [987649 987651] {CVE-2013-4162} - [fs] fuse: readdirplus sanity checks (Niels de Vos) [988708 981741] - [fs] fuse: readdirplus cleanup (Niels de Vos) [988708 981741] - [fs] fuse: readdirplus change attributes once (Niels de Vos) [988708 981741] - [fs] fuse: readdirplus fix instantiate (Niels de Vos) [988708 981741] - [fs] fuse: fix readdirplus dentry leak (Niels de Vos) [988708 981741] - [fs] cifs: fix issue mounting of DFS ROOT when redirecting from one domain controller to the next (Sachin Prabhu) [994866 976535] - [fs] nfs: Make nfs_readdir revalidate less often (Scott Mayhew) [994867 976879] - [fs] nfs: Make nfs_attribute_cache_expired() non-static (Scott Mayhew) [994867 976879] - [fs] nfs: set verifier on existing dentries in nfs_prime_dcache (Scott Mayhew) [994867 976879] - [fs] nfs: Allow nfs_updatepage to extend a write under additional circumstances (Scott Mayhew) [987262 983288] - [fs] nfs: fix a leak at nfs_lookup_revalidate() (Dave Wysochanski) [987261 975211] - [acpi] efivars: If pstore_register fails, free unneeded pstore buffer (Lenny Szubowicz) [993547 867689] - [acpi] Eliminate console msg if pstore.backend excludes ERST (Lenny Szubowicz) [993547 867689] - [acpi] Return unique error if backend registration excluded by kernel param (Lenny Szubowicz) [993547 867689] - [net] bridge: fix some kernel warning in multicast timer (Amerigo Wang) [997745 952012] - [net] bridge: send query as soon as leave is received (Amerigo Wang) [997745 952012] - [net] bridge: only expire the mdb entry when query is received (Amerigo Wang) [997745 952012] - [net] bridge: Replace mp->mglist hlist with a bool (Amerigo Wang) [997745 952012] - [mm] fadvise: drain all pagevecs if POSIX_FADV_DONTNEED fails to discard all pages (Larry Woodman) [994140 957821] - [net] sunrpc: don't use a credential with extra groups (Mateusz Guzik) [1003931 955712] - [virt] xen-netfront: reduce gso_max_size to account for max TCP header (Andrew Jones) [1004657 957231] - [pps] Fix a use-after free bug when unregistering a source (Jiri Benc) [997916 920155] - [scsi] fnic: Fix SGEs limit (Chris Leech) [991346 829506] [2.6.32-358.22.1] - [x86] Round the calculated scale factor in set_cyc2ns_scale() (Prarit Bhargava) [1001954 975507] - [x86] sched: Fix overflow in cyc2ns_offset (Prarit Bhargava) [1001954 975507] [2.6.32-358.21.1] - [fs] autofs: remove autofs dentry mount check (Ian Kent) [1000314 947275] - [net] sctp: Fix list corruption resulting from freeing an association on a list (Jiri Pirko) [1002184 887868] [2.6.32-358.20.1] - [fs] nfs: Add functionality to allow waiting on all outstanding reads to complete (Dave Wysochanski) [996424 976915] - [fs] nfs: Ensure that NFS file unlock waits for readahead to complete (Dave Wysochanski) [996424 976915] - [fs] nfs: Convert nfs_get_lock_context to return an ERR_PTR on failure (Dave Wysochanski) [996424 976915] - [x86] thermal: Disable power limit notification interrupt (Shyam Iyer) [999328 908990] - [x86] thermal: Delete power-limit-notification console messages (Shyam Iyer) [999328 908990] [2.6.32-358.19.1] - [fs] gfs2: Reserve journal space for quota change in do_grow (Robert S Peterson) [988384 976823] - [netdrv] bonding: properly unset current_arp_slave on slave link up (Veaceslav Falico) [995458 988460] - [fs] nfs4: Fix infinite loop in nfs4_lookup_root (Scott Mayhew) [996014 987426] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4162 CVE-2013-4299 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.3.7-4] - Remove regexp backtracing (CVE-2013-4363). - Related: rhbz#1002838. [1.3.7-3] - Fix insecure connection to SSL repository (CVE-2012-2125, CVE-2012-2126). - Related: rhbz#1002838. [1.3.7-2] - Fix algorithmic complexity vulnerability (CVE-2013-4287). - Resolves: rhbz#1002838. MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2126 CVE-2012-2125 CVE-2013-4287 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.7.0.45-2.4.3.2.0.1.el6] - Update DISTRO_NAME in specfile [1.7.0.40-2.4.3.1.el6] - sync with rhel 6.5 to icedtea 2.4 because of pernament tck failures - nss kept disabled - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.4.el6] - added back patch408 tck20131015_5.patch, to resolve one of tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.3.el6] - added back patch404 tck20131015_1.patch, to resolve one of tck failures - added back patch405 tck20131015_2.patch, to resolve one of tck failures - added back patch406 tck20131015_3.patch, to resolve one of tck failures (modified) - added back patch407 tck20131015_4.patch, to resolve one of tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.2.el6] - updated to newer security tarball of 2.3.13 - removed patch405 tck20131015_2.patch, no longer necessary to fix tck failures - removed patch406 tck20131015_3.patch, no longer necessary to fix tck failures - removed patch407 tck20131015_4.patch, no longer necessary to fix tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.1.el6] - removed useless patch404 tck20131015_1.patch - added patch405 tck20131015_2.patch, to resolve one of tck failures - added patch406 tck20131015_3.patch, to resolve one of tck failures - added patch407 tck20131015_4.patch, to resolve one of tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.0.el6] - security update to 2.3.13 - adapted java-1.7.0-openjdk-disable-system-lcms.patch (and redeclared to 105) - removed bootstrap - fixed nss - fixed buildver and updatever (Set to 25,30) - moved to xz compression of sources - all patches moved correctly to prep - added patch404 tck20131015_1.patch, to resolve one of tck failures - Resolves: rhbz#1017626 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-5772 CVE-2013-5778 CVE-2013-5800 CVE-2013-5814 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5838 CVE-2013-5774 CVE-2013-5780 CVE-2013-5782 CVE-2013-5784 CVE-2013-5804 CVE-2013-5817 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5850 CVE-2013-5851 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5809 CVE-2013-3829 CVE-2013-4002 CVE-2013-5783 CVE-2013-5790 CVE-2013-5842 CVE-2013-5849 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.28.1-9] - Reject clients in deferred auth state - Bug 1009228 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-5745 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1.4.5-11] - fix CVE-2013-4242 GnuPG/libgcrypt susceptible to cache side-channel attack [1.4.5-10] - Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4242 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 5 Oracle Linux 6 [2.0.14-6] - fix CVE-2013-4351 gpg treats no-usage-permitted keys as all-usages-permitted [2.0.14-5] - fix CVE-2012-6085 GnuPG: read_block() corrupt key input validation - fix CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser MODERATE Copyright 2013 Oracle, Inc. CVE-2012-6085 CVE-2013-4351 CVE-2013-4402 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [0.12.0-12.5] - Fix issue with error-handling of RSA_private_decrypt() in previous patch Related: CVE-2013-4282 [0.12.0-12.el6_4.4] - Fix buffer overflow when decrypting client SPICE ticket Resolves: CVE-2013-4282 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4282 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [8.4.18-1] - Update to PostgreSQL 8.4.18, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-14.html http://www.postgresql.org/docs/8.4/static/release-8-4-15.html http://www.postgresql.org/docs/8.4/static/release-8-4-16.html http://www.postgresql.org/docs/8.4/static/release-8-4-17.html http://www.postgresql.org/docs/8.4/static/release-8-4-18.html including fixes for CVE-2013-0255, CVE-2013-1900 (#1017837) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0255 CVE-2013-1900 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 firefox [17.0.10-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [17.0.10-1] - Update to 17.0.10 ESR xulrunner [17.0.10-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.10-1] - Update to 17.0.10 ESR [17.0.9-2] - Added patch for rhbz#983488 - Resizing window changes window size to 0 with third party window manager. CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-5597 CVE-2013-5601 CVE-2013-5602 CVE-2013-5595 CVE-2013-5600 CVE-2013-5590 CVE-2013-5599 CVE-2013-5604 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 [17.0.10-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.10-1] - Update to 17.0.10 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5600 CVE-2013-5602 CVE-2013-5590 CVE-2013-5599 CVE-2013-5595 CVE-2013-5597 CVE-2013-5601 CVE-2013-5604 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [7.1-12] - Fix host triplets on x86 (#1014273) - Related: CVE-2012-2673 [7.1-11] - Add sanity checking for calloc/malloc calls - Resolves: CVE-2012-2673 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2673 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1:1.6.0.0-1.68.1.11.14] - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - Resolves: rhbz#1017618 [1:1.6.0.1-1.67.1.13.0] - reverted previous update - Resolves: rhbz#1017618 [1:1.6.0.1-1.66.1.13.0] - updated to icedtea 1.13 - updated to openjdk-6-src-b28-04_oct_2013 - added --disable-lcms2 configure switch to fix tck - removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch - added patch7 1.13_fixes.patch to fix 1.13 build issues - adapted patch0 java-1.6.0-openjdk-optflags.patch - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - removed useless runtests parts - included also java.security.old files - Resolves: rhbz#1017618 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5797 CVE-2013-5803 CVE-2013-5809 CVE-2013-5817 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5850 CVE-2013-5778 CVE-2013-5784 CVE-2013-5802 CVE-2013-5823 CVE-2013-5840 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5790 CVE-2013-5804 CVE-2013-5814 CVE-2013-5820 CVE-2013-5842 CVE-2013-5849 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1:1.20.11-2] - Fix CVE-2013-4419: insecure temporary directory handling for guestfish's network socket resolves: rhbz#1019737 [1:1.20.11-1] - Rebase to libguestfs 1.20.11. resolves: rhbz#958183 - Remove buildnet: builds now detect network automatically. - The rhel-6.x branches containing the patches used in RHEL are now stored on a public git repository (https://github.com/libguestfs/libguestfs/branches). - Compare spec file to Fedora 18 and fix where necessary. - Backport new APIs part-get-gpt-type and part-set-gpt-type resolves: rhbz#965495 - Fix DoS (abort) due to a double free flaw when inspecting certain guest files / images (CVE-2013-2124) resolves: rhbz#968337 - libguestfs-devel should depend on an explicit version of libguestfs-tools-c, in order that the latest package is pulled in. - Rebuild against Augeas >= 1.0.0-5 resolves: rhbz#971207 - Backport Windows inspection changes resolves: rhbz#971090 - Add back state test commands to guestfish resolves: rhbz#971664 - Work around problem with ntfsresize command in RHEL 6 resolves: rhbz#971326 - Fix txz-out API resolves: rhbz#972413 - Move virt-sysprep to the libguestfs-tools-c package since it's no longer a shell script resolves: rhbz#975572 - Fix hostname inspection because of faulty Augeas path expression resolves: rhbz#975377 - Calculate appliance root correctly when iface drives are added resolves: rhbz#975760 - Add notes about resizing Windows disk images to virt-resize documentation resolves: rhbz#975753 - Remove dependency on lsscsi, not available in 6Client resolves: rhbz#973425 - Fix yum cache copy so it works if there are multiple repos resolves: rhbz#980502 - Fix hivex-commit API to fail with relative paths resolves: rhbz#980372 - Better documentation for filesystem-available API resolves: rhbz#980358 - Fix double free when kernel link fails during launch resolves: rhbz#983690 - Fix virt-sysprep --firstboot option resolves: rhbz#988863 - Fix cap-get-file so it returns empty string instead of error on no cap resolves: rhbz#989352 - Better documentation for acl-set-file resolves: rhbz#985269 - Fix bogus waitpid error when using guestfish --remote resolves: rhbz#996825 - Disable 9p support resolves: rhbz#997884 - Document that guestfish --remote doesn't work with certain other arguments resolves: rhbz#996039 - Enable kvmclock in the appliance to reduce clock instability resolves: rhbz#998108 - Fix 'sh' command before mount causes daemon to segfault resolves: rhbz#1000122 - Various fixes to tar-out 'excludes' (RHBZ#1001875) - Document use of glob + rsync-out (RHBZ#1001876) - Document mke2fs blockscount (RHBZ#1002032) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4419 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.0.0-5] - Don't package lenses in tests/ subdirectory. related: rhbz#817753 [1.0.0-4] - Rebase to Augeas 1.0.0 resolves: rhbz#817753 - Add dependency on libxml2-devel. - Remove all patches (all upstream and included in 1.0.0). - Print tests/test-suite.log when the tests fail. - Add fix for regression added in 1.0.0 (RHBZ#920609). - Fix tests/test-run. LOW Copyright 2013 Oracle, Inc. CVE-2012-0786 CVE-2012-0787 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 cheese [2.28.1-8] - Rebuild against newer evolution-data-server. Resolves: #973276 control-center [2.28.1-39] - Rebuild against newer evolution-data-server. Resolves: #973279 ekiga [3.2.6-4] - Rebuild against newer evolution-data-server. - Add patch to build break (include where needed) Resolves: #973281 evolution [2.32.3-30.el6] - Update patch for RH bug #975409 (Custom message in alarm notification) - Add patch for RH bug #1014743 (Use system timezone has no effect) - Add patch for RH bug #1014677 (Search filter persists when changing folders) [2.32.3-29.el6] - Add patch for RH bug #1013543 (Freeze during migration of pre-2.24 mails) [2.32.3-28.el6] - Add patch for RH bug #1012399 (Fails to display task mail attachment) - Bump evolution-data-server version requirement (for RH bug #1009426) [2.32.3-27.el6] - Add patch for RH bug #1009517 (Be aware of 'no-alarm-after-start' calendar capability) [2.32.3-26.el6] - Add patch for RH bug #1006764 (Plugin actions not updated) [2.32.3-25.el6] - Add patch for RH bug #1003578 (Update actions on search execute) [2.32.3-24.el6] - Update translations for the Exchange Web Services advertisement [2.32.3-23.el6] - Build evolution-devel-docs for noarch only [2.32.3-22.el6] - Add a devel-docs subpackage and do not ship evolution-settings (RH bug #1000323) [2.32.3-21.el6] - Remove bogofilter plugin from el6 (missed previous removal during rebase) [2.32.3-20.el6] - Update bn_IN translation [2.32.3-19.el6] - Show a one-time dialog on upgrade advertising Exchange Web Services. [2.32.3-18.el6] - Update translation patch [2.32.3-17.el6] - Add patch for icons in a message list Wide View [2.32.3-16.el6] - Add patch for translation updates [2.32.3-15.el6] - Update patch for RH bug #949610 (Avoid runtime warnings caused by async load) [2.32.3-14.el6] - Update patch for RH bug #975409 (Custom message in alarm notification) - Add patch for RH bug #985528 (Multiple contacts remove confuses view) [2.32.3-13.el6] - Obsolete evolution-conduits, thus an update can be done, when it's installed - Add patch for RH bug #981313 (a11y in the Contacts' minicard view) - Add patch for RH bug #981257 (Save changes in addressbook backend's ensure_sources) [2.32.3-12.el6] - Add patch for use-after-free memory in mail account editor found by valgrind [2.32.3-11.el6] - Add patch for RH bug #978525 (CamelSession left with unset network-available) [2.32.3-10.el6] - Add patch for RH bug #956510 (Alarm notify crash and other related fixes in alarm notify) - Update patch for RH bug #977292 (Close also evolution-alarm-notify process) [2.32.3-9.el6] - Add patch for RH bug #624851 (Select S/MIME encryption certificate) - Add patch for RH bug #628174 (Copy/Paste text in calendar views) - Add patch for RH bug #971496 (Notify user about question dialogs) - Add patch for RH bug #977292 (--force-shutdown closes also factories) [2.32.3-8.el6] - Add patch for RH bug #700733 (Update message counts after mail folder migration) - Add patch for RH bug #975394 (Report errors from calendars in statusbar) - Add patch for RH bug #975409 (Custom message in alarm notification) - Add patch for RH bug #970955 (Contact mail merge improvements) - Add patch for RH bug #971452 (Empty Send/Draft folders in account from startup wizard) [2.32.3-7.el6] - Add patch for RH bug #974647 (Load extensions in GObject::constructed) - Add patch for RH bug #974234 (Crash in try_open_e_book_cb()) [2.32.3-6.el6] - Fix typo in patch for Coverity scan issues - Add patch for RH bug #971820 (Crash in et_get_n_children) [2.32.3-5.el6] - Add patch for some issues found by Coverity scan [2.32.3-4.el6] - Add patch for RH bug #962331 (Initialize dbus-glib threading for GConf) - Add patch for RH bug #689429 (Replace 'Open With' button for too large messages) [2.32.3-3.el6] - Add patch for RH bug #602667 (Crash due to use after mail_msg_free call) - Add patch for RH bug #698246 (Remember password default value for calendars) - Add patch for RH bug #670917 (ItipFormatter - do not check read-only calendars) - Add patch for RH bug #737865 (ItipFormatter - ensure attendee email) - Add patch for RH bug #970650 (Store last attachment load/save path as URI) - Add patch for RH bug #970633 (Contact editor's work Country mnemonic widget) - Add patch for RH bug #949610 (Don't block UI on an attachment load) - Add patch for RH bug #919002 (Prevent message list auto-selection change) - Add patch for RH bug #857003 (Wrong czech translation) [2.32.3-2.el6] - Add patch with some gnome-2-32 branch bug fixes, which landed after 2.32.3 release [2.32.3-1.el6] - Rebase to 2.32.3 - Remove patch for conduit dir fix (obsolete by rebase) - Remove patch for GNOME bug #613639 (obsolete by rebase) - Remove patch for RH bug #585750 (part of rebase) - Remove patch for RH bug #577799 (part of rebase) - Remove patch for RH bug #522157, #632998, #638643 (obsolete by rebase) - Remove patch for RH bug #621517 (part of rebase) - Remove patch for RH bug #632968 (part of rebase) - Remove patch for RH bug #633629 (obsolete by rebase) - Remove patch for RH bug #585931 (part of rebase) - Remove patch for RH bug #666875 (part of rebase) - Remove patch for RH bug #667083 (part of rebase) - Remove patch for RH bug #696881 (part of rebase) - Remove patch for RH bug #805239 (part of rebase) - Remove patch for RH bug #890642 (part of rebase) - Remove patch for RH bug #552805 (part of rebase) evolution-data-server [2.32.3-18.el6] - Add patch for RH bug #1014032 (Prevent a crash in CamelDB) [2.32.3-17.el6] - Add patch for RH bug #1009426 ('no such table' error after upgrade) [2.32.3-16.el6] - Add patch for RH bug #1004784 (Create contact on ownCloud with WebDAV fails) [2.32.3-15.el6] - Update translation patch [2.32.3-14.el6] - Add patch for translation updates [2.32.3-13.el6] - Add patch for RH bug #979722 (Mail connects with weak SSL) - Bump nss version requirement to 3.14 [2.32.3-12.el6] - Add patch for RH bug #991074 (Unnecessary crash due to g_assert() call) [2.32.3-11.el6] - Add patch for RH bug #990380 (CVE-2013-4166) [2.32.3-10.el6] - Add patch for RH bug #950005 (Ignore cached zero-sized files) - Add patch for RH bug #983964 (Do calendar operations in a thread) [2.32.3-9.el6] - Add patch for RH bug #970013 (Disable IMAP+ QResync feature by default) - Add patch for RH bug #983031 (Google book saves other fax as business fax) - Add patch for RH bug #975409 (Custom alarm message for local calendars) [2.32.3-8.el6] - Add patch for RH bug #982681 (Google contact list name changes on load) [2.32.3-7.el6] - Add patch for RH bug #735674 (Add parameter guards to POP3 provider) - Add patch for RH bug #977395 (Be able to close factories with killev) [2.32.3-6.el6] - Add patch for RH bug #700726 (Try to read binary camel summaries from other archs) - Add patch for RH bug #975438 (Category Unmatched search doesn't work with Name contains) [2.32.3-5.el6] - Add patch for RH bug #971621 (Book view blocks factory) - Add patch for RH bug #696620 (Crash of in retrieval_done of an On The Web calendar) [2.32.3-4.el6] - Add patch for some issues found by Coverity scan [2.32.3-3.el6] - Add patch for RH bug #710058 (Expand list inline with comma separator) - Add patch for RH bug #589263 (EFileCache recursive freeze/thaw) - Add patch for RH bug #815371 (Encoded email address shown after paste) - Add patch for RH bug #804651 (Incorrect CalDAV offline setup test) - Add patch for RH bug #739968 (Initialize dbus-glib threading for GConf) - Add patch for RH bug #710005 (Encoded email address shown after list inline expand) - Add patch for RH bug #962499 (GPG decrypt failed with missing signature certificate) - Add patch for RH bug #955587 (GPG and S/MIME parts are not attachments) - Add patch for RH bug #811980 (CalDAV fails to write to Google calendar) - Add patch for RH bug #750916 (Offer also TLS for IMAPS) - Add patch for RH bug #705859 (Calendar code memory leaks) [2.32.3-2.el6] - Add patch with some gnome-2-32 branch bug fixes, which landed after 2.32.3 release [2.32.3-1.el6] - Rebase to 2.32.3 - Remove patch for RH bug #215702 (part of rebase) - Remove patch for GNOME bug #373146 (obsolete by rebase) - Remove patch for 'Remove debug spew from IMAP provider' (part of rebase) - Remove patch for RH bug #576215 (part of rebase) - Remove patch for RH bug #589192 (obsolete by rebase) - Remove patch for RH bug #553556 (part of rebase) - Remove patch for RH bug #605320 (part of rebase) - Remove patch for RH bug #619286 (part of rebase) - Remove patch for RH bug #657117 (part of rebase) - Remove patch for RH bug #634949 (part of rebase) - Remove patch for RH bug #660356 (obsolete by rebase) - Remove patch for RH bug #666879 (part of rebase) - Remove patch for RH bug #734048 (part of rebase) evolution-exchange [2.32.3-16.el6] - Add patch for RH bug #1019434 (evolution-ews searchable GAL) [2.32.3-15.el6] - Add patch for RH bug #1018301 (evolution-ews crash and broken Free/Busy fetch) [2.32.3-14.el6] - Add patch for RH bug #1009470 (evolution-ews crash when GAL not marked for offline sync) - Add patch for RH bug #1005888 (evolution-ews add 'no-alarm-after-start' calendar capability) [2.32.3-13.el6] - Add patch for RH bug #1006336 (evolution-ews fails to download attachments) [2.32.3-12.el6] - Do not ship gtk-doc files (RH bug #1000325) [2.32.3-11.el6] - Add patch to regression of GNOME bug #702922 (Cannot create appointments) [2.32.3-10.el6] - Add patch for some issues found by Coverity scan in evolution-exchange [2.32.3-9.el6] - Update translation patch for evolution-exchange [2.32.3-8.el6] - Add patches for translation updates [2.32.3-7.el6] - Add patch for evolution-ews to match 3.8.5 upstream release [2.32.3-6.el6] - Update patch for evolution-ews to match 3.8.4 upstream release (RH bug #988356) [2.32.3-5.el6] - Add patch for evolution-ews to match 3.8.4 upstream release - Add patch for RH bug #984961 (evolution-ews multiple contacts remove hang) - Add patch for RH bug #985015 (evolution-ews empty search hides contacts) [2.32.3-4.el6] - Add patch for RH bug #984531 (evolution-ews double-free in book backend) [2.32.3-3.el6] - Add patch for evolution-ews to fix account type check in new account wizard [2.32.3-2.el6] - Add patch for evolution-ews to match 3.8.3 upstream release [2.32.3-1.el6] - Rebase to 2.32.3 - Bundle evolution-ews as part of this, with feature parity of its 3.8.2 release evolution-mapi [0.32.2-12] - Fix a copy&paste error in a patch update for RH bug #621941 [0.32.2-11] - Update patch for RH bug #621941 (Created events not shown in OWA) - Add patch for RH bug #1017108 (Shorten delay of calendar open) [0.32.2-10] - Add patch for RH bug #621941 (Created events not shown in OWA) - Add patch for RH bug #906341 (Cannot create book/calendar) [0.32.2-9] - Update patch for RH bug #1005072 (Calendars could not authenticate) [0.32.2-8] - Add patch for RH bug #619842 (Attached email message is empty in forwarded email) [0.32.2-7] - Add patch for RH bug #1005072 (Authentication after migration/restore fails) [0.32.2-6] - Add patch for translation updates - Update patch for issues found by Coverity scan [0.32.2-5] - Bump libmapi requirement to 1.0-4 [0.32.2-4] - Add patch for some issues found by Coverity scan [0.32.2-3] - Add patch for RH bug #909259 (Meeting invite accept duplicates event) [0.32.2-2] - Add patch for RH bug #694134 (Contacts book not searchable) - Add patch for RH bug #625059 (Allow slash in folder names) - Add patch for RH bug #905591 (Refresh folder can fail with Exchange 2010 server) [0.32.2-1] - Rebase to 0.32.2 - Remove patch for RH bug #589193 (obsolete by rebase) - Remove patch for RH bug #602749 (part of rebase) - Remove patch for RH bug #605369 (part of rebase) - Remove patch for RH bug #666492 (obsolete by rebase) - Remove patch for RH bug #902932 (merged to openchange-1.0 patch) - Remove patch for RH bug #903241 (part of rebase) gnome-panel [2.30.2-15] - Rebuild against newer evolution-data-server. Resolves: #973284 gnome-python2-desktop [2.28.0-5.el6] - Rebuild against newer evolution-data-server. Resolves: #973285 gtkhtml3 [3.32.2-2.el6] - Add patch for some issues found by Coverity scan - Add patch for RH bug #577797 (Cursor misplaced after paste) - Add patch for RH bug #615969 (Whitespaces drop on paste) - Add patch for RH bug #627199 (Underline/strikeout misplaced in printout) - Add patch for RH bug #626690 (Paragraph style not drawn after font style change) [3.32.2-1.el6] - Rebase to 3.32.2 - Remove patch for RH bug #588457 (part of rebase) - Remove patch for RH bug #590877 (part of rebase) libgdata [0.6.4-2] - Return back accidentally removed changelog entry [0.6.4-1] - Update to 0.6.4 nautilus-sendto [2.28.2-4] - Rebuild against newer evolution-data-server. Resolves: #973287 openchange [1.0-6] - Add a patch for RH bug #665967 (Free/busy fails to be fetched) pidgin [2.7.9-11.el6] - Rebuild against newer evolution-data-server (RH bug #973288). planner [0.14.4-10] - Resolves: rhbz#973289 rebuild against newer evolution-data-server - Also add planner-0.14.4-edsapi.patch from Fedora 14 package. totem [2.28.6-4] - Change a description of a totem-youtube package [2.28.6-3] - Rebuild against libgdata-0.6.4 Resolves: #883032 LOW Copyright 2013 Oracle, Inc. CVE-2013-4166 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [3.6.9-164] - resolves: #1008574 - Fix offline logon cache not updating for cross child domain group membership. [3.6.9-163] - resolves: #1015359 - Fix CVE-2013-0213 and CVE-2013-0214 in SWAT. [3.6.9-162] - resolves: #978007 - Fix 'valid users' manpage documentation. [3.6.9-161] - resolves: #997338 - Fix smbstatus as non root user. - resolves: #1003689 - Fix Windows 8 printer driver support. [3.6.9-160] - resolves: #948071 - Group membership is not correct on logins with new AD groups. - resolves: #953985 - User and group info not return from a Trusted Domain. [3.6.9-159] - resolves: #995109 - net ads join - segmentation fault if no realm has been specified. - List all vfs, auth and charset modules in the spec file. [3.6.9-158] - resolves: #984808 - CVE-2013-4124: DoS via integer overflow when reading an EA list [3.6.9-157] - Fix Windows 8 Roaming Profiles. - resolves: #990685 [3.6.9-156] - Fix PIDL parsing with newer versions of gcc. - Fix dereferencing a unique pointer in the WKSSVC server. - resolves: #980382 [3.6.9-155] - Check for system libtevent and require version 0.9.18. - Use tevent epoll backend in winbind. - resolves: #951175 [3.6.9-154] - Add encoding option to 'net printing (migrate|dump)' command. - resolves: #915455 [3.6.9-153] - Fix overwrite of errno in check_parent_exists(). - resolves: #966489 - Fix dir code using dirfd() without vectoring trough VFS calls. - resolves: #971283 [3.6.9-152] - Fix 'map untrusted to domain' with NTLMv2. - resolves: #961932 - Fix the username map optimization. - resolves: #952268 - Fix 'net ads keytab add' not respecting the case. - resolves: #955683 - Fix write operations as guest with security = share - resolves: #953025 - Fix pam_winbind upn to username conversion if you have different seperator. - resolves: #949613 - Change chkconfig order to start winbind before netfs. - resolves: #948623 - Fix cache issue when resoliving groups without domain name. - resolves: #927383 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4124 CVE-2013-0213 CVE-2013-0214 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [4.0.0-58.rc4] - Fix winbind lsat reconnection code, avoids ntlmv2-only session setup problems - resolves: #949993 [4.0.0-57.rc4] - resolves: #984809 - CVE-2013-4124: DoS via integer overflow when reading an EA list [4.0.0-56.rc4] - Fix libwbclient.so.0 symlink. - resolves: #882338 - Fix correct linking of libreplace with cmdline-credentials. - resolves: #911264 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4124 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [qemu-kvm-0.12.1.2-2.415.el6] - kvm-target-i386-don-t-migrate-steal-time-MSR-on-older-ma.patch [bz#1022821] - Resolves: bz#1022821 (live-migration from RHEL6.5 to RHEL6.4.z fails with 'error while loading state for instance 0x0 of device 'cpu'') [0.12.1.2-2.414.el6] - kvm-vmstate-Add-max_version_id-field-to-VMStateDescripti.patch [bz#1016736] - kvm-savevm-Introduce-max_version_id-field-to-SaveStateEn.patch [bz#1016736] - kvm-i386-Set-cpu-section-version_id-to-11.patch [bz#1016736] - kvm-qemu-ga-execute-fsfreeze-freeze-in-reverse-order-of-.patch [bz#1015633] - Resolves: bz#1015633 (qemu-guest-agent: 'guest-fsfreeze-freeze' deadlocks if the guest have mounted disk images) - Resolves: bz#1016736 (CPU migration data has version_id 12 but version 11 format) [0.12.1.2-2.413.el6] - kvm-scsi-Allocate-SCSITargetReq-r-buf-dynamically-CVE-20.patch [bz#1007330] - kvm-scsi-Fix-data-length-SCSI_SENSE_BUF_SIZE.patch [bz#956929] - Resolves: bz#1007330 (CVE-2013-4344 qemu: buffer overflow in scsi_target_emulate_report_luns) - Resolves: bz#956929 (/usr/libexec/qemu-kvm was killed by signal 6 (SIGABRT) when SCSI inquiry is sent to unsupported page inside the KVM guest) [qemu-kvm-0.12.1.2-2.412.el6] - kvm-char-move-backends-io-watch-tag-to-CharDriverState.patch [bz#985205] - kvm-char-use-common-function-to-disable-callbacks-on-cha.patch [bz#985205] - kvm-char-remove-watch-callback-on-chardev-detach-from-fr.patch [bz#985205] - kvm-os-posix-block-SIGUSR2-in-os_setup_early_signal_hand.patch [bz#996814] - Resolves: bz#985205 (QEMU core dumped when do hot-unplug virtio serial port during transfer file between host to guest with virtio serial through TCP socket) - Resolves: bz#996814 (boot image with gluster native mode cant work with attach another device from local file system) [qemu-kvm-0.12.1.2-2.411.el6] - kvm-block-don-t-lose-data-from-last-incomplete-sector.patch [bz#1009370] - kvm-vmdk-fix-cluster-size-check-for-flat-extents.patch [bz#1009370] - Resolves: bz#1009370 (qemu-img refuses to open the vmdk format image its created) [qemu-kvm-0.12.1.2-2.410.el6] - kvm-chardev-fix-pty_chr_timer.patch [bz#995341] - Resolves: bz#995341 (hot-unplug chardev with pty backend caused qemu Segmentation fault) [qemu-kvm-0.12.1.2-2.409.el6] - kvm-exec-Simplify-allocation-of-guest-RAM.patch [bz#867921] - kvm-exec-Don-t-abort-when-we-can-t-allocate-guest-memory.patch [bz#867921] - kvm-block-better-error-message-for-read-only-format-name.patch [bz#999788] - kvm-vmdk-Add-migration-blocker.patch [bz#999358] - kvm-scsi-Fix-scsi_bus_legacy_add_drive-scsi-generic-with.patch [bz#1013478] - kvm-Add-support-for-JSON-pretty-printing.patch [bz#1010610] - kvm-qemu-img-add-dirty-flag-status.patch [bz#1010610] - kvm-qemu-img-make-info-backing-file-output-correct-and-e2.patch [bz#1010610] - kvm-qapi-Add-SnapshotInfo-and-ImageInfo.patch [bz#1010610] - kvm-qemu-img-Add-json-output-option-to-the-info-command.patch [bz#1010610] - kvm-qemu-img-Add-backing-chain-option-to-info-command.patch [bz#1010610] - kvm-block-get_block_status-set-pnum-0-on-error.patch [bz#1010610] - kvm-block-get_block_status-avoid-segfault-if-there-is-no.patch [bz#1010610] - Resolves: bz#1010610 (Backport option '--output=json|human' to qemu-img info command) - Resolves: bz#1013478 (-device usb-storage,serial=... crashes with SCSI generic drive) - Resolves: bz#867921 ([RFE] Nicer error report when qemu-kvm can't allocate guest RAM) - Resolves: bz#999358 (do live migration with used VMDK format disk should fail with a friendly message prompt) - Resolves: bz#999788 (qemu should give a more friendly prompt when didn't specify read-only for VMDK format disk) [qemu-kvm-0.12.1.2-2.408.el6] - Fix Qemu guest agent - move logfiles to new directory for easier SELinux tagging [bz#1009431] - kvm-block-Introduce-bs-zero_beyond_eof.patch [bz#1007224] - Resolves: bz#1007224 (Introduce bs->zero_beyond_eof) - Resolves: bz#1009431 (move qga logfiles to new /var/log/qemu-ga/ directory) [qemu-kvm-0.12.1.2-2.407.el6] - kvm-usb-host-remove-message.patch [bz#1003771] - Qemu guest agent - move logfiles to new directory for easier SELinux tagging [bz#1009431] - kvm-qemu-kvm-fix-reset-value-of-MSR_PAT.patch [bz#976706] - Resolves: bz#1003771 (warning msg not correct after hotplug invalid usb-host to guest) - Resolves: bz#1009431 (move qga logfiles to new /var/log/qemu-ga/ directory) - Resolves: bz#976706 ([HP BCS 6.5 Bug]Guest OS cannot boot after first reboot when enabling SR-IOV feature) [qemu-kvm-0.12.1.2-2.406.el6] - Reverted spurious fix for BZ 981623 [bz#1010930] - Resolves: bz#1010930 (Qemu-kvm-rhev build verifytest failed (rpm -V)) [qemu-kvm-0.12.1.2-2.405.el6] - kvm-Revert-usb-hub-report-status-changes-only-once.patch [bz#1002888] - kvm-virtio-net-revert-mac-on-reset.patch [bz#890265] - kvm-virtio-net-fix-up-HMP-NIC-info-string-on-reset.patch [bz#890265] - Resolves: bz#1002888 (usb hub doesn't work properly (win2012 sees downstream port #1 only)) - Resolves: bz#890265 (change the mac of virtio_net device temporary but will effect forever after reboot guest) [qemu-kvm-0.12.1.2-2.404.el6] - kvm-target-i386-kvm-save-restore-steal-time-MSR.patch [bz#903123] - Resolves: bz#903123 (The value of steal time in 'top' command always is '0.0% st' after guest migration) [qemu-kvm-0.12.1.2-2.403.el6] - kvm-block-Remove-semicolon-in-BDRV_SECTOR_MASK-macro.patch [bz#914802] - kvm-block-implement-is_allocated-for-raw.patch [bz#914802] - kvm-qemu-io-fix-the-alloc-command.patch [bz#914802] - kvm-stream-complete-early-if-end-of-backing-file-is-reac.patch [bz#914802] - kvm-block-cow-Return-real-error-code.patch [bz#914802] - kvm-cow-Use-bdrv_-p-write_sync-for-metadata-writes.patch [bz#914802] - kvm-cow-make-reads-go-at-a-decent-speed.patch [bz#914802] - kvm-cow-make-writes-go-at-a-less-indecent-speed.patch [bz#914802] - kvm-cow-do-not-call-bdrv_co_is_allocated.patch [bz#914802] - kvm-block-keep-bs-total_sectors-up-to-date-even-for-grow.patch [bz#914802] - kvm-block-make-bdrv_co_is_allocated-static.patch [bz#914802] - kvm-block-do-not-use-total_sectors-in-bdrv_co_is_allocat.patch [bz#914802] - kvm-block-remove-bdrv_is_allocated_above-bdrv_co_is_allo.patch [bz#914802] - kvm-block-expect-errors-from-bdrv_co_is_allocated.patch [bz#914802] - kvm-qemu-img-always-probe-the-input-image-for-allocated-.patch [bz#914802] - kvm-block-make-bdrv_has_zero_init-return-false-for-copy-.patch [bz#914802] - kvm-block-introduce-bdrv_get_block_status-API.patch [bz#914802] - kvm-block-define-get_block_status-return-value.patch [bz#914802] - kvm-block-return-get_block_status-data-and-flags-for-for.patch [bz#914802] - kvm-block-use-bdrv_has_zero_init-to-return-BDRV_BLOCK_ZE.patch [bz#914802] - kvm-block-return-BDRV_BLOCK_ZERO-past-end-of-backing-fil.patch [bz#914802] - kvm-qemu-img-add-a-map-subcommand.patch [bz#914802] - kvm-docs-qapi-document-qemu-img-map.patch [bz#914802] - kvm-block-add-default-get_block_status-implementation-fo.patch [bz#914802] - kvm-qemu-img-fix-invalid-JSON.patch [bz#914802] - Resolves: bz#914802 (Support backup vendors in qemu to access qcow disk readonly (qemu-img metadata dump)) [qemu-kvm-0.12.1.2-2.402.el6] - Move VPC from r/w whitelist to r/o whitelist [bz#999779] - kvm-migrate-add-migration-blockers.patch [bz#999779] - kvm-qed-add-migration-blocker-v2.patch [bz#999779] - kvm-qed-remove-incoming-live-migration-blocker.patch [bz#999779] - kvm-vpc-Add-migration-blocker.patch [bz#999779] - Resolves: bz#999779 (Add vpc file format support in qemu-kvm) [qemu-kvm-0.12.1.2-2.401.el6] - Add block VHD/VPC format to block driver whitelist [bz#999779] - kvm-block-vpc-Fix-conversion-from-size-to-disk-geometry.patch [bz#999779] - kvm-vpc-Read-write-multiple-sectors-at-once.patch [bz#999779] - kvm-vpc-Use-bdrv_-p-write_sync-for-metadata-writes.patch [bz#999779] - kvm-vpc-fix-a-file-descriptor-leak.patch [bz#999779] - kvm-vpc.c-Use-get_option_parameter-does-the-search.patch [bz#999779] - kvm-block-vpc.c-Detect-too-large-vpc-file.patch [bz#999779] - kvm-vpc-Add-missing-error-handling-in-alloc_block.patch [bz#999779] - kvm-vpc-Add-support-for-Fixed-Disk-type.patch [bz#999779] - kvm-vpc-Round-up-image-size-during-fixed-image-creation.patch [bz#999779] - kvm-block-vpc-initialize-the-uuid-footer-field.patch [bz#999779] - kvm-block-vpc-support-for-2-TB-disks.patch [bz#999779] - kvm-vpc-Fix-bdrv_open-error-handling.patch [bz#999779] - Resolves: bz#999779 (Add vpc file format support in qemu-kvm) [qemu-kvm-0.12.1.2-2.400.el6] - kvm-vmdk-Move-l1_size-check-into-vmdk_add_extent.patch [bz#995865] - kvm-vmdk-fix-L1-and-L2-table-size-in-vmdk3-open.patch [bz#995865] - kvm-vmdk-support-vmfsSparse-files.patch [bz#995865] - kvm-vmdk-support-vmfs-files.patch [bz#995865] - kvm-block-initialize-do_check_io_limits-error-pointer-to.patch [bz#1001436] - kvm-gluster-Abort-on-AIO-completion-failure.patch [bz#997220] - Resolves: bz#1001436 (Qemu core dumped when set iops,bps... to a negative value var monitor) - Resolves: bz#995865 (fix vmdk support to ESX images) - Resolves: bz#997220 (Race in gluster_finish_aiocb) [qemu-kvm-0.12.1.2-2.399.el6] - kvm-block-migration-propagate-return-value-when-bdrv_wri.patch [bz#994813] - kvm-block-migration-actually-disable-dirty-tracking-on-c.patch [bz#994813] - kvm-Fix-off-by-one-error-in-page_l1_map.patch [bz#996791] - Resolves: bz#994813 ([FJ6.4 Bug] the guest doesn't operate normally after block live migration with out of disk space) - Resolves: bz#996791 (Off-by-one error in page_l1_map() can lead to out-of-bounds access) [qemu-kvm-0.12.1.2-2.398.el6] - kvm-block-use-Error-in-do_check_io_limits.patch [bz#987725] - kvm-block-refuse-negative-iops-and-bps-values.patch [bz#987725] - Resolves: bz#987725 (Guest should failed to be booted if specifying iops,bps as negative value) [qemu-kvm-0.12.1.2-2.397.el6] - kvm-block-Decouple-block-device-commit-all-from-DriveInf.patch [bz#856505] - kvm-block-Monitor-command-commit-neglects-to-report-some.patch [bz#856505] - kvm-block-for-HMP-commit-operations-on-all-skip-non-COW-.patch [bz#856505] - Resolves: bz#856505 (Missing error message in bdrv_commit to read-only backing file) [qemu-kvm-0.12.1.2-2.396.el6] - Fix glusterfs support in the qemu white-list - Related: bz#848070 ([RHEL 6.5] Add glusterfs support to qemu) [qemu-kvm-0.12.1.2-2.394.el6] - kvm-dump-clamp-guest-provided-mapping-lengths-to-rambloc.patch [bz#989585] - kvm-dump-introduce-GuestPhysBlockList.patch [bz#989585] - kvm-dump-populate-guest_phys_blocks.patch [bz#989585] - kvm-dump-rebase-from-host-private-RAMBlock-offsets-to-gu.patch [bz#989585] - kvm-virtio-net-remove-layout-assumptions-for-ctrl-vq.patch [bz#904927] - kvm-virtio-net-introduce-a-new-macaddr-control.patch [bz#904927] - kvm-net-add-compat-property-to-disable-ctrl_mac_addr-fea.patch [bz#904927] - kvm-virtio-net-rename-ctrl-rx-commands.patch [bz#904927] - kvm-target-i386-fix-bits-39-32-of-the-final-physical-add.patch [bz#880990] - kvm-qxl-Don-t-drop-client-capability-bits.patch [bz#880990] - kvm-block-fix-null-pointer-bug-on-error-case-in-block-co.patch [bz#880990] - Resolves: bz#880990 ([coverity] suspicious use of sizeof, bad use of strncpy(), etc) - Resolves: bz#904927 (RFE: (qemu) Introduce a vq command to robust virtio net mac programming) - Resolves: bz#989585 (crash command can not read the dump-guest-memory file when paging=false [RHEL-6]) [qemu-kvm-0.12.1.2-2.393.el6] - kvm-add-timestamp-to-error_report.patch [bz#906931] - kvm-Convert-stderr-message-calling-error_get_pretty-to-e.patch [bz#906931] - Resolves: bz#906931 ([Hitachi 6.5 FEAT][QEMU]Add a time stamp to error message (*)) [qemu-kvm-0.12.1.2-2.392.el6] - Whitelist rbd block driver [bz#988079] - kvm-ceph-rbd-block-driver-for-qemu-kvm.patch [bz#988079] - kvm-rbd-link-and-load-librbd-dynamically.patch [bz#988079] - kvm-rbd-Only-look-for-qemu-specific-copy-of-librbd.so.1.patch [bz#988079] - kvm-Build-rbd-block-driver-only-for-qemu-kvm-rhev.patch [bz#988079] - kvm-block-call-the-snapshot-handlers-of-the-protocol-dri.patch [bz#988079] - Resolves: bz#988079 ([6.5 FEAT] qemu runtime support for librbd backend (ceph)) [qemu-kvm-0.12.1.2-2.391.el6] - Set qemu-guest-agent to be started automatically [bz#888297] - kvm-migration-add-migrate_set_state-tracepoint.patch [bz#903429] - kvm-vl-add-runstate_set-tracepoint.patch [bz#903429] - kvm-all-add-kvm_ioctl-kvm_vm_ioctl-kvm_vcpu_ioctl-tr.patch [bz#903429] - kvm-all-add-kvm_run_exit-tracepoint.patch [bz#903429] - kvm-aio-Fix-qemu_aio_wait-to-maintain-correct-walking_ha.patch [bz#848070] - kvm-aio-Another-fix-to-the-walking_handlers-logic.patch [bz#848070] - kvm-qemu-URI-parsing-library.patch [bz#848070] - kvm-qemu-tool-Add-dummy-qemu_mutex_lock_iothread-and-qem.patch [bz#848070] - kvm-block-Support-GlusterFS-as-a-QEMU-block-backend.patch [bz#848070] - kvm-configure-Add-a-config-option-for-GlusterFS-as-block.patch [bz#848070] - kvm-qcow2-Simplify-image-creation.patch [bz#848070] - kvm-block-Produce-zeros-when-protocols-reading-beyond-en.patch [bz#848070] - kvm-block-vdi-Fix-wrong-size-in-conditionally-used-memse.patch [bz#848070] - kvm-qcow2-Remove-old-image-creation-function.patch [bz#848070] - kvm-gluster-Add-image-resize-support.patch [bz#848070] - kvm-vdi-don-t-override-libuuid-symbols.patch [bz#848070] - kvm-gluster-Return-bdrv_has_zero_init-0.patch [bz#848070] - kvm-qcow2-Really-use-cache-unsafe-for-image-creation.patch [bz#848070] - kvm-gluster-Handle-BDRV_O_CACHE_WB-in-gluster-driver.patch [bz#848070] - Resolves: bz#848070 ([RHEL 6.5] Add glusterfs support to qemu) - Resolves: bz#888297 (qemu-ga should be enabled right after installation) - Resolves: bz#903429 ([Fujitsu 6.5 FEAT]: QEMU: Add tracepoints in live migration processing.) [qemu-kvm-0.12.1.2-2.390.el6] - Disable qemu-guest-agent for Win32 build [bz#996580] - kvm-Do-not-quit-QEMU-if-cpu-set-is-called-in-non-ACPI-mo.patch [bz#990237] - kvm-acl-Fix-acl_remove-not-to-mess-up-the-ACL.patch [bz#889255] - kvm-acl-acl_add-can-t-insert-before-last-list-element-fi.patch [bz#970516] - kvm-hw-misc-don-t-create-pvpanic-device-by-default.patch [bz#991100] - kvm-hw-misc-make-pvpanic-known-to-user.patch [bz#991100] - Resolves: bz#889255 (Monitor command acl_remove messes up the ACL) - Resolves: bz#970516 (Monitor command acl_add can't insert before last list element) - Resolves: bz#990237 (qemu-kvm exits when hotplugging a cpu with --no-acpi) - Resolves: bz#991100 (pvpanic device triggers guest bugs when present by default) - Resolves: bz#996580 (Remove qemu-ga-win32 from our rpm packages) [qemu-kvm-0.12.1.2-2.389.el6] - kvm-qemu-socket-zero-initialize-SocketAddress.patch [bz#676568] - kvm-qemu-socket-drop-pointless-allocation.patch [bz#676568] - kvm-qemu-char-check-optional-fields-using-has_.patch [bz#676568] - kvm-qemu-char-use-more-specific-error_setg_-variants.patch [bz#676568] - kvm-qemu-char-print-notification-to-stderr.patch [bz#676568] - kvm-qemu-char-fix-documentation-for-telnet-wait-socket-f.patch [bz#676568] - kvm-qemu-char-don-t-leak-opts-on-error.patch [bz#676568] - kvm-qemu-char-use-ChardevBackendKind-in-CharDriver.patch [bz#676568] - kvm-qemu-char-minor-mux-chardev-fixes.patch [bz#676568] - kvm-qemu-char-add-chardev-mux-support.patch [bz#676568] - kvm-qemu-char-report-udp-backend-errors.patch [bz#676568] - kvm-qemu-socket-don-t-leak-opts-on-error.patch [bz#676568] - kvm-block-Allow-IO-throttling-fields-in-__com.redhat_dri.patch [bz#987745] - kvm-qemu-add-castagnoli-crc32c-checksum-algorithm.patch [bz#963420] - kvm-block-vhdx-header-for-the-QEMU-support-of-VHDX-image.patch [bz#963420] - kvm-block-initial-VHDX-driver-support-framework-supports.patch [bz#963420] - kvm-block-add-read-only-support-to-VHDX-image-format.patch [bz#963420] - Resolves: bz#676568 (RFE: support hotplugging chardev & virtio-serial ports) - Resolves: bz#963420 ([RHEL-6.5] Backport support for vhd(x) image format) - Resolves: bz#987745 (fail to do hotplug with qemu i/o throttling including iops,iops_wr,iops_rd,bps,bps_wr,bps_rd inofs) [qemu-kvm-0.12.1.2-2.388.el6] - kvm-vmdk-fix-comment-for-vmdk_co_write_zeroes.patch [bz#994804] - kvm-vmdk-Make-VMDK3Header-and-VmdkGrainMarker-QEMU_PACKE.patch [bz#994804] - kvm-vmdk-byteswap-VMDK4Header.desc_offset-field.patch [bz#994804] - kvm-vmdk-use-unsigned-values-for-on-disk-header-fields.patch [bz#994804] - kvm-vmdk-check-granularity-field-in-opening.patch [bz#994804] - kvm-vmdk-refuse-to-open-higher-version-than-supported.patch [bz#994804] - kvm-vmdk-check-l2-table-size-when-opening.patch [bz#994804] - kvm-vmdk-check-l1-size-before-opening-image.patch [bz#994804] - kvm-vmdk-use-heap-allocation-for-whole_grain.patch [bz#994804] - kvm-vmdk-rename-num_gtes_per_gte-to-num_gtes_per_gt.patch [bz#994804] - kvm-vmdk-Allow-reading-variable-size-descriptor-files.patch [bz#994804] - kvm-qemu-char-Fix-ID-reuse-after-chardev-remove-for-qapi.patch [bz#994891] - kvm-dataplane-refuse-to-start-if-device-is-already-in-us.patch [bz#995530] - Resolves: bz#994804 (qemu-kvm should verify image header fields before opening VMDK) - Resolves: bz#994891 (duplicate chardev reported after chardev-remove) - Resolves: bz#995530 (dataplane: refuse to start if device is already in use) [qemu-kvm-0.12.1.2-2.387.el6] - kvm-Add-spent-time-for-migration.patch [bz#981235] - kvm-migration-print-total-downtime-for-final-phase-of-mi.patch [bz#981235] - kvm-blockdev-reset-werror-rerror-on-drive_del.patch [bz#970159] - kvm-scsi-generic-fix-sign-extension-of-READ-CAPACITY-10-.patch [bz#963151] - Resolves: bz#963151 ([FJ6.4 Bug] Once a guest OS issues READ_CAPACITY(10), it becomes unable to access beyond 2TB on the disk) - Resolves: bz#970159 (qemu-kvm-rhevm [race]: vm pauses with 'block I/O error in device '': No medium found (123)' when hounplug a disk and cannot be resumed) - Resolves: bz#981235 (RFE: Request detail migration statistics output for live migration on RHEL6.5) [qemu-kvm-0.12.1.2-2.386.el6] - kvm-block-fix-initialization-of-IO-limits-for-RHEL.patch [bz#994374] - Resolves: bz#994374 (boot up guest failed, hung in 'booting from hard disk') [qemu-kvm-0.12.1.2-2.385.el6] - kvm-ccid-card-emul-do-not-crash-if-backend-is-not-provid.patch [bz#917860] - kvm-ccid-make-backend_enum_table-static-const-and-adjust.patch [bz#917860] - kvm-ccid-declare-DEFAULT_ATR-table-to-be-static-const.patch [bz#917860] - kvm-libcacard-vscclient-fix-error-paths-for-socket-creat.patch [bz#917860] - kvm-libcacard-Use-format-specifier-u-instead-of-d-for-un.patch [bz#917860] - kvm-Spelling-fixes-in-comments-it-s-its.patch [bz#917860] - kvm-libcacard-Fix-unchecked-strdup-by-converting-to-g_st.patch [bz#917860] - kvm-libcacard-split-vscclient-main-from-socket-reading.patch [bz#917860] - kvm-libcacard-vscclient-to-use-QemuThread-for-portabilit.patch [bz#917860] - kvm-libcacard-teach-vscclient-to-use-GMainLoop-for-porta.patch [bz#917860] - kvm-libcacard-use-system-config-directory-for-nss-db-on-.patch [bz#917860] - kvm-libcacard-remove-sql-prefix.patch [bz#917860] - kvm-libcacard-remove-default-libcoolkey-loading.patch [bz#917860] - kvm-dev-smartcard-reader-nicer-debug-messages.patch [bz#917860] - kvm-hw-usb-dev-smartcard-reader.c-remove-aborts-never-tr.patch [bz#917860] - kvm-hw-usb-dev-smartcard-reader-support-windows-guest.patch [bz#917860] - kvm-libcacard-change-default-ATR.patch [bz#917860] - kvm-hw-ccid-card-passthru.c-add-atr-check.patch [bz#917860] - kvm-ccid-card-passthru-dev-smartcard-reader-add-debug-en.patch [bz#917860] - kvm-usb-ccid-Drop-unused-CCIDCardInfo-callback-print.patch [bz#917860] - kvm-hw-usb-dev-smartcard-reader.c-define-structs-for-CCI.patch [bz#917860] - kvm-dev-smartcard-reader-change-default-protocol-to-T-0.patch [bz#917860] - kvm-dev-smartcard-reader-copy-atr-protocol-to-ccid-param.patch [bz#917860] - kvm-libcacard-vreader-add-debugging-messages-for-apdu.patch [bz#917860] - kvm-dev-smartcard-reader-empty-implementation-for-Mechan.patch [bz#917860] - kvm-libcacard-cac-change-big-switch-functions-to-single-.patch [bz#917860] - kvm-usb-smartcard-reader-Properly-NAK-interrupt-eps-when.patch [bz#917860] - kvm-uhci-Don-t-allow-the-guest-to-set-port-enabled-when-.patch [bz#917860] - kvm-usb-ccid-remote-wakeup-support.patch [bz#917860] - kvm-uhci-egsm-fix.patch [bz#917860] - kvm-virtio-net-dynamic-network-offloads-configuration.patch [bz#990225] - kvm-char-io_channel_send-don-t-lose-written-bytes.patch [bz#985334] - kvm-monitor-maintain-at-most-one-G_IO_OUT-watch.patch [bz#985334] - kvm-register-exit-function-after-starting-timers.patch [bz#843797] - kvm-virtio-properly-validate-address-before-accessing-co.patch [bz#956953] - Resolves: bz#843797 (qemu-kvm core dumps when virtio-net(w/ tx=timer and vhost=on) RHEL.6(w/ msi-x enabled) guest shutting down) - Resolves: bz#917860 (Smartcard emulation with Windows guest fails) - Resolves: bz#956953 (insufficient address validation during config access of virtio device) - Resolves: bz#985334 (query mem info from monitor would cause qemu-kvm hang [RHEL-6.5]) - Resolves: bz#990225 ([RHEV/RHEL] Integrate dynamic offloads into virtio-net device) [qemu-kvm-0.12.1.2-2.384.el6] - kvm-Fix-compilation-of-I-O-throttling.patch [bz#975468] - Resolves: bz#975468 (RFE: Enable qemu IO throttling only in qemu-kvm-rhev) [qemu-kvm-0.12.1.2-2.383.el6] - kvm-virtio-net-properly-check-the-vhost-status-during-st.patch [bz#957319] - kvm-configure-add-option-for-io-throttling-RHEL-6-only.patch [bz#975468] - kvm-Only-enable-IO-throttling-for-RHEV.patch [bz#975468] - kvm-qapi-qapi-commands-fix-possible-leaks-on-visitor-dea.patch [bz#990316] - Resolves: bz#957319 (Guest w/ vhost=on over virtio-net-pci, under hmp, 'set_link off', then migrate, migrate failed, src qemu-kvm process core dumped) - Resolves: bz#975468 (RFE: Enable qemu IO throttling only in qemu-kvm-rhev) - Resolves: bz#990316 (QMP: possible memory leaks on commands failure) [qemu-kvm-0.12.1.2-2.382.el6] - kvm-vmdk-remove-wrong-calculation-of-relative-path.patch [bz#977767] - kvm-Fix-real-mode-guest-migration.patch [bz#888767] - kvm-Fix-real-mode-guest-segments-dpl-value-in-savevm.patch [bz#888767] - kvm-virtio-scsi-enable-MSI-X-support.patch [bz#987025] - Resolves: bz#888767 ('kvm: unhandled exit 80000021' when migrating to some hosts) - Resolves: bz#977767 (there is wrong backing file specified for making external snapshot with vmdk format disk) - Resolves: bz#987025 (enable MSI-X for virtio-scsi) [qemu-kvm-0.12.1.2-2.381.el6] - kvm-qemu-char-Set-foo_tag-0-when-returning-FALSE-from-ca.patch [bz#676568] - kvm-qapi-generate-correct-enum-names-for-camel-case-enum.patch [bz#676568] - kvm-qapi-don-t-convert-enum-strings-to-lowercase.patch [bz#676568] - kvm-qapi-avoid-reserved-keywords.patch [bz#676568] - kvm-qapi-do-not-protect-enum-values-from-namespace-pollu.patch [bz#676568] - kvm-qapi-add-unix-to-the-set-of-reserved-words.patch [bz#676568] - kvm-qapi-generate-C-types-for-fixed-width-integers.patch [bz#676568] - kvm-qapi-Add-Visitor-interfaces-for-uint-_t-and-int-_t.patch [bz#676568] - kvm-qapi-add-String.patch [bz#676568] - kvm-qapi-add-socket-address-types.patch [bz#676568] - kvm-qmp-add-and-use-q-type-specifier.patch [bz#676568] - kvm-qemu-Add-opt_set_bool-functionality.patch [bz#676568] - kvm-build-add-QAPI-files-to-the-tools.patch [bz#676568] - kvm-qemu-sockets-unix_listen-and-unix_connect-are-portab.patch [bz#676568] - kvm-qemu-sockets-add-nonblocking-connect-for-Unix-socket.patch [bz#676568] - kvm-qemu-sockets-include-strerror-or-gai_strerror-output.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-inet_connect_a.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-inet_dgram_opt.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-inet_parse.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-Unix-socket-fu.patch [bz#676568] - kvm-qemu-ga-drop-temporary-extra-check-for-unix_listen-r.patch [bz#676568] - kvm-qemu-sockets-return-InetSocketAddress-from-inet_pars.patch [bz#676568] - kvm-qemu-sockets-add-socket_listen-socket_connect-socket.patch [bz#676568] - kvm-qemu-sockets-Fix-parsing-of-the-inet-option-to.patch [bz#676568] - kvm-qemu-socket-set-passed-fd-non-blocking-in-socket_con.patch [bz#676568] - kvm-qemu-char-ask-and-print-error-information-from-qemu-.patch [bz#676568] - kvm-vnc-avoid-Yoda-conditionals.patch [bz#676568] - kvm-vnc-introduce-a-single-label-for-error-returns.patch [bz#676568] - kvm-vnc-add-error-propagation-to-vnc_display_open.patch [bz#676568] - kvm-chardev-add-error-reporting-for-qemu_chr_new_from_op.patch [bz#676568] - kvm-chardev-fix-QemuOpts-lifecycle.patch [bz#676568] - kvm-chardev-reduce-chardev-ifdef-mess-a-bit.patch [bz#676568] - kvm-chardev-add-qmp-hotplug-commands-with-null-chardev-s.patch [bz#676568] - kvm-chardev-add-file-chardev-support-to-chardev-add-qmp.patch [bz#676568] - kvm-chardev-add-serial-chardev-support-to-chardev-add-qm.patch [bz#676568] - kvm-chardev-add-parallel-chardev-support-to-chardev-add-.patch [bz#676568] - kvm-chardev-add-socket-chardev-support-to-chardev-add-qm.patch [bz#676568] - kvm-chardev-add-pty-chardev-support-to-chardev-add-qmp.patch [bz#676568] - kvm-qemu-char-Avoid-unused-variable-warning-in-some-conf.patch [bz#676568] - kvm-qapi-Flatten-away-ChardevPort.patch [bz#676568] - kvm-qemu-char-make-char-drivers-dynamically-registerable.patch [bz#676568] - kvm-qemu-char-move-spice-registration-to-spice-qemu-char.patch [bz#676568] - kvm-qemu-char-move-baum-registration-to-baum.c.patch [bz#676568] - kvm-qemu-char-move-msmouse-registeration-to-msmouse.c.patch [bz#676568] - kvm-qemu-char-move-text-console-init-to-console.c.patch [bz#676568] - kvm-qemu-char.c-fix-waiting-for-telnet-connection-messag.patch [bz#676568] - kvm-chardev-add-support-for-qapi-based-chardev-initializ.patch [bz#676568] - kvm-chardev-add-mux-chardev-support-to-qapi.patch [bz#676568] - kvm-chardev-switch-null-init-to-qapi.patch [bz#676568] - kvm-chardev-add-msmouse-support-to-qapi.patch [bz#676568] - kvm-chardev-add-braille-support-to-qapi.patch [bz#676568] - kvm-chardev-switch-file-init-to-qapi.patch [bz#676568] - kvm-chardev-add-stdio-support-to-qapi.patch [bz#676568] - kvm-chardev-switch-serial-tty-init-to-qapi.patch [bz#676568] - kvm-chardev-switch-parallel-init-to-qapi.patch [bz#676568] - kvm-chardev-switch-pty-init-to-qapi.patch [bz#676568] - kvm-chardev-add-console-support-to-qapi.patch [bz#676568] - kvm-chardev-add-pipe-support-to-qapi.patch [bz#676568] - kvm-chardev-add-spice-support-to-qapi.patch [bz#676568] - kvm-create-TextConsole-together-with-the-CharDeviceState.patch [bz#676568] - kvm-remove-text_console_opts.patch [bz#676568] - kvm-chardev-add-vc-support-to-qapi.patch [bz#676568] - kvm-chardev-add-memory-ringbuf-support-to-qapi.patch [bz#676568] - kvm-chardev-add-udp-support-to-qapi.patch [bz#676568] - kvm-chardev-fix-info-chardev-output.patch [bz#676568] - Resolves: bz#676568 (RFE: support hotplugging chardev & virtio-serial ports) [qemu-kvm-0.12.1.2-2.380.el6] - kvm-kvmclock-clock-should-count-only-if-vm-is-running.patch [bz#903454] - kvm-spice-Add-spice-disable-agent-file-transfer-cmdline-.patch [bz#961850] - Update spice-server requirement [bz#961850] - Resolves: bz#903454 (kvm guest crash after long stop/cont cycle) - Resolves: bz#961850 (RFE: add -spice disable-agent-file-transfer cmdline option) [qemu-kvm-0.12.1.2-2.379.el6] - kvm-block-add-the-blockio-limits-command-line-support.patch [bz#956825] - kvm-CoQueue-introduce-qemu_co_queue_wait_insert_head.patch [bz#956825] - kvm-block-add-I-O-throttling-algorithm.patch [bz#956825] - kvm-hmp-qmp-add-block_set_io_throttle.patch [bz#956825] - kvm-block-disable-I-O-throttling-on-sync-api.patch [bz#956825] - kvm-block-add-the-support-to-drain-throttled-requests.patch [bz#956825] - kvm-block-Factor-bdrv_read_unthrottled-out-of-guess_disk.patch [bz#956825] - kvm-block-fix-initialization-in-bdrv_io_limits_enable.patch [bz#956825] - kvm-qapi-Introduce-blockdev-group-snapshot-sync-comman2.patch [bz#956825] - kvm-block-fix-I-O-throttling-accounting-blind-spot.patch [bz#956825] - kvm-block-keep-I-O-throttling-slice-time-constant.patch [bz#956825] - kvm-block-drop-duplicated-slice-extension-code.patch [bz#956825] - kvm-block-clean-up-I-O-throttling-wait_time-code.patch [bz#956825] - kvm-ide-convert-ide_sector_read-to-asynchronous-I-O.patch [bz#956825] - kvm-ide-convert-ide_sector_write-to-asynchronous-I-O.patch [bz#956825] - kvm-serial-add-pci-variant.patch [bz#872015] - kvm-serial-fix-error-handling.patch [bz#872015] - kvm-qapi-shortcut-visits-on-errors.patch [bz#983635] - kvm-qapi-allow-freeing-partially-allocated-objects.patch [bz#983635] - kvm-qapi-untangle-next_list.patch [bz#983635] - kvm-qapi-fix-error-propagation.patch [bz#983635] - Resolves: bz#872015 (A Windows VM can only see 2 of 4 assigned COM ports (Serial Devices)) - Resolves: bz#956825 (Backport IO throttling into RHEL 6.x KVM) - Resolves: bz#983635 (QMP: bad input crashes QEMU) - Resolves: bz#977760 (fail to boot guest attaching with vmdk format data disk(virito/virtio-scsi interface)) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4344 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.8.10-4.0.1.el6] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.8.10-4] - fix memory leak when reassemblying a packet - Related: #711024 [1.8.10-3] - fix config.h conflict - Related: #711024 [1.8.10-2] - do not configure with setcap-install - Related: #711024 [1.8.10-1] - upgrade to 1.8.10 - see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html - Related: #711024 [1.8.8-10] - fix consolehelper path for dumpcap - Related: #711024 [1.8.8-9] - fix dumpcap group - Related: #711024 [1.8.8-8] - fix tshark output streams and formatting for -L, -D - Resolves: #1004636 [1.8.8-7] - fix double free in wiretap/netmon.c - Related: #711024 [1.8.8-6] - security patches - Resolves: CVE-2013-4927 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-3557 [1.8.8-5] - fix desktop file - Related: #711024 [1.8.8-4] - fix tap-iostat buffer overflow - fix dcom string overrun - fix sctp bytes graph crash - fix airpcap dialog crash - Related: #711024 [1.8.8-3] - fix dumpcap privileges to 755 - Related: #711024 [1.8.8-2] - new sources - Related: #711024 [1.8.8-1] - upgrade to 1.8.8 - see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html - Resolves: #711024 - Resolves: #858976 - Resolves: #699636 - Resolves: #750712 - Resolves: #832021 - Resolves: #889346 - Resolves: #659661 - Resolves: #715560 [1.2.15-3] - security patches - Resolves: CVE-2011-1143 CVE-2011-1590 CVE-2011-1957 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-1958 CVE-2011-2597 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0066 CVE-2012-0067 CVE-2012-0042 CVE-2012-1595 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5599 CVE-2013-4083 CVE-2013-4927 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-5598 CVE-2012-5600 CVE-2012-6061 CVE-2012-6062 CVE-2013-3557 CVE-2013-4081 CVE-2013-4932 CVE-2012-2392 CVE-2012-3825 CVE-2012-4285 CVE-2012-4292 CVE-2012-5595 CVE-2012-5597 CVE-2012-6056 CVE-2012-6060 CVE-2013-3561 CVE-2013-5721 CVE-2012-4288 CVE-2012-6059 CVE-2013-3559 CVE-2013-4931 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.6.6-51] - Fixed memory leak in _ssl._get_peer_alt_names Resolves: rhbz#1002983 [2.6.6-50] - Added fix for CVE-2013-4238 Resolves: rhbz#998784 [2.6.6-49] - Fix shebangs in several files in python-tools subpackage Resolves: rhbz#521898 [2.6.6-48] - Fix sqlite3.Cursor.lastrowid under a Turkish locale. Resolves: rhbz#841937 [2.6.6-47] - Urlparse now parses query and fragment of urls for any scheme. Resolves: rhbz#978129 [2.6.6-46] - Add wrapper for select.select to restart a system call Resolves: rhbz#948025 [2.6.6-45] - Add try-except to catch OSError in WatchedFileHandler Resolves: rhbz#919163 [2.6.6-44] - Fix urandom to throw proper exception Resolves: rhbz#893034 [2.6.6-43] - Backport of collections.OrderedDict from Python 2.7 Resolves: rhbz#929258 [2.6.6-42] - Add an explicit RPATH to _elementtree.so pointing at the directory containing system expat Resolves: rhbz#962779 [2.6.6-41] - Don't let failed incoming SSL connection stay open forever Resolves: rhbz#960168 [2.6.6-40] - Fix Python not reading Alternative Subject Names from some SSL certificates Resolves: rhbz#928390 [2.6.6-39] - Remove BOM insertion code from SysLogHandler that causes messages to be treated as EMERG level Resolves: rhbz#845802 [2.6.6-38] - move most of the payload of the core package to the libs subpackage, given that the libs aren't meaningfully usable without the standard libraries - preserve timestamps when fixing shebangs (patch 158) and when installing, to minimize .pyc/.pyo differences across architectures (due to the embedded mtime in .pyc/.pyo headers) - fix multilib issue in /usr/bin/modulator and /usr/bin/pynche Related: rhbz#958256 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4238 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [5.3p1-94] - use dracut-fips package to determine if a FIPS module is installed (#1001565) [5.3p1-93] - use dist tag in suffixes for hmac checksum files (#1001565) [5.3p1-92] - use hmac_suffix for ssh{,d} hmac checksums (#1001565) [5.3p1-91] - fix NSS keys support (#1004763) [5.3p1-90] - change default value of MaxStartups - CVE-2010-5107 - #908707 - add -fips subpackages that contains the FIPS module files (#1001565) [5.3p1-89] - don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835) [5.3p1-88] - do ssh_gssapi_krb5_storecreds() twice - before and after pam sesssion (#974096) [5.3p1-87] - bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A (#993577) - fixed an issue with broken 'ssh -I pkcs11' (#908038) - abort non-subsystem sessions to forced internal sftp-server (#993509) - reverted 'store krb5 credentials after a pam session is created (#974096)' [5.3p1-86] - Add support for certificate key types for users and hosts (#906872) - Apply RFC3454 stringprep to banners when possible (#955792) [5.3p1-85] - fix chroot logging issue (#872169) - change the bad key permissions error message (#880575) - fix a race condition in ssh-agent (#896561) - backport support for PKCS11 from openssh-5.4p1 (#908038) - add a KexAlgorithms knob to the client and server configuration (#951704) - fix parsing logic of ldap.conf file (#954094) - Add HMAC-SHA2 algorithm support (#969565) - store krb5 credentials after a pam session is created (#974096) LOW Copyright 2013 Oracle, Inc. CVE-2010-5107 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.12-1.132] - Revert the addition of gettimeofday vDSO function for ppc and ppc64 until OPD VDSO function call issues are resolved (#1026533). [2.12-1.131] - Call gethostbyname4_r only for PF_UNSPEC (#1022022). [2.12-1.130] - Fix integer overflows in *valloc and memalign. (#1008310). [2.12-1.129] - Initialize res_hconf in nscd (#970090). [2.12-1.128] - Update previous patch for dcigettext.c and loadmsgcat.c (#834386). [2.12-1.127] - Save search paths before performing relro protection (#988931). [2.12-1.126] - Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for slowpow (#905575). [2.12-1.125] - Align value of stacksize in nptl-init (#663641). [2.12-1.124] - Renamed release engineering directory from 'fedora' to `releng' (#903754). [2.12-1.123] - Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc (#929302). - Fall back to local DNS if resolv.conf does not define nameservers (#928318). - Add systemtap probes to slowexp and slowpow (#905575). [2.12-1.122] - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951213). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951213). [2.12-1.121] - Add netgroup cache support for nscd (#629823). [2.12-1.120] - Fix multiple nss_compat initgroups() bugs (#966778). - Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384). [2.12-1.119] - Add MAP_HUGETLB and MAP_STACK support (#916986). - Update translation for stale file handle error (#970776). [2.12-1.118] - Improve performance of _SC_NPROCESSORS_ONLN (#rh952422). - Fix up _init in pt-initfini to accept arguments (#663641). [2.12-1.117] - Set reasonable limits on xdr requests to prevent memory leaks (#848748). [2.12-1.116] - Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars (#552960). - New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size (#663641). [2.12-1.115] - Improved handling of recursive calls in backtrace (#868808). [2.12-1.114] - The ttyname and ttyname_r functions on Linux now fall back to searching for the tty file descriptor in /dev/pts or /dev if /proc is not available. This allows creation of chroots without the procfs mounted on /proc. (#851470) [2.12-1.113] - Don't free rpath strings allocated during startup until after ld.so is re-relocated. (#862094) [2.12-1.112] - Consistantly MANGLE/DEMANGLE function pointers. Fix use after free in dcigettext.c (#834386). [2.12-1.111] - Change rounding mode only when necessary (#966775). [2.12-1.110] - Backport of code to allow incremental loading of library list (#886968). [2.12-1.109] - Fix loading of audit libraries when TLS is in use (#919562) [2.12-1.108] - Fix application of SIMD FP exception mask (#929388). MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1914 CVE-2013-0242 CVE-2013-4332 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [5.3.3-26] - add security fix for CVE-2013-4248 [5.3.3-25] - rename patch to math CVE-2010-3709 name - add security fixes for CVE-2006-7243, CVE-2013-1643 [5.3.3-24] - fix buffer overflow in _pdo_pgsql_error (#969110) - fix double free when destroy_zend_class fails (#910466) - fix segfault in error_handler with allow_call_time_pass_reference = Off (#892158) - fix copy doesn't report failure on partial copy (#947428) - add rpm macros for packagers: %php_inidir, %php_incldir and %__php (#953814) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4248 CVE-2006-7243 CVE-2013-1643 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.13.0-23] - Fix root window damage reports when Xinerama is active (#919165) [1.13.0-22] - Fix Xephyr crashes in 8 and 16 bit mode (#1018405) [1.13.0-21] - Fix Damage reports when Xinerama is active (#919165) [1.13.0-20] - Fix broken Xorg -configure (#1016854) - CVE-2013-1940: Fix xf86FlushInput() to drain evdev events too (#950438) - CVE-2013-4396: Fix use-after free in ImageText requests (#1014561) [1.13.0-19] - Fix bad mouse offset when crossing Xephyr screens (#991077) - Fix doubling of mouse coords in multi-screen setups (#1004241) [1.13.0-18] - Fix freeze if a proximity event is sent after a SyncPointer (#999965) [1.13.0-17] - Fix crash at startup when using a font server (#795858) [1.13.0-16] - Conflict with older synaptics drivers to avoid bad scaling (#893808) [1.13.0-15] - Fix uneven pointer motion for absolute devices in relative mode (#893808) [1.13.0-14] - Restore Xephyr resizability (#915202) [1.13.0-13] - Enable XC-SECURITY (#957298) [1.13.0-12] - Restore GLX in Xvfb (#969538) LOW Copyright 2013 Oracle, Inc. CVE-2013-1940 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.1.10-14] - Log: crmd: Supply arguments in the correct order Resolves: rhbz#996850 - Fix: Invalid formatting of log message causes crash Resolves: rhbz#996850 [1.1.10-13] - Fix: cman: Start clvmd and friends from the init script if enabled [1.1.10-12] - Fix: Consistently use 'Slave' as the role for unpromoted master/slave resources Resolves: rhbz#1011618 - Fix: pengine: Location constraints with role=Started should prevent masters from running at all Resolves: rhbz#902407 - Fix: crm_resource: Observe --master modifier for --move Resolves: rhbz#902407 [1.1.10-11] + Fix: cman: Do not start pacemaker if cman startup fails + Fix: Fencing: Observe pcmk_host_list during automatic unfencing Resolves: rhbz#996850 [1.1.10-10] - Remove unsupported resource agent Resolves: rhbz#1005678 - Provide a meaningful error if --master is used for primitives and groups [1.1.10-9] + Fix: xml: Location constraints are allowed to specify a role + Bug rhbz#902407 - crm_resource: Handle --ban for master/slave resources as advertised Resolves: rhbz#902407 [1.1.10-8] + Fix: mcp: Remove LSB hints that instruct chkconfig to start pacemaker at boot time Resolves: rhbz#997346 [1.1.10-7] + Fencing: Support agents that need the host to be unfenced at startup Resolves: rhbz#996850 + Fix: crm_report: Collect corosync quorum data Resolves: rhbz#989292 [1.1.10-6] - Regenerate patches to have meaningful names [1.1.10-5] + Fix: systemd: Prevent glib assertion - only call g_error_free with non-NULL arguments + Fix: systemd: Prevent additional use-of-NULL assertions in g_error_free + Fix: logging: glib CRIT messages should not produce core files in the background + Fix: crmd: Correcty update the history cache when recurring ops change their return code + Log: crm_mon: Unmangle the output for failed operations + Log: cib: Correctly log short-form xml diffs + Log: pengine: Better indicate when a resource has failed [1.1.10-4] + Fix: crmd: Prevent crash by passing log arguments in the correct order + Fix: pengine: Do not re-allocate clone instances that are blocked in the Stopped state + Fix: pengine: Do not allow colocation with blocked clone instances [1.1.10-3] + Fix: pengine: Do not restart resources that depend on unmanaged resources + Fix: crmd: Prevent recurring monitors being cancelled due to notify operations [1.1.10-2] - Drop rgmanager 'provides' directive [1.1.10-1] - Update source tarball to revision: Pacemaker-1.1.10 - See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details - Resolves: rhbz#891766 - Resolves: rhbz#902407 - Resolves: rhbz#908450 - Resolves: rhbz#913093 - Resolves: rhbz#951340 - Resolves: rhbz#951371 - Related: rhbz#987355 LOW Copyright 2013 Oracle, Inc. CVE-2013-0281 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.6.32-431] - [md] Disabling of TRIM on RAID5 for RHEL6.5 was too aggressive (Jes Sorensen) [1028426] [2.6.32-430] - [x86] Revert 'efi: be more paranoid about available space when creating variables' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efivars: firmware bug workarounds should be in platform code' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Export efi_query_variable_store() for efivars.ko' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Check max_size only if it is non-zero' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Distinguish between 'remaining space' and actually used space' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Implement efi_no_storage_paranoia parameter' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'Modify UEFI anti-bricking code' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Fix dummy variable buffer allocation' (Rafael Aquini) [1012370 1023173] [2.6.32-429] - [fs] revert xfs: prevent deadlock trying to cover an active log (Eric Sandeen) [1014867] [2.6.32-428] - [fs] Revert 'vfs: allow umount to handle mountpoints without revalidating them' (Rafael Aquini) [1024607] - [fs] Revert 'vfs: massage umount_lookup_last() a bit to reduce nesting' (Rafael Aquini) [1024607] - [fs] Revert 'vfs: rename user_path_umountat() to user_path_mountpoint_at()' (Rafael Aquini) [1024607] - [fs] Revert 'vfs: introduce kern_path_mountpoint()' (Rafael Aquini) [1024607] - [fs] Revert 'autofs4: fix device ioctl mount lookup' (Rafael Aquini) [1024607] [2.6.32-427] - [tools] perf: Add ref-cycles into array of tested events (Jiri Olsa) [968806] - [pci] Revert 'make SRIOV resources optional' (Myron Stowe) [1022270] - [pci] Revert 'ability to relocate assigned pci-resources' (Myron Stowe) [1022270] - [pci] Revert 'honor child buses add_size in hot plug configuration' (Myron Stowe) [1022270] - [pci] Revert 'make cardbus-bridge resources optional' (Myron Stowe) [1022270] - [pci] Revert 'code and comments cleanup' (Myron Stowe) [1022270] - [pci] Revert 'make re-allocation try harder by reassigning ranges higher in the heirarchy' (Myron Stowe) [1022270] - [pci] Revert 'Calculate right add_size' (Myron Stowe) [1022270] [2.6.32-426] - [block] loop: unplug_fn only when backing file is attached (Lukas Czerner) [1022997] - [fs] ext4: Remove warning from ext4_da_update_reserve_space() (Lukas Czerner) [1011876] - [kernel] async: Revert MAX_THREADS to 256 (Neil Horman) [1021705] - [net] ipv6: restrict neighbor entry creation to output flow (Jiri Pirko) [997103] - [net] ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Jiri Pirko) [1011930] {CVE-2013-4387} - [net] ipv4: blackhole route should always be recalculated (Herbert Xu) [1010347] - [net] unix: revert/fix race in stream sockets with SOCK_PASS* flags (Daniel Borkmann) [1019343] - [net] Loosen constraints for recalculating checksum in skb_segment() (Vlad Yasevich) [1020298] - [drm] nouveau: fix vblank deadlock (Rob Clark) [1013388] - [usb] xhci: refactor EHCI/xHCI port switching (Don Zickus) [970715] - [fs] compat_ioctl: VIDEO_SET_SPU_PALETTE missing error check (Phillip Lougher) [949573] {CVE-2013-1928} - [fs] vfs: fix d_mountpoint() (Ian Kent) [1011337] - [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [999708] - [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [999708] - [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [999708] - [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [999708] - [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [999708] - [fs] nfs: Remove the 'FIFO' behaviour for nfs41_setup_sequence (Steve Dickson) [1022257] - [fs] nfs: Record the OPEN create mode used in the nfs4_opendata structure (Steve Dickson) [1019439] - [fs] nfs: Simulate the change attribute (Steve Dickson) [1018653] - [scsi] megaraid_sas: Fix synchronization problem between sysPD IO path and AEN path (Tomas Henzl) [1019811] [2.6.32-425] - [md] dm-snapshot: fix data corruption (Mikulas Patocka) [974481] {CVE-2013-4299} - [watchdog] iTCO_wdt: add platform driver module alias (Neil Horman) [1019497] - [hda] alsa: disable 44.1kHz rate for Haswell HDMI/DP audio (Jaroslav Kysela) [831970] - [x86] Update UV3 hub revision ID (George Beshers) [1018962] - [fs] xfs: Don't reference the EFI after it is freed (Eric Sandeen) [1018469] - [security] keys: Fix a race between negating a key and reading the error set (Dave Wysochanski) [890231] - [fs] nfsv4: Ensure memory ordering between nfs4_ds_connect and nfs4_fl_prepare_ds (Jeff Layton) [1012439] - [fs] nfsv4: nfs4_fl_prepare_ds - fix bugs when the connect attempt fails (Jeff Layton) [1012439] - [md] Disable TRIM on RAID5 for RHEL 6.5 (Jes Sorensen) [837097] - [md] raid5: BIO_RW_SYNCIO is a bit number, not a bitmask (Jes Sorensen) [837097] - [virt] hyperv: framebuffer pci stub (Gerd Hoffmann) [1013335] - [netdrv] bnx2x: add missing enum channel_tlvs definitions (Michal Schmidt) [1015137] - [netdrv] bnx2x: KR2 disablement fix (Michal Schmidt) [1015137] - [netdrv] bnx2x: Specific Active-DAC is not detected on 57810 (Michal Schmidt) [1015137] - [netdrv] bnx2x: Generalize KR work-around (Michal Schmidt) [1015137] - [usb] usbnet: use ethd name for known ethernet devices (Don Zickus) [1014224] - [usb] cdc_ether: use ethd name for known ethernet devices (Don Zickus) [1014224] - [mm] Revert 'Find_early_table_space based on ranges that are actually being mapped' (Rafael Aquini) - [mm] Revert 'Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping' (Rafael Aquini) - [mm] Revert 'Group e820 entries together and add map_individual_e820 boot option' (Rafael Aquini) - [net] bridge: update mdb expiration timer upon reports (Vlad Yasevich) [1013816] - [net] veth: Remove NETIF_F_HW_VLAN_RX capability (Thomas Graf) [1018158] - [net] gre/vxlan: handle 802.1Q inner header properly (Thomas Graf) [997632] - [net] disable the new NAPI weight error message for RHEL 6.5 (Michal Schmidt) [1012090] - [scsi] sd: Fix parsing of 'temporary ' cache mode prefix (Ewan Milne) [955441] - [scsi] sd: fix array cache flushing bug causing performance problems (Ewan Milne) [955441] - [scsi] bfa: firmware update to 3.2.1.1 (Rob Evers) [1002770] - [netdrv] bna: firmware update to 3.2.1.1 (Ivan Vecera) [1002771] [2.6.32-424] - [block] loop: fix crash when using unassigned loop device (Mike Snitzer) [989795] - [fs] xfs: prevent deadlock trying to cover an active log (Dave Chinner) [1014867] - [x86] microcode: Fix patch level reporting for AMD family 15h (Prarit Bhargava) [1014401] - [hda] alsa: enable switcheroo code in the snd-hda-intel driver (Jaroslav Kysela) [1013993] - [x86] reboot: Fix a warning message triggered by stop_other_cpus() (Jerome Marchand) [840710] - [kernel] async: Bump up the MAX_THREADS count for the async subsystem (Neil Horman) [1010666] - [pci] Calculate right add_size (Myron Stowe) [997672] - [netdrv] iwlwifi: pcie: add SKUs for 6000, 6005 and 6235 series (Stanislaw Gruszka) [1013951] - [netdrv] iwlwifi: pcie: add new SKUs for 7000 & 3160 NIC series (Stanislaw Gruszka) [1013951] - [netdrv] iwlwifi: enable shadow registers for 7000 (Stanislaw Gruszka) [1013951] - [netdrv] iwlwifi: add new 7260 and 3160 series device IDs (Stanislaw Gruszka) [1013951] - [netdrv] be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd (Ivan Vecera) [1014360] - [netdrv] be2net: call ENABLE_VF cmd for Skyhawk-R too (Ivan Vecera) [1014360] - [netdrv] be2net: Fix to prevent Tx stall on SH-R when packet size < 32 (Ivan Vecera) [1014360] - [scsi] pm8001: Queue rotation logic for inbound and outbound queues (Rich Bono) [1013771] - [scsi] lpfc: Update lpfc version for 8.3.7.21.4p driver release (Rob Evers) [1004841] - [scsi] lpfc: Fixed spinlock hang (Rob Evers) [1004841] - [scsi] lpfc: Fixed spinlock inversion problem (Rob Evers) [1004841] - [scsi] lpfc: Fixed inconsistent spin lock useage (Rob Evers) [1004841] - [scsi] qla2xxx: Update version number to 8.05.00.03.06.5-k2 (Chad Dupuis) [912652] - [scsi] qla2xxx: Fix request queue null dereference (Chad Dupuis) [912652] - [net] tcp: TSQ can use a dynamic limit (Jiri Pirko) [996802] - [net] tcp: TSO packets automatic sizing (Jiri Pirko) [996802] - [net] tcp: Apply device TSO segment limit earlier (Jiri Pirko) [996802] - [net] Allow driver to limit number of GSO segments per skb (Jiri Pirko) [996802] - [net] cleanups in RX queue allocation (Ivan Vecera) [1012388] - [net] Update kernel-doc for netif_set_real_num_rx_queues() (Ivan Vecera) [1012388] - [net] netif_set_real_num_rx_queues may cap num_rx_queues at init time (Ivan Vecera) [1012388] [2.6.32-423] - [kvm] pmu: add proper support for fixed counter 2 (Gleb Natapov) [1000956] - [kvm] vmx: do not check bit 12 of EPT violation exit qualification when undefined (Gleb Natapov) [1006139] - [kvm] vmx: set 'blocked by NMI' flag if EPT violation happens during IRET from NMI (Gleb Natapov) [1006139] - [edac] Fix workqueue-related crashes (Aristeu Rozanski) [831127] - [edac] amd64_edac: Fix driver module removal (Aristeu Rozanski) [831127] - [md] raid5: BIO flags adjust (Jes Sorensen) [837097] - [md] Fix skipping recovery for read-only arrays (Jes Sorensen) [1014102] - [kernel] audit: fix mq_open and mq_unlink to add the MQ root as a hidden parent audit_names record (Richard Guy Briggs) [1009386] - [kernel] audit: log the audit_names record type (Richard Guy Briggs) [1009386] - [kernel] audit: add child record before the create to handle case where create fails (Richard Guy Briggs) [1009386] - [kernel] audit: format user messages to size of MAX_AUDIT_MESSAGE_LENGTH (Richard Guy Briggs) [1007069] - [netdrv] tg3: Expand led off fix to include 5720 (Ivan Vecera) [991498] - [netdrv] tg3: Don't turn off led on 5719 serdes port 0 (Ivan Vecera) [991498] - [netdrv] tg3: Don't turn off led on 5719 serdes port 0 (Ivan Vecera) [991498] - [netdrv] tg3: Fix UDP fragments treated as RMCP (Ivan Vecera) [991498] - [netdrv] tg3: Remove incorrect switch to aux power (Ivan Vecera) [991498] - [i2c] ismt: initialize DMA buffer (Neil Horman) [1014753] - [scsi] libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (Neil Horman) [1014864] - [fs] gfs2: Fix race in iteration of glocks for unfreeze/umount (Abhijith Das) [999909] - [fs] gfs2: dirty inode correctly in gfs2_write_end (Benjamin Marzinski) [991596] - [x86] Mark Intel Atom Avoton processor as supported (Prarit Bhargava) [914842] - [mm] vmscan: fix zone shrinking exit when scan work is done (David Gibson) [985155] - [block] free bios when failing blk_execute_rq_nowait calls (Jeff Moyer) [1009312] - [netdrv] be2net: fix disabling TX in be_close() (Ivan Vecera) [951271] - [crypto] Fix race condition in larval lookup (Herbert Xu) [916361] [2.6.32-422] - [fs] fuse: drop dentry on failed revalidate (Brian Foster) [924014] - [fs] fuse: clean up return in fuse_dentry_revalidate() (Brian Foster) [924014] - [fs] fuse: use d_materialise_unique() (Brian Foster) [924014] - [mm] Group e820 entries together and add map_individual_e820 boot option (Larry Woodman) [876275] - [mm] Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping (Larry Woodman) [876275] - [mm] Find_early_table_space based on ranges that are actually being mapped (Larry Woodman) [876275] - [hid] pantherlord: heap overflow flaw (Radomir Vrbovsky) [1000435] {CVE-2013-2892} - [virt] hv: Correctly support ws2008R2 and earlier (Jason Wang) [1007341] - [powerpc] iommu: Use GFP_KERNEL instead of GFP_ATOMIC in iommu_init_table() (Steve Best) [1012666] - [powerpc] Add isync to copy_and_flush (Steve Best) [1014475] - [block] rsxx: Kernel Panic caused by mapping Discards (Steve Best) [1013728] - [kernel] audit: avoid soft lockup due to audit_log_start() incorrect loop termination (Richard Guy Briggs) [990806] - [fs] nfsv4: Remove the BUG_ON() from nfs4_get_lease_time_prepare() (Steve Dickson) [1012688] - [netdrv] bnx2x: fix loss of VLAN priority information in received TPA-aggregated packets (Michal Schmidt) [1014694] - [fs] gfs2: garbage quota usage reported due to uninitialized inode during creation (Abhijith Das) [1008947] - [fs] nfs: fix filelayout_commit_call_ops (Scott Mayhew) [1012479] - [netdrv] igb: fix driver reload with VF assigned to guest (Stefan Assmann) [985733] - [md] Fix bio flags for md raid5 (Jes Sorensen) [837097] - [md] Fix bio flags for md raid10 (Jes Sorensen) [837097] - [scsi] qla4xxx: 5.03.00.00.06.05-k3 (Chad Dupuis) [1011476] - [scsi] qla4xxx: Support setting of local CHAP index for flash target entry (Chad Dupuis) [1011476] - [scsi] qla4xxx: Correct the check for local CHAP entry type (Chad Dupuis) [1011476] - [scsi] lpfc: Update lpfc version for 8.3.7.21.3p driver release (Rob Evers) [1012961] - [scsi] lpfc: Fixed function mode field defined too small for not recognizing dual-chute mode (Rob Evers) [1012961] - [net] Revert 'net: more accurate skb truesize' (Francesco Fusco) [889181] - [net] fix multiqueue selection (Michal Schmidt) [1011939] [2.6.32-421] - [scsi] bnx2fc: Bump version from 1.0.14 to 2.4.1 (Tomas Henzl) [1008733] - [scsi] bnx2fc: hung task timeout warning observed when rmmod bnx2x with active FCoE targets (Tomas Henzl) [1008733] - [scsi] bnx2fc: Fixed a SCSI CMD cmpl race condition between ABTS and CLEANUP (Tomas Henzl) [1008733] - [scsi] cnic: Fix crash in, cnic_bnx2x_service_kcq() (Tomas Henzl) [1004554] - [hid] zeroplus: validate output report details (Frantisek Hrbata) [999906] {CVE-2013-2889} - [hid] provide a helper for validating hid reports (Frantisek Hrbata) [999906] {CVE-2013-2889} - [netdrv] sfc: Add SIOCEFX:EFX_MCDI_REQUEST ioctl to workaround MTD limits (Nikolay Aleksandrov) [1008705] - [netdrv] sfc: deny changing of unsupported flags (Nikolay Aleksandrov) [1010840] - [kernel] __ptrace_may_access() should not deny sub-threads (Oleg Nesterov) [927360] - [tools] perf: Make kmem work for non numa machines (Jiri Olsa) [984788] - [powerpc] Bring all threads online prior to migration/hibernation (Steve Best) [1010528] - [kvm] introduce guest count uevent (Paolo Bonzini) [1004802] - [scsi] iscsi_tcp: consider session state in iscsi_sw_sk_state_check (Chris Leech) [840638] - [crypto] ansi_cprng: Fix off by one error in non-block size request (Neil Horman) [1007694] {CVE-2013-4345} - [infiniband] cache: don't fill the cache with junk (Doug Ledford) [920306] - [usb] core: don't try to reset_device() a port that got just disconnected (Don Zickus) [1000944] - [usb] Fix connected device switch to Inactive state (Don Zickus) [1000944] - [usb] Don't use EHCI port sempahore for USB 3.0 hubs (Don Zickus) [1000944] - [netdrv] macvtap: Ignore tap features when VNET_HDR is off (Vlad Yasevich) [987201] - [netdrv] macvtap: Correctly set tap features when IFF_VNET_HDR is disabled (Vlad Yasevich) [987201] - [netdrv] macvtap: simplify usage of tap_features (Vlad Yasevich) [987201] - [infiniband] mlx4: Use default pkey when creating tunnel QPs (Doug Ledford) [993587] - [infiniband] core: Create QP1 using the pkey index which contains the default pkey (Doug Ledford) [993587] - [infiniband] ipoib: Make sure child devices use valid/proper pkeys (Doug Ledford) [993587] - [infiniband] ipoib: Fix pkey change flow for virtualization environments (Doug Ledford) [993587] - [netdrv] igb: don't deprecate the max_vfs parameter (Stefan Assmann) [1005877] - [netdrv] igb: Read flow control for i350 from correct EEPROM section (Stefan Assmann) [1005877] - [netdrv] igb: Add additional get_phy_id call for i354 devices (Stefan Assmann) [1005877] - [netdrv] igb: Update version number (Stefan Assmann) [1005877] - [netdrv] igb: Implementation to report advertised/supported link on i354 devices (Stefan Assmann) [1005877] - [netdrv] igb: Get speed and duplex for 1G non_copper devices (Stefan Assmann) [1005877] - [netdrv] igb: Support to get 2_5G link status for appropriate media type (Stefan Assmann) [1005877] - [netdrv] igb: No PHPM support in i354 devices (Stefan Assmann) [1005877] - [netdrv] igb: M88E1543 PHY downshift implementation (Stefan Assmann) [1005877] - [netdrv] igb: New PHY_ID for i354 device (Stefan Assmann) [1005877] - [netdrv] igb: Implementation of 1-sec delay for i210 devices (Stefan Assmann) [1005877] - [netdrv] igb: Don't look for a PBA in the iNVM when flashless (Stefan Assmann) [1005877] - [netdrv] igb: Expose RSS indirection table for ethtool (Stefan Assmann) [1005877] - [netdrv] igb: Add macro for size of RETA indirection table (Stefan Assmann) [1005877] - [netdrv] igb: Fix get_fw_version function for all parts (Stefan Assmann) [1005877] - [netdrv] igb: Add device support for flashless SKU of i210 device (Stefan Assmann) [1005877] - [netdrv] igb: Refactor NVM read functions to accommodate devices with no flash (Stefan Assmann) [1005877] - [netdrv] igb: Refactor of init_nvm_params (Stefan Assmann) [1005877] - [netdrv] igb: Update MTU so that it is always at least a standard frame size (Stefan Assmann) [1005877] - [netdrv] igb: don't allow SR-IOV without MSI-X (Stefan Assmann) [1005877] - [netdrv] igb: Added rcu_lock to avoid race (Stefan Assmann) [1005877] - [netdrv] igb: Read register for latch_on without return value (Stefan Assmann) [1005877] - [netdrv] igb: Reset the link when EEE setting changed (Stefan Assmann) [1005877] - [netdrv] treewide: relase -> release (Stefan Assmann) [1005877] - [scsi] iterate over devices individually for /proc/scsi/scsi (David Milburn) [966170] - [scsi] zfcp: fix lock imbalance by reworking request queue locking (Mikulas Patocka) [803592] - [kernel] pidns: fix two invalid task_active_pid_ns() usages (Aristeu Rozanski) [984597] - [netdrv] be2net: implement ethtool set/get_channel hooks (Ivan Vecera) [975885] - [netdrv] be2net: refactor be_setup() to consolidate queue creation routines (Ivan Vecera) [975885] - [netdrv] be2net: Fix be_cmd_if_create() to use MBOX if MCCQ is not created (Ivan Vecera) [975885] - [netdrv] be2net: refactor be_get_resources() code (Ivan Vecera) [975885] - [netdrv] be2net: don't limit max MAC and VLAN counts (Ivan Vecera) [975885] - [netdrv] be2net: Fixup profile management routines (Ivan Vecera) [975885] - [netdrv] be2net: use EQ_CREATEv2 for SH-R (Ivan Vecera) [975885] - [netdrv] be2net: delete primary MAC address while unloading (Ivan Vecera) [874733] - [netdrv] be2net: use SET/GET_MAC_LIST for SH-R (Ivan Vecera) [874733] - [netdrv] be2net: refactor MAC-addr setup code (Ivan Vecera) [874733] - [netdrv] be2net: fix pmac_id for BE3 VFs (Ivan Vecera) [874733] - [netdrv] be2net: allow VFs to program MAC and VLAN filters (Ivan Vecera) [874733] - [netdrv] be2net: fix MAC address modification for VF (Ivan Vecera) [874733] - [netdrv] be2net: don't use dev_err when AER enabling fails (Ivan Vecera) [986513] - [netdrv] be2net: Clear any capability flags that driver is not interested in (Ivan Vecera) [998856] - [net] ethtool: fix RHEL backport of ETHTOOL_RESET (Jiri Benc) [1008678] - [net] gact: Fix potential panic in tcf_gact() (Jiri Benc) [1003781] - [net] tcp: fix FIONREAD/SIOCINQ (Francesco Fusco) [1001479] - [net] vxlan: Avoid creating fdb entry with NULL destination (Amerigo Wang) [923915] - [net] bridge: sync the definition of struct br_mdb_entry with upstream (Amerigo Wang) [1010251] - [fs] proc/ns: Fix ABI of proc_inode (Thomas Graf) [1005224] - [fs] nfs: Fix writeback performance issue on cache invalidation (Scott Mayhew) [1010038] - [fs] xfs: switch stacks for bmap btree modifications (Dave Chinner) [918359] - [fs] GFS2: Dont flag consistency error if first mounter is a spectator (Robert S Peterson) [997929] - [x86] Mark Intel Haswell-EP as supported (Prarit Bhargava) [948339] - [s390] tx: allow program interruption filtering in user space (Hendrik Brueckner) [1006523] - [tty] hvc_iucv: Disconnect IUCV connection when lowering DTR (Hendrik Brueckner) [1007570] - [tty] hvc_console: Add DTR/RTS callback to handle HUPCL control (Hendrik Brueckner) [1007570] - [netdrv] bonding: fix bond_arp_rcv setting and arp validate desync state (Nikolay Aleksandrov) [1003697] - [netdrv] bonding: fix store_arp_validate race with mode change (Nikolay Aleksandrov) [1003697] - [netdrv] bonding: fix set mode race conditions (Nikolay Aleksandrov) [1003697] - [bluetooth] rfcomm: Fix info leak in RFCOMMGETDEVLIST ioctl() (Radomir Vrbovsky) [922409] {CVE-2012-6545} - [bluetooth] rfcomm: Fix info leak via getsockname() (Radomir Vrbovsky) [922409] {CVE-2012-6545} - [mm] mlock: operate on any regions with protection != PROT_NONE (Larry Woodman) [982460] - [mm] mlock: avoid dirtying pages and triggering writeback (Larry Woodman) [982460] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2164 CVE-2013-4591 CVE-2013-1928 CVE-2012-6542 CVE-2012-6545 CVE-2013-0343 CVE-2013-1929 CVE-2013-2234 CVE-2013-2889 CVE-2013-2892 CVE-2013-3231 CVE-2013-4345 CVE-2013-2851 CVE-2013-2888 CVE-2013-4387 CVE-2013-4592 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [8.4-31.0.1] - clean up empty file if cp is failed [Orabug 15973168] [8.4-31] - adjust the fix for the du bindmounts failure(#836557) * Mon Oct 07 2013 Ondrej Oprala <ooprala@redhat.com - 8.4-30 - Fix su retvals (once again) [8.4-29] - CVE-2013-0221 CVE-2013-0223 CVE-2013-0222 - fix various segmentation faults in sort, uniq and join(#1015019) [8.4-28] - su now returns correct retvals for all cases [8.4-27] - tail -F now disables inotify when encountering a symlink. Polling is used instead. * Mon Sep 16 2013 Ondrej Oprala <ooprala@redhat.com - 8.4-26 - df now properly dereferences long FS names(again) [8.4-25] - pr -n no longer crashes when passed values >= 32. Also line numbers are consistently padded with spaces, rather than with zeros for certain widths. (#997537) [8.4-24] - fix su return codes when NOT killed by a signal (#996190) [8.4-23] - fix several newly introduced defects found by Coverity check [8.4-22] - wait for su child to prevent errorneous execution of some commands (#749679) - correct return values after signal termination (#889531) and propagation of child core dump info (#747592) - dd now accepts 'status=none' to suppress all informational output(#965654) - cut --output-delimiter option was ignored for multibyte locales (#867984) - remove redundant setpwent() and setgrent () syscalls from stat -U/-G to improve NIS performance (#911206) - date: deal correctly with invalid input with special characters (#960160) - dd: provide support for the conv=sparse (#908980) - su/runuser: clarify which envvars are preserved/initialized in -p/-m and -l help/man documentation (#967623) - du: properly detect bindmounts (#836557) - df: fix alignment of columns (#842040) - id,groups: fix correct group printing (#816708) - mv : replace empty directories in cross file system move (#980061) [8.4-21] - fix parsing of field regression in sort command (introduced between RHEL5 and RHEL6 upstream) (#956143) [8.4-20] - revert to polling for unknown filesystems, update known fs for tail and stat based on coreutils-8.21 (#827199) LOW Copyright 2013 Oracle, Inc. CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 ibutils [1.5.7-8] - Add the -output patch to have programs use /var/cache/ibutils instead of /tmp Resolves: bz958569 infinipath-psm * Thu Jan 24 2013 Jay Fenlason <fenlason@redhat.com> - Put the udev rules file in the right place Resolves: rhbz866732 - include a patch from upstream to fix undefined references Resolves: rhbz887730 [3.0.1-115.1015_open.1] - New upstream releas Resolves: rhbz818789 [ 2.9-926.1005_open.2] - Add the udev rules file to close Resolves: rhbz747406 [2.9-926.1005_open.1] - New upstream version. Resolves: rhbz635915 * Fri Nov 05 2010 Jay Fenlason <fenlason@redhat.com> - Include the -execstack patch to get libinfinipath.so correctly labeled as not executing the stack. Resolves: rhbz612936 [1.13-2] - Use macros for lib and include directories, and include dist tag in release field. - Corrected License field. - Corrected Requires lines for libuuid. - Add Exclusive-arch x86_64 Related: rhbz570274 [1.13-1] - Initial build. libibverbs [1.1.7-1] - Update to latest upstream release - Remove patches that are now part of upstream - Fix ibv_srq_pingpong with negative value to -s option - Resolves: bz879191 libmlx4 [1.0.5-4.el6.1] - Fix dracut module for compatibility with RHEL6 version of dracut. - Resolves: bz789121 [1.0.5-4] - Add dracut module - Fix URL [1.0.5-3] - Reduce the dependencies of the setup script even further, it no longer needs grep [1.0.5-2] - The setup script needs to have execute permissions [1.0.5-1] - Update to latest upstream - Drop awk based setup for a bash based setup, making including the setup code on an initramfs easier - Modernize spec file - Related: bz950915 librdmacm [1.0.17-1] - Official 1.0.17 release - The fix to bug 866221 got kicked back as incomplete last time, fix it for real this time. - Intel adapters that use the qib driver don't like using inline data, so use a memory region that is registered instead - Resolves: bz866221, bz828071 mpitests [3.2-9] - Backport fixes from RHEL-7 Resolves: rhbz1002332 [3.2-7] - include BuildRequires: hwloc-devel from RHEL-7.0 - Add win_free patch to close Resolves: rhbz734023 mstflint [3.0-0.6.g6961daa.1] - Update to newer tarball that resolves licensing issues with the last tarball - Related: bz818183 [3.0-0.5.gff93670.1] - Update to latest upstream version, which includes ConnectIB support - Resolves: bz818183 openmpi [1.5.4-2.0.1] - Obsolete openmpi-psm-devel for 32bit [1.5.4-2] - Fix the build process by getting rid of the -build patch and autogen to fix Resolves: rhbz749115 perftest [2.0-2] - Fix rpmdiff detected error. Upstream overrode our cflags so stack protector got turned off. - Related: bz806183 [2.0-1] - Update to latest upstream release - We had to drop ib_clock_test program as no equivalent exists in the latest release - Resolves: bz806183, bz806185, bz830099 [1.3.0-2] - Update to latest upstream release - No longer strip rocee related code out, we can compile with it now - Related: bz739138 qperf [0.4.9-1.0.1] - Rebuild for ULN upgrade [0.4.9-1] - Update to latest upstream release - Resolves: bz814909, bz840269 rdma [3.10-3.0.1] - Append mlx4_* module parameters when insmod the modules [orabug 17429249] (Joe Jin) - Delay load mlx4_* to prevent hung when start udev. [orabug 16897608] (Joe Jin) - Fix FMR load, persistent ib0 subinterfaces, remove kudzu dependency (Chien Yen) - Add SDP to rdma.conf and rdma.init (Chien Yen) - Support Mellanox OFED 1.5.5 (Chien Yen) [3.10-3] - Replace an errant usage of PARENTDEVICE with PHYSDEV in ifdown-ib - Related: bz990288 [3.10-2] - Somehow during editing I accidentally deleted a single character from the post scriptlet. rpmdiff caught it, now I'm fixing it. - Resolves: bz990288 [3.10-1] - Bump version to match final kernel submission - Add support for P_Key interfaces to ifup-ib and ifdown-ib MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4516 CVE-2013-2561 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [004-336.0.1] - do not strip modules with signatures. [orabug 17458249] (Jerry Snitselaar) - scsi_wait module removed in 3.8. Mute errors. [orabug 16977193] (Maxim Uvarov) find firmware in /lib/modules/firmware/2.6.32-400.1.1.el5uek first and /lib/modules/firmware second (<maxim.uvarov@oracle.com) Resolves: Orabug: 13351090 - Fix btrfs discovery [orabug 13388545] [004-336] - install /etc/system-fips in the initramfs Resolves: rhbz#1012626 [004-335] - fixed interface renaming Resolves: rhbz#1019104 [004-334] - fcoe: add --link-retry=100 to fipvlan call Resolves: rhbz#1012316 - ldd: redirect error to /dev/null - do not turn off biosdevname, if not given on kernel cmdline Resolves: rhbz#1011508 - network: fixed ibft parsing Resolves: rhbz#1011508 [004-330] - changed /etc/redhat-fips to /etc/system-fips Resolves: rhbz#1012626 [004-329] - add /etc/redhat-fips Resolves: rhbz#1012626 [004-328] - fixed crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 [004-327] - fixed crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 - fixed booting with iSCSI and without network config Resolves: rhbz#910605 [004-322] - fixed crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 - fixed FIPS module checking Resolves: rhbz#947729 [004-316] - create the initramfs non-world readable - unset LD_LIBRARY_PATH and GREP_OPTIONS Resolves: rhbz#912299 - add mkinitrd man page Resolves: rhbz#610462 - add bonding Resolves: rhbz#851666 - lvm: add '--yes' to lvchange Resolves: rhbz#720684 - crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 - start iscsi regardless of network, if requested Resolves: rhbz#813687 - install multipath module only, when root is multipath in generic mode Resolves: rhbz#916144 - fips: handle checksum checks for RHEV kernels Resolves: rhbz#947729 - add xhci-hcd driver Resolves: rhbz#960729 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4453 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.8.6p3-12] - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 Resolves: rhbz#1015355 [1.8.6p3-11] - sssd: fixed a bug in ipa_hostname processing Resolves: rhbz#853542 [1.8.6p3-10] - sssd: fixed buffer size for the ipa_hostname value Resolves: rhbz#853542 [1.8.6p3-9] - sssd: match against ipa_hostname from sssd.conf too when checking sudoHost Resolves: rhbz#853542 [1.8.6p3-8] - updated man-page - fixed handling of RLIMIT_NPROC resource limit - fixed alias cycle detection code - added debug messages for tracing of netgroup matching - fixed aborting on realloc when displaying allowed commands - show the SUDO_USER in logs, if running commands as root - sssd: filter netgroups in the sudoUser attribute Resolves: rhbz#856901 Resolves: rhbz#947276 Resolves: rhbz#886648 Resolves: rhbz#994563 Resolves: rhbz#848111 Resolves: rhbz#994626 Resolves: rhbz#973228 Resolves: rhbz#880150 LOW Copyright 2013 Oracle, Inc. CVE-2013-2776 CVE-2013-1775 CVE-2013-2777 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1:1.15.1-20] - Resolves: #855832 'Installation from NFS: That directory could not be mounted from the server' by switching NFS mount default from UDP to TCP. There was another place (in uclibc this time) which used UDP. [1:1.15.1-19] - Resolves: #1015010 'busybox: insecure directory permissions in /dev' [1:1.15.1-18] - Resolves: #855832 'Installation from NFS: That directory could not be mounted from the server' by switching NFS mount default from UDP to TCP. [1:1.15.1-17] - Resolves: #820097 - 's390x: wc: : No such file or directory' LOW Copyright 2013 Oracle, Inc. CVE-2013-1813 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.2.11.15-30] - Resolves: bug 1024977 CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches [1.2.11.15-29] - Bump version to 1.2.11.15-29 - Resolves: bug 1008013: DS91: ns-slapd stuck in DS_Sleep [1.2.11.15-28] - Bump version to 1.2.11.15-28 - Resolves: Bug 1016038 - Users from AD sub OU does not sync to IPA (ticket 47488) [1.2.11.15-27] - Bump version to 1.2.11.15-27 - Resolves: Bug 1013735 - CLEANALLRUV doesnt run across all replicas (ticket 47509) [1.2.11.15-26] - Bump version to 1.2.11.15-26 - Resolves: Bug 947583 - ldapdelete returns non-leaf entry error while trying to remove a leaf entry (ticket 47534) [1.2.11.15-25] - Bump version to 1.2.11.15-25 - Resolves: Bug 1006846 - 2Master replication with SASL/GSSAPI auth broken (ticket 47523) - Resolves: Bug 1007452 - Under specific values of nsDS5ReplicaName, replication may get broken or updates (ticket 47489) [1.2.11.15-24] - Bump version to 1.2.11.15-24 - Resolves: Bug 982325 - Overflow in nsslapd-disk-monitoring-threshold; Changed CONFIG_INT to CONFIG_LONG for nsslapd-disk-monioring-threshold (ticket 47427) [1.2.11.15-23] - Bump version to 1.2.11.15-23 - Resolves: Bug 1000632 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN - Resolves: Bug 1002260 - server fails to start after upgrade(schema error) (ticket 47318) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4485 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.8.7.352-13] - Workaround build issues against OpenSSL with enabled ECC curves. - Make DRb compatible with OpenSSL 1.0.1. * ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch - Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing * ruby-1.9.3-p484-CVE-2013-4164-ignore-too-long-fraction-part-which-does-not-affect-the-result.patch - Resolves: rhbz#1033500 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-4164 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [2:2.6.9-6] - fix overflow in XWD loader (CVE-2013-1913, CVE-2013-1978) [2:2.6.9-5] - fix overflow in XWD loader (#879302) [2:2.6.9-5] - fix overflow in GIF loader (#847303) [2:2.6.9-5] - fix overflows in GIF, CEL loaders (#727800, #839020) [2:2.6.9-4.1] - fix various overflows (#666793, #703403, #703405, #703407, #704512) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5576 CVE-2013-1978 CVE-2013-1913 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [1.0.8-19] - Resolves: CVE-2013-4566 - Bugzilla Bug #1030265 - mod_nss: incorrect handling of NSSVerifyClient in directory context [rhel-6.5.z] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4566 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-431.1.2] - [x86] kvm: fix cross page vapic_addr access (Paolo Bonzini) [1032214 1032215] {CVE-2013-6368} - [x86] kvm: fix division by zero in apic_get_tmcct (Paolo Bonzini) [1032212 1032213] {CVE-2013-6367} [2.6.32-431.1.1] - [netdrv] mlx4_en: Check device state when setting coalescing (Amir Vadai) [1032395 975908] - [net] ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [1023490 1023491] {CVE-2013-4470} - [net] ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [1023490 1023491] {CVE-2013-4470} - [net] sunrpc: Fix a data corruption issue when retransmitting RPC calls (Jeff Layton) [1032424 1030046] - [fs] gfs2: Implement a rgrp has no extents longer than X scheme (Robert S Peterson) [1032162 998625] - [fs] gfs2: Drop inadequate rgrps from the reservation tree (Robert S Peterson) [1032162 998625] - [fs] gfs2: If requested is too large, use the largest extent in the rgrp (Robert S Peterson) [1032162 998625] - [fs] gfs2: Add allocation parameters structure (Robert S Peterson) [1032162 998625] - [fs] nfs: Don't check lock owner compatability unless file is locked - part 2 (Jeff Layton) [1032260 1007039] - [fs] nfs: Don't check lock owner compatibility in writes unless file is locked (Jeff Layton) [1032260 1007039] - [netdrv] ixgbevf: move API neg to reset path (Andy Gospodarek) [1032168 1019346] - [netdrv] ixgbe: fix inconsistent clearing of the multicast table (Andy Gospodarek) [1032170 975248] - [mm] Group e820 entries together and add map_individual_e820 boot option (Larry Woodman) [1020518 876275] - [mm] Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping (Larry Woodman) [1020518 876275] - [mm] Find_early_table_space based on ranges that are actually being mapped (Larry Woodman) [1020518 876275] - [fs] nfs: Fix the sync mount option for nfs4 mounts (Scott Mayhew) [1030171 915862] - [fs] nfsv4: Missing Chunk of Back Port Patch Causes Hang (Steve Dickson) [1032250 1024006] - [fs] xfs: Ensure sync updates the log tail correctly (Dave Chinner) [1032249 1025439] - [fs] xfs: only update the last_sync_lsn when a transaction completes (Dave Chinner) [1032249 1025439] - [fs] xfs: prevent deadlock trying to cover an active log (Dave Chinner) [1032688 1014867] - [kernel] signal: stop info leak via the tkill and the tgkill syscalls (Petr Holasek) [970876 970878] {CVE-2013-2141} - [block] rsxx: Disallow discards from being unmapped (Steve Best) [1028278 1023897] - [netdrv] brcmsmac: Module alias support missing from backport (John Green) [1029330 1020461] - [netdrv] mlx4_en: Fix pages never dma unmapped on rx (Steve Best) [1027343 1023272] - [netdrv] mlx4_en: Fix BlueFlame race (Amir Vadai) [1029997 987634] - [scsi] lpfc 8.3.42: Fixed failure to allocate SCSI buffer on PPC64 platform for SLI4 devices (Rob Evers) [1030713 1024683] - [scsi] Revert: qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low. [1032167 995576] - [netdrv] tg3: avoid double-freeing of rx data memory (Ivan Vecera) [1032423 1020685] - [hda] alsa: Final fix for the Haswell HDMI audio 44.1kHz rate (Jaroslav Kysela) [1032247 1024548] - [input] wacom: do not report ABS_MISC on TPC2FG touch device (Aristeu Rozanski) [1032426 1032256] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6367 CVE-2013-6368 CVE-2013-2141 CVE-2013-4470 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.2.1-3] - Resolves: #1031955 apply patch for CVE-2013-6630 [1.2.1-2] - Resolves: #1031955 libjpeg-turbo: various flaws (CVE-2013-6629) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-6630 CVE-2013-6629 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [4.0.0-60.rc4] - resolves: #1018039 - Fix CVE-2013-4408. [4.0.0-59.rc4] - Fix usage of client min/max protocol options in winbindd - related: #949993 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4408 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [3.6.9-167] - resolves: #1018037 - Fix CVE-2013-4408. [3.6.9-165] - resolves: #1028086 - Fix CVE-2013-4475. IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4408 CVE-2013-4475 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [24.2.0-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-4] - Fixed mozbz#938730 - avoid mix of memory allocators (crashes) when using system sqlite [24.1.0-3] - Fixed locale pickup (rhbz#1034541) [24.1.0-2] - Fixed package reinstall issue [24.1.0-1] - Update to 24.1.0 ESR [24.0-0.1] - Update to 24.0 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [5.3.3-27] - add security fix for CVE-2013-6420 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-6420 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [24.2.0-1.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Make sure build with nspr-devel >= 4.10.0 [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-1] - Update to 24.1.0 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5614 CVE-2013-6671 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5616 CVE-2013-5618 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 nspr [4.10.0-2] - Rebase to nspr-4.10.2 - Resolves: rhbz#1032485 - CVE-2013-5607 (MFSA 2013-103) Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103) nss [3.15.3-2.0.1] - Added nss-vendor.patch to change vendor [3.15.3-2] - Enable patch with fix for deadlock in trust domain lock and object lock - Resolves: Bug 1036477 - deadlock in trust domain lock and object lock - Disable hw gcm on rhel-5 based build environments where OS lacks support - Rollback changes to build nss without softokn until Bug 689919 is approved - Cipher suite was run as part of the nss-softokn build [3.15.3-1] - Update to NSS_3_15_3_RTM - Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss-util [3.15.3-1] - Update to NSS_3_15_3_RTM - Resolves: rhbz#1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1741 CVE-2013-5606 CVE-2013-5607 CVE-2013-5605 CVE-2013-1739 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.3-10] - Apply patch for CVE-2013-6054 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 Resolves: #1038985 CVE-2013-6054 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6052 CVE-2013-6054 CVE-2013-6045 CVE-2013-1447 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [3.15.3-3.0.1.el6_5] - Added nss-vendor.patch to change vendor [3.15.3-3] - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-6.6] MODERATE Copyright 2013 Oracle, Inc. cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [2013.1.95-65.1] - Update to CKBI 1.95 from NSS 3.15.3.1 MODERATE Copyright 2013 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [1.13.0-23.1] - Fix root window damage reports when Xinerama is active (#919165) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6424 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [0.26.2-5.1] - Fix CVE 2013-6425 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6425 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-300.28.1] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} [2.6.39-300.27.1] - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian Campbell) [Orabug: 16243309] - xen/netback: shutdown the ring if it contains garbage. (Ian Campbell) [Orabug: 16243309] - ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16179639 16168292] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4398 CVE-2013-0217 CVE-2012-4461 CVE-2013-0231 CVE-2013-0190 CVE-2013-0216 CVE-2012-4530 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.39.4] - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} [2.6.32-300.39.3] - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274192] {CVE-2013-0190} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0190 CVE-2012-4530 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.17.1] - This is a fix on dlm_clean_master_list() (Xiaowei.Hu) - RDS: fix rds-ping spinlock recursion (jeff.liu) [Orabug: 16223050] - vhost: fix length for cross region descriptor (Michael S. Tsirkin) [Orabug: 16387183] {CVE-2013-0311} - kabifix: block/scsi: Allow request and error handling timeouts to be specified (Maxim Uvarov) - block/scsi: Allow request and error handling timeouts to be specified (Martin K. Petersen) [Orabug: 16372401] - [SCSI] Shorten the path length of scsi_cmd_to_driver() (Li Zhong) [Orabug: 16372401] - Fix NULL dereferences in scsi_cmd_to_driver (Mark Rustad) [Orabug: 16372401] - SCSI: Fix error handling when no ULD is attached (Martin K. Petersen) [Orabug: 16372401] - Handle disk devices which can not process medium access commands (Martin K. Petersen) [Orabug: 16372401] - the ac->ac_allow_chain_relink=0 won't disable group relink (Xiaowei.Hu) [Orabug: 14842737] - pci: hotplug: fix null dereference in pci_set_payload() (Jerry Snitselaar) [Orabug: 16345420] [2.6.39-400.16.0] - epoll: prevent missed events on EPOLL_CTL_MOD (Eric Wong) [Orabug: 16363540] - rds: this resolved crash while removing rds_rdma module. orabug: 16268201 (Bang Nguyen) [Orabug: 16268201] - rds: scheduling while atomic on failover orabug: 16275095 (Bang Nguyen) [Orabug: 16268201] - SRP: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug: 16268201] - iSER: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug: 16268201] [2.6.39-400.15.0] - x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS. (Jan Beulich) {CVE-2013-0228} - xen-blkfront: drop the use of llist_for_each_entry_safe (Konrad Rzeszutek Wilk) [Orabug: 16263164] - Revert 'xen PVonHVM: use E820_Reserved area for shared_info' (Konrad Rzeszutek Wilk) [Orabug: 16297716] - Revert 'xen/PVonHVM: fix compile warning in init_hvm_pv_info' (Konrad Rzeszutek Wilk) [2.6.39-400.14.0] - xfs: use shared ilock mode for direct IO writes by default (Dave Chinner) [Orabug: 16304938] - sched: fix divide by zero at {thread_group,task}_times (Stanislaw Gruszka) [Orabug: 15956690] - Revert 'Revert 'cgroup: notify_on_release may not be triggered in some cases'' (Maxim Uvarov) - xen_fmr: Verify XEN platform before running xen_fmr drivers (Yuval Shaia) [Orabug: 16302435] - rds: unregister IB event handler on shutdown (Bang Nguyen) [Orabug: 16302435] - rds: HAIP support child interface (Bang Nguyen) [Orabug: 16302435] - RDS HAIP misc fixes (Bang Nguyen) [Orabug: 16302435] - Ignore failover groups if HAIP is disabled (Bang Nguyen) [Orabug: 16302435] - RDS: RDS rolling upgrade (Saeed Mahameed) [Orabug: 16302435] - mlx4_core: use correct FMR number of clients according to PRM. (Saeed Mahameed) [Orabug: 16302435] [2.6.39-400.13.0] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - xen/netback: shutdown the ring if it contains garbage. (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - SCSI: scsi_remove_target: fix softlockup regression on hot remove (Dan Williams) [Orabug: 16242926] [2.6.39-400.12.0] - IB: Add config options for Mellanox driver Xen FMR support. (Ajaykumar Hotchandani) [Orabug: 16234102] - IB: Enable Xen FMR support for Mellanox driver. (Ajaykumar Hotchandani) [Orabug: 16234102] [2.6.39-400.11.0] - cnic: don't use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16207564] - ext4: remove unaligned AIO warning printk (Eric Sandeen) [Orabug: 14096480] - SPEC: add block/net modules to list used by installer (Guru Anbalagane) [Orabug: 14224837] - dm mpath: add retain_attached_hw_handler feature (Mike Snitzer) [Orabug: 16199397] - [SCSI] scsi_dh: add scsi_dh_attached_handler_name (Mike Snitzer) [Orabug: 16199397] - xen/grant-table: Force to use v1 of grants. (Konrad Rzeszutek Wilk) [Oracle- bug: 16039922] - xen: netback: handle compound page fragments on transmit. (Ian Campbell) - xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Andrew Cooper) {CVE-2013-0190} - xen/grant-table: correctly initialize grant table version 1 (Matt Wilson) [2.6.39-400.10.0] - btrfs: fix incompatible pointer warning (Jerry Snitselaar) - bnx2x: enable support for ethtool op get_rxfh_indir_size (Jerry Snitselaar) - Revert 'cgroup: notify_on_release may not be triggered in some cases' (Maxim Uvarov) [Orabug: 16167473] - mlx4: disable build for i686 (Maxim Uvarov) [2.6.39-400.9.0] - mlx4_ib: alias_GUID, calculate slave port state in sa query handler (Ajaykumar Hotchandani) [Orabug: 15997083] - RDS: Fixes warning while rds-info. spin_lock_irqsave() is changed to spin_lock_bh(). (Ajaykumar Hotchandani) [Orabug: 15997083] - mlx4_en: handle HCA events correctly (Ajaykumar Hotchandani) [Orabug: 15997083] - ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16168292] - [patch3/3] kernel config: Mellanox OFED R2, 0080 release (Ajaykumar Hotchandani) [Orabug: 15997083] - [patch2/3] RDS merge for UEK2 (Ajaykumar Hotchandani) [Orabug: 15997083] - [patch1/3] Merge for Mellanox OFED R2, 0080 release (Ajaykumar Hotchandani) [Orabug: 15997083] [2.6.39-400.8.0] - git-changelog: don't print debug info (Maxim Uvarov) - spec: remove not used firmwares (Maxim Uvarov) [Orabug: 16048277] [2.6.39-400.7.0] - git-changelog: search for bug # in merge commit (Maxim Uvarov) - be2iscsi: Bump the driver version (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix Unrecoverable Error Detection (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix for MBX timeout issue (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix the copyright information (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix issue of displaying adapter family. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix Task Completion Event handling (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix session update context with V2 version. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix support for V2 version of WRB. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix support for handling CQ_CREATE V2 version. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix max EQ supported by the driver. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix driver support for an adapter. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix return value and typo. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix kernel panic in blk_iopoll disable mode. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Issue an FLR when driver is loaded (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Display driver name and version in device attribute (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix max supported EQ count to 8. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix memory leak in control path of driver (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Display Completion Event string instead of Opcode (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix the issue with soft reset. (Jayamohan Kallickal) [Orabug: 16023790] - netxen: update to qlogic 4.0.80 (Sritej Velaga) [Orabug: 16025025] - qlge: update to qlogic 1.00.00.31 (Sritej Velaga) [Orabug: 16025042] - qlcnic: Update to 5.1.27.35 (Sritej Velaga) [Orabug: 16024990] - [SCSI] scsi_dh_alua: Add fusionio ION LUNs to scsi_dh_alua device list (Mike Christie) [Orabug: 16081231] - bonding: fixup typo in rlb mode of bond and bridge fix (Guru Anbalagane) [Orabug: 16069448] - qla4xxx: Updated driver version to 5.03.00.01.06.02-uek2 (Tej Parkash) [Orabug: 16067337] - qla4xxx: Correct the validation to check in get_sys_info mailbox (Nilesh Javali) [Orabug: 16067337] - qla4xxx: Pass correct function param to qla4_8xxx_rd_direct (Vikas Chaudhary) [Orabug: 16067337] - qla4xxx: Fix memory corruption issue in qla4xxx_get_ep_fwdb. (Manish Rangankar) [Orabug: 16067337] - qla4xxx: Allow reset in link down case (Harish Zunjarrao) [Orabug: 16067337] - qla4xxx: Fix MBOX intr switching from polling to intr mode for ISP83XX (Vikas Chaudhary) [Orabug: 16067337] - [SCSI] hpsa: change confusing message to be more clear (Mike Miller) [Orabug: 14793661] - [SCSI] hpsa: retry commands completing with status of UNSOLICITED_ABORT (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: use ioremap_nocache instead of ioremap (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: fix incorrect abort diagnostic message (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: dial down lockup detection during firmware flash (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: add new RAID level '1(ADM)' (Mike Miller) [Orabug: 14793661] - [SCSI] hpsa: factor out hpsa_free_irqs_and_disable_msix (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: refine interrupt handler locking for greater concurrency (Matt Gates) [Orabug: 14793661] - [SCSI] hpsa: use multiple reply queues (Matt Gates) [Orabug: 14793661] - [SCSI] hpsa: factor out tail calls to next_command() in process_(non)indexed_cmd() (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: do aborts two ways (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: add abort error handler function (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: remove unused parameter from finish_cmd (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: do not give up retry of driver cmds after only 3 retries (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: retry driver initiated commands on busy status (Matt Bondurant) [Orabug: 14793661] - [SCSI] hpsa: suppress excessively chatty error messages (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: enable bus master bit after pci_enable_device (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: do not skip disabled devices (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: call pci_disable_device on driver unload (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: factor out driver name (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: gen8plus Smart Array IDs (Mike Miller) [Orabug: 14793661] [2.6.39-400.6.0] - qla3xxx: Ensure request/response queue addr writes to the registers (Joe Jin) [Orabug: 14614290] - tcp: fix tcp_trim_head() (Eric Dumazet) [Orabug: 14810429] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16020976 Bug-db: 14798] {CVE-2012-5517} - Divide by zero in TCP congestion control Algorithm. (Jesper Dangaard Brouer) [Orabug: 16020656 Bug-db: 14798] {CVE-2012-4565} - Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [Bug- db: 14798] {CVE-2012-2375} - Avoid reading past buffer when calling GETACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} - Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} - Merge tag 'v2.6.39-400#bug16011154' of git://ca-git.us.oracle.com/linux- snits-public (Maxim Uvarov) [Orabug: 16011154] - qla2xxx: Update the driver version to 8.04.00.11.39.0-k. (Saurav Kashyap) - qla2xxx: Obtain loopback iteration count from bsg request. (Joe Carnuccio) - qla2xxx: Update the FTP site references in the driver sources. (Giridhar Malavali) - qla2xxx: Debug ID corrections. (Chad Dupuis) - qla2xxx: Reject loopback request if one is already in progress. (Chad Dupuis) - qla2xxx: Print ignore message when thermal is not supported. (Joe Carnuccio) - qla2xxx: Avoid null pointer dereference in shutdown routine. (Masanari Iida) - qla2xxx: Get VPD information from common location for CNA. (Saurav Kashyap) - qla2xxx: Correct race in loop_state assignment during reset handling. (Andrew Vasquez) - qla2xxx: Display that driver is operating in legacy interrupt mode. (Saurav Kashyap) - qla2xxx: Free rsp_data even on error in qla2x00_process_loopback(). (Steve Hodgson) - qla2xxx: Dont clear drv active on iospace config failure. (Saurav Kashyap) - qla2xxx: Fix typo in qla2xxx driver. (Masanari Iida) - qla2xxx: Update ql2xextended_error_logging parameter description with new option. (Chad Dupuis) - qla2xxx: Parameterize the link speed string conversion function. (Joe Carnuccio) - qla2xxx: Add 16Gb/s case to get port speed capability. (Joe Carnuccio) - qla2xxx: Move marking fcport online ahead of setting iiDMA speed. (Joe Carnuccio) - Merge tag 'v2.6.39-400.5.0#bugdb13826' of ca-git.us.oracle.com:linux-muvarov- public (Maxim Uvarov) [Bug-db: 13826] - be2net: fix INTx ISR for interrupt behaviour on BE2 (Sathya Perla) - be2net: fix a possible events_get() race on BE2 (Sathya Perla) - net: Remove bogus dependencies on INET (Ben Hutchings) - be2net: remove adapter->eq_next_idx (Sathya Perla) - be2net: remove roce on lancer (Sathya Perla) - be2net: fix access to SEMAPHORE reg (Sathya Perla) - be2net: re-factor bar mapping code (Sathya Perla) - be2net: do not use sli_family to identify skyhawk-R chip (Sathya Perla) - be2net: fix wrong usage of adapter->generation (Sathya Perla) - be2net: remove LANCER A0 workaround (Sathya Perla) - be2net: Fix smatch warnings in be_main.c (Padmanabh Ratnakar) - be2net: Update driver version (Padmanabh Ratnakar) - be2net: Fix skyhawk VF PCI Device ID (Padmanabh Ratnakar) - be2net: Fix FW flashing on Skyhawk-R (Padmanabh Ratnakar) - be2net: Enabling Wake-on-LAN is not supported in S5 state (Padmanabh Ratnakar) - be2net: Fix VF driver load on newer Lancer FW (Padmanabh Ratnakar) - be2net: Fix unnecessary delay in PCI EEH (Padmanabh Ratnakar) - be2net: Fix issues in error recovery due to wrong queue state (Padmanabh Ratnakar) - be2net: Fix ethtool get_settings output for VF (Padmanabh Ratnakar) - be2net: Fix error messages while driver load for VFs (Padmanabh Ratnakar) - be2net: Fix configuring VLAN for VF for Lancer (Padmanabh Ratnakar) - be2net: Wait till resources are available for VF in error recovery (Padmanabh Ratnakar) - be2net: Fix change MAC operation for VF for Lancer (Padmanabh Ratnakar) - be2net: Fix setting QoS for VF for Lancer (Padmanabh Ratnakar) - be2net: Fix driver load failure for different FW configs in Lancer (Padmanabh Ratnakar) - be2net: create RSS rings even in multi-channel configs (Sathya Perla) - be2net: set maximal number of default RSS queues (Yuval Mintz) - be2net: Program secondary UC MAC address into MAC filter (Ajit Khaparde) - be2net: Remove code that stops further access to BE NIC based on UE bits (Ajit Khaparde) - be2net: fix vfs enumeration (Ivan Vecera) - be2net: fixup log messages (Sathya Perla) - be2net: cleanup code related to be_link_status_query() (Sathya Perla) - be2net: fix wrong handling of be_setup() failure in be_probe() (Sathya Perla) - be2net: remove type argument of be_cmd_mac_addr_query() (Sathya Perla) - Revert 'be2net: fix vfs enumeration' (David S. Miller) - be2net: fix vfs enumeration (Ivan Vecera) - be2net: use PCIe AER capability (Sathya Perla) - be2net: modify log msg for lack of privilege error (Vasundhara Volam) - be2net: fix FW default for VF tx-rate (Vasundhara Volam) - be2net: fix max VFs reported by HW (Vasundhara Volam) - netpoll: revert 6bdb7fe3104 and fix be_poll() instead (Amerigo Wang) - SPEC: OL5 kernel firmware rpm depends on all others firmwares (Maxim Uvarov) [Orabug: 15987332] [2.6.39-400.5.0] - x86, tsc: Fix SMI induced variation in quick_pit_calibrate() (Linus Torvalds) [Orabug: 13256166] - x86, tsc: Skip TSC synchronization checks for tsc=reliable (Suresh Siddha) [Orabug: 13256166] - bonding: rlb mode of bond should not alter ARP originating via bridge (zheng.li) [Orabug: 14650975] - Merge tag 'v2.6.39-400#rdac' of git://ca-git.us.oracle.com/linux-snits-public (Maxim Uvarov) - [SCSI] scsi_dh_rdac: Fix error path (Richard Weinberger) - [SCSI] scsi_dh_rdac: Adding NetApp as a brand name for rdac (Chauhan, Vijay) - Merge tag 'uek2-merge-400-3.8-fixes-tag' of git://ca-git.us.oracle.com/linux- konrad-public (Maxim Uvarov) - xen-blkfront: handle bvecs with partial data (Roger Pau Monne) - xen-blkfront: implement safe version of llist_for_each_entry (Roger Pau Monne) - xen-blkback: implement safe iterator for the list of persistent grants (Roger Pau Monne) - Merge tag 'uek2-merge-400-3.8-tag' of git://ca-git.us.oracle.com/linux- konrad-public (Maxim Uvarov) - Merge tag 'uek2-merge-backport-3.8' of git://ca-git/linux-konrad-public into uek2-merge-400 (Konrad Rzeszutek Wilk) - xen: arm: implement remap interfaces needed for privcmd mappings. (Ian Campbell) - xen: correctly use xen_pfn_t in remap_domain_mfn_range. (Ian Campbell) - xen: arm: enable balloon driver (Ian Campbell) - xen: balloon: allow PVMMU interfaces to be compiled out (Ian Campbell) - xen: privcmd: support autotranslated physmap guests. (Mukesh Rathor) - xen: add pages parameter to xen_remap_domain_mfn_range (Ian Campbell) - xen/PVonHVM: fix compile warning in init_hvm_pv_info (Olaf Hering) - xen/acpi: Move the xen_running_on_version_or_later function. (Konrad Rzeszutek Wilk) - xen/xenbus: Remove duplicate inclusion of asm/xen/hypervisor.h (Sachin Kamat) - xen/acpi: Fix compile error by missing decleration for xen_domain. (Konrad Rzeszutek Wilk) - xen/acpi: revert pad config check in xen_check_mwait (Liu, Jinsong) - xen/acpi: ACPI PAD driver (Liu, Jinsong) - xen PVonHVM: use E820_Reserved area for shared_info (Olaf Hering) - xen-blkfront: free allocated page (Roger Pau Monne) - xen-blkback: move free persistent grants code (Roger Pau Monne) - xen/blkback: persistent-grants fixes (Roger Pau Monne) - xen/blkback: Persistent grant maps for xen blk drivers (Roger Pau Monne) - xen/blkback: Change xen_vbd's flush_support and discard_secure to have type unsigned int, rather than bool (Oliver Chick) - xen/blkback: use kmem_cache_zalloc instead of kmem_cache_alloc/memset (Wei Yongjun) - xen/blkfront: Add WARN to deal with misbehaving backends. (Konrad Rzeszutek Wilk) - llist-return-whether-list-is-empty-before-adding-in-llist_add-fix (Andrew Morton) - llist: Add back llist_add_batch() and llist_del_first() prototypes (Stephen Rothwell) - llist: Remove cpu_relax() usage in cmpxchg loops (Peter Zijlstra) - llist: Add llist_next() (Peter Zijlstra) - llist: Return whether list is empty before adding in llist_add() (Huang Ying) - llist: Move cpu_relax() to after the cmpxchg() (Huang Ying) - llist: Remove the platform-dependent NMI checks (Ingo Molnar) - llist: Make some llist functions inline (Huang Ying) - lib, Add lock-less NULL terminated single list (Huang Ying) - xen/oprofile: Expose the oprofile_arch_exit_fnc pointer. (Konrad Rzeszutek Wilk) - xen/oprofile: Switch from syscore_ops to platform_ops. (Konrad Rzeszutek Wilk) - xen/oprofile: Fix compile issues when CONFIG_XEN is not defined. (Konrad Rzeszutek Wilk) - xen/oprofile: The arch_ variants for init/exec weren't being called. (Konrad Rzeszutek Wilk) - xen/oprofile: Compile fix (Konrad Rzeszutek Wilk) - xen/oprofile: Patch from Michael Petullo (Konrad Rzeszutek Wilk) [2.6.39-400.4.0] - Merge tag 'uek2-merge-400-3.7-tag' of git://ca-git.us.oracle.com/linux- konrad-public (Maxim Uvarov) - Merge tag 'uek2-merge-backport-3.7' of git://ca-git/linux-konrad-public into uek2-merge-400 (Konrad Rzeszutek Wilk) - Revert 'xen/x86: Workaround 64-bit hypervisor and 32-bit initial domain.' and 'xen/x86: Use memblock_reserve for sensitive areas.' (Konrad Rzeszutek Wilk) - xen/x86: Workaround 64-bit hypervisor and 32-bit initial domain. (Konrad Rzeszutek Wilk) - xen/arm: Fix compile errors when drivers are compiled as modules (export more). (Stefano Stabellini) - xen/arm: Fix compile errors when drivers are compiled as modules. (Konrad Rzeszutek Wilk) - xen/generic: Disable fallback build on ARM. (Konrad Rzeszutek Wilk) - xen/hvm: If we fail to fetch an HVM parameter print out which flag it is. (Konrad Rzeszutek Wilk) - xen/hypercall: fix hypercall fallback code for very old hypervisors (Jan Beulich) - xen/arm: use the __HVC macro (Stefano Stabellini) - xen/xenbus: fix overflow check in xenbus_file_write() (Jan Beulich) - xen-kbdfront: handle backend CLOSED without CLOSING (David Vrabel) - xen-fbfront: handle backend CLOSED without CLOSING (David Vrabel) - xen/gntdev: don't leak memory from IOCTL_GNTDEV_MAP_GRANT_REF (David Vrabel) - x86: remove obsolete comment from asm/xen/hypervisor.h (Olaf Hering) - xen: dbgp: Fix warning when CONFIG_PCI is not enabled. (Ian Campbell) - USB EHCI/Xen: propagate controller reset information to hypervisor (Jan Beulich) - xen: arm: comment on why 64-bit xen_pfn_t is safe even on 32 bit (Ian Campbell) - xen: balloon: use correct type for frame_list (Ian Campbell) - xen/x86: don't corrupt %eip when returning from a signal handler (David Vrabel) - xen: arm: make p2m operations NOPs (Ian Campbell) - xen: balloon: don't include e820.h (Ian Campbell) - xen: events: pirq_check_eoi_map is X86 specific (Ian Campbell) - xen: XENMEM_translate_gpfn_list was remove ages ago and is unused. (Ian Campbell) - xen: sysfs: include err.h for PTR_ERR etc (Ian Campbell) - xen: xenbus: quirk uses x86 specific cpuid (Ian Campbell) - xen/xenbus: Fix compile warning. (Konrad Rzeszutek Wilk) - xen/x86: remove duplicated include from enlighten.c (Wei Yongjun) - xen/pv-on-hvm kexec: add quirk for Xen 3.4 and shutdown watches. (Konrad Rzeszutek Wilk) - xen/bootup: allow {read|write}_cr8 pvops call. (Konrad Rzeszutek Wilk) - xen/bootup: allow read_tscp call for Xen PV guests. (Konrad Rzeszutek Wilk) - xen pv-on-hvm: add pfn_is_ram helper for kdump (Olaf Hering) - xen/hvc: handle backend CLOSED without CLOSING (David Vrabel) - xen/xen_initial_domain: check that xen_start_info is initialized (Stefano Stabellini) - xen: mark xen_init_IRQ __init (Stefano Stabellini) - xen/Makefile: fix dom-y build (Stefano Stabellini) - MAINTAINERS: add myself as Xen ARM maintainer (Stefano Stabellini) - xen/arm: compile netback (Stefano Stabellini) - xen/arm: compile blkfront and blkback (Stefano Stabellini) - xen/arm: implement alloc/free_xenballooned_pages with alloc_pages/kfree (Stefano Stabellini) - xen/arm: receive Xen events on ARM (Stefano Stabellini) - xen/arm: initialize grant_table on ARM (Stefano Stabellini) - xen/arm: get privilege status (Stefano Stabellini) - xen/arm: introduce CONFIG_XEN on ARM (Stefano Stabellini) - xen: do not compile manage, balloon, pci, acpi, pcpu and cpu_hotplug on ARM (Stefano Stabellini) - xen/tmem: cleanup (Jan Beulich) - xen: Add selfballoning memory reservation tunable. (Jana Saout) - xen: constify all instances of 'struct attribute_group' (Jan Beulich) - xen: Fix selfballooning and ensure it doesn't go too far (Dan Magenheimer) - xen: self-balloon needs module.h (Randy Dunlap) - xen/balloon: Fix compile errors - missing header files. (Konrad Rzeszutek Wilk) - xen: tmem: self-ballooning and frontswap-selfshrinking (Dan Magenheimer) - xen: grant: use xen_pfn_t type for frame_list. (Ian Campbell) - xen: sysfs: fix build warning. (Ian Campbell) - xen/arm: Introduce xen_ulong_t for unsigned long (Stefano Stabellini) - xen: Introduce xen_pfn_t for pfn and mfn types (Stefano Stabellini) - xen/arm: Xen detection and shared_info page mapping (Stefano Stabellini) - docs: Xen ARM DT bindings (Stefano Stabellini) - xen/arm: empty implementation of grant_table arch specific functions (Stefano Stabellini) - xen/arm: sync_bitops (Stefano Stabellini) - xen/arm: page.h definitions (Stefano Stabellini) - xen/arm: hypercalls (Stefano Stabellini) - arm: initial Xen support (Stefano Stabellini) - xen/vga: add the xen EFI video mode support (Jan Beulich) - xen: allow enable use of VGA console on dom0 (Jeremy Fitzhardinge) - xen/pcifront: Use Xen-SWIOTLB when initting if required. (Konrad Rzeszutek Wilk) - xen/swiotlb: For early initialization, return zero on success. (Konrad Rzeszutek Wilk) - xen/swiotlb: Use the swiotlb_late_init_with_tbl to init Xen-SWIOTLB late when PV PCI is used. (Konrad Rzeszutek Wilk) - xen/swiotlb: Move the error strings to its own function. (Konrad Rzeszutek Wilk) - xen/swiotlb: Move the nr_tbl determination in its own function. (Konrad Rzeszutek Wilk) - xen: Use correct masking in xen_swiotlb_alloc_coherent. (Ronny Hegewald) - xen/swiotlb: Use page alignment for early buffer allocation. (Konrad Rzeszutek Wilk) - swiotlb: Expose swiotlb_nr_tlb function to modules (Konrad Rzeszutek Wilk) - xen-swiotlb: When doing coherent alloc/dealloc check before swizzling the MFNs. (Konrad Rzeszutek Wilk) - xen-swiotlb: fix printk and panic args (Randy Dunlap) - xen-swiotlb: Fix wrong panic. (Konrad Rzeszutek Wilk) - xen-swiotlb: Retry up three times to allocate Xen-SWIOTLB (Konrad Rzeszutek Wilk) - swiotlb: add the late swiotlb initialization function with iotlb memory (Konrad Rzeszutek Wilk) - xen/swiotlb: With more than 4GB on 64-bit, disable the native SWIOTLB. (Konrad Rzeszutek Wilk) - xen/swiotlb: Simplify the logic. (Konrad Rzeszutek Wilk) - xen/gndev: Xen backend support for paged out grant targets V4. (Andres Lagar- Cavilla) - xen/arm: compile and run xenbus (Stefano Stabellini) - xen: clear IRQ_NOAUTOEN and IRQ_NOREQUEST (Stefano Stabellini) - xen/events: fix unmask_evtchn for PV on HVM guests (Stefano Stabellini) - xen/privcmd: Correctly return success from IOCTL_PRIVCMD_MMAPBATCH (Mats Petersson) - xen/mmu: Use Xen specific TLB flush instead of the generic one. (Konrad Rzeszutek Wilk) [Oracle-bug: 14630170] - xen/enlighten: Disable MWAIT_LEAF so that acpi-pad won't be loaded. (Konrad Rzeszutek Wilk) - x86, amd, xen: Avoid NULL pointer paravirt references (Konrad Rzeszutek Wilk) - xen/setup: filter APERFMPERF cpuid feature out (Andre Przywara) - xen/enlighten: Expose MWAIT and MWAIT_LEAF if hypervisor OKs it. (Konrad Rzeszutek Wilk) - xen/acpi: Fix potential memory leak IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0228 CVE-2013-0309 CVE-2013-0311 CVE-2013-0310 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_base cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.17.2] - x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007] {CVE-2013-0268} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0268 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-300.39.5uek] - x86/msr: Add capabilities check (Alan Cox) [Orabug: 16481233] {CVE-2013-0268} ofa-2.6.32-300.39.5.el6uek mlnx_en-2.6.32-300.39.5.el6uek * Mon Dec 12 2011 Guru Anbalagane <guru.anbalagane@oracle.com> - version 1.5.7-0.1 * Tue Nov 01 2011 Joe Jin <joe.jin@oracle.com> - 1.5.7 for UEK kernel. * Mon Sep 08 2008 Vladimir Sokolovsky <vlad@mellanox.co.il> - Added nfsrdma support * Wed Aug 13 2008 Vladimir Sokolovsky <vlad@mellanox.co.il> - Added mlx4_en support * Tue Aug 21 2007 Vladimir Sokolovsky <vlad@mellanox.co.il> - Added %build LANG=C export LANG unset DISPLAY macro * Sun Jan 28 2007 Vladimir Sokolovsky <vlad@mellanox.co.il> - Created spec file for kernel-ib IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0268 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.21.1] - SPEC: v2.6.39-400.21.1 (Maxim Uvarov) - xen/mmu: On early bootup, flush the TLB when changing RO->RW bits Xen provided pagetables. (Konrad Rzeszutek Wilk) [2.6.39-400.20.1] - SPEC: v2.6.39-400.20.1 (Maxim Uvarov) - PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [Orabug: 16482495] - sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13740515] - sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13740515] - sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13740515] [2.6.39-400.19.1] - IB/core: Allow device-specific per-port sysfs files (Ralph Campbell) - RDMA/cma: Pass QP type into rdma_create_id() (Sean Hefty) - IB: Rename RAW_ETY to RAW_ETHERTYPE (Aleksey Senin) - IB: Warning Resolution. (Ajaykumar Hotchandani) - mlx4_core: fix FMR flags in free MTT range (Saeed Mahameed) - mlx4_core/ib: sriov fmr bug fixes (Saeed Mahameed) - mlx4_core: Change bitmap allocator to work in round-robin fashion (Saeed Mahameed) - mlx4_vnic: move host admin vnics to closed state when closing the vnic. (Saeed Mahameed) - mlx4_ib: make sure to flush clean_wq while closing sriov device (Saeed Mahameed) - ib_sdp: fix deadlock when sdp_cma_handler is called while socket is being closed (Saeed Mahameed) - ib_sdp: add unhandled events to rdma_cm_event_str (Saeed Mahameed) - mlx4_core: use dev->sriov instead of hardcoed 127 vfs when initializing FMR MPT tables (Saeed Mahameed) - mlx4_vnic: print vnic keep alive info in mlx4_vnic_info (Saeed Mahameed) - rds: Congestion flag does not get cleared causing the connection to hang (Bang Nguyen) [Orabug: 16424692] - dm table: set flush capability based on underlying devices (Mike Snitzer) [Orabug: 16392584] - wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871} - drm/i915: bounds check execbuffer relocation count (Kees Cook) [Orabug: 16482650] {CVE-2013-0913} - NLS: improve UTF8 -> UTF16 string conversion routine (Alan Stern) [Orabug: 16425571] {CVE-2013-1773} - ipmi: make kcs timeout parameters as module options (Pavel Bures) [Orabug: 16470881] - drm/i915/lvds: ditch ->prepare special case (Daniel Vetter) [Orabug: 14394113] - drm/i915: Leave LVDS registers unlocked (Keith Packard) [Orabug: 14394113] - drm/i915: dont clobber the pipe param in sanitize_modesetting (Daniel Vetter) [Orabug: 14394113] - drm/i915: Sanitize BIOS debugging bits from PIPECONF (Chris Wilson) [Orabug: 14394113] [2.6.39-400.18.1] - SPEC: fix doc build (Guru Anbalagane) - floppy: Fix a crash during rmmod (Vivek Goyal) [Orabug: 16040504] - x86: ignore changes to paravirt_lazy_mode while in an interrupt context (Chuck Anderson) [Orabug: 16417326] - x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007] {CVE-2013-0268} - spec: unique debuginfo (Maxim Uvarov) [Orabug: 16245366] - xfs: Use preallocation for inodes with extsz hints (Dave Chinner) [Orabug: 16307993] - Add SIOCRDSGETTOS to get the current TOS for the socket (bang.nguyen) [Orabug: 16397197] - Changes to connect/TOS interface (bang.nguyen) [Orabug: 16397197] - floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called (Vivek Goyal) [Orabug: 16040504] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0871 CVE-2013-1773 CVE-2013-0913 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.21.2] - KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796} - tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug: 16515833] {CVE-2013-1767} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1774 CVE-2013-1796 CVE-2013-1797 CVE-2013-0349 CVE-2013-1767 CVE-2013-1798 CVE-2013-1792 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-400.26.2] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6546 CVE-2013-1796 CVE-2012-6537 CVE-2013-0309 CVE-2013-0310 CVE-2013-1792 CVE-2013-1798 CVE-2013-0871 CVE-2013-1774 CVE-2012-6547 CVE-2012-5517 CVE-2013-0349 CVE-2013-1827 CVE-2012-4508 CVE-2013-1826 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.23.1] - Parallel mtrr init between cpus (Zhenzhong Duan) [Orabug: 16777774] - Merge tag 'v2.6.39-400.21.1.16748891' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek-2.6.39-400 (Maxim Uvarov) [Orabug: 16748891] - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) - Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891] [2.6.39-400.22.1] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387137] {CVE-2012-4542} - Merge tag 'v2.6.39-400.21.1#bug16684527' of git://ca-git.us.oracle.com/linux-joejin-public into uek-2.6.39-400_errata (Maxim Uvarov) [Orabug: 16684527] - KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796} - tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug: 16515833] {CVE-2013-1767} - procfs: do not confuse jiffies with cputime64_t (Andreas Schwab) [Orabug: 16673925] - procfs: do not overflow get_{idle,iowait}_time for nohz (Michal Hocko) [Orabug: 16673925] - xen/evtchn: Handle VIRQ_TIMER before any other hardirq in event loop. (Keir Fraser) [Orabug: 16093126] - Fix device removal NULL pointer dereference (Joe Jin) [Orabug: 16684527] - put stricter guards on queue dead checks (James Bottomley) [Orabug: 16684527] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-4542 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.24.1] - perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094} CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-2094 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.109.1] - while removing a non-empty directory, the kernel dumps a message: (rmdir,21743,1):ocfs2_unlink:953 ERROR: status = -39 (Xiaowei.Hu) [Orabug: 16790405] - stop mig handler when lockres in progress ,and return -EAGAIN (Xiaowei.Hu) [Orabug: 16876446] [2.6.39-400.108.1] - Revert 'dlmglue race condition,wrong lockres_clear_pending' (Maxim Uvarov) [Orabug: 16897450] - Suppress the error message from being printed in ocfs2_rename (Xiaowei.Hu) [Orabug: 16790405] - fnic: return zero on fnic_reset() success (Joe Jin) [Orabug: 16885029] [2.6.39-400.107.1] - xen/pci: Track PVHVM PIRQs. (Zhenzhong Duan) - ocfs2_prep_new_orphaned_file return ret (Xiaowei.Hu) [Orabug: 16823825] - Revert 'Btrfs: remove ->dirty_inode' (Guangyu Sun) [Orabug: 16841843] - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16750157] - net: fix incorrect credentials passing (Linus Torvalds) [Orabug: 16836975] {CVE-2013-1979} - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16836958] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16836943] {CVE-2013-1860} - ext3: Fix format string issues (Lars-Peter Clausen) [Orabug: 16836934] {CVE-2013-1848} - cnic: dont use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16780307] - Revert 'drm/i915: correctly order the ring init sequence' (Guangyu Sun) [Orabug: 16486689] - x86/boot-image: Dont leak phdrs in arch/x86/boot/compressed/misc.c::Parse_elf() (Jesper Juhl) [Orabug: 16833437] - spec: add /boot/vmlinuz*.hmac needed for fips mode (John Haxby) [Orabug: 16807114] - perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094} - spec: ol6 add multipath version deps (Maxim Uvarov) [Orabug: 16763586] - Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) - fuse: enhance fuse dev to be numa aware (Srinivas Eeda) [Orabug: 16218187] - fuse: add fuse numa node struct (Srinivas Eeda) [Orabug: 16218187] - fuse: add numa mount option (Srinivas Eeda) [Orabug: 16218187] - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) [Orabug: 16660413] - bonding: allow all slave speeds (Jiri Pirko) [Orabug: 16759490] - dlmglue race condition,wrong lockres_clear_pending (Xiaowei.Hu) [Orabug: 13611997] [2.6.39-400.106.0] - spec: fix suffix order of a directory name (Guangyu Sun) [Orabug: 16682371] - Merge tag 'v2.6.39-400#qu4bcom' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16626319] - Merge tag 'v2.6.39-400#qu4qlge' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16732027] - Merge tag 'v2.6.39-400#qu4lpfc' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16749881] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387137] {CVE-2012-4542} - Parallel mtrr init between cpus (Zhenzhong Duan) [Orabug: 16434164] - fuse: return -EGAIN if not connected (Josef Bacik) [Orabug: 16740418] - qlcnic: update to version 5.2.29.45 (Jerry Snitselaar) [Orabug: 16694438] - qlge: update to version 1.00.00.32 (Jerry Snitselaar) [Orabug: 16732027] - lpfc: Corrected Copyright string (Gairy Grannum) [Orabug: 16749881] - lpfc: enable BlockGuard Support by default (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed exhausted retry for plogi to nameserver. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed ELS_REC received on the unsolicited receive queue (James Smart) [Orabug: 16749881] - lpfc 8.3.36: Correct mask error (James Smart) [Orabug: 16749881] - lpfc 8.3.36: Correct buffer length overrun (James Smart) [Orabug: 16749881] - lpfc: typo cleanup (Linus Torvalds) [Orabug: 16749881] - lpfc 8.3.36: Update DIF support for passthru/strip/insert (James Smart) [Orabug: 16749881] - lpfc 8.3.36: Fix bug with Target Resets and FCP2 devices (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed not reporting logical link speed to SCSI midlayer when QoS not on (James Smart) [Orabug: 16749881] - lpfc: Update lpfc version for 8.3.7.10.4p driver release (Gairy Grannum) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc: Fixed driver handling of CLEAR_LA with NPIV enabled causing SID=0 frames out (James Smart) [Orabug: 16749881] - scsi: fix lpfc build when wmb() is defined as mb() (Randy Dunlap) [Orabug: 16749881] - lpfc: Reduced tmo value set to FLOGI WQE for quick recovery from FLOGI sequence timeout (James Smart) [Orabug: 16749881] - lpfc: Add log message when completes with clean address bit set to zero (James Smart) [Orabug: 16749881] - lpfc: Fixed driver vector mapping to CPU affinity (James Smart) [Orabug: 16749881] - lpfc: Fixed driver vector mapping to CPU affinity (James Smart) [Orabug: 16749881] - lpfc: Fixed iocb flags not being reset for scsi commands (James Smart) [Orabug: 16749881] - lpfc: Fixed system panic during EEH recovery due to midlayer acting on outstanding I/O (James Smart) [Orabug: 16749881] - lpfc: Fixed not returning FAILED status when SCSI invoking host reset handler failed (James Smart) [Orabug: 16749881] - lpfc: Fixed bad book keeping in posting els sgls to port (James Smart) [Orabug: 16749881] - lpfc: Fixed deadlock between hbalock and nlp_lock use (James Smart) [Orabug: 16749881] - lpfc: Fixed BlockGuard to take advantage of rdprotect/wrprotect info when available (James Smart) [Orabug: 16749881] - lpfc: Reduced spinlock contention on SCSI buffer list (James Smart) [Orabug: 16749881] - lpfc: Fixed crash when processing bsgs sg list with high memory pages (James Smart) [Orabug: 16749881] - lpfc: Fix lpfc_fcp_look_ahead module parameter (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with SCSI Host reset (James Smart) [Orabug: 16749881] - lpfc: Doorbell formation information logged in dual-chute mode WQ and RQ setup (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large s/g lists for BlockGuard (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large lpfc_sg_seg_cnt values (James Smart) [Orabug: 16749881] - lpfc: Fixed pt2pt and loop discovery problems on topology changes. (James Smart) [Orabug: 16749881] - lpfc: Remove driver dependency on HZ (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: Fixed BlockGuard error reporting (James Smart) [Orabug: 16749881] - lpfc: Fixed VPI allocation issues after firmware dump is performed (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed potential mis-interpretation of READ_TOPOLOGY reserved fields (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fix default value for lpfc_enable_rrq. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed circular locking dependency and inconsistent lock state issues (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed PT2PT bring up problem for FC SLI4. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed OXID reuse issue. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: fix potential NULL pointer dereference in lpfc_sli4_rq_put() (Wei Yongjun) [Orabug: 16749881] - lpfc 8.3.38: Fixed deadlock condition in FCF round robin handling (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed bsg timeout handling issues that would result in crashes (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed NMI watch dog panics when resetting the hba. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed degraded performance after cable pulls (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for change_queue_type (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed infinite loop in lpfc_sli4_fcf_rr_next_index_get. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed crash due to SLI Port invalid resource count (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fix potential memory corruption bug (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for FCoE protocol dual-chute (ULP) operation (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed stale ndlp state when the node is marked for deferred removal. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed not checking solicition in progress bit when verifying FCF record for use (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed PRLI not being retried if a LS_RJT with a reason (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Expand I/O channel support for large systems (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fix interrupt delay multipler conversion for eq_create (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Correct typecasts for snprintf messages (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add Interrupts per second stats via debugfs (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Adjust IO Channels to 1 when INTx (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Fix number of IO channels to match CPUs (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add debugfs interface to display SLI queue information (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Fixed debugfs queInfo to include queue stats (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add lpfc_fcp_look_ahead module parameter (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with SCSI Host reset (James Smart) [Orabug: 16749881] - lpfc: Doorbell formation information logged in dual-chute mode WQ and RQ setup (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large s/g lists for BlockGuard (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large lpfc_sg_seg_cnt values (James Smart) [Orabug: 16749881] - lpfc: Fixed pt2pt and loop discovery problems on topology changes. (James Smart) [Orabug: 16749881] - lpfc: Remove driver dependency on HZ (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: Fixed BlockGuard error reporting (James Smart) [Orabug: 16749881] - lpfc: Fixed VPI allocation issues after firmware dump is performed (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed potential mis-interpretation of READ_TOPOLOGY reserved fields (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fix default value for lpfc_enable_rrq. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed circular locking dependency and inconsistent lock state issues (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed PT2PT bring up problem for FC SLI4. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed OXID reuse issue. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: fix potential NULL pointer dereference in lpfc_sli4_rq_put() (Wei Yongjun) [Orabug: 16749881] - lpfc 8.3.38: Fixed deadlock condition in FCF round robin handling (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed bsg timeout handling issues that would result in crashes (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed NMI watch dog panics when resetting the hba. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed degraded performance after cable pulls (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for change_queue_type (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed infinite loop in lpfc_sli4_fcf_rr_next_index_get. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed crash due to SLI Port invalid resource count (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fix potential memory corruption bug (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for FCoE protocol dual-chute (ULP) operation (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed stale ndlp state when the node is marked for deferred removal. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed not checking solicition in progress bit when verifying FCF record for use (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed PRLI not being retried if a LS_RJT with a reason (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Expand I/O channel support for large systems (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fix interrupt delay multipler conversion for eq_create (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Correct typecasts for snprintf messages (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add Interrupts per second stats via debugfs (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Adjust IO Channels to 1 when INTx (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Fix number of IO channels to match CPUs (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add debugfs interface to display SLI queue information (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Fixed debugfs queInfo to include queue stats (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add lpfc_fcp_look_ahead module parameter (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Parallelize SLI-4 Q distribution (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Make I/O to hw queue distribution algorithm a module parameter (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Change Naming convention for SLI4 Interrupt vector (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Formally separate lpfc_sli_ring SLI-3 and SLI-4 variantions (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add Interrupts per second stats via debugfs (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Parallelize SLI-4 Q distribution (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Misc changes to optimize critical path (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Formally separate lpfc_sli_ring SLI-3 and SLI-4 variantions (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Convert to no SCSI host lock in queuecommand (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Convert to no SCSI host lock in queuecommand (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Convert to no SCSI host lock in queuecommand (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add debugfs interface to display SLI queue information (James Smart) [Orabug: 16749881] - bnx2x: update to broadcom version 1.76.54 (Jerry Snitselaar) - bnx2fc: update to broadcom version 2.3.4 (Jerry Snitselaar) - bnx2i: update to broadcom version 2.7.6.1d (Jerry Snitselaar) - cnic: update to broadcom version 2.5.16g (Jerry Snitselaar) - bnx2: update to broadcom version 2.2.3n (Jerry Snitselaar) - tg3: update to broadcom version 3.129d (Jerry Snitselaar) - drivers:net: dma_alloc_coherent: use __GFP_ZERO instead of memset(, 0) (Joe Perches) - drivers:net: Remove dma_alloc_coherent OOM messages (Joe Perches) - be2net: Use new F/W mailbox cmd to manipulate interrupts. (Somnath Kotur) - be2net: enable interrupts in be_probe() (RoCE and other ULPs need them) (Somnath Kotur) - be2net: Update copyright year (Vasundhara Volam) - be2net: use CSR-BAR SEMAPHORE reg for BE2/BE3 (Sathya Perla) - benet: Wait f/w POST until timeout (Gavin Shan) - be2net: remove BUG_ON() in be_mcc_compl_is_new() (Sathya Perla) - be2net: update driver version to 4.6.x (Sathya Perla) - be2net: fix re-loaded PF driver to re-gain control of its VFs (Sathya Perla) - be2net: Updating Module Author string and log message string to 'Emulex Corporation' (Sarveshwar Bandi) - be2net: fix unconditionally returning IRQ_HANDLED in INTx (Sathya Perla) - ethtool: fix drvinfo strings set in drivers (Jiri Pirko) - be2net: fix wrong frag_idx reported by RX CQ (Sathya Perla) - be2net: fix be_close() to ensure all events are acked (Sathya Perla) - drivers/net: fix up function prototypes after __dev* removals (Greg Kroah-Hartman) - be2net: remove __dev* attributes (Bill Pemberton) - [scsi] fnic driver update to 1.5.0.41 (Maxim Uvarov) - [SCSI] sd: Permit merged discard requests (Martin K. Petersen) - [SCSI] scsi_dh_alua: backoff alua rtpg retry linearly vs. geometrically (Rob Evers) - [SCSI] scsi_dh_alua: retry alua rtpg extended header for illegal request response (Rob Evers) - [SCSI] scsi_dh_alua: implement 'implied transition timeout' (Rob Evers) - [SCSI] scsi_dh_alua: Fix the time inteval for alua rtpg commands (Moger, Babu) - [SCSI] scsi_dh_alua: Decrease retry interval (Hannes Reinecke) - [SCSI] scsi_dh_alua: Fix Erroneous TPG ID check (Hannes Reinecke) - [SCSI] scsi_dh_alua: always update TPGS status on activate (Hannes Reinecke) - [SCSI] scsi scan: dont fail scans when host is in recovery (Mike Christie) - [SCSI] scsi_lib: pause between error retries (James Smart) - RDS: Fixes race conditions that may lead to non-optimal paths, causing lower throughput. (Bang Nguyen) [Orabug: 16571410] - Merge tag 'v2.6.39-400.20.1.16313854' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek2-master (Maxim Uvarov) [Orabug: 16313854] - sched: Use resched IPI to kick off the nohz idle balance (Suresh Siddha) [Orabug: 16424589] - x86, efi/efi.c: Suppress error message when desc_size not equal size from UEFI Porting from Yinghais patch from following link http://permalink.gmane.org/gmane.linux.kernel/1131668 x86, efi: Only print warning when desc_size is smaller than defined one. Used to suppress the error message when desc_size not equal size from UEFI. (ethan.zhao) [Orabug: 15814305] - SPEC: add x86_energy_perf_policy tool Add tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy to ol5 ol6 uek kernel rpmbuild spec file and create shell wrapper for this tool. (ethan.zhao) [Orabug: 16036151] - igbvf: Update to 2.0.4 (ethan.zhao) [Orabug: 16626308] - ixgbevf: Update to 2.8.7 (ethan.zhao) [Orabug: 16626308] - ixgbe: Update to 3.14.5 (ethan.zhao) [Orabug: 16626308] - igb: Update to 4.1.2 (ethan.zhao) [Orabug: 16626308] - e1000e: Update to 2.3.2 (ethan.zhao) [Orabug: 16626308] [2.6.39-400.105.0] - Revert 'Parallel mtrr init between cpus' (Maxim Uvarov) [2.6.39-400.104.0] - Merge tag 'v2.6.39-400.20.1.16313854' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek2-master (Maxim Uvarov) [Orabug: 16313854] - spec: fix instalation if hardlink is installed (Maxim Uvarov) - Parallel mtrr init between cpus (Zhenzhong Duan) - KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796} - be2iscsi : Bump the driver version (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix issue in passing the exp_cmdsn and max_cmdsn (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix possible reentrancy issue in be_iopoll (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix the copyright information (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix checking Adapter state while establishing CXN (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix dynamic CID allocation Mechanism in driver (John Soni Jose) [Orabug: 16704553] - be2iscsi : Fix the NOP-In handling code path (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix the Port Link Status issue (John Soni Jose) [Orabug: 16704553] - beiscsi: Fix displaying the Active Session Count from driver (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix displaying the FW Version from driver. (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix support for DEFQ extension (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix MACRO for checking the adapter type (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix freeing CXN specific driver resources. (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix MSIx support in SKH-R to 32 (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix MBX Command issues (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix when MBX fails with Insufficient buffer error (John Soni Jose) [Orabug: 16704553] - be2iscsi: Send uninitialize pattern to FW (John Soni Jose) [Orabug: 16704553] - be2iscsi: Get Port State and Speed of the Adapter (John Soni Jose) [Orabug: 16704553] - hpwdt: Only BYTE reads/writes to WD Timer port 0x72 (Mingarelli, Thomas) - misc: hpilo: ignore auxiliary HP iLO BMCs (Mark Rusk) - MISC: hpilo, remove pci_disable_device (Jiri Slaby) - misc: hpilo: increase number of max supported channels (Camuso, Tony) - Fix device removal NULL pointer dereference (Joe Jin) [Orabug: 16684527] - put stricter guards on queue dead checks (James Bottomley) [Orabug: 16684527] - RDS: Fixes race conditions that may lead to non-optimal paths, causing lower throughput (Bang Nguyen) [Orabug: 16571410] - 8139cp: Prevent dev_close/cp_interrupt race on MTU change (John Greene) - 8139cp: properly support change of MTU values [v2] (John Greene) - 8139cp: fix coherent mapping leak in error path. (francois romieu) - 8139cp: re-enable interrupts after tx timeout (David Woodhouse) - 8139cp: set ring address after enabling C+ mode (David Woodhouse) - 8139cp: revert 'set ring address before enabling receiver' (francois romieu) - sched: Use resched IPI to kick off the nohz idle balance (Suresh Siddha) [Orabug: 16424589] - llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675488] {CVE-2012-6542} - qla4xxx: update driver version to v5.03.00.02.06.02-uek2 (Tej Parkash) - qla4xxx: Silence the compile warning for uint comparison (Adheer Chandravanshi) - qla4xxx: changing default behaviour of ql4xdisablesysfsboot to true (Tej Parkash) - qla4xxx: Silence gcc warning for uninitialized veriable (Vikas Chaudhary) - qla4xxx: Added print statements to display AENs (Vikas Chaudhary) - qla4xxx: Use correct value for max flash node entries (Adheer Chandravanshi) - qla4xxx: Restrict logout from boot target session using session id (Adheer Chandravanshi) - qla4xxx: Use correct flash ddb offset for ISP40XX (Adheer Chandravanshi) - qla4xxx: Replace dev type macros with generic portal type macros (Adheer Chandravanshi) - scsi_transport_iscsi: Declare portal type string macros for generic use (Adheer Chandravanshi) - qla4xxx: Add flash node mgmt support (Adheer Chandravanshi) - libiscsi: export function iscsi_switch_str_param (Adheer Chandravanshi) - scsi_transport_iscsi: Add flash node mgmt support (Adheer Chandravanshi) - qla4xxx: Skip retry of initialize_adapter only for ISP8XXX (Nilesh Javali) - qla4xxx: Assign correct CHAP table address to FLT (Vikas Chaudhary) - qla4xxx: Added missing check for ISP83XX in CHAP related functions (Vikas Chaudhary) - qla4xxx: dont free NULL dma pool (Dan Carpenter) - qla4xxx: Fixed request queue count manipulation on response path (Tej Parkash) - qla4xxx: Fix debug level to avoid floods of same message (Vikas Chaudhary) - qla4xxx: Pass correct LUN address to firmware in case of lun_reset (Vikas Chaudhary) - qla4xxx: Fix double reset in case of firmware hung for ISP83XX (Vikas Chaudhary) - qla4xxx: Set graceful reset bit for ISP83XX (Vikas Chaudhary) - qla4xxx: Boot from SAN fix for ISP83XX (Vikas Chaudhary) - qla4xxx: Take E-port out of reset before disabling pause frames (Manish Dusane) - qla4xxx: Fix return code for qla4xxx_session_get_param. (Manish Rangankar) - qla4xxx: wait for boot target login response during probe (Manish Rangankar) - qla4xxx: Added support for force firmware dump (Vikas Chaudhary) - qla4xxx: Re-register IRQ handler while retrying initialize of adapter (Poornima Vonti) - qla4xxx: Throttle active IOCBs to firmware limits (Karen Higgins) - qla4xxx: Remove unnecessary code from qla4xxx_init_local_data (Karen Higgins) - qla4xxx: Quiesce driver activities while loopback (Nilesh Javali) - qla4xxx: Rename MBOX_ASTS_IDC_NOTIFY to MBOX_ASTS_IDC_REQUEST_NOTIFICATION (Nilesh Javali) - qla4xxx: Add spurious interrupt messages under debug level 2 (Nilesh Javali) - scsi_transport_iscsi: export iscsi class sessions target_id in sysfs. (Manish Rangankar) - r8169: fix auto speed down issue (hayeswang) - r8169: honor jumbo settings when chipset is requested to start. (francois romieu) - Revert 'r8169: enable internal ASPM and clock request settings'. (Francois Romieu) - Revert 'r8169: enable ALDPS for power saving'. (Francois Romieu) - r8169: fix vlan tag read ordering. (francois romieu) - r8169: remove the obsolete and incorrect AMD workaround (Timo Teras) - r8169: remove unneeded dirty_rx index (Timo Teras) - remove init of dev->perm_addr in drivers (Jiri Pirko) - r8169: workaround for missing extended GigaMAC registers (francois romieu) - r8169: remove __dev* attributes (Bill Pemberton) - r8169: Drop tp arg from rtl8169_tx_vlan_tag() (Kirill Smelkov) - r8169: remove unused macros. (Dayanidhi Sreenivasan) - r8169: enable internal ASPM and clock request settings (hayeswang) - r8169: allow multicast packets on sub-8168f chipset. (Nathan Walp) - r8169: Fix WoL on RTL8168d/8111d. (Cyril Brulebois) - r8169: Kill SafeMtu macro (Kirill Smelkov) - r8169: enable ALDPS for power saving (hayeswang) - hpsa: check for dma_mapping_error in hpsa_passthru ioctls (Stephen M. Cameron) - hpsa: reorganize error handling in hpsa_passthru_ioctl (Stephen M. Cameron) - hpsa: check for dma_mapping_error in hpsa_map_sg_chain_block (Stephen M. Cameron) - hpsa: Check for dma_mapping_error for all code paths using fill_cmd (Stephen M. Cameron) - hpsa: Check for dma_mapping_error in hpsa_map_one (Shuah Khan) - Drivers: scsi: remove __dev* attributes. (Greg Kroah-Hartman) - hpsa: removed unused member maxQsinceinit (Stephen M. Cameron) - hpsa: use check_signature (Akinobu Mita) - iser: panic on iser connect (Shamir Rabinovitch) [Orabug: 16313854] - Btrfs: fix backport conflicts (Liu Bo) - Revert 'Btrfs: using for_each_set_bit_from to simplify the code' (Liu Bo) - Revert 'Btrfs: move the sb_end_intwrite until after the throttle logic' (Liu Bo) - Revert 'btrfs: Convert to new freezing mechanism' (Liu Bo) - Revert 'Btrfs: add qgroup inheritance' (Liu Bo) - Revert 'Btrfs: call the qgroup acco IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1860 CVE-2013-1979 CVE-2012-6542 CVE-2013-1848 CVE-2013-1929 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-400.29.1] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943} [2.6.32-400.28.1] - do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974] - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860} - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025] - sched: Fix ancient race in do_exit() (Joe Jin) - open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542} - vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568] - svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} [2.6.32-400.27.1] - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6542} - x86/mm: Check if PUD is large when validating a kernel address (Mel Gorman) [Orabug: 14251997] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-6542 CVE-2013-1929 CVE-2013-1860 CVE-2012-4542 CVE-2013-1943 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.29.2uek] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3222} - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173824] {CVE-2013-2634} - udf: avoid info leak on export (Mathias Krause) [Orabug: 17173824] {CVE-2012-6548} - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173824] {CVE-2013-2852} - signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173824] {CVE-2013-0914} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-3224 CVE-2013-3222 CVE-2013-2634 CVE-2012-6548 CVE-2013-3225 CVE-2013-2852 CVE-2013-0914 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.109.3] - Revert 'be2net: enable interrupts in probe' (Jerry Snitselaar) [Orabug: 17179597] [2.6.39-400.109.2] - be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3222} - rtnl: fix info leak on RTM_GETLINK request for VF devices (Mathias Krause) [Orabug: 17173830] {CVE-2013-2635} - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173830] {CVE-2013-2634} - udf: avoid info leak on export (Mathias Krause) [Orabug: 17173830] {CVE-2012-6548} - tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 17173830] {CVE-2013-3301} - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173830] {CVE-2013-2852} - signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173830] {CVE-2013-0914} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2635 CVE-2013-2634 CVE-2013-3225 CVE-2013-3224 CVE-2013-3222 CVE-2012-6548 CVE-2013-3301 CVE-2013-2852 CVE-2013-0914 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.29.3uek] - block: do not pass disk names as format strings (Jerry Snitselaar) [Orabug: 17230124] {CVE-2013-2851} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370765] {CVE-2013-2237} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371054] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371072] {CVE-2012-6544} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371079] {CVE-2013-2232} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371121] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372129] {CVE-2013-2206} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2206 CVE-2013-2851 CVE-2012-6544 CVE-2013-2237 CVE-2013-2232 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.109.6] - block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230083] {CVE-2013-2851} - libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230108] {CVE-2013-1059} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371078] {CVE-2013-2232} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370788] {CVE-2013-2237} - Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370892] {CVE-2012-6544} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371050] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371065] {CVE-2012-6544} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371118] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372121] {CVE-2013-2206} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6544 CVE-2013-2206 CVE-2013-2232 CVE-2013-2237 CVE-2013-1059 CVE-2013-2851 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.209.1] - Revert 'stop mig handler when lockres in progress ,and return -EAGAIN' (Srinivas Eeda) [Orabug: 16924802] - ocfs2/dlm: Fix list traversal in dlm_process_recovery_data (Srinivas Eeda) [Orabug: 17432400] - ocfs2/dlm: ocfs2 dlm umount skip migrating lockres (Srinivas Eeda) [Orabug: 16859627] [2.6.39-400.208.1] - Btrfs: make the chunk allocator completely tree lockless (Josef Bacik) [Orabug: 17334251] - mpt2sas: protect mpt2sas_ioc_list access with lock (Jerry Snitselaar) [Orabug: 17383579] - mptsas: update to 4.28.20.02 (Jerry Snitselaar) [Orabug: 17294806] - RDS: protocol negotiation fails during reconnect (Bang Nguyen) [Orabug: 17375389] - config:remove LM80 modules to void blindly loading cause crash (ethan.zhao) [Orabug: 16976462] [2.6.39-400.207.0] - Update lpfc version for 8.3.7.26.3p driver release (Gairy Grannum) [Orabug: 17340816] - lpfc 8.3.36: Update DIF support for passthru/strip/insert (James Smart) [Orabug: 17340816] - Update lpfc version for 8.3.7.26.1p driver release (Gairy Grannum) [Orabug: 17376967] - lpfc: whitespace fix (Vaios Papadimitriou) [Orabug: 17376967] - Update copyrights for 8.3.41 modifications (James Smart) [Orabug: 17376967] - Add first burst support to driver (James Smart) [Orabug: 17376967] - Fixed the format of some log message fields (James Smart) [Orabug: 17376967] - Add first burst support to driver (James Smart) [Orabug: 17376967] - Fixed not able to perform PCI function reset when board was not in online mode (James Smart) [Orabug: 17376967] - Fixed failure in setting SLI3 board mode (James Smart) [Orabug: 17376967] - Fixed SLI3 failing FCP write on check-condition no-sense with residual zero (James Smart) [Orabug: 17376967] - Fixed support for 128 byte WQEs (James Smart) [Orabug: 17376967] - Ensure driver properly zeros unused fields in SLI4 mailbox commands (James Smart) [Orabug: 17376967] - Fixed max value of lpfc_lun_queue_depth (James Smart) [Orabug: 17376967] - Fixed Receive Queue varied frame size handling (James Smart) [Orabug: 17376967] - Fix mailbox byteswap issue on PPC (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Update Copyrights to 2013 for 8.3.38, 8.3.39, and 8.3.40 modifications (James Smart) [Orabug: 17376967] - Fixed freeing of iocb when internal loopback times out (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed a race condition between SLI host and port failed FCF rediscovery (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed issue mailbox wait routine failed to issue dump memory mbox command (James Smart) [Orabug: 17376967] - treewide: Fix typos in kernel messages (Masanari Iida) [Orabug: 17376967] - lpfc 8.3.40: Fixed system panic due to unsafe walking and deleting linked list (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed FCoE connection list vlan identifier and add FCF list debug (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Clarified the behavior of the lpfc_max_luns module parameter (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fix to allow OCM to report FEC status (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed a missing return code in a logging message (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed some logging message fields (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed list corruption when lpfc_drain_tx runs (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fix inconsistent list removal causes crash (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed system panic during handling unsolicited receive buffer error condition (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed crash during FCoE failover testing. (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fix lpfc_used_cpu to be more dynamic (James Smart) [Orabug: 17376967] - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17371930] {CVE-2013-2206} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371037] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370887] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371061] {CVE-2012-6544} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371114] {CVE-2013-2206} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370761] {CVE-2013-2237} - dm: allow error target to replace either bio-based and request-based targets (Joe Jin) [Orabug: 17357884] - Btrfs: handle a bogus chunk tree nicely (Josef Bacik) [Orabug: 17361069] - OFED: Move R2 field to bottom of mlx4_caps for backward compatibility (Yuval Shaia) [Orabug: 17303785] - RDS: double free rdma_cm_id (Bang Nguyen) [Orabug: 17192816] - xen: initialize xen panic handler for PVHVM (Vaughan Cao) [Orabug: 17200031] - sg: push file descriptor list locking down to per-device locking (Vaughan Cao) [Orabug: 16835013] - sg: checking sdp->detached isnt protected when open (Vaughan Cao) [Orabug: 16835013] - sg: no need sg_open_exclusive_lock (Vaughan Cao) [Orabug: 16835013] - sg: use rwsem to solve race during exclusive open (Vaughan Cao) [Orabug: 16835013] - sg: remove sg_mutex (Jorn Engel) [Orabug: 16835013] - sg: completely protect sfds (Jorn Engel) [Orabug: 16835013] - sg: protect sdp->exclude (Jorn Engel) [Orabug: 16835013] - sg: prevent unwoken sleep (Jorn Engel) [Orabug: 16835013] - sg: remove closed flag (Jorn Engel) [Orabug: 16835013] - sg: use wait_event_interruptible() (Jorn Engel) [Orabug: 16835013] - sg: remove while (1) non-loop (Jorn Engel) [Orabug: 16835013] - sg: remove unnecessary indentation (Jorn Engel) [Orabug: 16835013] - RDS: ActiveBonding IP exclusion filter (Bang Nguyen) [Orabug: 17075950] - RDS: Reconnect stalls for 15s (Bang Nguyen) [Orabug: 17277974] - sk_buff: fix kabi broken for add new for union (Joe Jin) [Orabug: 14500568] - tcp: fix skb_availroom() (Eric Dumazet) [Orabug: 14500568] - tcp: avoid order-1 allocations on wifi and tx path (Eric Dumazet) [Orabug: 14500568] - tcp: Reallocate headroom if it would overflow csum_start (Thomas Graf) [Orabug: 14500568] - tcp: take care of misalignments (Eric Dumazet) [Orabug: 14500568] - RDS: Reconnect causes panic at completion phase (Bang Nguyen) [Orabug: 17213597] - RDS: added stats to track and display receive side memory usage (Venkat Venkatsubra) [Orabug: 17045536] - RDS: RDS reconnect stalls (Bang Nguyen) [Orabug: 1731355] - ext4: fix race between sync and completed io work (Jeff Moyer) [Orabug: 16908825] - ext4: optimize locking for end_io extent conversion (Theodore Tso) [Orabug: 16908825] - ext4: remove unnecessary call to waitqueue_active() (Theodore Tso) [Orabug: 16908825] - ext4: Use correct locking for ext4_end_io_nolock() (Tao Ma) [Orabug: 16908825] - xen/pci: Track PVHVM PIRQs. (Zhenzhong Duan) [Orabug: 16908825] - ocfs2_prep_new_orphaned_file return ret (Xiaowei.Hu) [Orabug: 16823825] - Revert 'Btrfs: remove ->dirty_inode' (Guangyu Sun) [Orabug: 16841843] - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16750157] - net: fix incorrect credentials passing (Linus Torvalds) [Orabug: 16836975] {CVE-2013-1979} - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16836958] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16836943] {CVE-2013-1860} - ext3: Fix format string issues (Lars-Peter Clausen) [Orabug: 16836934] {CVE-2013-1848} - cnic: dont use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16780307] - Revert 'drm/i915: correctly order the ring init sequence' (Guangyu Sun) [Orabug: 16486689] - x86/boot-image: Dont leak phdrs in arch/x86/boot/compressed/misc.c::Parse_elf() (Jesper Juhl) [Orabug: 16833437] - spec: add /boot/vmlinuz*.hmac needed for fips mode (John Haxby) [Orabug: 16807114] - perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094} - spec: ol6 add multipath version deps (Maxim Uvarov) [Orabug: 16763586] [2.6.39-400.206.0] - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (Hannes Frederic Sowa) [Orabug: 17296421] {CVE-2013-4163} - fib_trie: potential out of bounds access in trie_show_stats() (Jerry Snitselaar) [Orabug: 16840280] - aacraid: update from 1.1-7 to 1.2-0 (Jerry Snitselaar) [Orabug: 17296044] - qlcnic: update from 5.2.29.45 to 5.2.43 (Jerry Snitselaar) [Orabug: 17267102] - net: init perm_addr in register_netdevice() (Jiri Pirko) [Orabug: 17280581] - config: disable THP for OL6 builds (Jerry Snitselaar) [Orabug: 17279055] - ACPI / memhotplug: Fix a stale pointer in error path (Toshi Kani) [Orabug: 17271787] - xhci: Avoid NULL pointer deref when host dies. (Sarah Sharp) [Orabug: 17271780] - xhci: fix null pointer dereference on ring_doorbell_for_active_rings (Oleksij Rempel) [Orabug: 17271777] - SCSI: sd: fix crash when UA received on DIF enabled device (Ewan D. Milne) [Orabug: 17271761] - hrtimers: Move SMP function call to thread context (Thomas Gleixner) [Orabug: 17237808] - lockd: protect nlm_blocked access in nlmsvc_retry_blocked (David Jeffery) [Orabug: 17237800] - SCSI: megaraid_sas: fix memory leak if SGL has zero length entries (Bj?rn Mork) [Orabug: 17237796] - vlan: fix a race in egress prio management (Eric Dumazet) [Orabug: 17237794] - ifb: fix oops when loading the ifb failed (dingtianhong) [Orabug: 17237783] - dummy: fix oops when loading the dummy failed (dingtianhong) [Orabug: 17237779] - ifb: fix rcu_sched self-detected stalls (dingtianhong) [Orabug: 17237770] - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17237766] - ipv6,mcast: always hold idev->lock before mca_lock (Amerigo Wang) [Orabug: 17237756] - af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17237752] {CVE-2013-2234} - perf: Fix perf_lock_task_context() vs RCU (Peter Zijlstra) [Orabug: 17237744] - perf: Remove WARN_ON_ONCE() check in __perf_event_enable() for valid scenario (Jiri Olsa) [Orabug: 17237744] - perf: Clone child context from parent context pmu (Jiri Olsa) [Orabug: 17237744] - tracing: Use current_uid() for critical time tracing (Steven Rostedt (Red Hat)) [Orabug: 17237735] - ext4: fix overflow when counting used blocks on 32-bit architectures (Jan Kara) [Orabug: 17231269] - ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs (Jan Kara) [Orabug: 17231264] - xhci: check for failed dma pool allocation (Mathias Nyman) [Orabug: 17231247] - crypto: sanitize argument for format string (Kees Cook) - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17230700] {CVE-2013-2164} - pch_uart: fix a deadlock when pch_uart as console (Liang Li) [Orabug: 17061700] - UBIFS: fix a horrid bug (Artem Bityutskiy) [Orabug: 17061699] - UBIFS: prepare to fix a horrid bug (Artem Bityutskiy) [Orabug: 17061697] - dlci: validate the net device in dlci_del() (Zefan Li) [Orabug: 17061696] - dlci: acquire rtnl_lock before calling __dev_get_by_name() (Zefan Li) [Orabug: 17061695] - Bluetooth: Fix crash in l2cap_build_cmd() with small MTU (Anderson Lizardo) [Orabug: 17061694] - fnic driver update from 1.5.0.41 to 1.5.0.45 (Maxim Uvarov) [Orabug: 17187644] - mpt3sas: update from v02.100.00.00 to v3.00.00.00 (Sreekanth Reddy) [Orabug: 17249188] - mpt3sas: enable build of mpt3sas driver (Jerry Snitselaar) [Orabug: 17187698] - mpt3sas: Updated driver code to have a compatibility with UEK r2 u5 kernel (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: Bump driver version to v02.100.00.00 (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: when async scanning is enabled then while scanning, devices are removed but their transport layer entries are not removed (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: MPI2.5 Rev F v2.5.1.1 specification (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: Infinite loops can occur if MPI2_IOCSTATUS_CONFIG_INVALID_PAGE is not returned (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: fix for kernel panic when driver loads with HBA conected to non LUN 0 configured expander (Sreekanth Reddy) [Orabug: 1718 7698] - mpt3sas: Updated the Hardware timing requirements (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: 2013 source code copyright (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: dont wank with fasync on ->release() (Al Viro) [Orabug: 17187698] - mpt3sas: remove unused variables (Wei Yongjun) [Orabug: 17187698] - mpt3sas: Remove unneeded version.h header inclusion (Sachin Kamat) [Orabug: 17187698] - mpt3sas: cut and paste bug storing trigger mpi (Dan Carpenter) [Orabug: 17187698] - mpt3sas: add new driver supporting 12GB SAS (Sreekanth Reddy) [Orabug: 17187698] - scsi_transport_sas: add 12GB definitions for mpt3sas (Sreekanth Reddy) [Orabug: 17187698] - miscdevice: Adding support for MPT3SAS_MINOR(222) (Sreekanth Reddy) [Orabug: 17187698] [2.6.39-400.205.0] - xen/time: remove blocked time accounting from xen 'clockchip' (Laszlo Ersek) [Orabug: 17073675] - unix: fix a race condition in unix_release() (Paul Moore) [Orabug: 17209195] - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17215196] {CVE-2013-2232} - block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230067] {CVE-2013-2851} - libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230100] {CVE-2013-1059} - config: add xsigo config options (Ajaykumar Hotchandani) [Orabug: 17248170] - mpt2sas: update from 16.05.01.00 to 17.00.00.00 (Jerry Snitselaar) [Orabug: 17237402] - qla4xxx: Updated driver version to 5.03.00.03.06.02-uek2 (Tej Parkash) [Orabug: 17220575] - libiscsi: Add missing prints for session and connection sysfs attrs (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Export more firmware info in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Only BIOS boot target entries should be at index 0 and 1. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: discovery_parent_idx can be shown without any check. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Set IPv6 traffic class if device type is IPv6. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Use discovery_parent_idx instead of discovery_parent_type (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Allow removal of failed session using logout. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - libiscsi: Added new boot entries in the session sysfs (Eddie Wai) [Orabug: 17220575] - iscsi class, qla4xxx: fix sess/conn refcounting when find fns are used (Mike Christie) [Orabug: 17220575] - qla4xxx: Fix iocb_cnt calculation in qla4xxx_send_mbox_iocb() (Vikas Chaudhary) [Orabug: 17220575] - scsi_transport_iscsi: fix error return code in iscsi_transport_init() (Wei Yongjun) [Orabug: 17220575] - qla4xxx: Assign values using correct datatype (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Fix smatch warnings (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Fix sparse warning for qla4xxx_sysfs_ddb_tgt_create (Vikas Chaudhary) [Orabug: 17220575] - RDS: (Bang Nguyen) [Orabug: 17206167] - neighbour: fix a race in neigh_destroy() (Eric Dumazet) [Orabug: 17230315] - be2net: Updating version number (Sarveshwar Bandi) [Orabug: 17219620] - be2net: Fix to avoid hardware workaround when not needed (Sarveshwar Bandi) [Orabug: 17219620] - net/trivial: replace numeric with standard PM state macros (Yijing Wang) [Orabug: 17219620] - be2net: Fix 32-bit DMA Mask handling (Somnath Kotur) [Orabug: 17219620] - be2net: Implement initiate FW dump feature for Lancer (Somnath Kotur) [Orabug: 17219620] - be2net: Fix crash on 2nd invocation of PCI AER/EEH error_detected hook (Somnath Kotur) [Orabug: 17219620] - be2net: Mark checksum fail for IP fragmented packets (Somnath Kotur) [Orabug: 17219620] - be2net: Trim padded packets for Lancer (Somnath Kotur) [Orabug: 17219620] - be2net: Pad skb to meet min Tx pkt size in lancer (Somnath Kotur) [Orabug: 17219620] - be2net: cleanup be_get_drvinfo() (Somnath Kotur) [Orabug: 17219620] - be2net: refactor HW workarounds in be_xmit() (Sathya Perla) [Orabug: 17219620] - be2net: bug fix on returning an invalid nic descriptor (Wei Yang) [Orabug: 17219620] - be2net: Avoid double insertion of vlan tags. (Sarveshwar Bandi) [Orabug: 17219620] - be2net: disable TX in be_close() (Sathya Perla) [Orabug: 17219620] - be2net: fix EQ from getting full while cleaning RX CQ (Sathya Perla) [Orabug: 17219620] - be2net: fix payload_len value for GET_MAC_LIST cmd req (Sathya Perla) [Orabug: 17219620] - be2net: provision VF resources before enabling SR-IOV (Sathya Perla) [Orabug: 17219620] - be2net: Fix to fail probe if MSI-X enable fails for a VF (Somnath Kotur) [Orabug: 17219620] - be2net: avoid napi_disable() when it has not been enabled (Somnath Kotur) [Orabug: 17219620] - be2net: Fix firmware download for Lancer (Somnath Kotur) [Orabug: 17219620] - be2net: Fix to receive Multicast Packets when Promiscuous mode is enabled on certain devices (Ajit Khaparde) [Orabug: 17219620] - be2net: Fix to show tx priority pause counter in ethtool -S (Ajit Khaparde) [Orabug: 17219620] - be2net: Fix to use 32-bit stats to report rx_drops_no_fragment (Ajit Khaparde) [Orabug: 17219620] - be2net: Fix to use version 2 of cq_create for SkyHawk-R devices (Ajit Khaparde) [Orabug: 17219620] - be2net: FLR must be first cmd issued to Lancer FW (Kalesh AP) [Orabug: 17219620] - be2net: Use GET_FUNCTION_CONFIG V1 cmd (Kalesh AP) [Orabug: 17219620] - be2net: Fix to show wol disabled/enabled state correctly. (Sarveshwar Bandi) [Orabug: 17219620] - be2net: Fixed memory leak (Suresh Reddy) [Orabug: 17219620] - be2net: Avoid diagnostic test in certain versions of firmware to avoid NIC freeze. (Suresh Reddy) [Orabug: 17219620] - be2net: Renamed rx_address_mismatch_errors to rx_address_filtered (Suresh Reddy) [Orabug: 17219620] - be2net: Add support for setting and getting rx flow hash options (Suresh Reddy) [Orabug: 17219620] - be2net: Fix PVID tag offload for packets with inline VLAN tag. (Ajit Khaparde) [Orabug: 17219620] - be2net: fix a Tx stall bug caused by a specific ipv6 packet (Ajit Khaparde) [Orabug: 17219620] - be2net: Remove an incorrect pvid check in Tx (Ajit Khaparde) [Orabug: 17219620] - be2net: enable IOMMU pass through for be2net (Craig Hada) [Orabug: 17219620] - be2net: Use GET_PROFILE_CONFIG V1 cmd for BE3-R (Vasundhara Volam) [Orabug: 17219620] - be2net: Avoid flashing BE3 UFI on BE3-R chip. (Vasundhara Volam) [Orabug: 17219620] - be2net: Dont log 'Out of MCCQ wrbs' error (Vasundhara Volam) [Orabug: 17219620] - be2net: Use TXQ_CREATE_V2 cmd (Vasundhara Volam) [Orabug: 17219620] - be2net: take care of __vlan_put_tag return value (Ivan Vecera) [Orabug: 17219620] - be2net: remove unused variable 'sge' (Ivan Vecera) [Orabug: 17219620] - megaraid: update from 6.505 to 6.600.18.00 (Jerry Snitselaar) [Orabug: 17187623] - xsigo: Kconfig and Makefile updates (Ajaykumar Hotchandani) [Orabug: 17248170] - xsigo: Integrate 7489 release in UEK2 (Ajaykumar Hotchandani) [Orabug: 17248170] - fs writeback: fix race in mark inode dirty.patch (Srinivas Eeda) [Orabug: 17198525] - sxge: Check link state before xmit (Joe Jin) [Orabug: 17201198] - writeback: Fix periodic writeback after fs mount (Srinivas Eeda) [Orabug: 17185874] - spec: use _target_cpu in suffix for devel dir (Jerry Snitselaar) [Orabug: 17181059] - mm: leave hugepage pmd (Guru Anbalagane) [Orabug: 17186750] - Disable THP config (Guru Anbalagane) [Orabug: 17186750] - RDS: Fix a bug in QoS protocol negotiation (Bang Nguyen) [Orabug: 17079972] - RDS: alias failover is not working properly (Bang Nguyen) [Orabug: 17177994] - rdma_cm: CMA_QUERY_HANDLER: BAD STATUS -110 and -22 (Chien-Hua Yen) [Orabug: 16708786] - [RDS] add NETFILTER suppport (Ahmed Abbas) [Orabug: 17082619] [2.6.39-400.204.0] - be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] - xen-netfront: use skb_partial_csum_set() to simplify the codes (Li RongQing) - xen-netfront: split event channels support for Xen frontend driver (Wei Liu) - xen-netfront: avoid leaking resources when setup_netfront fails (Wei Liu) - xen-netfront: reduce gso_max_size to account for max TCP header (Wei Liu) - xen-netfront: frags -> slots in log message (Wei Liu) - xen-netfront: frags -> slots in xennet_get_responses (Wei Liu) - xen-netfront: remove unused variable 'extra' (Wei Liu) - xen/netfront: improve truesize tracking (Ian Campbell) - xen-netfront: remove __dev* attributes (Bill Pemberton) - xen/netfront: handle compound page fragments on transmit (Ian Campbell) - xen-netfront: use __pskb_pull_tail to ensure linear area is big enough on RX (Ian Campbell) - ocfs2: xattr: fix inlined xattr reflink (Junxiao Bi) [Orabug: 15914937] - futex: Revert 'futex: Mark get_robust_list as deprecated' (Thomas Gleixner) [Orabug: 16818441] - xen: do not disable netfront in dom0 (Marek Marczykowski) - xen-netfront: correct MAX_TX_TARGET calculation. (Wei Liu) - xen-netback: xenbus.c: use more current logging styles (Wei Liu) - xen: Use more current logging styles (Joe Perches) - xen-netback: double free on unload (Dan Carpenter) - xen-netback: dont de-reference vif pointer after having called xenvif_put() (Jan Beulich) - xen-netback: split event channels support for Xen backend driver (Wei Liu) - xen-netback: enable user to unload netback module (Wei Liu) - xen-netback: remove dead code (Wei Liu) - xen-netback: better names for thresholds (Wei Liu) - xen-netback: avoid allocating variable size array on stack (Wei Liu) - xen-netback: remove redundent parameter in netbk_count_requests (Wei Liu) [2.6.39-400.203.0] - xen/netback: correctly calculate required slots of skb. (Annie Li) [Orabug: 16934362] - RDS: Local address resolution may be delayed after IP has moved. RDS to update local ARP cache directly to speed it up. (Bang Nguy en) [Orabug: 16979994] - mlx4: fix data corruption in hugetlb_user_mr (Chien Yen) [Orabug: 16772016] - fix compilation blk-core.c with missing rate-limit header (Maxim Uvarov) - block: rate-limit the error message from failing commands (Yi Zou) [Orabug: 15918663] - Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk) - xen/pciback: Fix for backport compilation issues. (Konrad Rzeszutek Wilk) - Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk) - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) - xen-blkback: check the number of iovecs before allocating a bios (Roger Pau Monne) - xen-blkfront: set blk_queue_max_hw_sectors correctly (Roger Pau Monne) - xen-blkback: workaround compiler bug in gcc 4.1 (Roger Pau Monne) - xen/blkback: Check for insane amounts of request on the ring (v6). (Konrad Rzeszutek Wilk) - xen/io/ring.h: new macro to detect whether there are too many requests on the ring (Jan Beulich) - xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140} - xen/blkback: Fix backporting of printk_ratelimit. (Konrad Rzeszutek Wilk) - xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140} - xen/blkback: Use physical sector size for setup (Stefan Bader) - xen-blkback/sysfs: Move the parameters for the persistent grant features (Konrad Rzeszutek Wilk) - xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments. (Konrad Rzeszutek Wilk) - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) - xen-blkback: allocate list of pending reqs in small chunks (Roger Pau Monne) - xen-block: implement indirect descriptors (Roger Pau Monne) - xen-blkback: expand map/unmap functions (Roger Pau Monne) - xen-blkback: make the queue of free requests per backend (Roger Pau Monne) - xen-blkback: move pending handles list from blkbk to pending_req (Roger Pau Monne) - xen-blkback: implement LRU mechanism for persistent grants (Roger Pau Monne) - xen-blkback: use balloon pages for all mappings (Roger Pau Monne) - xen-blkback: print stats about persistent grants (Roger Pau Monne) [2.6.39-400.202.0] - l2tp: Fix sendmsg() return value (Guillaume Nault) - l2tp: Fix PPP header erasure and memory leak (Guillaume Nault) [Orabug: 17030957] - packet: packet_getname_spkt: make sure string is always 0-terminated (Daniel Borkmann) [Orabug: 17030956] - net: sctp: fix NULL pointer dereference in socket destruction (Daniel Borkmann) [Orabug: 17030954] - ip_tunnel: fix kernel panic with icmp_dest_unreach (Eric Dumazet) [Orabug: 17030953] - netlabel: improve domain mapping validation (Paul Moore) [Orabug: 17030951] - ipv6: fix possible crashes in ip6_cork_release() (Eric Dumazet) [Orabug: 17030950] - tcp: fix tcp_md5_hash_skb_data() (Eric Dumazet) [Orabug: 17030948] - fmr: D-NFS/RDM (FMR) patches for OFED (abhishek varshney) [Orabug: 16966484] - lpfc: Update lpfc version for 8.3.7.10.7p driver release (James Smart) [Orabug: 17026768] - lpfc: Fix starting reference tag when calculating BG error (James Smart) [Orabug: 17026768] - lpfc: Fix BlockGuard error checking (James Smart) [Orabug: 17026768] - tg3: update from broadcom version 3.129d to 3.131d (Jerry Snitselaar) [Orabug: 17024939] - mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer (Aneesh Kumar K.V) [Orabug: 17025306] - mac80211: close AP_VLAN interfaces before unregistering all (Johannes Berg) [Orabug: 17025303] - batman-adv: Only write requested number of byte to user buffer (Sven Eckelmann) [Orabug: 17025019] - x25: Validate incoming call user data lengths (Matthew Daley) [Orabug: 17025021] - aoe: reserve enough headroom on skbs (Eric Dumazet) [Orabug: 17025018] - perf,x86: fix kernel crash with PEBS/BTS after suspend/resume (Stephane Eranian) [Orabug: 17024915] - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17024912] {CVE-2013-2634} - e1000e driver update from 2.3.2 to 2.4.14 (Maxim Uvarov) Merge Intel drivers update. - ixgbe driver update from 3.14.5 to 3.15.1 (Maxim Uvarov) Merge Intel drivers update. - igbvf driver update from 2.0.4 to 2.3.2 (Maxim Uvarov) Merge Intel drivers update. - igb driver update from 4.1.2 to 4.3.0 (Maxim Uvarov) Merge Intel drivers update. - spec: change version to 400.200.0 for ol5 (Maxim Uvarov) - RDS: restore two-sided reconnect with the lower IP node having a constant 100 ms backoff. (Bang Nguyen) [Orabug: 16710287] - scsi_prep_fn() check for empty queue (Maxim Uvarov) [Orabug: 17015328] - x86: Fix typo in kexec register clearing (Kees Cook) [Orabug: 16992876] - mm: migration: add migrate_entry_wait_huge() (Naoya Horiguchi) [Orabug: 16992874] - swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [Orabug: 16992871] - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 16992869] {CVE-2013-2852} - nohz: Fix update_ts_time_stat idle accounting (Michal Hocko) [Orabug: 16985182] - tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 16963984] - drm: fix a use-after-free when GPU acceleration disabled (Huacai Chen) [Orabug: 16963983] - cifs: fix potential buffer overrun when composing a new options string (Jeff Layton) [Orabug: 16963818] - drivers/block/brd.c: fix brd_lookup_page() race (Brian Behlendorf) [Orabug: 16963816] - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (Xiao Guangrong) [Orabug: 16963814] - klist: del waiter from klist_remove_waiters before wakeup waitting process (wang, biao) [Orabug: 16963813] - ocfs2: goto out_unlock if ocfs2_get_clusters_nocache() failed in ocfs2_fiemap() (Joseph Qi) [Orabug: 16963812] - fat: fix possible overflow for fat_clusters (OGAWA Hirofumi) [Orabug: 16963811] - cifs: only set ops for inodes in I_NEW state (Jeff Layton) [Orabug: 16963810] - usermodehelper: check subprocess_info->path != NULL (Oleg Nesterov) [Orabug: 16909862] - ipv6: do not clear pinet6 field (Eric Dumazet) [Orabug: 16909856] - macvlan: fix passthru mode race between dev removal and rx path (Jiri Pirko) [Orabug: 16909854] - bridge: fix race with topology change timer (stephen hemminger) [Orabug: 16909638] - tick: Cleanup NOHZ per cpu data on cpu down (Thomas Gleixner) [Orabug: 16909637] - timer: Dont reinitialize the cpu base lock during CPU_UP_PREPARE (Tirupathi Reddy) [Orabug: 16909635] - x86/mm: account for PGDIR_SIZE alignment (Jerry Hoemann) [Orabug: 16903170] - kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() (Chen Gang) [Orabug: 16903120] - clockevents: Set dummy handler on CPU_DEAD shutdown (Thomas Gleixner) [Orabug: 16902369] - cgroup: fix an off-by-one bug which may trigger BUG_ON() (Li Zefan) [Orabug: 16902267] - hrtimer: Add expiry time overflow check in hrtimer_interrupt (Prarit Bhargava) [Orabug: 16902194] - hrtimer: Fix ktime_add_ns() overflow on 32bit architectures (David Engraf) [Orabug: 16902186] - fs/fscache/stats.c: fix memory leak (Anurup m) [Orabug: 16901677] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 16888256] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 16888251] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 16888219] {CVE-2013-3222} - net: sctp: sctp_auth_key_put: use kzfree instead of kfree (Daniel Borkmann) [Orabug: 16888213] - Btrfs: make sure nbytes are right after log replay (Josef Bacik) [Orabug: 16864338] - Revert 'sysfs: fix race between readdir and lseek' (Jiri Kosina) [Orabug: 16858013] - crypto: algif - suppress sending source address information in recvmsg (Mathias Krause) [Orabug: 16864292] - sched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s (Tejun Heo) [Orabug: 16864274] - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 16864214] - Revert '8021q: fix a potential use-after-free' (Greg Kroah-Hartman) [Orabug: 16858417] - hrtimer: Dont reinitialize a cpu_base lock on CPU_UP (Michael Bohan) [Orabug: 16864124] - PM / reboot: call syscore_shutdown() after disable_nonboot_cpus() (Huacai Chen) [Orabug: 16863936] - tracing: Fix double free when function profile init failed (Namhyung Kim) [Orabug: 16863887] - mm: prevent mmap_cache race in find_vma() (Jan Stancek) [Orabug: 16863788] - block: avoid using uninitialized value in from queue_var_store (Arnd Bergmann) [Orabug: 16863776] - bonding: get netdev_rx_handler_unregister out of locks (Veaceslav Falico) [Orabug: 16863608] - net: add a synchronize_net() in netdev_rx_handler_unregister() (Eric Dumazet) [Orabug: 16863608] - 8021q: fix a potential use-after-free (Cong Wang) [Orabug: 16858417] - efivars: Handle duplicate names from get_next_variable() (Matt Fleming) [Orabug: 16858386] - efivars: explicitly calculate length of VariableName (Matt Fleming) [Orabug: 16858386] - loop: prevent bdev freeing while device in use (Anatol Pomozov) [Orabug: 16858270] - Btrfs: limit the global reserve to 512mb (Josef Bacik) [Orabug: 16858090] - sysfs: handle failure path correctly for readdir() (Ming Lei) [Orabug: 16858013] - sysfs: fix race between readdir and lseek (Ming Lei) [Orabug: 16858013] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2140 CVE-2012-6549 CVE-2013-1772 CVE-2013-2234 CVE-2013-3076 CVE-2013-4163 CVE-2013-2164 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.33.2] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17618900] {CVE-2013-4299} - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17618897] {CVE-2013-4162} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4162 CVE-2013-4299 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.209.2] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17618492] {CVE-2013-4299} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4299 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 kernel-uek [3.8.13-16.1.1.el6uek] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17617582] {CVE-2013-4299} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4299 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 [3.8.13-16.2.2.el6uek] - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0343 CVE-2013-4387 CVE-2013-4592 CVE-2013-2892 CVE-2013-4345 CVE-2013-2889 CVE-2013-2888 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.211.2] - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17842208] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17842129] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17842105] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17842095] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17842084] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Jerry Snitselaar) [Orabug: 17842075] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17842072] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17842063] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17842056] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17842050] {CVE-2013-4387} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1928 CVE-2013-3231 CVE-2012-6545 CVE-2013-2892 CVE-2013-2889 CVE-2013-2888 CVE-2013-4592 CVE-2013-4345 CVE-2013-0343 CVE-2013-4387 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.33.3uek] - af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17837974] {CVE-2013-2234} - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17837971] {CVE-2013-2164} - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17837966] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17837959] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17838023] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17837945] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17837942] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17837936] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17837936] - NFSv4: Check for buffer length in __nfs4_get_acl_uncached (Sven Wegener) [Orabug: 17837931] {CVE-2013-4591} - ansi_cprng: Fix off by one error in non-block size request (Neil Horman) [Orabug: 17837999] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17837925] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17837923] {CVE-2013-0343} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2234 CVE-2013-1928 CVE-2013-2892 CVE-2013-2889 CVE-2013-4345 CVE-2013-3231 CVE-2013-2164 CVE-2012-6545 CVE-2013-4591 CVE-2013-2888 CVE-2013-0343 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 kernel-uek [3.8.13-16.2.3.el6uek] - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951080] {CVE-2013-4470} - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (Gleb Natapov) [Orabug: 17951067] {CVE-2013-6376} - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (Andy Honig) [Orabug: 17951071] {CVE-2013-6368} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4470 CVE-2013-6368 CVE-2013-6376 CVE-2013-6367 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.211.3] - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951806] {CVE-2013-4470} - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951818] {CVE-2013-4470} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951705] {CVE-2013-6367} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6367 CVE-2013-4470 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.33.4uek] - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 17951083] {CVE-2013-2141} - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4470 CVE-2013-2141 CVE-2013-6367 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.0.1e-16.4] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-16.3] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-16.2] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-6449 CVE-2013-6450 CVE-2013-4353 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [1.4.5-3] - cve-2013-6462.patch: sscanf overflow (bug 1049684) - sscanf-hardening.patch: Some other sscanf hardening fixes (1049684) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-6462 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base Oracle Linux 6 [1.7.0.51-2.4.4.1.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.51-2.4.4.1.el6] - restored java7 provides - bumped release (builds exists) - Resolves: rhbz#1050935 [1.7.0.51-2.4.4.0.el6] - updated to security icedtea 2.4.4 - icedtea_version set to 2.4.4 - updatever bumped to 51 - release reset to 0 - sync with fedora - added and applied patch411 1029588.patch (rh 1029588) - added aand applied patch410, 1015432 (rh 1015432) - Resolves: rhbz#1050935 CRITICAL Copyright 2014 Oracle, Inc. CVE-2013-5878 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0423 CVE-2014-0428 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2014-0368 CVE-2013-5884 CVE-2013-5910 CVE-2014-0373 CVE-2014-0422 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [32:9.8.2-0.23.rc1.1] - Fix CVE-2014-0591 [32:9.8.2-0.23.rc1] - Fix gssapictx memory leak (#911167) [32:9.8.2-0.22.rc1] - fix CVE-2013-4854 [32:9.8.2-0.21.rc1] - fix CVE-2013-2266 - ship dns/rrl.h in -devel subpkg [32:9.8.2-0.20.rc1] - remove one bogus file from /usr/share/doc, introduced by RRL patch [32:9.8.2-0.19.rc1] - fix CVE-2012-5689 [32:9.8.2-0.18.rc1] - add response rate limit patch (#873624) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0591 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.0.0-5.1] - Fix CVE-2013-6412, incorrect permissions under strict umask (RHBZ#1036079) MODERATE Copyright 2014 Oracle, Inc. CVE-2013-6412 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [1:1.6.0.1-3.1.13.0] - updated to icedtea 1.13.1 - http://blog.fuseyism.com/index.php/2014/01/23/security-icedtea-1-12-8-1-13-1-for-openjdk-6-released/ - updated to jdk6, b30, 21_jan_2014 - https://openjdk6.java.net/OpenJDK6-B30-Changes.html - adapted patch7 1.13_fixes.patch - pre 2011 changelog moved to (till now wrong) pre-2009-spec-changelog (rh1043611) - added --disable-system-lcms to configure options to pass build - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#1050190 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-5884 CVE-2013-5896 CVE-2014-0368 CVE-2014-0373 CVE-2014-0411 CVE-2014-0416 CVE-2014-0423 CVE-2014-0428 CVE-2013-5878 CVE-2013-5907 CVE-2013-5910 CVE-2014-0376 CVE-2014-0422 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0.10.2-29.0.1.el6_5.3] - Replace docs/et.png in tarball with blank image [0.10.2-29.el6_5.3] - qemu: Avoid operations on NULL monitor if VM fails early (rhbz#1055578) - qemu: Do not access stale data in virDomainBlockStats (CVE-2013-6458) - qemu: Avoid using stale data in virDomainGetBlockInfo (CVE-2013-6458) - qemu: Fix job usage in qemuDomainBlockJobImpl (CVE-2013-6458) - qemu: Fix job usage in qemuDomainBlockCopy (rhbz#1054804) - qemu: Fix job usage in virDomainGetBlockIoTune (CVE-2013-6458) - Don't crash if a connection closes early (CVE-2014-1447) - Really don't crash if a connection closes early (CVE-2014-1447) MODERATE Copyright 2014 Oracle, Inc. CVE-2013-6458 CVE-2014-1447 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.4.23-34.1] - fix: segfault on certain queries with rwm overlay (#1058250) [2.4.23-34] - fix: deadlock during SSL_ForceHandshake (#996373) + revert nss-handshake-threadsafe.patch MODERATE Copyright 2014 Oracle, Inc. CVE-2013-4449 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.26.0-6.3] - Fix add-permission-check.patch to update all rsvg_pixbuf_new_from_href() callers [2.26.0-6.1] - Fix build by linking in -lm - io: Implement strict network policy (CVE-2013-1881) Resolves: #1049155 [2.26.0-6] - Store node type separately in RsvgNode (CVE-2011-3146) Resolves: #735267 MODERATE Copyright 2014 Oracle, Inc. CVE-2013-1881 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [24.3.0-2.0.1.el6_5] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.3.0-2] - Update to 24.3.0 ESR Build 2 [24.3.0-1] - Update to 24.3.0 ESR CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1487 CVE-2014-1477 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [24.3.0-2.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Make sure build with nspr-devel >= 4.10.0 [24.3.0-2] - Update to 24.3.0 ESR Build 2 [24.3.0-1] - Update to 24.3.0 [24.2.0-2] - Fixed requested nspr/nss versions IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1486 CVE-2014-1487 CVE-2014-1481 CVE-2014-1482 CVE-2014-1477 CVE-2014-1479 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.7.9-27.el6] - Fix regression in CVE-2013-6483. [2.7.9-26.el6] - Fix patch for CVE-2012-6152 (RH bug #1058242). [2.7.9-25.el6] - Add patch for CVE-2014-0020 (RH bug #1058242). [2.7.9-24.el6] - Add patch for CVE-2013-6490 (RH bug #1058242). [2.7.9-23.el6] - Add patch for CVE-2013-6489 (RH bug #1058242). [2.7.9-22.el6] - Add patch for CVE-2013-6487 (RH bug #1058242). [2.7.9-21.el6] - Add patch for CVE-2013-6477 (RH bug #1058242). [2.7.9-20.el6] - Add patch for CVE-2013-6485 (RH bug #1058242). [2.7.9-19.el6] - Add patch for CVE-2013-6484 (RH bug #1058242). [2.7.9-18.el6] - Add patch for CVE-2013-6483 (RH bug #1058242). [2.7.9-17.el6] - Add patch for CVE-2013-6482 (RH bug #1058242). [2.7.9-16.el6] - Add patch for CVE-2013-6481 (RH bug #1058242). [2.7.9-15.el6] - Add patch for CVE-2013-6479 (RH bug #1058242). [2.7.9-14.el6] - Turns out the previous patch is actually for CVE-2013-6478. [2.7.9-13.el6] - Add patch for CVE-2013-6477 (RH bug #1058242). [2.7.9-12.el6] - Add patch for CVE-2012-6152 (RH bug #1058242). MODERATE Copyright 2014 Oracle, Inc. CVE-2013-6482 CVE-2013-6489 CVE-2013-6490 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6484 CVE-2013-6487 CVE-2012-6152 CVE-2013-6477 CVE-2014-0020 CVE-2013-6483 CVE-2013-6485 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.12-1.11] - Add --trust-server-names option to fix CVE-2010-2252 (#833831) [1.12-1.10] - Build wget again with partial RELRO. LDFLAGS changed due to openssl rebase. [1.12-1.9] - Fix wget to recognize certificates with alternative names (#1060113) LOW Copyright 2014 Oracle, Inc. CVE-2010-2252 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.6.32-431.5.1] - [net] sctp: fix checksum marking for outgoing packets (Daniel Borkmann) [1046041 1040385] - [kernel] ptrace: Cleanup useless header (Aaron Tomlin) [1046043 1036312] - [kernel] ptrace: kill BKL in ptrace syscall (Aaron Tomlin) [1046043 1036312] - [fs] nfs: Prevent a 3-way deadlock between layoutreturn, open and state recovery (Steve Dickson) [1045094 1034487] - [fs] nfs: Ensure that rmdir() waits for sillyrenames to complete (Steve Dickson) [1051395 1034348] - [fs] nfs: wait on recovery for async session errors (Steve Dickson) [1051393 1030049] - [fs] nfs: Re-use exit code in nfs4_async_handle_error() (Steve Dickson) [1051393 1030049] - [fs] nfs: Update list of irrecoverable errors on DELEGRETURN (Steve Dickson) [1051393 1030049] - [exec] ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039486 1039487] {CVE-2013-2929} - [net] ipv6: router reachability probing (Jiri Benc) [1043779 1029585] - [net] ipv6: remove the unnecessary statement in find_match() (Jiri Benc) [1043779 1029585] - [net] ipv6: fix route selection if kernel is not compiled with CONFIG_IPV6_ROUTER_PREF (Jiri Benc) [1043779 1029585] - [net] ipv6: Fix default route failover when CONFIG_IPV6_ROUTER_PREF=n (Jiri Benc) [1043779 1029585] - [net] ipv6: probe routes asynchronous in rt6_probe (Jiri Benc) [1040826 1030094] - [net] ndisc: Update neigh->updated with write lock (Jiri Benc) [1040826 1030094] - [net] ipv6: prevent fib6_run_gc() contention (Jiri Benc) [1040826 1030094] - [net] netfilter: push reasm skb through instead of original frag skbs (Jiri Pirko) [1049590 1011214] - [net] ip6_output: fragment outgoing reassembled skb properly (Jiri Pirko) [1049590 1011214] - [net] netfilter: nf_conntrack_ipv6: improve fragmentation handling (Jiri Pirko) [1049590 1011214] - [net] ipv4: fix path MTU discovery with connection tracking (Jiri Pirko) [1049590 1011214] - [net] ipv6: Make IP6CB(skb)->nhoff 16-bit (Jiri Pirko) [1049590 1011214] - [edac] Add error decoding support for AMD Fam16h processors (Prarit Bhargava) [1051394 1020290] - [netdrv] bnx2x: correct VF-PF channel locking scheme (Michal Schmidt) [1040498 1029203] - [netdrv] bnx2x: handle known but unsupported VF messages (Michal Schmidt) [1040498 1029203] - [netdrv] bnx2x: Lock DMAE when used by statistic flow (Michal Schmidt) [1040497 1029200] - [net] ipv6: fix leaking uninitialized port number of offender sockaddr (Florian Westphal) [1035882 1035883] {CVE-2013-6405} - [net] inet: fix addr_len/msg->msg_namelen assignment in recv_error functions (Florian Westphal) [1035882 1035883] {CVE-2013-6405} - [net] inet: prevent leakage of uninitialized memory to user in recv syscalls (Florian Westphal) [1035882 1035883] {CVE-2013-6405} - [net] ipvs: Add boundary check on ioctl arguments (Denys Vlasenko) [1030817 1030818] {CVE-2013-4588} - [s390] qeth: avoid buffer overflow in snmp ioctl (Hendrik Brueckner) [1038935 1034266] - [md] fix calculation of stacking limits on level change (Jes Sorensen) [1035347 1026864] - [ata] ahci: fix turning on LEDs in ahci_start_port() (David Milburn) [1035339 1017105] - [ata] libata: implement cross-port EH exclusion (David Milburn) [1035339 1017105] - [ata] libata add ap to ata_wait_register and intro ata_msleep (David Milburn) [1035339 1017105] - [netdrv] igb: Update link modes display in ethtool (Stefan Assmann) [1032389 1019578] [2.6.32-431.4.1] - [powerpc] signals: Improved mark VSX not saved with small contexts fix (Seth Jennings) [1044566 1044117] - [powerpc] signals: Mark VSX not saved with small contexts (Seth Jennings) [1044566 1044117] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-7265 CVE-2013-6381 CVE-2013-2929 CVE-2013-7263 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [5.1.73-3] - Fixes for CVE-2014-0001 Resolves: #1055880 [5.1.73-2] - Make mysqld init script more robust and ignore existing but non-being-used unix socket file Resolves: #1058719 [5.1.73-1] - Update to MySQL 5.1.73, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html (CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, CVE-2014-0393, CVE-2014-0386, CVE-2014-0401, CVE-2014-0402) Resolves: #1055880 MODERATE Copyright 2014 Oracle, Inc. CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0001 CVE-2014-0402 CVE-2014-0412 CVE-2014-0437 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [2.6.32-27.2] - Resolves: rhbz#1050337 (CVE-2013-6466 refix for delete/notify code) [2.6.32-27.1] - Resolves: rhbz#1050337 (CVE-2013-6466) MODERATE Copyright 2014 Oracle, Inc. CVE-2013-6466 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [8.4.20-1] - Update to PostgreSQL 8.4.20 (#1065843) for fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-19.html http://www.postgresql.org/docs/8.4/static/release-8-4-20.html IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0063 CVE-2014-0064 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0065 CVE-2014-0066 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base Oracle Linux 6 [3.9.4-10] - Resolves: #1063464. Several CVEs for libtiff MODERATE Copyright 2014 Oracle, Inc. CVE-2010-2596 CVE-2013-1961 CVE-2013-4231 CVE-2013-1960 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6:8:base Oracle Linux 6 [2.8.5-13] - fix CVE-2014-0092 (#1069890) [2.8.5-12] - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch (#966754) [2.8.5-11] - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0092 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [1.6.11-10] - add security fixes for CVE-2013-1968, CVE-2013-2112, CVE-2014-0032 MODERATE Copyright 2014 Oracle, Inc. CVE-2013-2112 CVE-2014-0032 CVE-2013-1968 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base Oracle Linux 6 [1.2.11.15-32] - Resolves: bug 1074847 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [rhel-6.5.z] (Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0132 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.0.1-7.el6_5] - Make sure doc subpackage is noarch [1.0.1-6.el6_5] - Put devel-docs in a separate package (related: rhbz#1070145) . [1.0.1-5.el6_5] - Related: rhbz#1070145. IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0004 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [5:1.5.20-4.20091214hg736b6a] - Resolves: #1075872 (CVE-2014-0467, heap-based buffer overflow when parsing certain headers) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0467 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [24.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.4.0-1] - Update to 24.4.0 ESR [24.3.0-4] - Fixed rhbz#1070467 - Enable Add Ons by default in Firefox [24.3.0-3] - Fixed rhbz#1054832 - Firefox does not support Camellia cipher CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1505 CVE-2014-1510 CVE-2014-1514 CVE-2014-1493 CVE-2014-1497 CVE-2014-1508 CVE-2014-1509 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [24.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [24.4.0-1] - Update to 24.4.0 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1509 CVE-2014-1511 CVE-2014-1514 CVE-2014-1508 CVE-2014-1510 CVE-2014-1512 CVE-2014-1513 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1:5.5-49.0.1.el6_5.1] - snmptrapd: Fix crash due to access of freed memory (John Haxby) [orabug 14404682] [1:5.5-49.1] - added 'diskio' option to snmpd.conf, it's possible to monitor only selected devices in diskIOTable (#990674) - fixed CVE-2014-2284: denial of service flaw in Linux implementation of ICMP-MIB (#1073222) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-2284 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.6.32-431.11.2] - [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101} - [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055} [2.6.32-431.11.1] - [net] netpoll: take rcu_read_lock_bh() in netpoll_send_skb_on_dev() (Florian Westphal) [1063271 1049052] - [fs] cifs: sanity check length of data to send before sending (Sachin Prabhu) [1065668 1062590] {CVE-2014-0069} - [fs] cifs: ensure that uncached writes handle unmapped areas correctly (Sachin Prabhu) [1065668 1062590] {CVE-2014-0069} - [infiniband] ipoib: Report operstate consistently when brought up without a link (Michal Schmidt) [1064464 995300] - [security] selinux: fix broken peer recv check (Paul Moore) [1059991 1043051] - [fs] GFS2: Fix slab memory leak in gfs2_bufdata (Robert S Peterson) [1064913 1024024] - [fs] GFS2: Fix use-after-free race when calling gfs2_remove_from_ail (Robert S Peterson) [1064913 1024024] - [fs] nfs: always make sure page is up-to-date before extending a write to cover the entire page (Scott Mayhew) [1066942 1054493] - [fs] xfs: ensure we capture IO errors correctly (Lachlan McIlroy) [1058418 1021325] - [mm] get rid of unnecessary pageblock scanning in setup_zone_migrate_reserve (Motohiro Kosaki) [1062113 1043353] - [security] selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute() (Paul Moore) [1055364 1024631] - [security] selinux: look for IPsec labels on both inbound and outbound packets (Paul Moore) [1055364 1024631] - [security] selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute() (Paul Moore) [1055364 1024631] - [security] selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output() (Paul Moore) [1055364 1024631] - [edac] e752x_edac: Fix pci_dev usage count (Aristeu Rozanski) [1058420 1029530] - [s390] mm: handle asce-type exceptions as normal page fault (Hendrik Brueckner) [1057164 1034268] - [s390] mm: correct tlb flush on page table upgrade (Hendrik Brueckner) [1057165 1034269] - [net] fix memory information leaks in recv protocol handlers (Florian Westphal) [1039868 1039869] - [usb] cdc-wdm: fix buffer overflow (Alexander Gordeev) [922000 922001] {CVE-2013-1860} - [usb] cdc-wdm: Fix race between autosuspend and reading from the device (Alexander Gordeev) [922000 922001] {CVE-2013-1860} [2.6.32-431.10.1] - [fs] xfs: xfs_remove deadlocks due to inverted AGF vs AGI lock ordering (Brian Foster) [1067775 1059334] - [x86] apic: Map the local apic when parsing the MP table (Prarit Bhargava) [1063507 1061873] [2.6.32-431.9.1] - [netdrv] bonding: add NETIF_F_NO_CSUM vlan_features (Ivan Vecera) [1063199 1059777] [2.6.32-431.8.1] - [netdrv] enic: remove enic->vlan_group check (Stefan Assmann) [1064115 1057704] [2.6.32-431.7.1] - [char] n_tty: Fix unsafe update of available buffer space (Jiri Benc) [1060491 980188] - [char] n_tty: Fix stuck throttled driver (Jiri Benc) [1060491 980188] - [char] tty: Add safe tty throttle/unthrottle functions (Jiri Benc) [1060491 980188] - [char] tty: note race we need to fix (Jiri Benc) [1060491 980188] [2.6.32-431.6.1] - [mm] memcg: fix oom schedule_timeout() (Ulrich Obergfell) [1054072 1034237] - [mm] memcg: change memcg_oom_mutex to spinlock (Ulrich Obergfell) [1054072 1034237] - [mm] memcg: fix hierarchical oom locking (Ulrich Obergfell) [1054072 1034237] - [mm] memcg: make oom_lock 0 and 1 based rather than counter (Ulrich Obergfell) [1054072 1034237] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-1860 CVE-2014-0055 CVE-2014-0069 CVE-2014-0101 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [3.6.9-168] - resolves: #1073905 - Fix CVE-2012-6150. - resolves: #1073905 - Fix CVE-2013-4496. MODERATE Copyright 2014 Oracle, Inc. CVE-2012-6150 CVE-2013-4496 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.8.10-7.0.1.el6] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.8.10-7] - security patches - Resolves: CVE-2013-6337 [1.8.10-6] - security patches - Resolves: CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 [1.8.10-5] - security patches - Resolves: CVE-2013-6336 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7114 MODERATE Copyright 2014 Oracle, Inc. CVE-2013-6339 CVE-2013-6337 CVE-2013-7112 CVE-2013-6336 CVE-2013-6338 CVE-2013-6340 CVE-2013-7114 CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [0:2.7.0-9.9] - Add patch to fix remote code execution vulnerability - Resolves: CVE-2014-0107 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0107 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.2.15-30.0.1.el6_5] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-30] - mod_dav: add security fix for CVE-2013-6438 (#1078174) - mod_log_config: add security fix for CVE-2014-0098 (#1078174) MODERATE Copyright 2014 Oracle, Inc. CVE-2013-6438 CVE-2014-0098 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.0.1e-16.7] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0160 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [4.0.0-61.rc4] - resolves: #1073913 - Fix CVE-2012-6150. - resolves: #1073913 - Fix CVE-2013-4496. - resolves: #1073913 - Fix CVE-2013-6442. MODERATE Copyright 2014 Oracle, Inc. CVE-2012-6150 CVE-2013-4496 CVE-2013-6442 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.7.0.51-2.4.7.1.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.51-2.4.7.1.el6] - regenerated sources to fix TCK failure - Resolves: rhbz#1085002 [1.7.0.51-2.4.7.0.el6] - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - removed BuildRequires on pulseaudio >= 0.9.1, devel is enough - removed Requires: rhino, BuildRequires is enough - added JRE_RELEASE_VERSION and ALT_PARALLEL_COMPILE_JOBS - fixed FT2_CFLAGS and FT2_LIBS - ppc64 repalced by power64 macro - patch111 applied as dry-run (6.5 forward port) - Resolves: rhbz#1085002 CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-0456 CVE-2014-0458 CVE-2014-2397 CVE-2014-2403 CVE-2014-0429 CVE-2014-0451 CVE-2014-1876 CVE-2014-2402 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-0446 CVE-2014-0452 CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 CVE-2014-0459 CVE-2014-0460 CVE-2014-2413 CVE-2014-2423 CVE-2014-0453 CVE-2014-0461 CVE-2014-2398 CVE-2014-2427 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [1:1.6.0.1-5.1.13.3] - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15_apr_2014 - renmoved upstreamed patch7, 1.13_fixes.patch - Resolves: rhbz#1085009 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0451 CVE-2014-0453 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2423 CVE-2014-2427 CVE-2014-0429 CVE-2014-0446 CVE-2014-2397 CVE-2014-0456 CVE-2014-2414 CVE-2014-2421 CVE-2014-0452 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0.12.1.2-2.415.el6_5.8] - kvm-virtio-net-fix-guest-triggerable-buffer-overrun.patch [bz#1078605 bz#1078849] - kvm-qcow2-Check-backing_file_offset-CVE-2014-0144.patch [bz#1079452 bz#1079453] - kvm-qcow2-Check-refcount-table-size-CVE-2014-0144.patch [bz#1079452 bz#1079453] - kvm-qcow2-Validate-refcount-table-offset.patch [bz#1079518 bz#1086678] - kvm-qcow2-Validate-snapshot-table-offset-size-CVE-2014-0.patch [bz#1079452 bz#1079453] - kvm-qcow2-Validate-active-L1-table-offset-and-size-CVE-2.patch [bz#1079452 bz#1079453] - kvm-qcow2-Fix-backing-file-name-length-check.patch [bz#1079518 bz#1086678] - kvm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_refc.patch [bz#1079337 bz#1079338] - kvm-qcow2-Avoid-integer-overflow-in-get_refcount-CVE-201.patch [bz#1079318 bz#1079319] - kvm-qcow2-Check-new-refcount-table-size-on-growth.patch [bz#1079518 bz#1086678] - kvm-qcow2-Fix-types-in-qcow2_alloc_clusters-and-alloc_cl.patch [bz#1079518 bz#1086678] - kvm-qcow2-Protect-against-some-integer-overflows-in-bdrv.patch [bz#1079518 bz#1086678] - kvm-qcow2-Catch-some-L1-table-index-overflows.patch [bz#1079518 bz#1086678] - kvm-qcow2-Fix-new-L1-table-size-check-CVE-2014-0143.patch [bz#1079318 bz#1079319] - kvm-qcow2-Fix-NULL-dereference-in-qcow2_open-error-path-.patch [bz#1079330 bz#1079331] - kvm-qcow2-Limit-snapshot-table-size.patch [bz#1079518 bz#1086678] - kvm-block-cloop-validate-block_size-header-field-CVE-201.patch [bz#1079452 bz#1079453] - kvm-block-cloop-prevent-offsets_size-integer-overflow-CV.patch [bz#1079318 bz#1079319] - kvm-block-cloop-refuse-images-with-huge-offsets-arrays-C.patch [bz#1079452 bz#1079453] - kvm-block-cloop-Fix-coding-style.patch [bz#1079518 bz#1086678] - kvm-cloop-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678] - kvm-block-cloop-refuse-images-with-bogus-offsets-CVE-201.patch [bz#1079452 bz#1079453] - kvm-block-cloop-Use-g_free-instead-of-free.patch [bz#1079518 bz#1086678] - kvm-block-cloop-fix-offsets-size-off-by-one.patch [bz#1079518 bz#1086678] - kvm-bochs-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678] - kvm-bochs-Unify-header-structs-and-make-them-QEMU_PACKED.patch [bz#1079518 bz#1086678] - kvm-bochs-Use-unsigned-variables-for-offsets-and-sizes-C.patch [bz#1079337 bz#1079338] - kvm-bochs-Check-catalog_size-header-field-CVE-2014-0143.patch [bz#1079318 bz#1079319] - kvm-bochs-Check-extent_size-header-field-CVE-2014-0142.patch [bz#1079313 bz#1079314] - kvm-bochs-Fix-bitmap-offset-calculation.patch [bz#1079518 bz#1086678] - kvm-vpc-vhd-add-bounds-check-for-max_table_entries-and-b.patch [bz#1079452 bz#1079453] - kvm-vpc-Validate-block-size-CVE-2014-0142.patch [bz#1079313 bz#1079314] - kvm-vdi-add-bounds-checks-for-blocks_in_image-and-disk_s.patch [bz#1079452 bz#1079453] - kvm-vhdx-Bounds-checking-for-block_size-and-logical_sect.patch [bz#1079343 bz#1079344] - kvm-curl-check-data-size-before-memcpy-to-local-buffer.-.patch [bz#1079452 bz#1079453] - kvm-dmg-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678] - kvm-dmg-coding-style-and-indentation-cleanup.patch [bz#1079518 bz#1086678] - kvm-dmg-prevent-out-of-bounds-array-access-on-terminator.patch [bz#1079518 bz#1086678] - kvm-dmg-drop-broken-bdrv_pread-loop.patch [bz#1079518 bz#1086678] - kvm-dmg-use-appropriate-types-when-reading-chunks.patch [bz#1079518 bz#1086678] - kvm-dmg-sanitize-chunk-length-and-sectorcount-CVE-2014-0.patch [bz#1079323 bz#1079324] - kvm-dmg-use-uint64_t-consistently-for-sectors-and-length.patch [bz#1079518 bz#1086678] - kvm-dmg-prevent-chunk-buffer-overflow-CVE-2014-0145.patch [bz#1079323 bz#1079324] - kvm-block-Limit-request-size-CVE-2014-0143.patch [bz#1079318 bz#1079319] - kvm-parallels-Fix-catalog-size-integer-overflow-CVE-2014.patch [bz#1079318 bz#1079319] - kvm-parallels-Sanity-check-for-s-tracks-CVE-2014-0142.patch [bz#1079313 bz#1079314] - kvm-bochs-Fix-memory-leak-in-bochs_open-error-path.patch [bz#1079518 bz#1086678] - kvm-bochs-Fix-catalog-size-check.patch [bz#1079518 bz#1086678] - Resolves: bz#1078849 (EMBARGOED CVE-2014-0150 qemu-kvm: qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function [rhel-6.5.z]) - Resolves: bz#1079313 (CVE-2014-0142 qemu-kvm: qemu: crash by possible division by zero [rhel-6.5.z]) - Resolves: bz#1079318 (CVE-2014-0143 qemu-kvm: Qemu: block: multiple integer overflow flaws [rhel-6.5.z]) - Resolves: bz#1079323 (CVE-2014-0145 qemu-kvm: Qemu: prevent possible buffer overflows [rhel-6.5.z]) - Resolves: bz#1079330 (CVE-2014-0146 qemu-kvm: Qemu: qcow2: NULL dereference in qcow2_open() error path [rhel-6.5.z]) - Resolves: bz#1079337 (CVE-2014-0147 qemu-kvm: Qemu: block: possible crash due signed types or logic error [rhel-6.5.z]) - Resolves: bz#1079343 (CVE-2014-0148 qemu-kvm: Qemu: vhdx: bounds checking for block_size and logical_sector_size [rhel-6.5.z]) - Resolves: bz#1079452 (CVE-2014-0144 qemu-kvm: Qemu: block: missing input validation [rhel-6.5.z]) - Resolves: bz#1086678 (qemu-kvm: include leftover patches from block layer security audit) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0142 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0143 CVE-2014-0148 CVE-2014-0150 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [0:6.0.24-64] - Resolves: CVE-2014-0050 [0:6.0.24-63] - Resolves: CVE-2013-4322 CVE-2013-4286 MODERATE Copyright 2014 Oracle, Inc. CVE-2013-4286 CVE-2013-4322 CVE-2014-0050 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [24.5.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.5.0-1] - Update to 24.5.0 ESR [24.4.0-3] - Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5 [24.4.0-2] - fixed rhbz#1067343 - Broken languagepack configuration after firefox update CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1523 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1529 CVE-2014-1518 CVE-2014-1524 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [24.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [24.5.0-1] - Update to 24.5.0 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1531 CVE-2014-1532 CVE-2014-1518 CVE-2014-1523 CVE-2014-1529 CVE-2014-1530 CVE-2014-1524 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.6.32-431.17.1] - [scsi] qla2xxx: Fixup looking for a space in the outstanding_cmds array in qla2x00_alloc_iocbs() (Chad Dupuis) [1085660 1070856] - [scsi] isci: fix reset timeout handling (David Milburn) [1080600 1040393] - [scsi] isci: correct erroneous for_each_isci_host macro (David Milburn) [1074855 1059325] - [kernel] sched: Fix small race where child->se.parent, cfs_rq might point to invalid ones (Naoya Horiguchi) [1081907 1032350] - [kernel] sched: suppress RCU lockdep splat in task_fork_fair (Naoya Horiguchi) [1081907 1032350] - [kernel] sched: add local variable to store task_group() to avoid kernel stall (Naoya Horiguchi) [1081908 1043733] - [fs] cifs: mask off top byte in get_rfc1002_length() (Sachin Prabhu) [1085358 1069737] - [kernel] Prevent deadlock when post_schedule_rt() results in calling wakeup_kswapd() on multiple CPUs (Larry Woodman) [1086095 1009626] - [scsi] AACRAID Driver compat IOCTL missing capability check (Jacob Tanenbaum) [1033533 1033534] {CVE-2013-6383} - [md] dm-thin: fix rcu_read_lock being held in code that can sleep (Mike Snitzer) [1086007 1060381] - [md] dm-thin: irqsave must always be used with the pool->lock spinlock (Mike Snitzer) [1086007 1060381] - [md] dm-thin: sort the per thin deferred bios using an rb_tree (Mike Snitzer) [1086007 1060381] - [md] dm-thin: use per thin device deferred bio lists (Mike Snitzer) [1086007 1060381] - [md] dm-thin: simplify pool_is_congested (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix dangling bio in process_deferred_bios error path (Mike Snitzer) [1086007 1060381] - [md] dm-thin: take care to copy the space map root before locking the superblock (Mike Snitzer) [1086007 1060381] - [md] dm-transaction-manager: fix corruption due to non-atomic transaction commit (Mike Snitzer) [1086007 1060381] - [md] dm-space-map-metadata: fix refcount decrement below 0 which caused corruption (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix Documentation for held metadata root feature (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix noflush suspend IO queueing (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix deadlock in __requeue_bio_list (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix out of data space handling (Mike Snitzer) [1086007 1060381] - [md] dm-thin: ensure user takes action to validate data and metadata consistency (Mike Snitzer) [1086007 1060381] - [md] dm-thin: synchronize the pool mode during suspend (Mike Snitzer) [1086007 1060381] - [md] fix Kconfig indentation (Mike Snitzer) [1086007 1060381] - [md] dm-thin: allow metadata space larger than supported to go unused (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix the error path for the thin device constructor (Mike Snitzer) [1086007 1060381] - [md] dm-thin: avoid metadata commit if a pool's thin devices haven't changed (Mike Snitzer) [1086007 1060381] - [md] dm-space-map-metadata: fix bug in resizing of thin metadata (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix pool feature parsing (Mike Snitzer) [1086007 1060381] - [md] dm-space-map-metadata: fix extending the space map (Mike Snitzer) [1086007 1060381] - [md] dm-space-map-common: make sure new space is used during extend (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix set_pool_mode exposed pool operation races (Mike Snitzer) [1086007 1060381] - [md] dm-thin: eliminate the no_free_space flag (Mike Snitzer) [1086007 1060381] - [md] dm-thin: add error_if_no_space feature (Mike Snitzer) [1086007 1060381] - [md] dm-thin: requeue bios to DM core if no_free_space and in read-only mode (Mike Snitzer) [1086007 1060381] - [md] dm-thin: cleanup and improve no space handling (Mike Snitzer) [1086007 1060381] - [md] dm-thin: log info when growing the data or metadata device (Mike Snitzer) [1086007 1060381] - [md] dm-thin: handle metadata failures more consistently (Mike Snitzer) [1086007 1060381] - [md] dm-thin: factor out check_low_water_mark and use bools (Mike Snitzer) [1086007 1060381] - [md] dm-thin: add mappings to end of prepared_* lists (Mike Snitzer) [1086007 1060381] - [md] dm-thin: return error from alloc_data_block if pool is not in write mode (Mike Snitzer) [1086007 1060381] - [md] dm-thin: use bool rather than unsigned for flags in structures (Mike Snitzer) [1086007 1060381] - [md] dm-persistent-data: cleanup dm-thin specific references in text (Mike Snitzer) [1086007 1060381] - [md] dm-space-map-metadata: limit errors in sm_metadata_new_block (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix discard support to a previously shared block (Mike Snitzer) [1086007 1060381] - [md] dm-thin: initialize dm_thin_new_mapping returned by get_next_mapping (Mike Snitzer) [1086007 1060381] - [md] dm-space-map: disallow decrementing a reference count below zero (Mike Snitzer) [1086007 1060381] - [md] dm-thin: allow pool in read-only mode to transition to read-write mode (Mike Snitzer) [1086007 1060381] - [md] dm-thin: re-establish read-only state when switching to fail mode (Mike Snitzer) [1086007 1060381] - [md] dm-thin: always fallback the pool mode if commit fails (Mike Snitzer) [1086007 1060381] - [md] dm-thin: switch to read-only mode if metadata space is exhausted (Mike Snitzer) [1086007 1060381] - [md] dm-thin: switch to read only mode if a mapping insert fails (Mike Snitzer) [1086007 1060381] - [md] dm-space-map-metadata: return on failure in sm_metadata_new_block (Mike Snitzer) [1086007 1060381] - [md] dm-space-map-disk: optimise sm_disk_dec_block (Mike Snitzer) [1086007 1060381] - [md] dm-table: print error on preresume failure (Mike Snitzer) [1086007 1060381] - [md] dm-thin: do not expose non-zero discard limits if discards disabled (Mike Snitzer) [1086007 1060381] - [md] dm-thin: always return -ENOSPC if no_free_space is set (Mike Snitzer) [1086007 1060381] - [md] dm-thin: set pool read-only if breaking_sharing fails block allocation (Mike Snitzer) [1086007 1060381] - [md] dm-thin: prefix pool error messages with pool device name (Mike Snitzer) [1086007 1060381] - [md] dm-space-map: optimise sm_ll_dec and sm_ll_inc (Mike Snitzer) [1086007 1060381] - [md] dm-btree: prefetch child nodes when walking tree for a dm_btree_del (Mike Snitzer) [1086007 1060381] - [md] dm-btree: use pop_frame in dm_btree_del to cleanup code (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix stacking of geometry limits (Mike Snitzer) [1086007 1060381] - [md] dm-thin: add data block size limits to Documentation (Mike Snitzer) [1086007 1060381] - [md] dm-thin: fix metadata dev resize detection (Mike Snitzer) [1086007 1060381] - [md] dm-thin: generate event when metadata threshold passed (Mike Snitzer) [1086007 1060381] - [md] dm-persistent-metadata: add space map threshold callback (Mike Snitzer) [1086007 1060381] - [md] dm-persistent-data: add threshold callback to space map (Mike Snitzer) [1086007 1060381] - [md] dm-thin: detect metadata device resizing (Mike Snitzer) [1086007 1060381] - [md] dm-persistent-data: support space map resizing (Mike Snitzer) [1086007 1060381] - [md] dm-thin: refactor data dev resize (Mike Snitzer) [1086007 1060381] - [md] dm-bufio: initialize read-only module parameters (Mike Snitzer) [1086007 1060381] - [md] dm-bufio: submit writes outside lock (Mike Snitzer) [1086007 1060381] - [md] dm-bufio: add recursive IO request BUG_ON (Mike Snitzer) [1086007 1060381] - [md] dm-bufio: prefetch (Mike Snitzer) [1086007 1060381] - [md] dm-bufio: fix slow IO latency issue specific to RHEL6 (Mike Snitzer) [1086490 1058528] - [netdrv] mlx4_en: Fixed crash when port type is changed (Amir Vadai) [1085658 1059586] - [netdrv] vmxnet3: fix netpoll race condition (Neil Horman) [1083175 1073218] - [net] netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Jiri Pirko) [1077345 1077346] {CVE-2014-2523} - [scsi] megaraid_sas: fix a small problem when reading state value from hw (Tomas Henzl) [1078641 1065187] - [fs] gfs2: Increase the max number of ACLs (Robert S Peterson) [1078874 1075713] - [net] filter: let bpf_tell_extensions return SKF_AD_MAX (Daniel Borkmann) [1079872 960275] - [net] introduce SO_BPF_EXTENSIONS (Daniel Borkmann) [1079872 960275] - [scsi] scsi_dh: cosmetic change to sizeof() (Ewan Milne) [1075554 1062494] - [acpi] thermal: Check for thermal zone requirement (Nigel Croxon) [1075651 1021044] - [acpi] thermal: Don't invalidate thermal zone if critical trip point is bad (Nigel Croxon) [1075651 1021044] - [mm] flush pages from pagevec of offlined CPU (Naoya Horiguchi) [1078007 1037467] - [fs] xfs: deprecate nodelaylog option (Eric Sandeen) [1076056 1055644] - [fs] Fix mountpoint reference leakage in linkat (Jeff Layton) [1069848 1059943] - [net] sock: Fix release_cb kABI brekage (Thomas Graf) [1066535 1039723] - [vhost] fix total length when packets are too short (Michael S. Tsirkin) [1064442 1064444] {CVE-2014-0077} - [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101} - [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055} [2.6.32-431.16.1] - [scsi] vmw_pvscsi: Fix pvscsi_abort() function (Ewan Milne) [1077874 1002727] [2.6.32-431.15.1] - [kernel] sched: Avoid throttle_cfs_rq() racing with period_timer stopping (Seth Jennings) [1083350 844450] [2.6.32-431.14.1] - [net] ip_tunnel: (revert old)/fix ecn decapsulation behaviour (Jiri Pirko) [1078011 1059402] - [net] ipv6: del unreachable route when an addr is deleted on lo (Vivek Dasgupta) [1078798 1028372] - [net] ipv6: add ip6_route_lookup (Vivek Dasgupta) [1078798 1028372] - [net] packet: improve socket create/bind latency in some cases (Daniel Borkmann) [1079870 1045150] [2.6.32-431.13.1] - [fs] dcache: fix cleanup on warning in d_splice_alias (J. Bruce Fields) [1063201 1042731] - [net] sctp: fix sctp_connectx abi for ia32 emulation/compat mode (Daniel Borkmann) [1076242 1053547] [2.6.32-431.12.1] - [mm] vmscan: re-introduce the ZONE_RECLAIM_NOSCAN bailout for zone_reclaim() (Rafael Aquini) [1073562 1039534] - [mm] vmscan: compaction works against zones, not lruvecs (Johannes Weiner) [1073564 982770] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-6383 CVE-2014-2523 CVE-2014-0077 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.7.6-14.0.1.el6_5.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2-2.7.6-14.el6_5.1] - Improve handling of xmlStopParser(CVE-2013-2877) - Do not fetch external parameter entities (CVE-2014-0191) MODERATE Copyright 2014 Oracle, Inc. CVE-2013-2877 CVE-2014-0191 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [0.10.2-29.0.1.el6_5.8] - Replace docs/et.png in tarball with blank image [0.10.2-29.el6_5.8] - LSN-2014-0003: Don't expand entities when parsing XML (CVE-2014-0179) - QoS: make tc filters match all traffic (rhbz#1096806) - use virBitmapFree instead of VIR_FREE for cpumask (rhbz#1091206) - Properly free vcpupin info for unplugged CPUs (rhbz#1091206) - sanlock: code movement in virLockManagerSanlockAcquire (rhbz#1097227) - sanlock: don't fail with unregistered domains (rhbz#1097227) - sanlock: avoid leak in acquire() (rhbz#1097227) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0179 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [7.19.7-37.el6_5.3] - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015) - fix connection re-use when using different log-in credentials (CVE-2014-0138) [7.19.7-37.el6_5.2] - fix authentication failure when server offers multiple auth options (#1096797) [7.19.7-37.el6_5.1] - refresh expired cookie in test172 from upstream test-suite (#1092486) - fix a memory leak caused by write after close (#1092479) - nss: implement non-blocking SSL handshake (#1092480) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0015 CVE-2014-0138 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.8.5-14] - fix session ID length check (#1102024) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3466 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.3-6] - added check for null pointer (#1102336) [2.3-5] - fix various DER decoding issues (#1102336) [2.3-4] - fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [7:3.1.10-20.3] - Resolves: #1098134 - CVE-2014-0128 squid: denial of service when using SSL-Bump [7:3.1.10-20.2] - revert: Resolves: #1039088 - issues with timeout on HTTPS connections [7:3.1.10-20.1] - Resolves: #1093072 - issues with timeout on HTTPS connections MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0128 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.0.1e-16.14] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3470 CVE-2014-0195 CVE-2014-0221 CVE-2010-5298 CVE-2014-0198 CVE-2014-0224 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [0.9.8e-18.0.1.el6_5.2] - Updated the description [0.9.8e-18.2] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-18] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0224 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [24.6.0-1.0.1.el6_5] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [24.6.0-1] - Update to 24.6.0 ESR [24.5.0-2] - Disabled unused patches CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1538 CVE-2014-1541 CVE-2014-1533 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 5 Oracle Linux 6 [24.6.0-1.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [24.6.0-1] - Update to 24.6.0 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1533 CVE-2014-1541 CVE-2014-1538 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [0.12.1.2-2.415.el6_5.10] - kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095692] - kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095743] - kvm-usb-sanity-check-setup_index-setup_len-in-post_load-2.patch [bz#1095743] - kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095739] - kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095735] - kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095763 bz#1096124] - kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095763 bz#1096124] - kvm-enable-PCI-multiple-segments-for-pass-through-device.patch [bz#1099941] - kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095675] - kvm-virtio-validate-config_len-on-load.patch [bz#1095779] - kvm-usb-fix-up-post-load-checks.patch [bz#1096825] - kvm-CPU-hotplug-use-apic_id_for_cpu-round-2-RHEL-6-only.patch [bz#1100575] - Resolves: bz#1095675 () - Resolves: bz#1095692 () - Resolves: bz#1095735 () - Resolves: bz#1095739 () - Resolves: bz#1095743 () - Resolves: bz#1095763 () - Resolves: bz#1095779 () - Resolves: bz#1096124 () - Resolves: bz#1096825 () - Resolves: bz#1099941 () - Resolves: bz#1100575 (Some vCPU topologies not accepted by libvirt) [0.12.1.2-2.415.el6_5.9] - kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1087978] - Resolves: bz#1087978 (CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-6.5.z]) MODERATE Copyright 2014 Oracle, Inc. CVE-2013-4148 CVE-2014-3461 CVE-2013-4535 CVE-2014-0182 CVE-2013-4542 CVE-2014-2894 CVE-2013-4536 CVE-2013-4151 CVE-2013-4541 CVE-2013-6399 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.2.1-2] - Fix CVE-2014-1402 Resolves: rhbz#1102889 MODERATE Copyright 2014 Oracle, Inc. CVE-2014-1402 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.6.32-431.20.3] - [kernel] futex: Make lookup_pi_state more robust (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: Always cleanup owner tid in unlock_pi (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: prevent requeue pi on same futex (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708] - [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708] - [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708] - [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708] - [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708] - Revert: [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708] - Revert: [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708] - Revert: [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708] - Revert: [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708] - Revert: [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708] [2.6.32-431.20.2] - [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737} - [block] floppy: ignore kernel-only members in FDRAWCMD ioctl input (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737} - [fs] vfs: fix autofs/afs/etc magic mountpoint breakage (Frantisek Hrbata) [1094370 1079347] {CVE-2014-0203} - [char] n_tty: Fix n_tty_write crash when echoing in raw mode (Aristeu Rozanski) [1094236 1094237] {CVE-2014-0196} [2.6.32-431.20.1] - [net] rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF is set (Jiri Pirko) [1092870 1081282] - [net] rtnetlink: Warn when interface's information won't fit in our packet (Jiri Pirko) [1092870 1081282] - [net] bridge: Correctly receive hw-accelerated vlan traffic (Vlad Yasevich) [1096214 1067722] - [net] vlan: Allow accelerated packets to flow through the bridge (Vlad Yasevich) [1096214 1067722] - [infiniband] qib: Add missing serdes init sequence (Doug Ledford) [1080104 1005491] - [infiniband] qib: Fix txselect regression (Doug Ledford) [1080104 1005491] - [netdrv] ixgbevf: fix vlan acceleration (Nikolay Aleksandrov) [1094287 1069028] - [security] selinux: Fix kernel BUG on empty security contexts (Paul Moore) [1062502 1064545] {CVE-2014-1874} - [netdrv] libertas: potential oops in debugfs (Denys Vlasenko) [1034176 1034177] {CVE-2013-6378} - [kernel] cgroup: move put_css_set() after setting CGRP_RELEASABLE bit to fix notify_on_release (Naoya Horiguchi) [1081909 1037465] - [kernel] sched: Use exit hook to avoid use-after-free crash (Naoya Horiguchi) [1081914 1032347] - [kernel] cgroup: replace list_del() with list_del_init() to avoid panic (Naoya Horiguchi) [1081915 1032343] - [x86] turbostat: display C8, C9, C10 residency (Neil Horman) [1096711 1080637] - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp list (Rob Evers) [1086839 1063699] - [s390] fix kernel crash due to linkage stack instructions (Hendrik Brueckner) [1067678 1067679] {CVE-2014-2039} - [x86] kvm: rate-limit global clock updates (Andrew Jones) [1090750 1072373] - [kernel] hrtimers: Move SMP function call to thread context (Mateusz Guzik) [1079869 1073129] - [kernel] hrtimers: Support resuming with two or more CPUs online (Mateusz Guzik) [1079869 1073129] - [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708] - [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708] - [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708] - [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708] - [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708] - [fs] ext4: fix WARN_ON from ext4_releasepage() (Carlos Maiolino) [1063508 1036814] - [fs] vfs: fix getname() && do_getname() interaction (Oleg Nesterov) [1075653 1024689] - [x86] apic: Make disabled_cpu_apicid static read_mostly, fix typos (Nigel Croxon) [1082622 980621] - [x86] kexec: Add disable_cpu_apicid kernel parameter (Nigel Croxon) [1082622 980621] - [kvm] x86: use kvm_read/write_guest_virt_system in task switch (Paolo Bonzini) [1070296 1018581] - [kvm] x86: small cleanups to kvm_task_switch (Paolo Bonzini) [1070296 1018581] - [kvm] x86: propagate error from kvm_load_segment_descriptor (Paolo Bonzini) [1070296 1018581] - [kvm] x86: improve save_guest_segment_descriptor (Paolo Bonzini) [1070296 1018581] - [kvm] x86: introduce kvm_write_guest_virt_system (Paolo Bonzini) [1070296 1018581] - [kvm] x86: Fix task switch privilege checks (Paolo Bonzini) [1070296 1018581] - [powerpc] Make function that parses RTAS error logs global (Steve Best) [1091424 1028682] - [powerpc] pseries: Add RTAS event log v6 definition (Steve Best) [1091424 1028682] - [powerpc] pseries: Parse and handle EPOW interrupts (Steve Best) [1091424 1028682] - [fs] nfsd: don't try to reuse an expired DRC entry off the list (Jeff Layton) [1088779 1036972] - [fs] nfsd: when reusing an existing repcache entry, unhash it first (Jeff Layton) [1088779 1036972] [2.6.32-431.19.1] - [kernel] sched: fix cpu_power initialization (Radim Krcmar) [1091826 1065304] - [fs] gfs2: Fix uninitialized VFS inode in gfs2_create_inode (Abhijith Das) [1092002 1059808] [2.6.32-431.18.1] - [block] fix race between request completion and timeout handling (Jeff Moyer) [1089915 919756] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1737 CVE-2014-2039 CVE-2014-1738 CVE-2014-1874 CVE-2014-3153 CVE-2013-6378 CVE-2014-0203 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [3.2-6] - fix for CVE-2014-0242 (#1104685) [3.2-4] - fix for CVE-2014-0240 (#1104687) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0242 CVE-2014-0240 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 7 [1:2.0.9-7.1] - fix CVE-2014-3430: denial of service through maxxing out SSL connections (#1108001) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-3430 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [2.03-3.1.1] - Fixed integer overflow in decompressor Resolves: CVE-2014-4607 MODERATE Copyright 2014 Oracle, Inc. CVE-2014-4607 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [0:6.0.24-72] - Related: CVE-2014-0075 - rebuild to generate javadoc - correctly. previous build generated 0-length javadoc [0:6.0.24-69] - Related: CVE-2014-0075 incomplete [0:6.0.24-68] - Related: CVE-2013-4322. arches needs to be specified - as in arches noarch, so docs/webapps will produce - full files. building for ppc will generate empty - javadoc. [0:6.0.24-67] - Related: CVE-2014-0050 - Related: CVE-2013-4322 [0:6.0.24-66] - Resolves: CVE-2014-0099 - Resolves: CVE-2014-0096 - Resolves: CVE-2014-0075 [0:6.0.24-65] - Related: CVE-2014-0050 copy paste error MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0096 CVE-2014-0075 CVE-2014-0099 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [3.6.9-169] - resolves: #1105499 - CVE-2014-0244: DoS in nmbd. - resolves: #1108840 - CVE-2014-3493: DoS in smbd with unicode path names. MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0244 CVE-2014-3493 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 [1.7.0.65-2.5.1.2.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115874 [1.7.0.65-2.5.1.1.el6] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115874 [1.7.0.60-2.5.0.1.el6] - update to icedtea7-forest 2.5.0 - Resolves: rhbz#1115874 CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-4219 CVE-2014-4262 CVE-2014-4266 CVE-2014-4223 CVE-2014-4216 CVE-2014-4221 CVE-2014-2490 CVE-2014-4252 CVE-2014-4263 CVE-2014-2483 CVE-2014-4209 CVE-2014-4218 CVE-2014-4244 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:7::optional_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.1-6.1.13.4] - moved to icedteaver 1.13.4 - moved to openjdkver b32 and openjdkdate 15_jul_2014 - added upstreamed patch patch9 rh1115580-unsyncHashMap.patch - Resolves: rhbz#1115580 - Resolves: rhbz#1115867 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4216 CVE-2014-4266 CVE-2014-2490 CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 nspr [4.10.6-1] - Rebase to nspr-4.10.6 - Resolves: rhbz#1112135 nss [3.16.1-4.0.1.el6_5] - Added nss-vendor.patch to change vendor [3.16.1-4] - Update some patches on account of the rebase - Resolves: Bug 1099619 [3.16.1-3] - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 [3.16.1-2] - Remove two unused patches and apply a needed one that was missed - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 [3.16.1-1] - Update to nss-3.16.1 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 nss-util [3.15.6-1] - Update to nss-3.16.1 - Resolves: rhbz#1112136 CRITICAL Copyright 2014 Oracle, Inc. CVE-2013-1740 CVE-2014-1492 CVE-2014-1544 CVE-2014-1490 CVE-2014-1491 CVE-2014-1545 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [24.7.0-1.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [24.7.0-1] - Update to 24.7.0 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [24.7.0-1.0.1.el6_5] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [24.7.0-1] - Update to 24.7.0 ESR CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1547 CVE-2014-1557 CVE-2014-1555 CVE-2014-1556 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 Oracle Linux 5 [2.2.15-31.0.1.el6_5] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-31] - mod_cgid: add security fix for CVE-2014-0231 - mod_deflate: add security fix for CVE-2014-0118 - mod_status: add security fix for CVE-2014-0226 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0226 CVE-2014-0118 CVE-2014-0231 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-431.20.5] - [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943} [2.6.32-431.20.4] - [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4699 CVE-2014-4943 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [2.6.32-431.23.3] - [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943} [2.6.32-431.23.2] - [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699} [2.6.32-431.23.1] - [net] ip_tunnel: fix ip_tunnel_find to return NULL in case the tunnel is not there (Jiri Pirko) [1107931 1104503] - [netdrv] bnx2x: Fix kernel crash and data miscompare after EEH recovery (Michal Schmidt) [1109269 1029600] - [netdrv] bnx2x: Adapter not recovery from EEH error injection (Michal Schmidt) [1109269 1029600] - [scsi] qla2xxx: Don't check for firmware hung during the reset context for ISP82XX (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (Chad Dupuis) [1110658 1054299] - [scsi] qla2xxx: Set host can_queue value based on available resources (Chad Dupuis) [1110658 1054299] - [net] filter: prevent nla extensions to peek beyond the end of the message (Jiri Benc) [1096778 1096779] {CVE-2014-3144 CVE-2014-3145} - [net] bridge: add empty br_mdb_init() and br_mdb_uninit() definitions (Vlad Yasevich) [1106472 1097915] - [net] bridge: Correctly unregister MDB rtnetlink handlers (Vlad Yasevich) [1106472 1097915] - [net] rds: prevent dereference of a NULL device in rds_iw_laddr_check (Radomir Vrbovsky) [1083276 1083277] {CVE-2014-2678} - [s390] crypto: fix aes, des ctr mode concurrency finding (Hendrik Brueckner) [1110168 1096328] - [s390] crypto: fix des and des3_ede ctr concurrency issue (Hendrik Brueckner) [1109885 1065404] - [s390] crypto: fix des and des3_ede cbc concurrency issue (Hendrik Brueckner) [1109883 1065398] - [kernel] futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi() (Mateusz Guzik) [1097759 1097760] {CVE-2012-6647} - [libata] ahci: accommodate tag ordered controller (David Milburn) [1099725 1083748] - [net] mac80211: crash dues to AP powersave TX vs. wakeup race (Jacob Tanenbaum) [1083531 1083532] {CVE-2014-2706} - [netdrv] ath9k: tid->sched race in ath_tx_aggr_sleep() (Jacob Tanenbaum) [1083249 1083250] {CVE-2014-2672} - [kernel] hrtimer: Prevent all reprogramming if hang detected (Prarit Bhargava) [1096059 1075805] - [net] ipv4: current group_info should be put after using (Jiri Benc) [1087412 1087414] {CVE-2014-2851} - [kernel] tracing: Reset ring buffer when changing trace_clocks (Marcelo Tosatti) [1093984 1018138] - [net] rds: dereference of a NULL device (Jacob Tanenbaum) [1079218 1079219] {CVE-2013-7339} - [s390] crypto: fix concurrency issue in aes-ctr mode (Hendrik Brueckner) [1110169 1063478] - [net] ipv4: processing ancillary IP_TOS or IP_TTL (Francesco Fusco) [1094403 990694] - [net] ipv4: IP_TOS and IP_TTL can be specified as ancillary data (Francesco Fusco) [1094403 990694] - [s390] crypto: Fix aes-xts parameter corruption (Hendrik Brueckner) [1110170 1043540] - [fs] ext3: pass custom EOF to generic_file_llseek_size() (Eric Sandeen) [1103068 1007459] - [fs] ext4: use core vfs llseek code for dir seeks (Eric Sandeen) [1103068 1007459] - [fs] vfs: allow custom EOF in generic_file_llseek code (Eric Sandeen) [1103068 1007459] - [fs] ext3: return 32/64-bit dir name hash according to usage type (Eric Sandeen) [1103068 1007459] - [fs] ext4: replace cut'n'pasted llseek code with generic_file_llseek_size (Eric Sandeen) [1103068 1007459] - [fs] vfs: add generic_file_llseek_size (Eric Sandeen) [1103068 1007459] - [net] bridge: disable snooping if there is no querier (Vlad Yasevich) [1090749 1090670] - [net] Revert 'bridge: only expire the mdb entry when query is received' (Vlad Yasevich) [1090749 1090670] - [net] Revert 'bridge: fix some kernel warning in multicast timer' (Vlad Yasevich) [1090749 1090670] - [net] Revert 'bridge: do not call setup_timer() multiple times' (Vlad Yasevich) [1090749 1090670] - [net] Revert 'bridge: update mdb expiration timer upon reports' (Vlad Yasevich) [1090749 1090670] - [kernel] futex: Make lookup_pi_state more robust (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: Always cleanup owner tid in unlock_pi (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [kernel] futex: prevent requeue pi on same futex (Jerome Marchand) [1104516 1104517] {CVE-2014-3153} - [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708] - [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708] - [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708] - [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708] - [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708] - Revert: [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708] - Revert: [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708] - Revert: [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708] - Revert: [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708] - Revert: [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708] - [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737} - [block] floppy: ignore kernel-only members in FDRAWCMD ioctl input (Denys Vlasenko) [1094308 1094310] {CVE-2014-1738 CVE-2014-1737} - [fs] vfs: fix autofs/afs/etc magic mountpoint breakage (Frantisek Hrbata) [1094370 1079347] {CVE-2014-0203} [2.6.32-431.22.1] - [fs] cifs: Check if prefixpath starts with '\' in cifs_parse_mount_options (Sachin Prabhu) [1107503 1104268] - [virt] kvm: enable PCI multiple-segments for pass-through device (Michael S. Tsirkin) [1103972 1103471] - [fs] GFS2: Lock i_mutex and use a local gfs2_holder for fallocate (Robert S Peterson) [1102313 1061910] [2.6.32-431.21.1] - [kvm] mmu: fix incorrect check of guest cr4 bits (Bandan Das) [1103821 1007164] - [drm] nouveau: fix nasty bug which can clobber SOR0's clock setup (Ben Skeggs) [1100574 1095796] - [net] tcp: tsq: restore minimal amount of queueing (Jiri Pirko) [1103825 1044053] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3145 CVE-2012-6647 CVE-2014-2672 CVE-2014-2678 CVE-2014-2851 CVE-2014-2706 CVE-2013-7339 CVE-2014-3144 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [4.0.0-63.rc4] - resolves: #1126011 - CVE-2014-3560: remote code execution in nmbd. [4.0.0-62.rc4] - resolves: #1105501 - CVE-2014-0244: DoS in nmbd. - resolves: #1108842 - CVE-2014-3493: DoS in smbd with unicode path names. - resolves: #1105571 - CVE-2014-0178: Uninitialized memory exposure. IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3560 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [5.3.3-27.1] - core: type confusion issue in phpinfo(). CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw. CVE-2014-3515 - fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 - fileinfo: unrestricted recursion in handling of indirect type rules. CVE-2014-1943 - fileinfo: out of bounds read in CDF parser. CVE-2012-1571 - fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 - fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 - fileinfo: cdf_unpack_summary_info() excessive looping DoS. CVE-2014-0237 - fileinfo: CDF property info parsing nelements infinite loop. CVE-2014-0238 MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0237 CVE-2014-3480 CVE-2014-3515 CVE-2014-4049 CVE-2012-1571 CVE-2013-6712 CVE-2014-1943 CVE-2014-0238 CVE-2014-2270 CVE-2014-3479 CVE-2014-4721 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 7 [1.2.11.15-34] - Release 1.2.11.15-34 - Resolves: #1123861 EMBARGOED CVE-2014-3562 unauthenticated information disclosure [rhel-6.5.z] (DS 616, BZ 1123477) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3562 cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [0:6.0.24-78] - Related: CVE-2013-4590 - remove xml schema names javaee_5, - javaee_web_services_1_2, and javaee_web_services_1_2_client - from descriptor.DigesterFactory initialization. These - schema definitions are not relevant to 6.0.24 as the version - of their spec did not exist at the time. [0:6.0.24-77] - Resolves: CVE-2014-0227 [0:6.0.24-76] - Related: CVE-2013-4590 incrementing release. added - excludearch to the spec file for ppc and ppc64. building - on ppc produces empty javadoc files. [0:6.0.24-74] - Related: CVE-2013-4590 incrementing release [0:6.0.24-73] - Resolves: CVE-2013-4590 - Resolves: CVE-2014-0119 LOW Copyright 2014 Oracle, Inc. CVE-2013-4590 CVE-2014-0119 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 7 [1.0.1e-34.4] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation MODERATE Copyright 2014 Oracle, Inc. CVE-2014-3511 CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 CVE-2014-3509 CVE-2014-3507 CVE-2014-3510 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0.12.1.2-2.415.el6_5.14] - The commit for zrelease .13 was incomplete; the changes to qemu-kvm.spec did not include the '%patchNNNN -p1' lines for patches 4647 through 4655; so although the patch files themselves were committed, the srpm build did not pick them up. In addition, the commit log did not describe the patches. This commit corrects these problems and bumps the zrelease to .14. [0.12.1.2-2.415.el6_5.13] - kvm-block-Create-proper-size-file-for-disk-mirror.patch [bz#1109715] - kvm-block-Fix-bdrv_is_allocated-return-value.patch [bz#1109715] - kvm-scsi-bus-prepare-scsi_req_new-for-introduction-of-pars.patch [bz#1125131] - kvm-scsi-bus-introduce-parse_cdb-in-SCSIDeviceClass-and-SC.patch [bz#1125131] - kvm-scsi-block-extract-scsi_block_is_passthrough.patch [bz#1125131] - kvm-scsi-block-scsi-generic-implement-parse_cdb.patch [bz#1125131] - kvm-virtio-scsi-implement-parse_cdb.patch [bz#1125131] - kvm-virtio-scsi-Fix-reset-callback-for-virtio-scsi.patch [bz#1123271] - kvm-virtio-scsi-add-ioeventfd-support.patch [bz#1123271] - Resolves: bz#1109715 (live incremental migration of vm with common shared base, size(disk) > size(base) transfers unallocated sectors, explodes disk on dest) - Resolves: bz#1123271 (Enable ioenventfd for virtio-scsi-pci) - Resolves: bz#1125131 ([FJ6.5 Bug] SCSI command issued from KVM guest doesn't reach target device) [0.12.1.2-2.415.el6_5.12] - kvm-qcow-Return-real-error-code-in-qcow_open.txt [bz#1097225] - kvm-qcow1-Make-padding-in-the-header-explicit.txt [bz#1097225] - kvm-qcow1-Check-maximum-cluster-size.txt [bz#1097225] - kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.txt [bz#1097225] - kvm-qcow1-Validate-image-size-CVE-2014-0223.txt [bz#1097234] - kvm-qcow1-Stricter-backing-file-length-check.txt [bz#1097234] - Resolves: bz#1097225 (CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid integer overflows [rhel-6.5.z]) - Resolves: bz#1097234 (CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid out-of-bounds memory access [rhel-6.5.z]) [0.12.1.2-2.415.el6_5.11] - kvm-block-Fix-bdrv_is_allocated-for-short-backing-files.patch [bz#1109715] - Resolves: bz#1109715 (live incremental migration of vm with common shared base, size(disk) > size(base) transfers unallocated sectors, explodes disk on dest) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-0223 CVE-2014-0222 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 7 Oracle Linux 5 [2.12-1.132.4] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0475 CVE-2014-5119 cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 Oracle Linux 7 Oracle Linux 5 firefox [24.8.0-1.0.1.el7_0] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [24.8.0-1] - Update to 24.8.0 ESR xulrunner [24.8.0-1.0.1.el7_0] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [24.8.0-1] - Update to 24.8.0 ESR CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1567 CVE-2014-1562 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 5 Oracle Linux 6 [24.8.0-1.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [24.8.0-1] - Update to 24.8.0 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1562 CVE-2014-1567 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [7:3.1.10-22] - Resolves: #1134936 - CVE-2013-4115 buffer overflow when processing overly long DNS names [7:3.1.10-21] - Resolves: #1134936 - CVE-2014-3609 assertion failure in header processing IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3609 CVE-2013-4115 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:3.1-16] - Fix MITM security vulnerability - Resolves: CVE-2014-3577 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3577 cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 [2.6.32-431.29.2] - [kernel] futex: Fix errors in nested key ref-counting (Denys Vlasenko) [1094457 1094458] {CVE-2014-0205} - [net] vxlan: fix NULL pointer dereference (Jiri Benc) [1114549 1096351] {CVE-2014-3535} [2.6.32-431.29.1] - [mm] hugetlb: ensure hugepage access is denied if hugepages are not supported (Gustavo Duarte) [1118782 1086450] - [security] keys: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) [1115542 1113607] - [fs] lockd: Ensure that nlmclnt_block resets block->b_status after a server reboot (Steve Dickson) [1110180 959006] - [net] filter: add vlan tag access (Jiri Benc) [1108526 1082097] - [net] filter: add XOR operation (Jiri Benc) [1108526 1082097] - [net] filter: add SKF_AD_RXHASH and SKF_AD_CPU (Jiri Benc) [1108526 1082097] - [net] filter: Socket filter ancilliary data access for skb->dev->type (Jiri Benc) [1108526 1082097] - [net] filter: Add SKF_AD_QUEUE instruction (Jiri Benc) [1108526 1082097] - [net] filter: ingress socket filter by mark (Jiri Benc) [1108526 1082097] - [netdrv] bonding: look for bridge IPs in arp monitoring (Veaceslav Falico) [1102794 704190] - [s390] af_iucv: wrong mapping of sent and confirmed skbs (Hendrik Brueckner) [1112390 1102248] - [s390] af_iucv: recvmsg problem for SOCK_STREAM sockets (Hendrik Brueckner) [1112390 1102248] - [s390] af_iucv: fix recvmsg by replacing skb_pull() function (Hendrik Brueckner) [1112390 1102248] - [s390] kernel: avoid page table walk on user space access (Hendrik Brueckner) [1111194 1099146] - [s390] qeth: postpone freeing of qdio memory (Hendrik Brueckner) [1112134 1094379] - [s390] qeth: Fix retry logic in hardsetup (Hendrik Brueckner) [1112134 1094379] - [s390] qeth: Recognize return codes of ccw_device_set_online (Hendrik Brueckner) [1112134 1094379] - [s390] qdio: remove API wrappers (Hendrik Brueckner) [1112134 1094379] - [scsi] Ensure medium access timeout counter resets (David Jeffery) [1117153 1036884] - [scsi] Fix error handling when no ULD is attached (David Jeffery) [1117153 1036884] - [scsi] Handle disk devices which can not process medium access commands (David Jeffery) [1117153 1036884] - [fs] nfs: Fix calls to drop_nlink() (Steve Dickson) [1099607 1093819] - [mm] swap: do not skip lowest_bit in scan_swap_map() scan loop (Rafael Aquini) [1099728 1060886] - [mm] swap: fix shmem swapping when more than 8 areas (Rafael Aquini) [1099728 1060886] - [mm] swap: fix swapon size off-by-one (Rafael Aquini) [1099728 1060886] - [md] avoid deadlock when dirty buffers during md_stop (Jes Sorensen) [1121541 994724] - [x86] hyperv: bypass the timer_irq_works() check (Jason Wang) [1112226 1040349] [2.6.32-431.28.1] - [kernel] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102704 1102705] {CVE-2014-3917} - [net] ipv4: fix route cache rebuilds (Jiri Pirko) [1113824 1111631] - [fs] nfsd: notify_change needs elevated write count (Mateusz Guzik) [1110177 1105057] - [fs] nfsv4: close needs to handle NFS4ERR_ADMIN_REVOKED (Dave Wysochanski) [1096397 1082127] - [fs] pipe: skip file_update_time on frozen fs (Eric Sandeen) [1114405 1093077] - [fs] nfs: Fail the truncate() if the lock/open stateid is invalid (Steve Dickson) [1090613 1075123] - [fs] nfs: Servers should only check SETATTR stateid open mode on size change (Steve Dickson) [1090613 1075123] - [fs] nfs: Fail data server I/O if stateid represents a lost lock (Steve Dickson) [1090613 1075123] - [fs] nfs: Fix the return value of nfs4_select_rw_stateid (Steve Dickson) [1090613 1075123] - [fs] nfs: Use the open stateid if the delegation has the wrong mode (Steve Dickson) [1090613 1075123] - [fs] nfs: nfs4_stateid_is_current should return 'true' for an invalid stateid (Steve Dickson) [1090613 1075123] - [fs] nfs: fix error return in nfs4_select_rw_stateid (Steve Dickson) [1090613 1075123] - [fs] nfs: Document the recover_lost_locks kernel parameter (Jeff Layton) [1089359 963785] - [fs] nfs: Don't try to recover NFSv4 locks when they are lost (Jeff Layton) [1089359 963785] - [fs] nfs: Fix handling of partially delegated locks (Jeff Layton) [1120074 959788] - [fs] nfs: Convert the nfs4_lock_state->ls_flags to a bit field (Jeff Layton) [1120074 959788] - [x86] Optimize switch_mm() for multi-threaded workloads (Rik van Riel) [1115821 991518] - [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943} - [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699} [2.6.32-431.27.1] - [scsi] fix performance regression due to inverted blk_get_queue return (Mike Snitzer) [1117582 1098658] - [net] openvswitch: fix use-after-free bug in netns (Flavio Leitner) [1120651 1100127] [2.6.32-431.26.1] - [net] gro: fix deliver of trunk packets to VLAN interfaces (Marcelo Ricardo Leitner) [1116231 1112324] [2.6.32-431.25.1] - [net] sctp: Fix sk_ack_backlog wrap-around problem (Daniel Borkmann) [1113969 1085932] {CVE-2014-4667} [2.6.32-431.24.1] - [alsa] aloop: Close races at restarting the stream (Jaroslav Kysela) [1112492 1078592] - [alsa] aloop: Export snd_pcm_constraint_mask64() (Jaroslav Kysela) [1112492 1078592] - [alsa] pcm: Warn when buffer preallocation fails (Jaroslav Kysela) [1112492 1078592] - [alsa] aloop: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function (Jaroslav Kysela) [1112492 1078592] - [alsa] jack: Unregister input device at disconnection (Jaroslav Kysela) [1112492 1078592] - [alsa] aloop: Optimize module name check (Jaroslav Kysela) [1112492 1078592] - [alsa] pcm: Add fallthru comments (Jaroslav Kysela) [1112492 1078592] - [alsa] aloop: Fix Oops while PM resume (Jaroslav Kysela) [1112492 1078592] - [alsa] aloop: add locking to timer access (Jaroslav Kysela) [1112492 1078592] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0205 CVE-2014-4667 CVE-2014-3535 CVE-2014-3917 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [3.22-34.1] - Fixed buffer overflow in formail Resolves: CVE-2014-3618 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3618 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 5 Oracle Linux 6 [0:1.2.1-7.5] - Fix MITM security vulnerability - Use GCJ friendly patch - Resolves: CVE-2014-3596 [0:1.2.1-7.4] - Fix MITM security vulnerability - Resolves: CVE-2014-3596 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3596 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [4.1.2-15.1] - Check for fishy environment Resolves: #1141645 CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-6271 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [4.2.45-5.4] - CVE-2014-7169 Resolves: #1146324 [4.2.45-5.3] - amend patch to match upstream's Related: #1146324 [4.2.45-5.2] - Fix-up the patch Related: #1141647 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-7186 CVE-2014-7169 CVE-2014-7187 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 nss [3.16.2-7.0.1.el7_0] - Added nss-vendor.patch to change vendor [3.16.2-7] - Resolves: Bug 1145433 - CVE-2014-1568 [3.16.2-6] - Rolling back to commit e5fb6e476c179665976e906604496cbbb24f22a7 - Related: Bug 1145433 nss-softokn [3.16.2-3] - Resolves: Bug 1145433 - CVE-2014-1568 nss-util [3.16.2-2] - Resolves: bug 1145433 - CVE-2014-1568 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1568 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 Oracle Linux 6 [2.11.0-17] - Fix XML parsing bug (JAXP, 8017298) - Resolves: CVE-2013-4002 MODERATE Copyright 2014 Oracle, Inc. CVE-2013-4002 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 Oracle Linux 5 [5.3.3-27.2] - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - fileinfo: fix incomplete fix for CVE-2012-1571 in cdf_read_property_info. CVE-2014-3587 - core: fix incomplete fix for CVE-2014-4049 DNS TXT record parsing. CVE-2014-3597 MODERATE Copyright 2014 Oracle, Inc. CVE-2014-4698 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1:1.4.2-67] - Revert change to whitelist /rss/ resources, as this was not used upstream. [1:1.4.2-66] - More STR #4461 fixes from upstream: make rss feeds world-readable, but cachedir private. - Fix icon display in web interface during server restart (STR #4475). [1:1.4.2-65] - Fixes for upstream patch for STR #4461: allow /rss/ requests for files we created. [1:1.4.2-64] - Use upstream patch for STR #4461. [1:1.4.2-63] - Applied upstream patch to fix CVE-2014-5029 (bug #1122600), CVE-2014-5030 (bug #1128764), CVE-2014-5031 (bug #1128767). - Fix conf/log file reading for authenticated users (STR #4461). [1:1.4.2-62] - Fix CGI handling (STR #4454, bug #1120419). [1:1.4.2-61] - fix patch for CVE-2014-3537 (bug #1117794) [1:1.4.2-60] - CVE-2014-2856: cross-site scripting flaw (bug #1117798) - CVE-2014-3537: insufficient checking leads to privilege escalation (bug #1117794) [1:1.4.2-59] - Removed package description changes. [1:1.4.2-58] - Applied patch to fix 'Bad request' errors as a result of adding in httpSetTimeout (STR #4440, also part of svn revision 9967). [1:1.4.2-57] - Fixed timeout issue with cupsd reading when there is no data ready (bug #1110045). [1:1.4.2-56] - Fixed synconclose patch to avoid 'too many arguments for format' warning. - Fixed settimeout patch to include math.h for fmod declaration. [1:1.4.2-55] - Fixed typo preventing web interface from changing driver (bug #1104483, STR #3601). - Fixed SyncOnClose patch (bug #984883). [1:1.4.2-54] - Use upstream patch to avoid replaying GSS credentials (bug #1040293). [1:1.4.2-53] - Prevent BrowsePoll problems across suspend/resume (bug #769292): - Eliminate indefinite wait for response (svn revision 9688). - Backported httpSetTimeout API function from CUPS 1.5 and use it in the ipp backend so that we wait indefinitely until the printer responds, we get a hard error, or the job is cancelled. - cups-polld: reconnect on error. - Added new SyncOnClose directive to use fsync() after altering configuration files: defaults to 'Yes'. Adjust in cupsd.conf (bug #984883). - Fix cupsctl man page typo (bug #1011076). - Use more portable rpm specfile syntax for conditional php building (bug #988598). - Fix SetEnv directive in cupsd.conf (bug #986495). - Fix 'collection' attribute sending (bug #978387). - Prevent format_log segfault (bug #971079). - Prevent stringpool corruption (bug #884851). - Don't crash when job queued for printer that times out (bug #855431). - Upstream patch for broken multipart handling (bug #852846). - Install /etc/cron.daily/cups with correct permissions (bug #1012482). MODERATE Copyright 2014 Oracle, Inc. CVE-2014-3537 CVE-2014-5031 CVE-2014-5030 CVE-2014-5029 CVE-2014-2856 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.10.3-33] - actually apply that last patch [1.10.3-32] - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) [1.10.3-31] - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-30] - ksu: when evaluating .k5users, treat lines with just a principal name as if they contained the principal name followed by '*', and don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-29] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121510) - gssapi: pull in proposed-and-accepted fix for a double free in initiators (David Woodhouse, CVE-2014-4343, #1121510) [1.10.3-28] - correct a type mistake in the backported fix for CVE-2013-1418/CVE-2013-6800 [1.10.3-27] - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1121510) - incorporate backported patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, more of [1.10.3-26] - pull in backport of patch to not subsequently always require that responses come from master KDCs if we get one from a master somewhere along the way while chasing referrals (RT#7650, #1113652) [1.10.3-25] - ksu: if the -e flag isn't used, use the target user's shell when checking for authorization via the target user's .k5users file (#1026721) [1.10.3-24] - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730) [1.10.3-23] - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1087068, RT#7858) [1.10.3-22] - add patch from Jatin Nansi to avoid attempting to clear memory at the NULL address if krb5_encrypt_helper() returns an error when called from encrypt_credencpart() (#1055329, pull #158) [1.10.3-21] - drop patch to add additional access() checks to ksu - they shouldn't be resulting in any benefit [1.10.3-20] - apply patch from Nikolai Kondrashov to pass a default realm set in /etc/sysconfig/krb5kdc to the kdb_check_weak helper, so that it doesn't produce an error if there isn't one set in krb5.conf (#1009389) [1.10.3-19] - packaging: don't Obsoletes: older versions of krb5-pkinit-openssl and virtual Provide: krb5-pkinit-openssl on EL6, where we don't need to bother with any of that (#1001961) [1.10.3-18] - pkinit: backport tweaks to avoid trying to call the prompter callback when one isn't set (part of #965721) - pkinit: backport the ability to use a prompter callback to prompt for a password when reading private keys (the rest of #965721) [1.10.3-17] - backport fix to not spin on a short read when reading the length of a response over TCP (RT#7508, #922884) [1.10.3-16] - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1070244) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-4343 CVE-2014-4342 CVE-2014-4341 CVE-2014-4345 CVE-2013-6800 CVE-2013-1418 CVE-2014-4344 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 Oracle Linux 6 [2.12-1.149] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, [2.12-1.148] - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). [2.12-1.147] - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). [2.12-1.146] - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). [2.12-1.145] - Add mmap usage to malloc_info output (#1027261). [2.12-1.144] - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). [2.12-1.143] - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). [2.12-1.142] - Also relocate in dependency order when doing symbol dependency testing (#1019916). [2.12-1.141] - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). [2.12-1.140] - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). [2.12-1.139] - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). [2.12-1.138] - nscd: Make SELinux checks dynamic (#1025933). [2.12-1.137] - Fix race in free() of fastbin chunk (#1027101). [2.12-1.136] - Fix copy relocations handling of unique objects (#1032628). [2.12-1.135] - Fix encoding name for IDN in getaddrinfo (#981942). [2.12-1.134] - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). [2.12-1.133] - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557). MODERATE Copyright 2014 Oracle, Inc. CVE-2013-4237 CVE-2013-4458 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-504] - [netdrv] revert 'cxgb4: set skb->rxhash' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Use netif_set_real_num_rx/tx_queues()' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Turn on delayed ACK' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use ULP_MODE_TCPDDP' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Debugfs dump_qp() updates' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Drop peer_abort when no endpoint found' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Detect DB FULL events and notify RDMA ULD' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Common platform specific changes for DB Drop Recovery' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: DB Drop Recovery for RDMA and LLD queues' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add debugfs RDMA memory stats' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add DB Overflow Avoidance' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: DB Drop Recovery for RDMA and LLD queues' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use vmalloc() for debugfs QP dump' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Remove kfifo usage' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Include vmalloc.h for vmalloc and vfree' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: set maximal number of default RSS queues' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Remove duplicate register definitions' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Update RDMA/cxgb4 due to macro definition removal in cxgb4 driver' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Move dereference below NULL test' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix incorrect values for MEMWIN*_APERTURE and MEMWIN*_BASE' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add functions to read memory via PCIE memory window' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Code cleanup to enable T4 Configuration File support' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add support for T4 configuration file' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add support for T4 hardwired driver configuration settings' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Don't attempt to upgrade T4 firmware when cxgb4 will end up as a slave' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix error handling in create_qp()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Dynamically allocate memory in t4_memory_rw() and get_vpd_params()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix build error due to missing linux/vmalloc.h include' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: allocate enough data in t4_memory_rw()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Address various sparse warnings' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Remove unnecessary #ifdef condition' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Don't free chunk that we have failed to allocate' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix unable to get UP event from the LLD' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix initialization of SGE_CONTROL register' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: use WARN' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Chelsio FCoE offload driver submission' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: remove __dev* attributes' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add T4 filter support' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add LE hash collision bug fix path in LLD driver' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix LE hash collision bug for active open connection' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix LE hash collision bug for passive open connection' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix bug for active and passive LE hash collision path' (Prarit Bhargava) [1140743] and pr_<level>' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix incorrect PFVF CMASK' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Abort connections that receive unexpected streaming mode data' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Abort connections when moving to ERROR state' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Display streaming mode error only if detected in RTS' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Keep QP referenced until TID released' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Always log async errors' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Only log rx_data warnings if cpl status is non-zero' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix endpoint timeout race condition' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Don't reconnect on abort for mpa_rev 1' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Don't wakeup threads for MPAv2' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Insert hwtid in pass_accept_req instead in pass_establish' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Address sparse warnings' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: 'cookie' can stay in host endianness' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix cast warning' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Allow for backward compatibility with new VPD scheme' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add register definations for T5' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add macros, structures and inline functions for T5' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Initialize T5' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Dump T5 registers' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add T5 write combining support' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Enable doorbell drop recovery only for T4 adapter' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add T5 debugfs support' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add T5 PCI ids' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Update driver version and description' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Disable SR-IOV support for PF4-7 for T5' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add Support for Chelsio T5 adapter' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Turn off db coalescing when RDMA QPs are in use' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add module_params to enable DB FC & Coalescing on T5' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use DSGLs for fastreg and adapter memory writes for T5' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Map pbl buffers for dma if using DSGL' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Bump tcam_full stat and WR reply timeout' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix onchip queue support for T5' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix error return code in create_qp()' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix SQ allocation when on-chip SQ is disabled' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix pci_device_id structure initialization with correct PF number' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: fix error recovery when t4_fw_hello returns a positive value' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Force uninitialized state if FW_ON_ADAPTER is < FW_VERSION and we're the MASTER_PF' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Correct comparisons and calculations using skb->tail and skb-transport_header' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Do not set net_device::dev_id to VI index' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix stack info leak in c4iw_create_qp()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add routines to create and remove listening IPv6 servers' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add CLIP support to store compressed IPv6 address' (Prarit Bhargava) [1140743] - [infiniband] revert 'cma: Add IPv6 support for iWARP' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add support for active and passive open connection with IPv6 address' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Handle newer firmware changes' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use correct bit shift macros for vlan filter tuples' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix QP flush logic' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix accounting for unsignaled SQ WRs to deal with wrap' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Set arp error handler for PASS_ACCEPT_RPL messages' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Always do GTS write if cidx_inc == CIDXINC_MASK' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Advertise ~0ULL as max MR size' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Issue RI.FINI before closing when entering TERM' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: remove workqueue when driver registration fails' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: remove unnecessary pci_set_drvdata()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cgxb4: remove duplicate include in cxgb4.h' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Much cleaner implementation of is_t4()/is_t5()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: added much cleaner implementation of is_t4()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add new scheme to update T4/T5 firmware' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix formatting of physical address' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Make _c4iw_write_mem_dma() static' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: calls skb_set_hash' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Reserve stid 0 for T4/T5 adapters' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Include TCP as protocol when creating server filters' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Assign filter server TIDs properly' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Account for stid entries properly in case of IPv6' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add API to correctly calculate tuple fields' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: make functions static and remove dead code' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Calculate the filter server TID properly' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Server filters are supported only for IPv4' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use cxgb4_select_ntuple to correctly calculate ntuple fields' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: allow large buffer size to have page size' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Changed FW check version to match FW binary version' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: silence shift wrapping static checker warning' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Avoid disabling PCI device for towice' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Don't retrieve stats during recovery' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix gcc warning on 32-bit arch' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix referencing freed adapter' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add missing neigh_release in LE-Workaround path' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Use pci_enable_msix_range() instead of pci_enable_msix()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add support to recognize 40G links' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Print adapter VPD Part Number instead of Engineering Change field' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Allow >10G ports to have multiple queues' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: LE-Workaround is not atomic in firmware' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Query firmware for T5 ULPTX MEMWRITE DSGL capabilities' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Remove unused registers and add missing ones' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Don't assume LSO only uses SGL path in t4_eth_xmit()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add more PCI device ids' (Prarit Bhargava) [1140743] - [netdrv] revert 'cgxb4: Stop using ethtool SPEED_* constants' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: use remove handler as shutdown handler' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix some small bugs in t4_sge_init_soft() when our Page Size is 64KB' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add code to dump SGE registers when hitting idma hangs' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Rectify emitting messages about SGE Ingress DMA channels being potentially stuck' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Updates for T5 SGE's Egress Congestion Threshold' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Calculate len properly for LSO path' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Treat CPL_ERR_KEEPALV_NEG_ADVICE as negative advice' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Doorbell Drop Avoidance Bug Fixes' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix underflows in c4iw_create_qp()' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix four byte info leak in c4iw_create_cq()' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Cap CQ size at T4_MAX_IQ_SIZE' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Allow loopback connections' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Always release neigh entry' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix incorrect BUG_ON conditions' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Mind the sq_sig_all/sq_sig_type QP attributes' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Default peer2peer mode to 1' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Save the correct map length for fast_reg_page_lists' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Don't leak skb in c4iw_uld_rx_handler()' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix possible memory leak in RX_PKT processing' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Ignore read reponse type 1 CQEs' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Connect_request_upcall fixes' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Update snd_seq when sending MPA messages' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Call dev_kfree/consume_skb_any instead of kfree_skb' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxbg4: Remove addressof casts to same type' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Adds device ID for few more Chelsio Adapters' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: set error code on kmalloc() failure' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Lock around accept/reject downcalls' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Drop RX_DATA packets if the endpoint is gone' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: rx_data() needs to hold the ep mutex' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Disable DSGL use by default' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use the BAR2/WC path for kernel QPs and T5 devices' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Endpoint timeout fixes' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: rmb() after reading valid gen bit' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: SQ flush fix' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Max fastreg depth depends on DSGL support' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use pr_warn_ratelimited' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Initialize reserved fields in a FW work request' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add missing debug stats' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Use uninitialized_var()' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix over-dereference when terminating' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Save the correct mac addr for hw-loopback connections in the L2T' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: use the correct max size for firmware flash' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix endpoint mutex deadlocks' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Force T5 connections to use TAHOE congestion control' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Only allow kernel db ringing for T4 devs' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Update Kconfig to include Chelsio T5 adapter' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Decode PCIe Gen3 link speed' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix memory leaks in c4iw_alloc() error paths' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Fix vlan support' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: Add missing padding at end of struct c4iw_create_cq_resp' (Prarit Bhargava) [1140743] - [infiniband] revert 'cxgb4: add missing padding at end of struct c4iw_alloc_ucontext_resp' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Decode the firmware port and module type a bit more for ethtool' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Check if rx checksum offload is enabled, while reading hardware calculated checksum' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: Allocate and use IQs specifically for indirect interrupts' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: Choose appropriate hw mtu index and ISS for iWARP connections' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: don't truncate the recv window size' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Change default Interrupt Holdoff Packet Count Threshold' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fixes cxgb4 probe failure in VM when PF is exposed through PCI Passthrough' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Use FW interface to get BAR0 value' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Replaced the backdoor mechanism to access the HW memory with PCIe Window method' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Adds device ID for few more Chelsio T4 Adapters' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: remove unnecessary null test before debugfs_remove_recursive' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: Detect Ing. Padding Boundary at run-time' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: use firmware ord/ird resource limits' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: display TPTE on errors' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: work request logging feature' (Prarit Bhargava) [1140743] - [netdrv] revert 'iw_cxgb4: Move common defines to cxgb4' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Add the MC1 registers to read in the interrupt handler' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fixed incorrect check for memory operation in t4_memory_rw' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: only free allocated fls' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Fix possible race condition in cleanup' (Prarit Bhargava) [1140743] - [infiniband] revert 'iw_cxgb4: fix for 64-bit integer division' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Add core T4 PCI-E SR-IOV Virtual Function hardware definitions and device communication code' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Add T4 Virtual Function Scatter-Gather Engine DMA code' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Add main T4 PCI-E SR-IOV Virtual Function driver for cxgb4vf' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Add new Makefile for T4 PCI-E SR-IOV Virtual Function driver cxgb4vf' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Stitch new T4 PCI-E SR-IOV Virtual Function driver into the build' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Remove obsolete comment about the lack of a TX Timer Callback' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Use correct shift factor for extracting the SGE DMA Ingress Padding Boundary' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: remove obsolete DECLARE_PCI_UNMAP_ADDR usage' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Implement 'Unhandled Interrupts' statistic' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: fix TX Queue restart' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: fix SGE resource resource deallocation bug' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Fix off-by-one error checking for the end of the mailbox delay array' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Fix bug where we were only allocating one queue in MSI mode' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: do not use PCI resources before pci_enable_device()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Use netif_set_real_num_rx/tx_queues()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: make single bit signed bitfields unsigned' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: remove call to stop TX queues at load time' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: don't implement trivial (and incorrect) ndo_select_queue()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: fix bug in Generic Receive Offload' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: fix some errors in Gather List to skb conversion' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: flesh out PCI Device ID Table' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Fail open if link_start() fails' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: add call to Firmware to reset VF State' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: minor comment/symbolic name cleanup' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: add ethtool statistics for GRO' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: fix up 'Section Mismatch' compiler warning' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Advertise NETIF_F_TSO_ECN' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: fix setting unicast/multicast addresses' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Ingress Queue Entry Size needs to be 64 bytes' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: fix mailbox data/control coherency domain race' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: recover from failure in cxgb4vf_open()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Check driver parameters in the right place' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Behave properly when CONFIG_DEBUG_FS isn't defined' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Quiesce Virtual Interfaces on shutdown' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Use defined Mailbox Timeout' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: improve Kconfig dependencies' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: do vlan cleanup' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: remove __dev* attributes' (Prarit Bhargava) [1140743] and pr_<level>' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Fix extraction of cpl_rx_pkt from the response queue descriptor' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Fix VLAN extraction counter increment' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Add support for Chelsio T5 adapter' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG' (Prarit Bhargava) [1140743] - [netdrv] revert 'net: cxgb4vf: Staticize local symbols' (Prarit Bhargava) [1140743] - [netdrv] revert 'net: cxgb4vf: remove unnecessary pci_set_drvdata()' (Prarit Bhargava) [1140743] - [netdrv] revert 'net: cxgb4vf: use DEFINE_PCI_DEVICE_TABLE' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: added much cleaner implementation of is_t4()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: make functions static and remove dead code' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Remove superfluous call to pci_disable_msix()' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4vf: Adds device Id for few more Chelsio adapters' (Prarit Bhargava) [1140743] - [netdrv] revert 'cxgb4: Export symbols required by cxgb4i for ipv6 support and required defines' (Prarit Bhargava) [1140743] - [scsi] revert 'libcxgbi: Add ipv6 api to driver' (Prarit Bhargava) [1140743] - [scsi] revert 'cxgb4i: Add ipv6 code to driver, call into libcxgbi ipv6 api' (Prarit Bhargava) [1140743] - [scsi] revert 'cxgb4i: Fix ipv6 build failure caught with randconfig' (Prarit Bhargava) [1140743] - [scsi] revert 'cxgb4i: remove spurious use of rcu' (Prarit Bhargava) [1140743] - [scsi] revert 'cxgb4i: Guard ipv6 code with a config check' (Prarit Bhargava) [1140743] [2.6.32-503] - [kernel] futex: Fix errors in nested key ref-counting (Denys Vlasenko) [1094458] {CVE-2014-0205} - [fs] vfs: add missing __putname() in patch_mountpoint() (Ian Kent) [1135165] - [fs] nfs: Don't busy-wait on SIGKILL in __nfs_iocounter_wait (Benjamin Coddington) [1113269] - [netdrv] mlx4: add vlan_rx_register to the master ops (Doug Ledford) [1133506] - [infiniband] ocrdma: use right macro in query ah (Doug Ledford) [1133506] - [infiniband] ocrdma: resolve L2 address when creating user AH (Doug Ledford) [1133506] - [infiniband] ocrdma: get vlan tag from ib_qp_attrs (Doug Ledford) [1133506] - [infiniband] ocrdma: add default gid at index 0 (Doug Ledford) [1133506] - [infiniband] ocrdma: obtain sl from deivce structure (Doug Ledford) [1133506] - [infiniband] ocrdma: do not skip setting deffered_arm (Doug Ledford) [1133506] - [infiniband] ocrdma: Initialize the GID table while registering the device (Doug Ledford) [1133506] - [infiniband] ocrdma: Increase the size of STAG array in dev structure to 16K (Doug Ledford) [1133506] - [infiniband] ocrdma: Add missing adapter mailbox opcodes (Doug Ledford) [1133506] - [infiniband] ocrdma: Return proper value for max_mr_size (Doug Ledford) [1133506] - [infiniband] ocrdma: Allow only SEND opcode in case of UD QPs (Doug Ledford) [1133506] - [infiniband] ocrdma: Avoid reporting wrong completions in case of error CQEs (Doug Ledford) [1133506] - [infiniband] ocrdma: Query and initalize the PFC SL (Doug Ledford) [1133506] - [infiniband] ocrdma: Avoid posting DPP requests for RDMA READ (Doug Ledford) [1133506] - [infiniband] core: When marsheling uverbs path, clear unused fields (Amir Vadai) [1130394] - [infiniband] mlx4: Avoid executing gid task when device is being removed (Amir Vadai) [1130394] - [infiniband] mlx4: Fix lockdep splat for the iboe lock (Amir Vadai) [1130394] - [infiniband] mlx4: Get upper dev addresses as RoCE GIDs when port comes up (Amir Vadai) [1130394] - [infiniband] mlx4: Reorder steps in RoCE GID table initialization (Amir Vadai) [1130394] - [infiniband] mlx4: Don't duplicate the default RoCE GID (Amir Vadai) [1130394] - [infiniband] mlx4: Avoid null pointer dereference in mlx4_ib_scan_netdevs() (Amir Vadai) [1130394] - [netdrv] b43: fix the wrong assignment of status.freq in b43_rx() (John Greene) [1132160] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-2596 CVE-2014-0181 CVE-2014-4608 CVE-2014-4655 CVE-2014-5045 CVE-2013-4483 CVE-2014-5077 CVE-2014-3122 CVE-2014-3601 CVE-2014-4654 CVE-2014-4653 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.3.13-2] - Fix strict alias warning [0.3.13-1] - New upstream bug fix release resolves: #633584 - Pick up latest TrouSerS package resolves: #1074634 - Buffer overflow detected in TrouSerS daemon LOW Copyright 2014 Oracle, Inc. CVE-2012-0698 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [5.3p1-104] - ignore SIGXFSZ in postauth monitor child (#1133906) [5.3p1-103] - don't try to generate DSA keys in the init script in FIPS mode (#1118735) [5.3p1-102] - ignore SIGPIPE in ssh-keyscan (#1108836) [5.3p1-101] - ssh-add: fix fatal exit when removing card (#1042519) [5.3p1-100] - fix race in backported ControlPersist patch (#953088) [5.3p1-99.2] - skip requesting smartcard PIN when removing keys from agent (#1042519) [5.3p1-98] - add possibility to autocreate only RSA key into initscript (#1111568) - fix several issues reported by coverity [5.3p1-97] - x11 forwarding - be less restrictive when can't bind to one of available addresses (#1027197) - better fork error detection in audit patch (#1028643) - fix openssh-5.3p1-x11.patch for non-linux platforms (#1100913) [5.3p1-96] - prevent a server from skipping SSHFP lookup (#1081338) CVE-2014-2653 - ignore environment variables with embedded '=' or '\0' characters CVE-2014-2532 - backport ControlPersist option (#953088) - log when a client requests an interactive session and only sftp is allowed (#997377) - don't try to load RSA1 host key in FIPS mode (#1009959) - restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over restart (#1010429) - ssh-keygen -V - relative-specified certificate expiry time should be relative to current time (#1022459) [5.3p1-95] - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#993580) - log failed integrity test if /etc/system-fips exists (#1020803) - backport ECDSA and ECDH support (#1028335) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-2653 CVE-2014-2532 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.04-21] - fix typographical error in changelog [5.04-20] - fix #1037279 - better patch for the bug from previous release [5.04-19] - fix #1037279 - display 'from' field on 32bit ppc core [5.04-18] - fix #664513 - trim white-spaces during ISO9660 detection [5.04-17] - fix CVE-2014-3479 (cdf_check_stream_offset boundary check) - fix CVE-2014-3480 (cdf_count_chain insufficient boundary check) - fix CVE-2014-0237 (cdf_unpack_summary_info() excessive looping DoS) - fix CVE-2014-0238 (CDF property info parsing nelements infinite loop) - fix CVE-2014-2270 (out-of-bounds access in search rules with offsets) - fix CVE-2014-1943 (unrestricted recursion in handling of indirect type rules) - fix CVE-2012-1571 (out of bounds read in CDF parser) [5.04-16] - fix #873997 - improve Minix detection pattern to fix false positives - fix #884396 - improve PBM pattern to fix misdetection with x86 boot sector - fix #980941 - improve Bio-Rad pattern to fix false positives - fix #849621 - tweak strength of XML, Latex and Python patterns to execute them in the proper order - fix #1067771 - detect qcow version 3 images - fix #1064463 - treat RRDTool files as binary files MODERATE Copyright 2014 Oracle, Inc. CVE-2014-2270 CVE-2014-0237 CVE-2014-0238 CVE-2014-3480 CVE-2014-1943 CVE-2012-1571 CVE-2014-3479 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 7 [1:1.7.0.65-2.5.3.1.0.1.el7_0] - Update DISTRO_NAME in specfile [1:1.7.0.65-2.5.3.1] - Bump to 2.5.3 for latest security fixes. - Remove obsolete patches. - Add hsbootstrap option to pre-build HotSpot when required. - Resolves: rhbz#1148893 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-6531 CVE-2014-6558 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6517 CVE-2014-6519 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.33-1.13.5.0] - Update to IcedTea 1.13.5 - Remove upstreamed patches. - Regenerate add-final-location-rpaths patch against new release. - Change versioning to match java-1.7.0-openjdk so revisions work. - Use xz for tarballs to reduce file size. - No need to explicitly disable system LCMS any more (bug fixed upstream). - Add icedteasnapshot to setup lines so they work with pre-release tarballs. - Resolves: rhbz#1148901 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-6502 CVE-2014-6504 CVE-2014-6512 CVE-2014-6531 CVE-2014-6558 CVE-2014-6506 CVE-2014-6519 CVE-2014-6511 CVE-2014-6457 CVE-2014-6517 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 firefox [31.2.0-3.0.1.el7_0] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [31.2.0-3] - Update to 31.2.0 ESR - Fix for mozbz#1042889 [31.1.0-7] - Enable WebM on all arches xulrunner [31.2.0-1.0.1] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [31.2.0-1] - Update to 31.2.0 [31.1.0-3] - move /sdk/bin to xulrunner libdir [31.1.0-2] - Sync preferences with Firefox package [31.1.0-1] - Update to 31.1.0 ESR [31.0-2] - Fix header wrapper for aarch64 [31.0-1] - Update to 31.0 ESR CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1576 CVE-2014-1577 CVE-2014-1574 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [1:1.8.0.25-1.b17] - Update to October CPU patch update. - Resolves: RHBZ#1148896 [1:1.8.0.20-3.b26] - fixed headless (policytool moved to normal) - jre/bin/policytool added to not headless exclude list - updated aarch694 source - ppc64le synced from fedora - Resolves: rhbz#1081073 [1:1.8.0.20-2.b26] - forcing build by itself (jdk8 by jdk8) - Resolves: rhbz#1081073 [1:1.8.0.20-1.b26] - updated to u20-b26 - adapted patch9999 enableArm64.patch - adapted patch100 s390-java-opts.patch - adapted patch102 size_t.patch - removed upstreamed patch 0001-PPC64LE-arch-support-in-openjdk-1.8.patch - adapted system-lcms.patch - removed patch8 set-active-window.patch - removed patch9 javadoc-error-jdk-8029145.patch - removed patch10 javadoc-error-jdk-8037484.patch - removed patch99 applet-hole.patch - itw 1.5.1 is able to ive without it - Resolves: rhbz#1081073 [1:1.8.0.11-19.b12] - fixed desktop icons - Icon set to java-1.8.0 - Development removed from policy tool - Resolves: rhbz#1081073 [1:1.8.0.11-18.b12] - fixed jstack - Resolves: rhbz#1081073 [1:1.8.0.11-15.b12] - fixed provides/obsolates - Resolves: rhbz#1081073 [1:1.8.0.11-14.b12] - mayor rework of specfile - sync with f21 - accessibility kept removed - lua script kept unsync - priority and epoch kept on 0 - not included disable-doclint patch - kept bundled lcms - unused OrderWithRequires - used with-stdcpplib instead of with-stdc++lib - Resolves: rhbz#1081073 [1:1.8.0.11-4.b13] - Added security patches - Resolves: rhbz#1081073 [1:1.8.0.5-6.b13] - Removed accessibility package - removed patch3 java-atk-wrapper-security.patch - removed its files and declaration - removed creation of libatk-wrapper.so and java-atk-wrapper.jar symlinks - removed generation of accessibility.properties - Resolves: rhbz#1113078 [1:1.8.0.5-5.b13] - priority lowered to 00000 - Resolves: rhbz#1081073 [1:1.8.0.5-4.b13] - Initial import from fedora - Used bundled lcms2 - added java-1.8.0-openjdk-disable-system-lcms.patch - --with-lcms changed to bundled - removed build requirement - excluded removal of lcms from remove-intree-libraries.sh - removed --with-extra-cflags="-fno-devirtualize" and --with-extra-cxxflags="-fn o-devirtualize"--- - added patch998, rhel6-built.patch to - fool autotools - replace all ++ chars in autoconfig files by pp - --with-stdc++lib=dynamic replaced by --with-stdcpplib=dynamic - Bumped release - Set epoch to 0 - removed patch6, disable-doclint-by-default.patch - Resolves: rhbz#1081073 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6468 CVE-2014-6512 CVE-2014-6519 CVE-2014-6562 CVE-2014-6517 CVE-2014-6457 CVE-2014-6502 CVE-2014-6531 CVE-2014-6558 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [31.2.0-3.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.2.0-3] - Enabled jemalloc on ppc(64) and s390(x) [31.2.0-2] - Update to 31.2.0 [31.1.1-2] - Sync preferences with Firefox [31.1.1-1] - Update to 31.1.1 [31.1.0-1] - Update to 31.1.0 [31.0-1] - Rebase to 31 ESR IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1574 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1.0.1e-30.2] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3513 CVE-2014-3567 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 [7.4.10-3] - fix CVE-2014-3634 resolves: #1149150 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3634 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [2.9.1-5.0.1.el7_0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.1-5.1] - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-3660 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 Oracle Linux 5 [5.8.12-5.0.1] - use setsid() to get a controlling session and process group [Orabug: 17364545] [5.8.12-5] - fix CVE-2014-3634 resolves: #1149158 MODERATE Copyright 2014 Oracle, Inc. CVE-2014-3634 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 7 Oracle Linux 6 [1.10.3-12.0.1.el7] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.10.3-12] - security patches - Related: #1148266 [1.10.3-11] - security patches - Resolves: CVE-2014-6421 CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 MODERATE Copyright 2014 Oracle, Inc. CVE-2014-6421 CVE-2014-6422 CVE-2014-6424 CVE-2014-6428 CVE-2014-6426 CVE-2014-6429 CVE-2014-6432 CVE-2014-6423 CVE-2014-6427 CVE-2014-6431 CVE-2014-6425 CVE-2014-6430 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.14-10.1] - Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access (#1156135) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-4877 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [5.4.16-23.3] - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 [5.4.16-23.2] - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 - core: fix integer overflow in unserialize() CVE-2014-3669 - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3668 CVE-2014-3710 CVE-2014-3670 CVE-2014-3669 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0.8.0-3] - CVE-2014-8566 CVE-2014-8567 - Resolves: bz1157283 - Resolves: bz1157956 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-8566 CVE-2014-8567 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [0.9.7-7.1] - Fix CVE-2014-6051 (integer overflow in screen size handling) (bug #1157668) - Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup) (bug #1157668) - Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message handling) (bug #1157668) - Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling) (bug #1157668) - Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer handling) (bug #1157668) [0.9.7-7] - Revert CVE-2011-0904 and CVE-2011-0905 patch because libvncserver is not vulnerable (bug #696767) [0.9.7-6] - Fix CVE-2011-0904 and CVE-2011-0905 in more generic way (bug #696767) [0.9.7-5] - Fix CVE-2011-0904 (bug #696767) - Fix CVE-2011-0905 (bug #696767) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.6.32-504.1.3] - Revert: [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] [2.6.32-504.1.2] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645} [2.6.32-504.1.1] - [fs] call d_op->d_hash on last component of umount path (Abhijith Das) [1145193 1129712] - [usb] serial: memory corruption flaw (Jacob Tanenbaum) [1141401 1141402] {CVE-2014-3185} - [char] ipmi: Clear drvdata when interface is removed (Tony Camuso) [1149578 1135910] - [char] ipmi: init shadow_ipmi_smi_handlers early in ipmi_si_intf (Tony Camuso) [1149580 1139464] - [net] ipsec: update MAX_AH_AUTH_LEN to support sha512 (Herbert Xu) [1149083 1140103] - [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] - [netdrv] virtio-net: fix big buffer receiving (Jason Wang) [1148693 1144073] - [netdrv] tg3: prevent ifup/ifdown during PCI error recovery (Ivan Vecera) [1142570 1117009] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3645 CVE-2014-3185 CVE-2014-3646 CVE-2014-3611 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1.4.5-4] - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0211 CVE-2014-0209 CVE-2014-0210 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 [0.10.2-46.0.1.el6_6.2] - Replace docs/et.png in tarball with blank image [0.10.2-46.el6_6.2] - qemu: allow restore with non-migratable XML input (rhbz#1155564) - qemu: Introduce qemuDomainDefCheckABIStability (rhbz#1155564) - Make ABI stability issue easier to debug (rhbz#1155564) - CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk (CVE-2014-3633) - domain_conf: fix domain deadlock (CVE-2014-3657) - CVE-2014-7823: dumpxml: security hole with migratable flag (CVE-2014-7823) MODERATE Copyright 2014 Oracle, Inc. CVE-2014-3657 CVE-2014-7823 CVE-2014-3633 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [1.8.7.374-3] - Fix REXML billion laughs attack via parameter entity expansion (CVE-2014-8080). Resolves: rhbz#1163993 - REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090). Resolves: rhbz#1163993 MODERATE Copyright 2014 Oracle, Inc. CVE-2014-8090 CVE-2014-8080 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [1.9.3.484-50.0.1] - fix build issue: self test report 'dh key to small' [1.9.3.484-50] - Fix off-by-one stack-based buffer overflow in the encodes() function (CVE-2014-4975). Related: rhbz#1164004 - Fix REXML billion laughs attack via parameter entity expansion (CVE-2014-8080). Related: rhbz#1164004 - REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090). Related: rhbz#1164004 MODERATE Copyright 2016 Oracle, Inc. CVE-2014-8090 CVE-2014-4975 CVE-2014-8080 cpe:/a:oracle:linux:6::SoftwareCollections cpe:/a:oracle:linux:6::SoftwareCollections12 Oracle Linux 6 Oracle Linux 7 Oracle Linux 5 [31.3.0-4.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones [31.3.0-4] - Update to 31.3.0 ESR Build 2 - Fix for geolocation API (rhbz#1063739) [31.2.0-5] - splice workaround (rhbz#1150082) [31.2.0-4] - ppc build fix (rhbz#1151959) CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-1587 CVE-2014-1592 CVE-2014-1593 CVE-2014-1590 CVE-2014-1594 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [31.3.0-1.0.1.el6_6] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.3.0-1] - Update to 31.3.0 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1590 CVE-2014-1592 CVE-2014-1587 CVE-2014-1593 CVE-2014-1594 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 7 Oracle Linux 6 nss [3.16.2.3-2.0.1.el7_0] - Added nss-vendor.patch to change vendor [3.16.2.3-2] - Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 [3.16.2.3-1] - Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap [3.16.2-8] - Fix crash in stan_GetCERTCertificate - Resolves: Bug 1139349 nss-softokn [3.16.2-3] - Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 [3.16.2-3] - Resolves: Bug 1145433 - CVE-2014-1568 [3.16.2-1] - Update to nss-3.16.2 - Resolves: Bug 1124659 - Rebase RHEL 7.1 to at least NSS-SOFTOKN 3.16.1 (FF 31) [3.15.4-2] - Mass rebuild 2014-01-24 [3.15.3-4] - Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 - Update softokn splitting script to oparate on the upstream pristine source - Using the .gz archives directly, not repackaging as .bz2 ones - Avoid unneeded manual steps that could introduce errors - Update the iquote and build softoken only patches on account of the rebase [3.15.3-3] - Fix to allow level 1 fips mode if the db has no password - Resolves: Bug 852023 - FIPS mode detection does not work [3.15.3-2] - Mass rebuild 2013-12-27 [3.15.3-1] - Rebase to NSS_3_15_3_RTM - Related: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 [3.15.2-2] - Resolves: rhbz#1020395 - Allow Level 1 FIPS mode if the nss db has no password [3.15.2-1] - Rebase to nss-softoken from nss-3.15.2 - Resolves: rhbz#1012679 - pick up NSS-SOFTOKN 3.15.2 (required for bug 1012656) [3.15.1-3] - Add export NSS_ENABLE_ECC=1 rto the %build and %check sections - Resolves: rhbz#752980 - [7.0 FEAT] Support ECDSA algorithm in the nss packag [3.15.1-2] - Remove an obsolete script and adjust the sources numbering accordingly [3.15.1-1] - Update to NSS_3_15_1_RTM [3.15-4] - Split off nss-softokn from the unstripped nss source tar ball [3.15-3] - Update to NSS_3_15_RTM - Require nspr-4.10 or greater - Fix patch that selects tests to run [3.15-0.1.beta.3] - Reverse the last changes since pk11gcmtest properly belongs to nss [3.15-0.1.beta.2] - Add lowhashtest and pk11gcmtest as unsupported tools - Modify nss-softoken-split script to include them in the split [3.15-0.1.beta.1] - Update to NSS_3_15_BETA1 - Update spec file, patches, and helper scrips on account of a shallwer source tree nss-util [3.16.2.1-1] - Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 IMPORTANT Copyright 2014 Oracle, Inc. cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [2.4.6-22.0.1.el6] - remove enable-tlsv1x-thunks to fit openssl 1.x api - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.4.6-22] - Remove mod_proxy_fcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected (CVE-2014-3583) [2.4.6-21] - mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950) [2.4.6-20] - core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704) - mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581) - mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583) [2.4.6-19] - mod_cgid: add security fix for CVE-2014-0231 - mod_proxy: add security fix for CVE-2014-0117 - mod_deflate: add security fix for CVE-2014-0118 - mod_status: add security fix for CVE-2014-0226 - mod_cache: add secutiry fix for CVE-2013-4352 LOW Copyright 2016 Oracle, Inc. CVE-2013-5704 CVE-2014-3581 cpe:/a:oracle:linux:6::SoftwareCollections cpe:/a:oracle:linux:6::SoftwareCollections12 Oracle Linux 5 Oracle Linux 6 [4.4.2.3-36.0.1] - Add missing files in /usr/share/doc/ [4.8.0-36] - Fix warning when applying the patch for #1163057 [4.8.0-35] - Fix race condidition where unchecked data is exposed in the file system (CVE-2013-6435)(#1163057) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-6435 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 Oracle Linux 6 Oracle Linux 7 [1.15.0-7.0.1.el7_0.3] - Invalid BUG_RETURN_VAL fix, upstream patch (orabug 18896390) [1.15.0-7.3] - CVE fixes for: CVE-2014-8099, CVE-2014-8098, CVE-2014-8097, CVE-2014-8096, CVE-2014-8095, CVE-2014-8094, CVE-2014-8093, CVE-2014-8092, CVE-2014-8091, CVE-2014-8101, CVE-2014-8100, CVE-2014-8103, CVE-2014-8102 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-8092 CVE-2014-8093 CVE-2014-8091 CVE-2014-8100 CVE-2014-8102 CVE-2014-8098 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8099 CVE-2014-8101 CVE-2014-8103 cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [32:9.9.4-14.0.1.el7_0.1] - Rebuild to fix libmysqlclient dependency [32:9.9.4-14.1] - Fix CVE-2014-8500 (#1171975) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-8500 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [2.6.32-504.3.3] - [x86] traps: stop using IST for #SS (Petr Matousek) [1172810 1172811] {CVE-2014-9322} [2.6.32-504.3.2] - [md] dm-thin: fix pool_io_hints to avoid looking at max_hw_sectors (Mike Snitzer) [1161420 1161421 1142773 1145230] [2.6.32-504.3.1] - [s390] zcrypt: toleration of new crypto adapter hardware (Hendrik Brueckner) [1158311 1134984] - [s390] zcrypt: support for extended number of ap domains (Hendrik Brueckner) [1158311 1134984] - [md] dm-thin: fix potential for infinite loop in pool_io_hints (Mike Snitzer) [1161420 1161421 1142773 1145230] [2.6.32-504.2.1] - [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142319 1142320] {CVE-2014-6410} - [fs] isofs: unbound recursion when processing relocated directories (Jacob Tanenbaum) [1142268 1142269] {CVE-2014-5472 CVE-2014-5471} - [net] ipv6: delete expired route in ip6_pmtu_deliver (Hannes Frederic Sowa) [1161418 1156137] - [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155746 1154676] {CVE-2014-3688} - [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155733 1154676] {CVE-2014-3687} - [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147857 1154676] {CVE-2014-3673} - [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147857 1154676] - [md] dm-thin: refactor requeue_io to eliminate spinlock bouncing (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: optimize retry_bios_on_resume (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: sort the deferred cells (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: direct dispatch when breaking sharing (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: remap the bios in a cell immediately (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: defer whole cells rather than individual bios (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: factor out remap_and_issue_overwrite (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: performance improvement to discard processing (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: grab a virtual cell before looking up the mapping (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: implement thin_merge (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm: improve documentation and code clarity in dm_merge_bvec (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: adjust max_sectors_kb based on thinp blocksize (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] block: fix alignment_offset math that assumes io_min is a power-of-2 (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: throttle incoming IO (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: prefetch missing metadata pages (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-transaction-manager: add support for prefetching blocks of metadata (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin-metadata: change dm_thin_find_block to allow blocking, but not issuing, IO (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bio-prison: switch to using a red black tree (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: evict buffers that are past the max age but retain some buffers (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: switch from a huge hash table to an rbtree (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: update last_accessed when relinking a buffer (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-bufio: use kzalloc when allocating dm_bufio_client (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin-metadata: do not allow the data block size to change (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: cleanup noflush_work to use a proper completion (Mike Snitzer) [1161420 1161421 1142773 1145230] - [md] dm-thin: fix DMERR typo in pool_status error path (Mike Snitzer) [1161420 1161421 1142773 1145230] - [fs] xfs: xlog_cil_force_lsn doesn't always wait correctly (Eric Sandeen) [1158325 1133304] - [netdrv] ixgbe: allow TXDCTL.WRTHRESH to be 1 will small ITR values (John Greene) [1158326 1132267] - [netdrv] ixgbe: Intel Change to allow itr changes without CONFIG_BQL support (John Greene) [1158326 1132267] - [video] offb: Fix setting of the pseudo-palette for >8bpp (Gerd Hoffmann) [1158328 1142450] - [video] offb: Add palette hack for qemu 'standard vga' framebuffer (Gerd Hoffmann) [1158328 1142450] - [video] offb: Fix bug in calculating requested vram size (Gerd Hoffmann) [1158328 1142450] - [net] sock_queue_err_skb() dont mess with sk_forward_alloc (Jiri Benc) [1155427 1148257] - [net] guard tcp_set_keepalive() to tcp sockets (Florian Westphal) [1141744 1141746] {CVE-2012-6657} - Revert: [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull (mguzik) [1144826 1144837 1144827 1144838] {CVE-2014-3646 CVE-2014-3645} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-5471 CVE-2014-6410 CVE-2012-6657 CVE-2014-5472 CVE-2014-9322 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [12.4-8] - CVE-2004-2771 mailx: command execution flaw resolves: #1171175 MODERATE Copyright 2014 Oracle, Inc. CVE-2004-2771 CVE-2014-7844 cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 Oracle Linux 7 [1.900.1-16.2] - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566) - CVE-2014-8138 - heap overflow in jp2_decode (#1173566) [1.900.1-16.1] - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171208) [1.900.1-16] - CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution (#749150) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-9029 CVE-2014-8137 CVE-2014-8138 cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 7 Oracle Linux 6 [4.2.6p5-2] - don't generate weak control key for resolver (CVE-2014-9293) - don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294) - fix buffer overflows via specially-crafted packets (CVE-2014-9295) - don't mobilize passive association when authentication fails (CVE-2014-9296) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-9293 CVE-2014-9296 CVE-2014-9295 CVE-2014-9294 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [3.8.13-26.el6uek] - spec: Don't remove crashkernel=auto setting (Jerry Snitselaar) [Orabug: 18137993] [3.8.13-25.el6uek] - ocfs2: fix i_mutex deadlock between aio_write and sync_file (Darrick J. Wong) [Orabug: 18068931] - Revert 'x86, mm: Revert back good_end setting for 64bit' (Jerry Snitselaar) [Orabug: 18128986] [3.8.13-24.el6uek] - tg3: remove spin_lock_bh() in tg3_get_stats64() to fix dead lock (Ethan Zhao) [Orabug: 18070676] - net/core: use GFP_NOWAIT allocation flag in rtmsg_ifinfo() to fix lockup warning (Ethan Zhao) [Orabug: 18070676] - mptsas: do not call __mptsas_probe in kthread (Jerry Snitselaar) [Orabug: 18120337] - config: enable CONFIG_KEXEC_AUTO_RESERVE (Jerry Snitselaar) [Orabug: 17616874] - Btrfs: allow compressed extents to be merged during defragment (Liu Bo) [Orabug: 18098511] - Btrfs: reset ret in record_one_backref (Josef Bacik) [Orabug: 18098511] - Btrfs: fix a crash when running balance and defrag concurrently (Liu Bo) [Orabug: 18098511] - Btrfs: fix a bug of snapshot-aware defrag to make it work on partial extents (Liu Bo) [Orabug: 18098511] - Btrfs: get better concurrency for snapshot-aware defrag work (Liu Bo) [Orabug: 18098511] - Btrfs: snapshot-aware defrag (Liu Bo) [Orabug: 18098511] - btrfs: add cancellation points to defrag (David Sterba) [Orabug: 18098511] - qla4xxx: Updated driver version to 5.04.00.02.06.02-uek3 (Vikas Chaudhary) [Orabug: 18103905] - qla4xxx: Fix memory leak in qla4xxx_destroy_ddb (Vikas Chaudhary) [Orabug: 18103905] - x86: add support for crashkernel=auto (Brian Maly) - x86, mm: Revert back good_end setting for 64bit (Yinghai Lu) [Orabug: 17648536] [3.8.13-23.el6uek] - [SCSI] storvsc: avoid usage of WRITE_SAME (Olaf Hering) [Orabug: 18037923] - Fix balloon driver to work properly with balloon_hugepages but no superpage flag (Dave McCracken) - config: disable BUILD_DOCSRC (Jerry Snitselaar) [Orabug: 17504426] - ext4: Fix non-O_SYNC AIO DIO unwritten extent conversion after dio finishes (Darrick J. Wong) [Orabug: 18069802] - memcg: don't initialize kmem-cache destroying work for root caches (Andrey Vagin) [Orabug: 17791895] - ocfs2: ocfs2 punch hole retrun EINVAL if the length argument in ioctl is negative (Tariq Saeed) [Orabug: 14789508] - writeback: fix data corruption on NFS (Jan Kara) [Orabug: 16677609] - Btrfs: handle a bogus chunk tree nicely (Josef Bacik) [Orabug: 17334825] - Drivers: hv: Execute shutdown in a thread context (K. Y. Srinivasan) [Orabug: 18053264] - Increase scsi_mod parameter max_report_luns to 1023. (Zhigang Wang) [Orabug: 17445498] - NFSv4.1 Fix gdia_maxcount calculation to fit in ca_maxresponsesize (Andy Adamson) [Orabug: 17419831] - config: disable fragile PSTORE options (Ethan Zhao) [Orabug: 17928723] - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 17330860] - qla4xxx: Updated driver version to 5.04.00.01.06.02-uek3 (Tej Parkash) [Orabug: 18050491] - qla4xxx: Fix sparse warnings (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Handle IPv6 AEN notifications (Nilesh Javali) [Orabug: 18050491] - qla4xxx: Update print statements in func qla4xxx_do_dpc() (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Update print statements in func qla4xxx_eh_abort() (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Update print statements in qla4xxx_mailbox_command() (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Updated print for device login, logout path (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Remove unused code from qla4xxx_set_ifcb() (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Fix failure of mbox 0x31 (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Reduce rom-lock contention during reset recovery. (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Fix pending IO completion in reset path before initiating chip reset (Tej Parkash) [Orabug: 18050491] - qla4xxx: Fix processing response queue during probe (Tej Parkash) [Orabug: 18050491] - qla4xxx: Fix failure of IDC Time Extend mailbox command (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Clear DDB index map upon connection close failure (Nilesh Javali) [Orabug: 18050491] - qla4xxx: Return correct error status from func qla4xxx_request_irqs() (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Fixed AER reset sequence for ISP83xx/ISP84xx (Tej Parkash) [Orabug: 18050491] - qla4xxx: Correctly handle msleep_interruptible (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Rename ACB_STATE macros with IP_ADDRSTATE macros (Nilesh Javali) [Orabug: 18050491] - qla4xxx: Improve loopback failure messages (Nilesh Javali) [Orabug: 18050491] - qla4xxx: Use IDC_CTRL bit1 directly instead of AF_83XX_NO_FWDUMP flag. (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Fix comments in code (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: Print WARN_ONCE() if iSCSI function presence bit removed (Vikas Chaudhary) [Orabug: 18050491] - qla4xxx: ISP8xxx: Correct retry of adapter initialization (Nilesh Javali) [Orabug: 18050491] - qla4xxx: Recreate chap data list during get chap operation (Adheer Chandravanshi) [Orabug: 18050491] - qla4xxx: Add support for ISCSI_PARAM_LOCAL_IPADDR sysfs attr (Adheer Chandravanshi) [Orabug: 18050491] - libiscsi: Add local_ipaddr parameter in iscsi_conn struct (Adheer Chandravanshi) [Orabug: 18050491] - IB/iser: Add Discovery support (Or Gerlitz) [Orabug: 18050491] - scsi_transport_iscsi: Export ISCSI_PARAM_LOCAL_IPADDR attr for iscsi_connection (Adheer Chandravanshi) [Orabug: 18050491] - qla4xxx: Add host statistics support (Lalit Chandivade) [Orabug: 18050491] - scsi_transport_iscsi: Add host statistics support (Lalit Chandivade) [Orabug: 18050491] - qla4xxx: Added support for Diagnostics MBOX command (Vikas Chaudhary) [Orabug: 18050491] - ocfs2: update inode size after zeroed the hole (Junxiao Bi) [Orabug: 18043432] [3.8.13-22.el6uek] - Revert 'sparc64: Fix __copy_{to,from}_user_inatomic defines.' (Dave Kleikamp) [Orabug: 18038851] - sparc64: prevent solaris control domain warnings about Domain Service handles (chris hyser) [Orabug: 18038829] - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (ethan.zhao) [Orabug: 17960129] - scsi/fnic: update to version 1.6.0.8 from 1.5.0.45 (ethan.zhao) [Orabug: 17960129] - sctp: sctp_close: fix release of bindings for deferred call_rcu's (Daniel Borkmann) [Orabug: 17886746] - dtrace: vtimestamp implementation (Kris Van Hees) [Orabug: 17741477] - dtrace: implement SDT in kernel modules (Kris Van Hees) [Orabug: 17851716] - qla4xxx: Driver not able to collect minidump in ISP84xx (Tej Parkash) [Orabug: 17960365] - Modify UEFI anti-bricking code (Matthew Garrett) [Orabug: 17792954] - ocfs2: make 'buffered' as the default coherency option (Wengang Wang) [Orabug: 17988729] - Fixing kABI breakages in struct sock (Thomas Tanaka) [Orabug: 17901058] - tcp: TSQ can use a dynamic limit (Eric Dumazet) [Orabug: 17901058] - tcp: TSO packets automatic sizing (Eric Dumazet) [Orabug: 17901058] - bonding: fix two race conditions in bond_store_updelay/downdelay (Nikolay Aleksandrov) [Orabug: 17931850] - Update lpfc version for 8.3.7.34.4p driver release (Gairy Grannum) - Fixed unassigned variable in ELS timeout message (James Smart) - Fixed incorrect allocation of iDiags directories/files in debugfs (James Smart) - Fix Crash in lpfc_els_timeout_handler (James Smart) - Fix kernel panics from corrupted ndlp list. (James Smart) - Fix Crash in lpfc_els_timeout_handler (James Smart) - Fix Crash in lpfc_els_timeout_handler (James Smart) - [SCSI] lpfc: Fix typo on NULL assignment (Felipe Pena) - Fixed stopped FCF discovery on failed FCF record read. (James Smart) - Fixed IO hang when in msi mode. (James Smart) - tg3: update to broadcom version v3.134f (Jerry Snitselaar) [Orabug: 18037870] - bnx2x: update to broadcom version 1.78.80 (Jerry Snitselaar) [Orabug: 18037860] - PCI: Use pci_wait_for_pending_transaction() instead of for loop (Casey Leedom) [Orabug: 18037860] - PCI: Add pci_wait_for_pending_transaction() (Casey Leedom) [Orabug: 18037860] - bnx2i: update to broadcom version 2.7.8.2b (Jerry Snitselaar) [Orabug: 18037845] - bnx2fc: update to broadcom verison 2.4.1e (Jerry Snitselaar) [Orabug: 18037838] - cnic: update to broadcom version 2.5.18c (Jerry Snitselaar) [Orabug: ] - bnx2: update to broadcom version 2.2.4g (Jerry Snitselaar) [Orabug: ] - qla2xxx: update from mainline 8.05.00.03.39.0-k to qlogic version 8.06.00.14.39.0-k (Guangyu Sun) [Orabug: 17952066] [3.8.13-21.el6uek] - be2iscsi: Bump driver version (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix SGL posting for unaligned ICD values (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix AER handling in driver (Brian Maly) [Orabug: 17799766] - be2iscsi: Invalidate WRB in Abort/Reset Path (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix Insufficient Buffer Error returned in MBX Completion (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix log level for protocol specific logs (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix MSIx creation for SKH-R adapter (Brian Maly) [Orabug: 17799766] - be2iscsi: Display Port Identifier for each iSCSI function (Brian Maly) [Orabug: 17799766] - be2iscsi: Dispaly CID available for connection offload (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix chute cleanup during drivers unload. (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix connection offload to support Dual Chute. (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix CID allocation/freeing to support Dual chute mode (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix WRB_Q posting to support Dual Chute mode (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix SGL Initilization and posting Pages for Dual Chute (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix Template HDR support for Dual Chute mode (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix changes in ASYNC Path for SKH-R adapter (Brian Maly) [Orabug: 17799766] - be2iscsi: Config parameters update for Dual Chute Support (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix soft lock up issue during UE or if FW taking time to respond (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix locking mechanism in Unsol Path (Brian Maly) [Orabug: 17799766] - Subject: [PATCH 04/23] be2iscsi: Fix negotiated parameters upload to FW (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix repeated issue of MAC ADDR get IOCTL (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix the MCCQ count leakage (Brian Maly) [Orabug: 17799766] - be2iscsi: Fix Template HDR IOCTL (Brian Maly) [Orabug: 17799766] - cifs: enable SMB2 support (Jerry Snitselaar) [Orabug: 17486287] - [SCSI] Derive the FLUSH_TIMEOUT from the basic I/O timeout (James Bottomley) [Orabug: 17853273] - hyperv: Fix RNDIS send_completion code path (Haiyang Zhang) [Orabug: 17784576] - [SCSI] fix kabi break (Jerry Snitselaar) [Orabug: 17940334] - [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers (Martin K. Petersen) [Orabug: 17940334] - qlcnic: update to qlogic version 5.3.52.3 (Sucheta Chakraborty) [Orabug: 17937392] - netxen: update to qlogic version 4.0.82 (Sucheta Chakraborty) [Orabug: 17937454] - be2net: Warn users of possible broken functionality on BE2 cards with very old FW versions with latest driver (Somnath Kotur) [Orabug: 17937784] - net: be2net: remove unnecessary pci_set_drvdata() (Jingoo Han) [Orabug: 17937784] - be2net: Rework PCIe error report log messaging (Ajit Khaparde) [Orabug: 17937784] - be2net: change the driver version number to 4.9.224.0 (Ajit Khaparde) [Orabug: 17937784] - be2net: Display RoCE specific counters in ethtool -S (Ajit Khaparde) [Orabug: 17937784] - be2net: Call version 2 of GET_STATS ioctl for Skyhawk-R (Ajit Khaparde) [Orabug: 17937784] - be2net: add a counter for pkts dropped in xmit path (Sathya Perla) [Orabug: 17937784] - be2net: fix adaptive interrupt coalescing (Sathya Perla) [Orabug: 17937784] - be2net: call ENABLE_VF cmd for Skyhawk-R too (Vasundhara Volam) [Orabug: 17937784] - be2net: Create single TXQ on BE3-R 1G ports (Vasundhara Volam) [Orabug: 17937784] - be2net: Call be_vf_setup() even when VFs are enbaled from previous load (Vasundhara Volam) [Orabug: 17937784] - be2net: Fix to display the VLAN priority for a VF (Ajit Khaparde) [Orabug: 17937784] - be2net: Fix to configure VLAN priority for a VF interface. (Ajit Khaparde) [Orabug: 17937784] - be2net: Fix to allow VLAN configuration on VF interfaces. (Ajit Khaparde) [Orabug: 17937784] - be2net: Fix number of VLANs supported in UMC mode for BE3-R. (Ajit Khaparde) [Orabug: 17937784] - be2net: Fix VLAN promiscuous mode programming (Ajit Khaparde) [Orabug: 17937784] - be2net: Fix the size of be_nic_res_desc structure (Ajit Khaparde) [Orabug: 17937784] - be2net: Fix to prevent Tx stall on SH-R when packet size < 32 (Ajit Khaparde) [Orabug: 17937784] - emulex: Remove extern from function prototypes (Joe Perches) [Orabug: 17937784] - be2net: missing variable initialization (Antonio Alecrim Jr) [Orabug: 17937784] - be2net: set and query VEB/VEPA mode of the PF interface (Ajit Khaparde) [Orabug: 17937784] - drivers:net: Convert dma_alloc_coherent(...__GFP_ZERO) to dma_zalloc_coherent (Joe Perches) [Orabug: 17937784] - be2net: implement ethtool set/get_channel hooks (Sathya Perla) [Orabug: 17937784] - be2net: refactor be_setup() to consolidate queue creation routines (Sathya Perla) [Orabug: 17937784] - be2net: Fix be_cmd_if_create() to use MBOX if MCCQ is not created (Sathya Perla) [Orabug: 17937784] - be2net: refactor be_get_resources() code (Sathya Perla) [Orabug: 17937784] - be2net: Fixup profile management routines (Vasundhara Volam) [Orabug: 17937784] - be2net: use EQ_CREATEv2 for SH-R (Sathya Perla) [Orabug: 17937784] - be2net: Check for POST state in suspend-resume sequence (Sarveshwar Bandi) [Orabug: 17937784] - be2net: fix disabling TX in be_close() (Sathya Perla) [Orabug: 17937784] - be2net: Clear any capability flags that driver is not interested in. (Sarveshwar Bandi) [Orabug: 17937784] - be2net: Initialize 'status' in be_cmd_get_die_temperature() (Vasundhara Volam) [Orabug: 17937784] - be2net: fixup log msgs for async events (Vasundhara Volam) [Orabug: 17937784] - be2net: Missing changes from 'fix a Tx stall bug caused by a specific ipv6 packet' (Ravikumar Nelavelli) [Orabug: 17937784] - be2net: Fix displaying supported speeds for BE2 (Vasundhara Volam) [Orabug: 17937784] - be2net: don't limit max MAC and VLAN counts (Vasundhara Volam) [Orabug: 17937784] - be2net: Do not call get_die_temperature cmd for VF (Vasundhara Volam) [Orabug: 17937784] - be2net: Adding more speeds reported by get_settings (Vasundhara Volam) [Orabug: 17937784] - be2net: Staticize local functions (Jingoo Han) [Orabug: 17937784] - be2net: don't use dev_err when AER enabling fails (Ivan Vecera) [Orabug: 17937784] - be2net: delete primary MAC address while unloading (Sathya Perla) [Orabug: 17937784] - be2net: use SET/GET_MAC_LIST for SH-R (Sathya Perla) [Orabug: 17937784] - be2net: refactor MAC-addr setup code (Sathya Perla) [Orabug: 17937784] - be2net: fix pmac_id for BE3 VFs (Sathya Perla) [Orabug: 17937784] - be2net: allow VFs to program MAC and VLAN filters (Sathya Perla) [Orabug: 17937784] - be2net: fix MAC address modification for VF (Sathya Perla) [Orabug: 17937784] - [SCSI] sd: Reduce buffer size for vpd request (Bernd Schubert) [Orabug: 17940334] - [SCSI] sd: fix array cache flushing bug causing performance problems (James Bottomley) [Orabug: 17940334] - [SCSI] Fix race between starved list and device removal (James Bottomley) [Orabug: 17940334] - [SCSI] enable destruction of blocked devices which fail LUN scanning (Bart Van Assche) [Orabug: 17940334] - ixgbevf: upgrade from 2.8.7 to 2.11.3 (ethan.zhao) [Orabug: 17718254] - igb: set default RSS to 0 for performance tuning (ethan.zhao) [Orabug: 175934190] - igb: upgrade from 4.3.0 to 5.0.6 (ethan.zhao) [Orabug: 17711645] - e1000e: Avoid kernel crash during shutdown (Li Zhang) [Orabug: 17854071] - e1000e: upgrade from 2.4.14 to 2.5.4 (ethan.zhao) [Orabug: 17718216] - Btrfs: skip subvol entries when checking if we've created a dir already (Josef Bacik) [Orabug: 17661845] - Btrfs: fix incorrect inode acl reset (Filipe David Borba Manana) [Orabug: 17669341] - Btrfs: allow running defrag in parallel to administrative tasks (Stefan Behrens) [Orabug: 17886022] - zram: allow request end to coincide with disksize (Sergey Senozhatsky) [Orabug: 17879183] - configfs: fix race between dentry put and lookup (Junxiao Bi) [Orabug: 17931342] - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (Carlos Maiolino) [Orabug: 17354234] - Revert 'sg: use rwsem to solve race during exclusive open' (Jerry Snitselaar) [Orabug: 17579131] - Revert 'sg: no need sg_open_exclusive_lock' (Jerry Snitselaar) [Orabug: 17579131] - Revert 'sg: checking sdp->detached isn't protected when open' (Jerry Snitselaar) [Orabug: 17579131] - Revert 'sg: push file descriptor list locking down to per-device locking' (Jerry Snitselaar) [Orabug: 17579131] - NVMe: Merge issue on character device bring-up (Keith Busch) [Orabug: 17940296] - NVMe: Handle ioremap failure (Keith Busch) [Orabug: 17940296] - NVMe: Add pci suspend/resume driver callbacks (Keith Busch) [Orabug: 17940296] - NVMe: Use normal shutdown (Keith Busch) [Orabug: 17940296] - NVMe: Separate controller init from disk discovery (Keith Busch) [Orabug: 17940296] - NVMe: Separate queue alloc/free from create/delete (Keith Busch) [Orabug: 17940296] - NVMe: Group pci related actions in functions (Keith Busch) [Orabug: 17940296] - NVMe: Disk stats for read/write commands only (Keith Busch) [Orabug: 17940296] - NVMe: Bring up cdev on set feature failure (Keith Busch) [Orabug: 17940296] - NVMe: Fix checkpatch issues (Keith Busch) [Orabug: 17940296] - NVMe: Namespace IDs are unsigned (Matthew Wilcox) [Orabug: 17940296] - NVMe: Call nvme_process_cq from submission path (Matthew Wilcox) [Orabug: 17940296] - NVMe: Remove 'process_cq did something' message (Matthew Wilcox) [Orabug: 17940296] - NVMe: Return correct value from interrupt handler (Matthew Wilcox) [Orabug: 17940296] - NVMe: Disk IO statistics (Keith Busch) [Orabug: 17940296] - NVMe: Restructure MSI / MSI-X setup (Matthew Wilcox) [Orabug: 17940296] - NVMe: Use kzalloc instead of kmalloc+memset (Tushar Behera) [Orabug: 17940296] - [SCSI] megaraid_sas: Fix synchronization problem between sysPD IO path and AEN path (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: fixes for few endianess issues (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: addded support for big endian architecture (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Version and Changelog update (Adam Radford) [Orabug: 17940378] - [SCSI] megaraid_sas: Add High Availability clustering support using shared Logical Disks (Adam Radford) [Orabug: 17940378] - scsi/megaraid fixed several typos in comments (Matthias Schid) [Orabug: 17940378] - [SCSI] megaraid_sas: megaraid_sas driver init fails in kdump kernel (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: fix a bug for 64 bit arches (Dan Carpenter) [Orabug: 17940378] - [SCSI] megaraid_sas: fix memory leak if SGL has zero length entries (Bj?rn Mork) [Orabug: 17940378] - [SCSI] megaraid: minor cut and paste error fixed. (James Georgas) [Orabug: 17940378] - [SCSI] megaraid_sas: Changelog and driver version update (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Add support to differentiate between iMR vs MR Firmware (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Add support for Uneven Span PRL11 (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Add support for Extended MSI-x vectors for 12Gb/s controller (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Set IoFlags to enable Fast Path for JBODs for 12 Gb/s controllers (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Add support to display Customer branding details in syslog (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Add support for MegaRAID Fury (device ID-0x005f) 12Gb/s controllers (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Set IO request timeout value provided by OS timeout for Tape devices (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Free event detail memory without device ID check (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Update balance count in driver to be in sync of firmware (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Fix the interrupt mask for Gen2 controller (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: Return DID_ERROR for SCSI IO, when controller is in critical h/w error (Sumit.Saxena@lsi.com) [Orabug: 17940378] - [SCSI] megaraid_sas: release lock on error path (Dan Carpenter) [Orabug: 17940378] - [SCSI] megaraid_sas: Use correct #define for MSI-X capability (Bjorn Helgaas) [Orabug: 17940378] - [SCSI] megaraid_sas: Version and Changelog update (Adam Radford) [Orabug: 17940378] - [SCSI] megaraid_sas: Dont load DevHandle unless FastPath enabled (Adam Radford) [Orabug: 17940378] - [SCSI] megaraid_sas: Add 4k FastPath DIF support (Adam Radford) [Orabug: 17940378] - megaraid: Revert driver update (Martin K. Petersen) [Orabug: 17940378] - cciss: fix broken mutex usage in ioctl (Stephen M. Cameron) [Orabug: 17763620] - cciss: add cciss_mutex (Arnd Bergmann) [Orabug: 17763620] - cciss: remove cciss_kernel_compat.h (Vaughan Cao) [Orabug: 17763620] - block: add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [Orabug: 17763620] - cciss: add small delay when using PCI Power Management to reset for kump (Mike Miller) [Orabug: 17763620] - cciss: set max scatter gather entries to 32 on P600 (Mike Miller) [Orabug: 17763620] - cciss: bug fix to prevent cciss from loading in kdump crash kernel (Mike Miller) [Orabug: 17763620] - cciss: change lowercase to uppercase for P700M def in products (Vaughan Cao) [Orabug: 17763620] - cciss: remove __dev* markings (Vaughan Cao) [Orabug: 17763620] - cciss: upgrade to 4.6.28 (Vaughan Cao) [Orabug: 17763620] - Revert 'SPEC: Fix xen multiboot support' (Jerry Snitselaar) [Orabug: 17792303] - kbuild: Set objects.builtin dependency to bzImage for CONFIG_CTF (Jerry Snitselaar) [Orabug: 17510915] - ubifs: wait for page writeback to provide stable pages (Jan Kara) [Orabug: 17939878] - ocfs2: wait for page writeback to provide stable pages (Jan Kara) [Orabug: 17939878] - block: optionally snapshot page contents to provide stable pages during write (Darrick J. Wong) [Orabug: 17939878] - mm: only enforce stable page writes if the backing device requires it (Darrick J. Wong) [Orabug: 17939878] - bdi: allow block devices to say that they require stable page writes (Darrick J. Wong) [Orabug: 17939878] - netfilter: enable log target (Jerry Snitselaar) [Orabug: 17885348] - qla4xxx: Updated driver version to 5.04.00.00.06.02-uek3 (Tej Parkash) [Orabug: 17960427] - qla4xxx: overflow in qla4xxx_set_chap_entry() (Dan Carpenter) [Orabug: 17960427] - qla4xxx: Add support for additional network parameters settings (Harish Zunjarrao) [Orabug: 17960427] - iscsi_transport: Additional parameters for network settings (Harish Zunjarrao) [Orabug: 17960427] - iscsi_transport: Remove net param enum values (Harish Zunjarrao) [Orabug: 17960427] - qla4xxx: Add support to get CHAP details for flash target session (Adheer Chandravanshi) [Orabug: 17960427] - qla4xxx: Add support to set CHAP entries (Adheer Chandravanshi) [Orabug: 17960427] - scsi_transport_iscsi: Add support to set CHAP entries (Adheer Chandravanshi) [Orabug: 17960427] - qla4xxx: Use offset based on adapter type to set CHAP entry in flash (Adheer Chandravanshi) [Orabug: 17960427] - qla4xxx: Populate local CHAP credentials for flash target sessions (Adheer Chandravanshi) [Orabug: 17960427] - qla4xxx: Support setting of local CHAP index for flash target entry (Adheer Chandravanshi) [Orabug: 17960427] - qla4xxx: Correct the check for local CHAP entry type (Adheer Chandravanshi) [Orabug: 17960427] - qla4xxx: correctly update session discovery_parent_idx. (Manish Rangankar) [Orabug: 17960427] - qla4xxx: Return error if minidump data collection fails (Vikas Chaudhary) [Orabug: 17960427] - qla4xxx: Fix the minidump data collection check in for loop (Santosh Vernekar) [Orabug: 17960427] - qla4xxx: Add pex-dma support for capturing minidump (Santosh Vernekar) [Orabug: 17960427] - qla4xxx: Update Copyright header (Vikas Chaudhary) [Orabug: 17960427] - qla4xxx: Implementation of ACB configuration during Loopback for ISP8042 (Nilesh Javali) [Orabug: 17960427] - qla4xxx: Added support for ISP8042 (Vikas Chaudhary) [Orabug: 17960427] - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951080] {CVE-2013-4470} - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (Gleb Natapov) [Orabug: 17951067] {CVE-2013-6376} - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (Andy Honig) [Orabug: 17951071] {CVE-2013-6368} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367} - SUNRPC: don't map EKEYEXPIRED to EACCES in call_refreshresult (Andy Adamson) [Orabug: 17931738] - NFSv4: Fix state reference counting in _nfs4_opendata_reclaim_to_nfs4_state (Trond Myklebust) [Orabug: 17931293] - NFSv4: don't reprocess cached open CLAIM_PREVIOUS (Weston Andros Adamson) [Orabug: 17931292] - NFSv4: don't fail on missing fattr in open recover (Weston Andros Adamson) [Orabug: 17931290] - NFSv4: fix NULL dereference in open recover (Weston Andros Adamson) [Orabug: 17931281] - NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() (Trond Myklebust) [Orabug: 17931272] - xen/blkback: fix reference counting (Vegard Nossum) [Orabug: 17931209] - blk-core: Fix memory corruption if blkcg_init_queue fails (Mikulas Patocka) [Orabug: 17931205] - xfs: add capability check to free eofblocks ioctl (Dwight Engen) [Orabug: 17931096] - compiler-gcc.h: Add gcc-recommended GCC_VERSION macro (Daniel Santos) [Orabug: 17882877] - fix kabi breakage (Darrick J. Wong) [Orabug: 14548775] - direct-io: Handle O_(D)SYNC AIO (Darrick J. Wong) [Orabug: 14548775] - direct-io: Implement generic deferred AIO completions for ext4 (Darrick J. Wong) [Orabug: 14548775] - direct-io: Implement generic deferred AIO completions (Darrick J. Wong) [Orabug: 14548775] [3.8.13-20.el6uek] - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - ixgbe: update from 3.15.1 to 3.18.7 (ethan.zhao) [Orabug: 17718073] - x86, mtrr: Fix original mtrr range get for mtrr_cleanup (Yinghai Lu) [Orabug: 17812759] - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (Trond Myklebust) [Orabug: 17821884] - [SCSI] hpsa: remove unneeded variable (Tomas Henzl) [Orabug: 17719404] - [SCSI] hpsa: housekeeping patch for device_id and product arrays (Mike Miller) [Orabug: 17719404] - hpsa: add HP Smart Array Gen8 name P822se (Vaughan Cao) [Orabug: 17719404] - [SCSI] hpsa: add HP Smart Array Gen9 PCI ID's (Mike Miller) [Orabug: 17719404] - hpsa: Convert retrun typos to return (Joe Perches) [Orabug: 17719404] - [SCSI] hpsa: fix warning with smp_processor_id() in preemptible (John Kacur) [Orabug: 17719404] - [SCSI] hpsa: fix a race in cmd_free/scsi_done (Tomas Henzl) [Orabug: 17719404] - hpsa: fix compilation error of __dev* markings (Vaughan Cao) [Orabug: 17719404] - hpsa: upgrade to 3.4.2-5 (Vaughan Cao) [Orabug: 17719404] [3.8.13-19.el6uek] - net: fix cipso packet validation when !NETLABEL (Seif Mazareeb) [Orabug: 17806518] - can: dev: fix nlmsg size calculation in can_get_size() (Marc Kleine-Budde) [Orabug: 17806517] - ipv4: fix ineffective source address selection (Jiri Benc) [Orabug: 17806516] - ecryptfs: Fix memory leakage in keystore.c (Geyslan G. Bem) [Orabug: 17806513] - connector: use nlmsg_len() to check message length (Mathias Krause) [Orabug: 17806512] - net: vlan: fix nlmsg size calculation in vlan_get_size() (Marc Kleine-Budde) [Orabug: 17806510] - SPEC: Fix xen multiboot support (Zhigang Wang) [Orabug: 17792303] - config: enable CONFIG_PANIC_ON_OOPS on sparc (Jerry Snitselaar) [Orabug: 17762461] - NFSv4.1: Don't lose locks when a server reboots during delegation return (Trond Myklebust) [Orabug: 17419831] - NFSv4.1 end back channel session draining (Andy Adamson) [Orabug: 17419831] - NFSv4.1 Fix a pNFS session draining deadlock (Andy Adamson) [Orabug: 17419831] - NFSv4.1: Ensure that we free the lock stateid on the server (Trond Myklebust) [Orabug: 17419831] - NFSv4: Convert nfs41_free_stateid to use an asynchronous RPC call (Trond Myklebust) [Orabug: 17419831] - NFSv4: Don't recheck permissions on open in case of recovery cached open (Trond Myklebust) [Orabug: 17419831] - NFSv4: Record the OPEN create mode used in the nfs4_opendata structure (Trond Myklebust) [Orabug: 17419831] - NFSv4: Fix another open/open_recovery deadlock (Trond Myklebust) [Orabug: 17419831] - NLM: Ensure that we resend all pending blocking locks after a reclaim (Trond Myklebust) [Orabug: 17419831] - NFSv4: Fix a reboot recovery race when opening a file (Trond Myklebust) [Orabug: 17419831] - NFSv4: Ensure delegation recall and byte range lock removal don't conflict (Trond Myklebust) [Orabug: 17419831] - NFSv4: Fix up the return values of nfs4_open_delegation_recall (Trond Myklebust) [Orabug: 17419831] - NFSv4.1: Don't lose locks when a server reboots during delegation return (Trond Myklebust) [Orabug: 17419831] - NFSv4.1: Prevent deadlocks between state recovery and file locking (Trond Myklebust) [Orabug: 17419831] - NFSv4: Allow the state manager to mark an open_owner as being recovered (Trond Myklebust) [Orabug: 17419831] - drivers/base/core.c: Always output device renaming messages. (ethan.zhao) [Orabug: 17477783] - ixgbevf: Don't output NIC name before registered. (ethan.zhao) [Orabug: 17477783] - xen/smp: initialize IPI vectors before marking CPU online (Chuck Anderson) [Orabug: 17800009] - cpu: make sure that cpu/online file created before KOBJ_ADD is emitted (Igor Mammedov) [Orabug: 17800009] - cpu: fix 'crash_notes' and 'crash_notes_size' leaks in register_cpu() (Igor Mammedov) [Orabug: 17800009] dtrace-modules-3.8.13-26.el6uek [0.4.2-3] - Obsolete the old provider headers package. [Orabug: 18061595] [0.4.2-2] - Change name of provider headers package, to avoid conflicts on yum update. [Orabug: 18061595] [0.4.2-1] - Fix 'vtimestamp' implementation. [Orabug: 17741477] - Support SDT probes points in kernel modules. [Orabug: 17851716] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-4270 CVE-2013-2850 CVE-2013-2898 CVE-2013-4350 CVE-2013-4205 CVE-2013-4300 CVE-2013-2148 CVE-2013-2893 CVE-2013-2896 CVE-2013-4247 CVE-2013-2147 CVE-2013-2895 CVE-2013-2897 CVE-2013-2899 CVE-2013-6431 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.214.3] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247289] {CVE-2013-7263} {CVE-2013-7265} [2.6.39-400.214.2] - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238382] {CVE-2013-7263} {CVE-2013-7265} - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238353] {CVE-2013-2929} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-2929 CVE-2013-7263 CVE-2013-7265 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-400.34.3] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247290] {CVE-2013-7263} {CVE-2013-7265} [2.6.32-400.34.2] - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18239033] {CVE-2013-2929} {CVE-2013-2929} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18239036] {CVE-2013-7263} {CVE-2013-7265} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-7265 CVE-2013-7263 CVE-2013-2929 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.8.13-26.1.1.el6uek] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247287] {CVE-2013-7263} {CVE-2013-7265} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238377] {CVE-2013-7263} {CVE-2013-7265} - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238348] {CVE-2013-2929} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-7265 CVE-2013-7263 CVE-2013-2929 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 kernel-uek [3.8.13-26.2.2.el6uek] - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18421673] {CVE-2014-2523} - cifs: ensure that uncached writes handle unmapped areas correctly (Jeff Layton) [Orabug: 18461067] {CVE-2014-0069} {CVE-2014-0069} - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461065] {CVE-2014-0101} - vhost-net: insufficient handling of error conditions in get_rx_bufs() (Guangyu Sun) [Orabug: 18461050] {CVE-2014-0055} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-2523 CVE-2014-0069 CVE-2014-0101 CVE-2014-0055 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.214.4] - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18462070] {CVE-2014-2523} - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461090] {CVE-2014-0101} - vhost-net: insufficient handling of error conditions in get_rx_bufs() (Guangyu Sun) [Orabug: 18461089] {CVE-2014-0055} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0101 CVE-2014-0055 CVE-2014-2523 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.34.4uek] - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Daniel Borkmann) [Orabug: 18462076] {CVE-2014-2523} - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (Daniel Borkmann) [Orabug: 18461091] {CVE-2014-0101} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0101 CVE-2014-2523 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [3.8.13-26.2.3.el6uek] - net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603523] {CVE-2014-2851} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-2851 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.214.5] - net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603524] {CVE-2014-2851} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-2851 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 [3.8.13-26.2.4.el6uek] - aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18721961] {CVE-2013-6383} - vhost: fix total length when packets are too short (Michael S. Tsirkin) [Orabug: 18721976] {CVE-2014-0077} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0077 CVE-2013-6383 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.214.6] - aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18721962] {CVE-2013-6383} - vhost: fix total length when packets are too short (Michael S. Tsirkin) [Orabug: 18721977] {CVE-2014-0077} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0077 CVE-2013-6383 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.34.5uek] - aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18723276] {CVE-2013-6383} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-6383 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 kernel-uek [3.8.13-35.el6uek] - n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) [Orabug: 18754908] {CVE-2014-0196} {CVE-2014-0196} [3.8.13-34.el6uek] - aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18721960] {CVE-2013-6383} - vhost: fix total length when packets are too short (Michael S. Tsirkin) [Orabug: 18721975] {CVE-2014-0077} [3.8.13-33.el6uek] - dtrace: ensure one can try to get user pages without locking or faulting (Kris Van Hees) [Orabug: 18653173] - ipv6: don't set DST_NOCOUNT for remotely added routes (Sabrina Dubroca) [Orabug: 18681501] {CVE-2014-2309} - kvm: x86: fix emulator buffer overflow (CVE-2014-0049) (Andrew Honig) [Orabug: 18681519] {CVE-2014-0049} - ib_core: fmr pool hard lock up when cache enabled (Shamir Rabinovitch) [Orabug: 18408531] - bnx2x: disable PTP clock support (Jerry Snitselaar) [Orabug: 18605376] - x86, mm: Revert back good_end setting for 64bit (Brian Maly) [Orabug: 17648536] - IB/sdp: disable APM by default (Shamir Rabinovitch) [Orabug: 18443201] - vxlan: kernel panic when bringing up vxlan (Venkat Venkatsubra) [Orabug: 18295741] - ocfs2: call ocfs2_update_inode_fsync_trans when updating any inode (Darrick J. Wong) [Orabug: 18257094] - ocfs2: improve fsync efficiency and fix deadlock between aio_write and sync_file (Darrick J. Wong) [Orabug: 18257094] - Revert "ocfs2: fix i_mutex deadlock between aio_write and sync_file" (Jerry Snitselaar) [Orabug: 18257094] - config: align with rhck (Jerry Snitselaar) [Orabug: 18685975] - config: disable atmel drivers for ol7 (Jerry Snitselaar) [Orabug: 18665656] - config: enable support for squashfs features (Jerry Snitselaar) [Orabug: 18655723] - qla4xxx: Update driver verion to v5.04.00.05.06.02-uek3 (Tej Parkash) [Orabug: 18552248] - net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603519] {CVE-2014-2851} [3.8.13-32.el6uek] - mm / dtrace: Allow DTrace to entirely disable page faults. (Nick Alcock) [Orabug: 18412802] - mm: allow __get_user_pages() callers to avoid triggering page faults. (Nick Alcock) [Orabug: 18412802] - config: enable nfs client support for rdma (Jerry Snitselaar) [Orabug: 18560595] - NFS: Fix negative overflow in SETATTR timestamps (Chuck Lever) [Orabug: 18476361] - NFS: Transfer full int64 for NFSv4 SETATTR timestamps (Chuck Lever) [Orabug: 18476361] - NFS: Block file size updates during async READ (Chuck Lever) [Orabug: 18391310] - NFS: Use an RPC/RDMA long request for NFS symlink operations (Chuck Lever) [Orabug: 18261861] - SUNRPC: Support long RPC/RDMA requests (Chuck Lever) [Orabug: 18261861] - xprtrdma: Split the completion queue (Chuck Lever) [Orabug: 18560595] - xprtrdma: Make rpcrdma_ep_destroy() return void (Chuck Lever) [Orabug: 18560595] - xprtrdma: Simplify rpcrdma_deregister_external() synopsis (Chuck Lever) [Orabug: 18560595] - xprtrdma: Remove support for MEMWINDOWS registration mode (Chuck Lever) [Orabug: 18560595] - xprtrdma: Disable ALLPHYSICAL mode by default (Chuck Lever) [Orabug: 18560595] - xprtrdma: Remove BOUNCEBUFFERS memory registration mode (Chuck Lever) [Orabug: 18560595] - SUNRPC: RPC/RDMA must invoke xprt_wake_pending_tasks() in process context (Chuck Lever) [Orabug: 18560595] - xprtrdma: add separate Kconfig options for NFSoRDMA client and server support (Jeff Layton) [Orabug: 18560595] - NFS: incorrect "port=" value in /proc/mounts (Chuck Lever) [Orabug: 18560595] - NFS: advertise only supported callback netids (Chuck Lever) [Orabug: 18560595] - SUNRPC: remove KERN_INFO from dprintk() call sites (Chuck Lever) [Orabug: 18560595] - SUNRPC: Fix large reads on NFS/RDMA (Chuck Lever) [Orabug: 18560595] - fnic: Failing to queue aborts due to Q full cause terminate driver timeout (Simha) [Orabug: 18548644] - net: enic: include irq.h for irqreturn_t definitions (Josh Boyer) [Orabug: 18548634] - enic: Call dev_kfree_skb_any instead of dev_kfree_skb. (Eric W. Biederman) [Orabug: 18548634] - enic: Don't receive packets when the napi budget == 0 (Eric W. Biederman) [Orabug: 18548634] - net: enic: slight optimization of addr compare (dingtianhong) [Orabug: 18548634] - net: enic: remove unnecessary pci_set_drvdata() (Jingoo Han) [Orabug: 18548634] - driver/net: enic: update enic maintainers and driver (govindarajulu.v) [Orabug: 18548634] - driver/net: enic: Exposing symbols for Cisco's low latency driver (govindarajulu.v) [Orabug: 18548634] - driver/net: enic: Try DMA 64 first, then failover to DMA (govindarajulu.v) [Orabug: 18548634] - driver/net: enic: record q_number and rss_hash for skb (govindarajulu.v) [Orabug: 18548634] - driver/net: enic: Add multi tx support for enic (govindarajulu.v) [Orabug: 18548634] - drivers/net: enic: Generate notification of hardware crash (Neel Patel) [Orabug: 18548634] - drivers/net: enic: Add an interface for USNIC to interact with firmware (Neel Patel) [Orabug: 18548634] - drivers/net: enic: Adding support for Cisco Low Latency NIC (Neel Patel) [Orabug: 18548634] - drivers/net: enic: Move ethtool code to a separate file (Neel Patel) [Orabug: 18548634] - drivers/net: enic: release rtnl_lock on error-path (Konstantin Khlebnikov) [Orabug: 18548634] - enic: be less verbose about non-critical firmware errors (Stefan Assmann) [Orabug: 18548634] - enic: change sprintf() to snprintf() (Dan Carpenter) [Orabug: 18548634] - dtrace: implement omni-present cyclics (Kris Van Hees) [Orabug: 18323501] - Update .gitignore with generated SDT files. (Nick Alcock) [Orabug: 17851716] - dtrace: avoid unreliable entries in stack() output (Kris Van Hees) [Orabug: 18323450] - drm/i915: hsw: replace !is_pch_edp() with port==PORT_A (Imre Deak) [Orabug: 18429992] - drm/i915: IVB/HSW have 32 fence register (Ville Syrjala) [Orabug: 18429992] - drm/i915: Configure GAM_ECOCHK appropriatly for Gen7 (Ville Syrjala) [Orabug: 18429992] - drm/i915: use lower aux clock divider on non-ULT HSW (Jani Nikula) [Orabug: 18429992] - drm/i915: HSW PM Frequency bits fix (Rodrigo Vivi) [Orabug: 18429992] - drm/i915: there's no PIPESTAT on HAS_PCH_SPLIT platforms (Paulo Zanoni) [Orabug: 18429992] - drm/i915: there's no DSPPOS register on gen4+ (Paulo Zanoni) [Orabug: 18429992] - drm/i915: reorganize intel_lvds_supported (Paulo Zanoni) [Orabug: 18429992] - drm/i915: fix DSPADDR Gen check (Paulo Zanoni) [Orabug: 18429992] - drm/i915: there's no DSPADDR register on Haswell (Paulo Zanoni) [Orabug: 18429992] - drm/i915: there's no DSPSIZE register on gen4+ (Paulo Zanoni) [Orabug: 18429992] - drm/i915: Use cpu_transcoder for HSW_TVIDEO_DIP_* instead of pipe (Rodrigo Vivi) [Orabug: 18429992] - PM: intel_powerclamp: enable driver in defconfigs (Brian Maly) [Orabug: 18429987] - intel_powerclamp: Fix cstate counter detection. (Yuxuan Shui) [Orabug: 18429987] - thermal/intel_powerclamp: Add newer CPU models (Jacob Pan) [Orabug: 18429987] - PM: Introduce Intel PowerClamp Driver (Jacob Pan) [Orabug: 18429987] - tick: export nohz tick idle symbols for module use (Jacob Pan) [Orabug: 18429987] - x86/nmi: export local_touch_nmi() symbol for modules (Jacob Pan) [Orabug: 18429987] - ioatdma: disable RAID on non-Atom platforms and reenable unaligned copies (Brice Goglin) [Orabug: 18430022] - ioatdma: ioat3_alloc_sed can be static (Fengguang Wu) [Orabug: 18430022] - ioatdma: Adding write back descriptor error status support for ioatdma 3.3 (Dave Jiang) [Orabug: 18430022] - ioatdma: S1200 platforms ioatdma channel 2 and 3 falsely advertise RAID cap (Dave Jiang) [Orabug: 18430022] - ioatdma: Adding support for 16 src PQ ops and super extended descriptors (Dave Jiang) [Orabug: 18430022] - ioatdma: skip silicon bug workaround for pq_align for cb3.3 (Dave Jiang) [Orabug: 18430022] - ioatdma: Removing PQ val disable for cb3.3 (Dave Jiang) [Orabug: 18430022] - ioatdma: channel reset scheme fixup on Intel Atom S1200 platforms (Dave Jiang) [Orabug: 18430022] - ioatdma: Add 64bit chansts register read for ioat v3.3. (Dave Jiang) [Orabug: 18430022] - ioatdma: Adding PCI IDs for Intel Atom S1200 product family ioatdma devices (Dave Jiang) [Orabug: 18430022] - ioatdma: Adding Haswell devid for ioatdma (Dave Jiang) [Orabug: 18430022] - ioatdma: allow all channels to have irq coalescing support (Dave Jiang) [Orabug: 18430022] - ioatdma: make debug output more readable (Dave Jiang) [Orabug: 18430022] - ioat/dca: Update DCA BIOS workarounds to use TAINT_FIRMWARE_WORKAROUND (Alexander Duyck) [Orabug: 18430022] - dmaengine: ioat - fix spare sparse complain (Fengguang Wu) [Orabug: 18430022] - ioatdma: fix race between updating ioat->head and IOAT_COMPLETION_PENDING (Dave Jiang) [Orabug: 18430022] - ioat: remove chanerr mask setting for IOAT v3.x (Dave Jiang) [Orabug: 18430022] - PCI: Remove Intel Haswell D3 delays (Todd E Brandt) [Orabug: 18559933] - hyperv-fb: kick off efifb early (Gerd Hoffmann) [Orabug: 18276803] - hyperv-fb: add support for generation 2 virtual machines. (Gerd Hoffmann) [Orabug: 18276803] - vmbus: use resource for hyperv mmio region (Gerd Hoffmann) [Orabug: 18276803] - vmbus: add missing breaks (Gerd Hoffmann) [Orabug: 18276803] - Drivers: hv: fcopy_open() can be static (Fengguang Wu) [Orabug: 18276803] - Drivers: hv: Implement the file copy service (K. Y. Srinivasan) [Orabug: 18276803] - hv: Add hyperv.h to uapi headers (Bjarke Istrup Pedersen) [Orabug: 18276803] - Drivers: hv: Ballon: Make pressure posting thread sleep interruptibly (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: Cleanup the packet send path (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: Extract the mmio information from DSDT (K. Y. Srinivasan) [Orabug: 18276803] - add support for Hyper-V reference time counter (Vadim Rozenfeld) [Orabug: 18276803] - hyperv: enable framebuffer and keyboard drivers (Jerry Snitselaar) [Orabug: 18276803] - Drivers: hv: remove HV_DRV_VERSION (Olaf Hering) [Orabug: 18276803] - x86, hyperv: Move a variable to avoid an unused variable warning (H. Peter Anvin) [Orabug: 18276803] include (David Rientjes) [Orabug: 18276803] - x86, hyperv: Correctly guard the local APIC calibration code (K. Y. Srinivasan) [Orabug: 18276803] - x86, hyperv: Get the local APIC timer frequency from the hypervisor (K. Y. Srinivasan) [Orabug: 18276803] - x86: Correctly detect hypervisor (Jason Wang) [Orabug: 18276803] - x86, hyperv: Handle Xen emulation of Hyper-V more gracefully (K. Y. Srinivasan) [Orabug: 18276803] - X86: Handle Hyper-V vmbus interrupts as special hypervisor interrupts (K. Y. Srinivasan) [Orabug: 18276803] - X86: Add a check to catch Xen emulation of Hyper-V (K. Y. Srinivasan) [Orabug: 18276803] - Input: hyperv-keyboard - pass through 0xE1 prefix (K. Y. Srinivasan) [Orabug: 18276803] - Input: add a driver to support Hyper-V synthetic keyboard (K. Y. Srinivasan) [Orabug: 18276803] - [SCSI] storvsc: NULL pointer dereference fix (Ales Novak) [Orabug: 18276803] - [SCSI] storvsc: Increase the value of STORVSC_MAX_IO_REQUESTS (K. Y. Srinivasan) [Orabug: 18276803] - [SCSI] storvsc: Support FC devices (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Add the GUID fot synthetic fibre channel device (K. Y. Srinivasan) [Orabug: 18276803] - [SCSI] storvsc: Implement multi-channel support (K. Y. Srinivasan) [Orabug: 18276803] - [SCSI] storvsc: Update the storage protocol to win8 level (K. Y. Srinivasan) [Orabug: 18276803] - [SCSI] storvsc: Increase the value of scsi timeout for storvsc devices (K. Y. Srinivasan) [Orabug: 18276803] - [SCSI] storvsc: Handle dynamic resizing of the device (K. Y. Srinivasan) [Orabug: 18276803] - [SCSI] storvsc: Restructure error handling code on command completion (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: scsi: storvsc: Use the consolidated GUID definition (K. Y. Srinivasan) [Orabug: 18276803] - HID: hyperv: make sure input buffer is big enough (David Herrmann) [Orabug: 18276803] - HID: hyperv: convert alloc+memcpy to memdup (Thomas Meyer) [Orabug: 18276803] - Drivers: hid: hid-hyperv: Use consolidated GUID definitions (K. Y. Srinivasan) [Orabug: 18276803] - hyperv: Move state setting for link query (Haiyang Zhang) [Orabug: 18276803] - hyperv: Fix the carrier status setting (Haiyang Zhang) [Orabug: 18276803] - hyperv: Fix race between probe and open calls (Haiyang Zhang) [Orabug: 18276803] - hyperv: Fix the NETIF_F_SG flag setting in netvsc (Haiyang Zhang) [Orabug: 18276803] - Fix the VLAN_TAG_PRESENT in netvsc_recv_callback() (Haiyang Zhang) [Orabug: 18276803] - hyperv: Fix vlan_proto setting in netvsc_recv_callback() (Haiyang Zhang) [Orabug: 18276803] - hyperv: Fix a compiler warning in netvsc_send() (Haiyang Zhang) [Orabug: 18276803] - hyperv: Fix a kernel warning from netvsc_linkstatus_callback() (Haiyang Zhang) [Orabug: 18276803] - Drivers: net: hyperv: Use the consolidated GUID definition (K. Y. Srinivasan) [Orabug: 18276803] - hyperv-fb: add blanking support (Gerd Hoffmann) [Orabug: 18276803] - hyperv-fb: add pci stub (Gerd Hoffmann) [Orabug: 18276803] - drivers/video: add Hyper-V Synthetic Video Frame Buffer Driver (Haiyang Zhang) [Orabug: 18276803] - Drivers: hv: vmbus: Don't timeout during the initial connection with host (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: Specify the target CPU that should receive notification (K. Y. Srinivasan) [Orabug: 18276803] - hyperv: Add support for physically discontinuous receive buffer (Haiyang Zhang) [Orabug: 18276803] - drivers: hv: Mark the function hv_synic_free_cpu() as static in hv.c (Rashika Kheria) [Orabug: 18276803] - Drivers: hv: vmbus: Fix a bug in channel rescind code (K. Y. Srinivasan) [Orabug: 18276803] - drivers: hv: Fix wrong check for synic_event_page (Felipe Pena) [Orabug: 18276803] - Drivers: hv: vmbus: Terminate vmbus version negotiation on timeout (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: util: Correctly support ws2008R2 and earlier (K. Y. Srinivasan) [Orabug: 18276803] - hv: vmbus: fix vmbus_recvpacket_raw() return code (Dan Carpenter) [Orabug: 18276803] - hv: Change variable type to bool (Peter Senna Tschudin) [Orabug: 18276803] - Drivers: hv: vmbus: Do not attempt to negoatiate a new version prematurely (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: Fix a bug in the handling of channel offers (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Do not post pressure status if interrupted (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Fix a bug in the hot-add code (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: incorrect device name is printed when child device is unregistered (Fernando Soto) [Orabug: 18276803] - Drivers: hv: balloon: Initialize the transaction ID just before sending the packet (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: util: Fix a bug in version negotiation code for util services (K. Y. Srinivasan) [Orabug: 18276803] - drivers: hv: allocate synic structures before hv_synic_init() (Jason Wang) [Orabug: 18276803] - drivers: hv: check interrupt mask before read_index (Jason Wang) [Orabug: 18276803] - drivers: hv: switch to use mb() instead of smp_mb() (Jason Wang) [Orabug: 18276803] - Drivers: hv: vmbus: Implement multi-channel support (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Fix a bug in get_vp_index() (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: Fix a bug in hv_need_to_signal() (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Notify the host of permanent hot-add failures (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Support 2M page allocations for ballooning (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Permit Linux to specify hot-add alignment requirements (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: make local functions static (Wei Yongjun) [Orabug: 18276803] - Drivers: hv: Add a new driver to support host initiated backup (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: Handle channel rescind message correctly (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Implement hot-add functionality (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Make the balloon driver not unloadable (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Execute hot-add code in a separate context (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Execute balloon inflation in a separate context (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Do not request completion notification (K. Y. Srinivasan) [Orabug: 18276803] - driver: hv: remove cast for kmalloc return value (Zhang Yanfei) [Orabug: 18276803] - Drivers: hv: vmbus: Use the new infrastructure for delivering VMBUS interrupts (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Prevent the host from ballooning the guest too low (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Add a parameter to delay pressure reporting (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: balloon: Make adjustments to the pressure report (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Use consolidated GUID definitions (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus: Consolidate all offer GUID definitions in hyperv.h (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Bind all vmbbus interrupts to the boot CPU (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: vmbus_flow_handler() can be static (Fengguang Wu) [Orabug: 18276803] - Drivers: hv: remove unused variable in vmbus_recvpacket_raw() (Wei Yongjun) [Orabug: 18276803] - Drivers: hv: Cleanup and consolidate reporting of build/version info (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Capture the host build information (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Implement flow management on the send side (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Enable protocol negotiation with win8 hosts (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Add a check to deal with spurious interrupts (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Handle vmbus interrupts concurrently on all cpus (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Manage event tasklets on per-cpu basis (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Get rid of unnecessary request for offers (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Get rid of the unused global signaling state (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Add code to distribute channel interrupt load (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Modify the interrupt handling code to support win8 and beyond (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Add state to manage incoming channel interrupt load (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Setup a mapping for Hyper-V's notion cpu ID (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Cleanup vmbus_set_event() to support win7 and beyond (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Manage signaling state on a per-connection basis (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Move vmbus version definitions to hyperv.h (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Change the signature of vmbus_set_event() (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Change the signature for hv_signal_event() (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Save and export negotiated vmbus version (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Extend/modify vmbus_channel_offer_channel for win7 and beyond (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Update the ring buffer structure to match win8 functionality (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Support handling multiple VMBUS versions (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Get rid of hv_get_ringbuffer_interrupt_mask() (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Optimize the signaling on the write path (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Optimize signaling in the read path (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Turn off batched reading for util drivers (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Add state to manage batched reading (K. Y. Srinivasan) [Orabug: 18276803] - Drivers: hv: Implement routines for read side signaling optimization (K. Y. Srinivasan) [Orabug: 18276803] - hv: hv_balloon: remove duplicated include from hv_balloon.c (Wei Yongjun) [Orabug: 18276803] - x86, kvm: Switch to use hypervisor_cpuid_base() (Jason Wang) [Orabug: 18276803] - x86: Introduce hypervisor_cpuid_base() (Jason Wang) [Orabug: 18276803] - x86, mm: Create slow_virt_to_phys() (Dave Hansen) [Orabug: 18276803] - x86, mm: Pagetable level size/shift/mask helpers (Dave Hansen) [Orabug: 18276803] - mm: export split_page() (K. Y. Srinivasan) [Orabug: 18276803] - x86, hyperv: HYPERV depends on X86_LOCAL_APIC (H. Peter Anvin) [Orabug: 18276803] - qla2xxx: Update the driver version to 8.07.00.08.39.0-k1. (Saurav Kashyap) [Orabug: 18524767] - qla2xxx: Remove ISP8044 ID from the pci table. (Saurav Kashyap) [Orabug: 18524767] - qla2xxx: Remove mapped vp index iterator macro dead code. (Himanshu Madhani) [Orabug: 18524767] - qla2xxx: Add MBC option for fast SFP data access. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Fix ISPFX00 not displaying the correct FW version after FW update through sysfs Interface. (Armen Baloyan) [Orabug: 18524767] - qla2xxx: Fix beacon blink logic for ISP26xx/83xx. (Himanshu Madhani) [Orabug: 18524767] - qla2xxx: Don't check for firmware hung during the reset context for ISP82XX. (Tej Prakash) [Orabug: 18524767] - qla2xxx: Fixup looking for a space in the outstanding_cmds array in qla2x00_alloc_iocbs(). (Chad Dupuis) [Orabug: 18524767] - qla2xxx: Delay driver unload if there is any pending activity going on. (Sawan Chandak) [Orabug: 18524767] - qla2xxx: ISP27xx queue index shadow registers. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: ISP27xx firmware dump template spec updates (including T274). (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling. (Chad Dupuis) [Orabug: 18524767] - qla2xxx: Check the QLA8044_CRB_DRV_ACTIVE_INDEX register when we are not the owner of the reset. (Hiral Patel) [Orabug: 18524767] - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning. (Chad Dupuis) [Orabug: 18524767] - qla2xxx: Adjust adapter reset routine to the changes in firmware specification for ISPFx00. (Armen Baloyan) [Orabug: 18524767] - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware. (Chad Dupuis) [Orabug: 18524767] - qla2xxx: IOCB data should be copied to I/O mem using memcpy_toio. (Atul Deshmukh) [Orabug: 18524767] - qla2xxx: Use proper log message for flash lock failed error for ISP82XX. (Atul Deshmukh) [Orabug: 18524767] - qla2xxx: Remove configure VFs mailbox command call. (Chad Dupuis) [Orabug: 18524767] - qla2xxx: ISP8044 poll ipmdio bus timeout improvement. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Poll during initialization for ISP25xx and ISP83xx. (Giridhar Malavali) [Orabug: 18524767] - qla2xxx: Fix build errors related to invalid print fields on some architectures. (Chad Dupuis) [Orabug: 18524767] file for msleep declartion in qla_nx2.c file. (Atul Deshmukh) [Orabug: 18524767] - qla2xxx: Use proper log message for flash lock failed error. (Atul Deshmukh) [Orabug: 18524767] - qla2xxx: Decrease pci access for response queue processing for ISPFX00. (Armen Baloyan) [Orabug: 18524767] - qla2xxx: Use jiffies instead of struct timeval and gettimeofday(). (Atul Deshmukh) [Orabug: 18524767] - qla2xxx: Update entry type 270 to match spec update. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Enable fw_dump_size for helga (Hiral Patel) [Orabug: 18524767] - qla2xxx: Remove unnecessary code from qlafx00_intr_handler (Hiral Patel) [Orabug: 18524767] - qla2xxx: Introduce fw_dump_flag to track fw dump progress (Hiral Patel) [Orabug: 18524767] - qla2xxx: Remove unnecessary delays from fw dump code path (Hiral Patel) [Orabug: 18524767] - qla2xxx: Track the process when the ROM_LOCK failure happens (Hiral Patel) [Orabug: 18524767] - qla2xxx: Correction to 27xx template entry types 256 and 258. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Add 8044 serdes bsg interface. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Fix P3P max debug ID. (Chad Dupuis) [Orabug: 18524767] - qla2xxx: Check for peg alive counter and clear any outstanding mailbox command. (Giridhar Malavali) [Orabug: 18524767] - qla2xxx: Support of new Helga minidump opcodes QLA8044_RDDFE(38), QLA8044_RDMDIO(39),QLA8044_POLLWR(40). (Pratik Mohanty) [Orabug: 18524767] - qla2xxx: Allow the next firmware dump if the previous dump capture fails for ISP8044. (Saurav Kashyap) [Orabug: 18524767] - qla2xxx: Add pci device id 0x2271. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive. (Giridhar Malavali) [Orabug: 18524767] - qla2xxx: Log when device state is moved to failed state. (Giridhar Malavali) [Orabug: 18524767] - qla2xxx: Fix sparse warnings in qla_mr.c (Armen Baloyan) [Orabug: 18524767] - qla2xxx: Correct operations for ISP27xx template types 270 and 271. (Joe Carnuccio) [Orabug: 18524767] - qla2xxx: Add and use 32Gbps FC-GS definitions. (Chad Dupuis) [Orabug: 18524767] - qla2xxx: Do not schedule reset when one is already active when receiving an invalid status handle. (Chad Dupuis) [Orabug: 18524767] - qla2xxx: Add IOCB Abort command asynchronous handling (Armen Baloyan) [Orabug: 18524767] - qla2xxx: Add ISP2701 to PCI ID table. (Sawan Chandak) [Orabug: 18524767] - Update qlge driver to v1.00.00.34 (Sucheta Chakraborty) [Orabug: 18552225] - [SCSI] hpsa: update driver version to 3.4.4-1 (Stephen M. Cameron) [Orabug: 18524766] - [SCSI] hpsa: fix bad endif placement in RAID 5 mapper code (Stephen M. Cameron) [Orabug: 18524766] - [SCSI] hpsa: Do not zero fields of ioaccel2 command structure twice (Stephen M. Cameron) [Orabug: 18524766] - [SCSI] hpsa: Add hba mode to the hpsa driver (Stephen M. Cameron) [Orabug: 18524766] - [SCSI] hpsa: remove unused struct request from CommandList (Stephen M. Cameron) [Orabug: 18524766] - [SCSI] hpsa: increase the probability of a reported success after a device reset (Tomas Henzl) [Orabug: 18524766] - [SCSI] hpsa: bring format-in-progress drives online when ready (Stephen M. Cameron) [Orabug: 18524766] - [SCSI] hpsa: remove unused kthread.h header (Stephen M. Cameron) [Orabug: 18524766] - bonding: Inactive slaves should keep inactive flag's value (zheng.li) [Orabug: 18345482] - dtrace: fix leaking psinfo objects (Kris Van Hees) [Orabug: 18383027] - xen/pvhvm: Support more than 32 VCPUs when migrating. (Konrad Rzeszutek Wilk) [Orabug: 18552664] - xen/microcode: Only load under initial domain. (Konrad Rzeszutek Wilk) [Orabug: 18379824] - audit: Make testing for a valid loginuid explicit. (Eric W. Biederman) [Orabug: 18346901] - audit: make validity checking generic (Eric Paris) [Orabug: 18346901] - audit: allow checking the type of audit message in the user filter (Eric Paris) [Orabug: 18346901] - i40e: enable CONFIG_I40E by default (Brian Maly) [Orabug: 18429973] - i40e: add kcompat calls (Brian Maly) [Orabug: 18429973] - i40e: include i40e in kernel proper (Jesse Brandeburg) [Orabug: 18429973] - i40e: debugfs interface (Jesse Brandeburg) [Orabug: 18429973] - i40e: init code and hardware support (Jesse Brandeburg) [Orabug: 18429973] - i40e: implement virtual device interface (Jesse Brandeburg) [Orabug: 18429973] - i40e: driver core headers (Jesse Brandeburg) [Orabug: 18429973] - i40e: driver ethtool core (Jesse Brandeburg) [Orabug: 18429973] - i40e: transmit, receive, and NAPI (Jesse Brandeburg) [Orabug: 18429973] - i40e: main driver core (Jesse Brandeburg) [Orabug: 18429973] - ocfs2: pass "new" parameter to ocfs2_init_xattr_bucket (Wengang Wang) [Orabug: 18447765] - qlcnic: make Kconfig IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0196 CVE-2014-2309 CVE-2014-0049 CVE-2014-0038 CVE-2013-7266 CVE-2013-6885 CVE-2013-4587 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 kernel-uek [3.8.13-35.1.1.el6uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} {CVE-2014-3153} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3153 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.2] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} {CVE-2014-3153} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3153 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.2uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} {CVE-2014-3153} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3153 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 kernel-uek [3.8.13-35.1.2.el6uek] - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028443] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028436] {CVE-2014-1737} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1738 CVE-2014-1737 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.3] - SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028380] {CVE-2014-1874} - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028444] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028438] {CVE-2014-1737} - libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028416] {CVE-2013-6378} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1737 CVE-2013-6378 CVE-2014-1874 CVE-2014-1738 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.3uek] - fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: 19028505] {CVE-2014-0203} - SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028381] {CVE-2014-1874} - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028446] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028439] {CVE-2014-1737} - libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028417] {CVE-2013-6378} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-6378 CVE-2014-1738 CVE-2014-1737 CVE-2014-1874 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 kernel-uek [3.8.13-35.1.3.el6uek] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229497] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230689] {CVE-2014-4699} - net: flow_dissector: fail on evil iph->ihl (Jason Wang) [Orabug: 19231234] {CVE-2013-4348} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4699 CVE-2013-4348 CVE-2014-4943 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.4] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229505] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230690] {CVE-2014-4699} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4699 CVE-2014-4943 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.4uek] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229529] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230692] {CVE-2014-4699} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4943 CVE-2014-4699 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-35.3.3.el7uek] - filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315781] {CVE-2014-3144} {CVE-2014-3145} - mac80211: fix AP powersave TX vs. wakeup race (Emmanuel Grumbach) [Orabug: 19316457] {CVE-2014-2706} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3145 CVE-2014-3144 CVE-2014-2706 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.6] - filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315782] {CVE-2014-3144} {CVE-2014-3145} [2.6.39-400.215.5] - n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) [Orabug: 18756449] {CVE-2014-0196} {CVE-2014-0196} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3145 CVE-2014-3144 CVE-2014-0196 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.6uek] - filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315783] {CVE-2014-3144} {CVE-2014-3145} - futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi() (Darren Hart) [Orabug: 19315318] {CVE-2012-6647} [2.6.32-400.36.5uek] - n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) [Orabug: 18756450] {CVE-2014-0196} {CVE-2014-0196} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-0196 CVE-2012-6647 CVE-2014-3144 CVE-2014-3145 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-35.3.5.el7uek] - net: Use netlink_ns_capable to verify the permisions of netlink messages (Eric W. Biederman) [Orabug: 19404231] {CVE-2014-0181} - net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404231] - net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404231] - netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404231] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404244] {CVE-2014-4667} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4667 CVE-2014-0181 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.7] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404245] {CVE-2014-4667} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4667 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.7uek] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404246] {CVE-2014-4667} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4667 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-44] - net: Use netlink_ns_capable to verify the permisions of netlink messages (Eric W. Biederman) [Orabug: 19404229] {CVE-2014-0181} - net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404229] - net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404229] - netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404229] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404238] {CVE-2014-4667} - Revert 'xen/fb: allow xenfb initialization for hvm guests' (Vaughan Cao) [Orabug: 19320529] [3.8.13-43] - init: fix in-place parameter modification regression (Krzysztof Mazur) [Orabug: 18954967] - drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure (K. Y. Srinivasan) [Orabug: 19280065] - drivers: scsi: storvsc: Set srb_flags in all cases (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Implement a timedout handler (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Filter commands based on the storage protocol version (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host (K. Y. Srinivasan) [Orabug: 19280065] - Drivers: scsi: storvsc: Change the limits to reflect the values on the host (K. Y. Srinivasan) [Orabug: 19280065] [3.8.13-42] - filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315780] {CVE-2014-3144} {CVE-2014-3145} [3.8.13-41] - rds: Lost locking in loop connection freeing (Pavel Emelyanov) [Orabug: 19124446] - ocfs2/o2net: incorrect to terminate accepting connections loop upon rejecting an invalid one (Tariq Saeed) [Orabug: 19296823] - xen/pciback: Don't deadlock when unbinding. (Konrad Rzeszutek Wilk) [Orabug: 19296592] - PCI: Split out pci_dev lock/unlock and save/restore (Alex Williamson) [Orabug: 19296592] [3.8.13-40] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19228689] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19222017] {CVE-2014-4699} - mpt3sas: Rework the MSI-X code to work on systems with many processors (Martin K. Petersen) [Orabug: 18182490] - mpt2sas: Rework the MSI-X code to work on systems with many processors (Martin K. Petersen) [Orabug: 18182490] - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Added Reply Descriptor Post Queue (RDPQ) Array support (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Bump mpt3sas driver version to 03.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Added OEM branding Strings (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: MPI2.5 Rev H (2.5.3) specifications (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Copyright in driver sources is updated for year the 2014 (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Clear PFA Status on SGPIO when PFA Drive is Removed or Replaced (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: MPI2.5 Rev G (2.5.2) specifications (Reddy, Sreekanth) [Orabug: 19015667] - mpt3sas: Remove use of DEF_SCSI_QCMD (Matthew Wilcox) [Orabug: 19015667] - mpt3sas: Remove uses of serial_number (Matthew Wilcox) [Orabug: 19015667] - Allow MPT Fusion SAS 3.0 driver to be built into the kernel (Greg Kroah-Hartman) [Orabug: 19015667] - mpt3sas: Remove phys on topology change (Jan Vesely) [Orabug: 19015667] - mpt3sas: Added a driver module parameter max_msix_vectors (Sreekanth Reddy) [Orabug: 19015667] - mpt3sas: fix cleanup on controller resource mapping failure (Joe Lawrence) [Orabug: 19015667] - Revert 'mpt3sas: update from v02.100.00.00 to v3.00.00.00' (Martin K. Petersen) [Orabug: 19015667] - Revert 'mpt3sas: Rework the MSI-X code to work on systems with many processors' (Martin K. Petersen) [Orabug: 19015667] - mpt2sas: Added module parameter 'unblock_io' to unblock IO's during disk addition (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Bump mpt2sas driver version to 18.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Get IOC_FACTS information using handshake protocol only after HBA card gets into READY or Operational state (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: For >2TB volumes, DirectDrive support sends IO's with LBA bit 31 to IR FW instead of DirectDrive (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Copyright in driver sources is updated for year the 2014 (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Clear PFA Status on SGPIO when PFA Drive is Removed or Replaced (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Bump mpt2sas driver version to 17.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: MPI2 Rev Y (2.00.17) and Rev Z (2.00.18) specifications (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Added driver module parameter max_msix_vectors (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Add free smids to the head, not tail of list (Matthew Wilcox) [Orabug: 19015667] - mpt2sas: Remove use of DEF_SCSI_QCMD (Matthew Wilcox) [Orabug: 19015667] - mpt2sas: Remove uses of serial_number (Matthew Wilcox) [Orabug: 19015667] - mpt2sas: Don't disable device twice at suspend. (Tyler Stachecki) [Orabug: 19015667] - mpt2sas: Remove phys on topology change. (Jan Vesely) [Orabug: 19015667] - mpt2sas: Bump driver version to v16.100.00.00 (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Fix for kernel panic when driver loads with HBA connected to non LUN 0 configured expander (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: when Async scanning is enabled then while scanning, devices are removed but their transport layer entries are not removed (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Infinite loop can occur if MPI2_IOCSTATUS_CONFIG_INVALID_PAGE is not returned (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: The copyright in driver sources is updated for the year 2013 (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: MPI2 Rev X (2.00.16) specifications (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Change in MPI2_RAID_ACTION_SYSTEM_SHUTDOWN_INITIATED notification methodology (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Null pointer deference possibility in mpt2sas_ctl_event_callback function (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: fix cleanup on controller resource mapping failure (Joe Lawrence) [Orabug: 19015667] - mpt2sas: fix for unused variable 'event_data' warning (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Bump driver vesion to v15.100.00.00 (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Calulate the Reply post queue depth calculation as per the MPI spec (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: fix firmware failure with wrong task attribute (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Fix for device scan following host reset could get stuck in a infinite loop (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Update the timing requirements for issuing a Hard Reset (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: MPI2 Rev W (2.00.15) specification (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: Fix for issue Missing delay not getting set during system bootup (Reddy, Sreekanth) [Orabug: 19015667] - mpt2sas: Add support for OEM specific controller (Sreekanth Reddy) [Orabug: 19015667] - mpt2sas: fix for driver fails EEH, recovery from injected pci bus error (Sreekanth Reddy) [Orabug: 19015667] - Revert 'mpt2sas: update to LSI version 16.05.01.00' (Martin K. Petersen) [Orabug: 19015667] - Revert 'mpt2sas: update from 16.05.01.00 to 17.00.00.00' (Martin K. Petersen) [Orabug: 19015667] - Revert 'mpt2sas: Rework the MSI-X code to work on systems with many processors' (Martin K. Petersen) [Orabug: 19015667] - megaraid_sas: Version and Changelog update (Adam Radford) [Orabug: 19015667] - megaraid_sas: Fix LD/VF affiliation parsing (Adam Radford) [Orabug: 19015667] - megaraid_sas: Remove unused variables in megasas_instance (Adam Radford) [Orabug: 19015667] - megaraid_sas: Fix reset_mutex leak (Adam Radford) [Orabug: 19015667] - megaraid_sas: fix a small problem when reading state value from hw (Tomas Henzl) [Orabug: 19015667] - megaraid_sas: Version and Changelog update (Adam Radford) [Orabug: 19015667] - megaraid_sas: Add Dell PowerEdge VRTX SR-IOV VF support (Adam Radford) [Orabug: 19015667] - megaraid_sas: Return leaked MPT frames to MPT frame pool (Adam Radford) [Orabug: 19015667] - megaraid_sas: Fix megasas_ioc_init_fusion (Adam Radford) [Orabug: 19015667] - megaraid_sas: Load correct raid context timeout (Adam Radford) [Orabug: 19015667] - megaraid_sas: Performance boost fixes (Sumit.Saxena@lsi.com) [Orabug: 19015667] - megaraid_sas: Set 32-bit DMA mask (Sumit.Saxena@lsi.com) [Orabug: 19015667] - megaraid_sas: Big endian code related fixes (Sumit.Saxena@lsi.com) [Orabug: 19015667] - megaraid_sas: Don't wait forever for non-IOCTL DCMDs (Sumit.Saxena@lsi.com) [Orabug: 19015667] - megaraid_sas: check return value for megasas_get_pd_list() (Hannes Reinecke) [Orabug: 19015667] - megaraid_sas_fusion: Return correct error value in megasas_get_ld_map_info() (Hannes Reinecke) [Orabug: 19015667] - megaraid_sas_fusion: correctly pass queue info pointer (Hannes Reinecke) [Orabug: 19015667] - megaraid: missing bounds check in mimd_to_kioc() (Dan Carpenter) [Orabug: 19015667] - megaraid: Use resource_size_t for PCI resources, not long (Ben Collins) [Orabug: 19015667] [3.8.13-39] - PCI: Work around Ivytown NTB BAR size issue (Jon Mason) [Orabug: 18127862] - cgroup: make cgroup_path() not print double slashes (Tejun Heo) [Orabug: 18510637] - xen: Introduce 'xen_nopv' to disable PV extensions for HVM guests. (Konrad Rzeszutek Wilk) [Orabug: 19033747] - spec: reenable pesign module signing (Guangyu Sun) [Orabug: 19065003] - [ocfs2]: refcount: take rw_lock in ocfs2_reflink (Wengang Wang) [Orabug: 19154247] - cifs: bugfix for unreclaimed writeback pages in cifs_writev_requeue() (Ouyang Maochun) [Orabug: 18447168] - xfs: add CRCs to attr leaf blocks (Dave Chinner) [Orabug: 18504299] - xfs: add CRCs to dir2/da node blocks (Dave Chinner) [Orabug: 18504299] - xfs: shortform directory offsets change for dir3 format (Dave Chinner) [Orabug: 18504299] - xfs: add CRC checking to dir2 leaf blocks (Dave Chinner) [Orabug: 18504299] - xfs: add CRC checking to dir2 data blocks (Dave Chinner) [Orabug: 18504299] - xfs: add CRC checking to dir2 free blocks (Dave Chinner) [Orabug: 18504299] - xfs: add CRC checks to block format directory blocks (Dave Chinner) [Orabug: 18504299] - xfs: add CRC checks to remote symlinks (Dave Chinner) [Orabug: 18504299] - xfs: split out symlink code into it's own file. (Dave Chinner) [Orabug: 18504299] - xfs: add version 3 inode format with CRCs (Christoph Hellwig) [Orabug: 18504299] - xfs: add CRC checks for quota blocks (Christoph Hellwig) [Orabug: 18504299] - xfs: add CRC checks to the AGI (Dave Chinner) [Orabug: 18504299] - xfs: add CRC checks to the AGFL (Christoph Hellwig) [Orabug: 18504299] - xfs: add CRC checks to the AGF (Dave Chinner) [Orabug: 18504299] - xfs: add support for large btree blocks (Christoph Hellwig) [Orabug: 18504299] - xfs: xfs_iomap_prealloc_size() tracepoint (Brian Foster) [Orabug: 18504299] - xfs: add quota-driven speculative preallocation throttling (Brian Foster) [Orabug: 18504299] - xfs: xfs_dquot prealloc throttling watermarks and low free space (Brian Foster) [Orabug: 18504299] - xfs: pass xfs_dquot to xfs_qm_adjust_dqlimits() instead of xfs_disk_dquot_t (Brian Foster) [Orabug: 18504299] - xfs: push rounddown_pow_of_two() to after prealloc throttle (Brian Foster) [Orabug: 18504299] - xfs: reorganize xfs_iomap_prealloc_size to remove indentation (Brian Foster) [Orabug: 18504299] - xfs: take inode version into account in XFS_LITINO (Christoph Hellwig) [Orabug: 18504299] - xfs: rearrange some code in xfs_bmap for better locality (Dave Chinner) [Orabug: 18504299] - xfs: don't verify buffers after IO errors (Dave Chinner) [Orabug: 18504299] - xfs: limit speculative prealloc size on sparse files (Dave Chinner) [Orabug: 18504299] - xfs: memory barrier before wake_up_bit() (Alex Elder) [Orabug: 18504299] - xfs: refactor space log reservation for XFS_TRANS_ATTR_SET (Jeff Liu) [Orabug: 18504299] - xfs: make use of XFS_SB_LOG_RES() at xfs_fs_log_dummy() (Jeff Liu) [Orabug: 18504299] - xfs: make use of XFS_SB_LOG_RES() at xfs_mount_log_sb() (Jeff Liu) [Orabug: 18504299] - xfs: make use of XFS_SB_LOG_RES() at xfs_log_sbcount() (Jeff Liu) [Orabug: 18504299] - xfs: introduce XFS_SB_LOG_RES() for transactions that modify sb on disk (Jeff Liu) [Orabug: 18504299] - xfs: calculate XFS_TRANS_QM_QUOTAOFF_END space log reservation at mount time (Jeff Liu) [Orabug: 18504299] - xfs: calculate XFS_TRANS_QM_QUOTAOFF space log reservation at mount time (Jeff Liu) [Orabug: 18504299] - xfs: calculate XFS_TRANS_QM_DQALLOC space log reservation at mount time (Jeff Liu) [Orabug: 18504299] - xfs: calcuate XFS_TRANS_QM_SETQLIM space log reservation at mount time (Jeff Liu) [Orabug: 18504299] - xfs: calculate xfs_qm_write_sb_changes() space log reservation at mount time (Jeff Liu) [Orabug: 18504299] - xfs: calculate XFS_TRANS_QM_SBCHANGE space log reservation at mount time (Jeff Liu) [Orabug: 18504299] - xfs: make use of xfs_calc_buf_res() in xfs_trans.c (Jeff Liu) [Orabug: 18504299] - xfs: add a helper to figure out the space log reservation per item (Jeff Liu) [Orabug: 18504299] - xfs: fix fs/xfs/xfs_log.c:1740:39: error: 'B_TRUE' undeclared (Ben Myers) [Orabug: 18504299] - xfs: Remove boolean_t typedef completely. (Thiago Farina) [Orabug: 18504299] (Abhijit Pawar) [Orabug: 18504299] - xfs: don't zero structure members after a memset(0) (Eric Sandeen) [Orabug: 18504299] - xfs remove the XFS_TRANS_DEBUG routines (Mark Tinguely) [Orabug: 18504299] - spec: list linux-firmware as a dependency (Guangyu Sun) [Orabug: 18539100] - kbuild/ctf: Fix out-of-tree module build when CONFIG_CTF=n. (Nick Alcock) [Orabug: 19078361] - dtrace: support order-only-prerequisites for sdtstub generation (Kris Van Hees) [Orabug: 18906444] - qlcnic: Add SRIOV helper function to determine if VFs are assigned to guest (Vaughan Cao) [Orabug: 19167877] - qlcnic: make Kconfig changes (Vaughan Cao) [Orabug: 19167877] - qlcnic: sysfs interface for PCI BAR access (Sony Chacko) [Orabug: 19167877] - qlcnic: Update version to 5.3.59 (Rajesh Borundia) [Orabug: 19167877] - qlcnic: Collect firmware dump using DMA on 82xx adapters (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Add mac learning support to SR-IOV VF. (Rajesh Borundia) [Orabug: 19167877] - qlcnic: Add support to process commands in atomic context (Rajesh Borundia) [Orabug: 19167877] - qlcnic: Allow SR-IOV VF probe in hypervisor. (Rajesh Borundia) [Orabug: 19167877] - qlcnic: Set real_num_{tx|rx}_queues properly (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Fix panic while dumping TX queues on TX timeout (Manish Chopra) [Orabug: 19167877] - qlcnic: Update version to 5.3.58 (Jitendra Kalsaria) [Orabug: 19167877] - qlcnic: Limit vNIC support in legacy interrupt mode (Sucheta Chakraborty) [Orabug: 19167877] - qlcnic: Add driver logs in error path. (Sucheta Chakraborty) [Orabug: 19167877] - qlcnic: Allow setting TX interrupt coalescing parameters from VF. (Sucheta Chakraborty) [Orabug: 19167877] - qlcnic: Add hwmon-sysfs interface to export board temperature. (Harish Patil) [Orabug: 19167877] - qlcnic: Optimize MAC learning code (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Fix memory leak. (Rajesh Borundia) [Orabug: 19167877] - qlcnic: Reset firmware API lock at driver load time (Sony Chacko) [Orabug: 19167877] - qlcnic: Fix MSI-X initialization code (Alexander Gordeev) [Orabug: 19167877] - qlcnic: Do not disable SR-IOV when VFs are assigned to VMs (Manish Chopra) [Orabug: 19167877] - qlcnic: Fix QLogic application/driver interface for virtual NIC configuration (Jitendra Kalsaria) [Orabug: 19167877] - qlcnic: Fix PVID configuration on eSwitch port. (Jitendra Kalsaria) [Orabug: 19167877] - qlcnic: Fix max ring count calculation (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Fix to send INIT_NIC_FUNC as first mailbox. (Sucheta Chakraborty) [Orabug: 19167877] - qlcnic: Fix panic due to uninitialzed delayed_work struct in use. (Sucheta Chakraborty) [Orabug: 19167877] - net: qlcnic: include irq.h for irq definitions (Josh Boyer) [Orabug: 19167877] - qlcnic: Remove casts of pointer to same type (Joe Perches) [Orabug: 19167877] - qlcnic: Update version to 5.3.57 (Shahed Shaikh) [Orabug: 19167877] - qlcnic: dcb: a couple off by one bugs (Dan Carpenter) [Orabug: 19167877] - qlcnic: Fix number of rings when we fall back from msix to legacy. (Rajesh Borundia) [Orabug: 19167877] - qlcnic: Allow any VLAN to be configured from VF. (Sucheta Chakraborty) [Orabug: 19167877] - qlcnic: Fix usage of use_msi and use_msi_x module parameters (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Fix function return error check (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Update version to 5.3.56 (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Enhance semaphore lock access failure error message (Harish Patil) [Orabug: 19167877] - qlcnic: Allow vlan0 traffic (Rajesh Borundia) [Orabug: 19167877] - qlcnic: Enhance driver message in failed state. (Sucheta Chakraborty) [Orabug: 19167877] - qlcnic: Updates to QLogic application/driver interface for virtual NIC configuration (Jitendra Kalsaria) [Orabug: 19167877] - qlcnic: Re-factor firmware minidump template header handling (Shahed Shaikh) [Orabug: 19167877] - qlcnic: Cleanup qlcnic_enable_msix() return values (Alexander Gordeev) [Orabug: 19167877] - qlcnic: Reverse patches till 5.3.55. (Sucheta Chakraborty) [Orabug: 19167877] - qla4xxx: Update driver verion to v5.04.00.06.06.02-uek3 (Tej Parkash) [Orabug: 19144350] - qla4xxx: Use kmemdup instead of kmalloc + memcpy (Benoit Taine) [Orabug: 19144350] - qla4xxx: Fix smatch warning in func qla4xxx_conn_get_param (Adheer Chandravanshi) [Orabug: 19144350] - qla4xxx: Fix smatch warning in func qla4xxx_get_ep_param (Adheer Chandravanshi) [Orabug: 19144350] - qla4xxx: Fix memory leak for ha->saved_acb (Nilesh Javali) [Orabug: 19144350] - qla4xxx: Export sysfs DDBs from DPC handler (Nilesh Javali) [Orabug: 19144350] - qla4xxx: Disable INTx interrupt for ISP82XX (Tej Parkash) [Orabug: 19144350] - hpsa: add previously missing pci_device_id (Vaughan Cao) [Orabug: 19137821] - hpsa: fix handling of hpsa_volume_offline return value (Stephen M. Cameron) [Orabug: 19137821] - hpsa: return -ENOMEM not -1 on kzalloc failure in hpsa_get_device_id (Stephen M. Cameron) [Orabug: 19137821] - hpsa: remove messages about volume status VPD inquiry page not supported (Stephen M. Cameron) [Orabug: 19137821] - hpsa: report check condition even if no sense data present for ioaccel2 mode (Stephen M. Cameron) [Orabug: 19137821] - hpsa: remove bad unlikely annotation from device list updating code (Stephen M. Cameron) [Orabug: 19137821] - hpsa: fix event filtering to prevent excessive rescans with old firmware (Stephen M. Cameron) [Orabug: 19137821] - hpsa: kill annoying messages about SSD Smart Path retries (Stephen M. Cameron) [Orabug: 19137821] - hpsa: define extended_report_lun_entry data structure (Stephen M. Cameron) [Orabug: 19137821] - hpsa: Rearrange start_io to avoid one unlock/lock sequence in main io path (Stephen M. Cameron) [Orabug: 19137821] - hpsa: avoid unnecessary readl on every command submission (Stephen M. Cameron) [Orabug: 19137821] - hpsa: use per-cpu variable for lockup_detected (Stephen M. Cameron) [Orabug: 19137821] - hpsa: set irq affinity hints to route MSI-X vectors across CPUs (Stephen M. Cameron) [Orabug: 19137821] - hpsa: allocate reply queues individually (Stephen M. Cameron) [Orabug: 19137821] - hpsa: choose number of reply queues more intelligently. (Stephen M. Cameron) [Orabug: 19137821] - hpsa: remove dev_dbg() calls from hot paths (Stephen M. Cameron) [Orabug: 19137821] - hpsa: use gcc aligned attribute instead of manually padding structs (Stephen M. Cameron) [Orabug: 19137821] - hpsa: change doorbell reset delay to ten seconds (Justin Lindley) [Orabug: 19137821] - hpsa: allow passthru ioctls to work with bidirectional commands (Stephen M. Cameron) [Orabug: 19137821] - hpsa: remove unused fields from struct ctlr_info (Stephen M. Cameron) [Orabug: 19137821] - hpsa: fix bad comparison of signed with unsigned in hpsa_update_scsi_devices (Joe Handzik) [Orabug: 19137821] - hpsa: do not ignore failure of sense controller parameters command (Joe Handzik) [Orabug: 19137821] - hpsa: fix memory leak in hpsa_hba_mode_enabled (Joe Handzik) [Orabug: 19137821] - hpsa: Checking for a NULL return from a kzalloc call (Joe Handzik) [Orabug: 19137821] - hpsa: unnecessary type conversion for physdev_list (Vaughan Cao) [Orabug: 19137821] - hpsa: detect_controller_lockup don't need return value (Vaughan Cao) [Orabug: 19137821] - hpsa: fixup MSI-X registration (Hannes Reinecke) [Orabug: 19137821] - xen/microcode: Use dummy microcode_ops for non initial domain guest (Zhenzhong Duan) [Orabug: 19053626] - hyperv: Change the receive buffer size for legacy hosts (Haiyang Zhang) [Orabug: 19050496] - be2net: fix qnq mode detection on VFs (Suresh Reddy) [Orabug: 19006455] - be2net: cleanup MCC async event processing code (Sathya Perla) [Orabug: 19006455] - be2net: move async cmd processing to a separate routine (Sathya Perla) [Orabug: 19006455] - be2net: re-factor MCCQ error status handling code (Kalesh AP) [Orabug: 19006455] - be2net: support flashing new regions on Skyhawk-R (Vasundhara Volam) [Orabug: 19006455] - be2net: skip multicast promiscuos setting in already set (Kalesh AP) [Orabug: 19006455] - be2net: enable interrupts in EEH resume (Kalesh AP) [Orabug: 19006455] - net: get rid of SET_ETHTOOL_OPS (Wilfried Klaebe) [Orabug: 19006455] - be2net: use MCCQ instead of MBOX in be_cmd_rss_config() (Kalesh AP) [Orabug: 19006455] - be2net: include rx-compl error counter in ethtool stats (Kalesh AP) [Orabug: 19006455] - be2net: remove unused code in be_cmd_vlan_config() (Kalesh AP) [Orabug: 19006455] - be2net: covert vlan array to bit-map (Ravikumar Nelavelli) [Orabug: 19006455] - be2net: fix line wrap and function call indentation in be_ethtool.c (Sathya Perla) [Orabug: 19006455] - be2net: fix function call indentation in be_cmds.c (Sathya Perla) [Orabug: 19006455] - be2net: fix line wrap and function call indentation in be_main.c (Sathya Perla) [Orabug: 19006455] - be2net: Fix invocation of be_close() after be_clear() (Kalesh AP) [Orabug: 19006455] - be2net: Fix to reap TX compls till HW doesn't respond for some time (Vasundhara Volam) [Orabug: 19006455] - selinux: correctly label /proc inodes in use before the policy is loaded (Paul Moore) [Orabug: 18823621] - mm, hugetlb: improve page-fault scalability (Davidlohr Bueso) [Orabug: 18757256] - config: build TPM HW Random Number Generator as module (Guangyu Sun) [Orabug: 18502024] - cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT (Viresh Kumar) [Orabug: 18464169] - cpufreq: Preserve sysfs files across suspend/resume (Srivatsa S. Bhat) [Orabug: 18464169] - cpufreq, ondemand: Remove leftover debug line (Borislav Petkov) [Orabug: 18464169] - cpufreq: Issue CPUFREQ_GOV_POLICY_EXIT notifier before dropping policy refcount (Viresh Kumar) [Orabug: 18464169] - cpufreq: governors: Fix CPUFREQ_GOV_POLICY_{INIT|EXIT} notifiers (Viresh Kumar) [Orabug: 18464169] - cpufreq: Revert incorrect commit 5800043 (Rafael J. Wysocki) [Orabug: 18464169] - cpufreq: Don't call __cpufreq_governor() for drivers without target() (Viresh Kumar) [Orabug: 18464169] - cpufreq: convert cpufreq_driver to using RCU (Nathan Zimmer) [Orabug: 18464169] - cpufreq: Call __cpufreq_governor() with correct policy->cpus mask (Viresh Kumar) [Orabug: 18464169] - cpufreq: Correct header guards typo (Borislav Petkov) [Orabug: 18464169] - cpufreq: Fix unsigned variable being checked for negative value (jhbird.choi@samsung.com) [Orabug: 18464169] - cpufreq: conservative: Fix the logic in frequency decrease checking (Stratos Karafotis) [Orabug: 18464169] - cpufreq: conservative: Fix sampling_down_factor functionality (Stratos Karafotis) [Orabug: 18464169] - cpufreq: governors: Calculate iowait time only when necessary (Stratos Karafotis) [Orabug: 18464169] - cpufreq: conservative: Fix relation when decreasing frequency (Namhyung Kim) [Orabug: 18464169] - cpufreq: conservative: Break out earlier on the lowest frequency (Namhyung Kim) [Orabug: 18464169] - cpufreq: governors: Avoid unnecessary per cpu timer interrupts (Viresh Kumar) [Orabug: 18464169] - cpufreq: ondemand: Don't update sample_type if we don't evaluate load again (Viresh Kumar) [Orabug: 18464169] - cpufreq: governor: Set MIN_LATENCY_MULTIPLIER to 20 (Viresh Kumar) [Orabug: 18464169] - cpufreq: governor: Implement per policy instances of governors (Viresh Kumar) [Orabug: 18464169] - cpufreq: Add per policy governor-init/exit infrastructure (Viresh Kumar) [Orabug: 18464169] - cpufreq: Convert the cpufreq_driver_lock to a rwlock (Nathan Zimmer) [Orabug: 18464169] - cpufreq: acpi-cpufreq: Don't set policy->related_cpus from .init() (Viresh Kumar) [Orabug: 18464169] - cpufreq: stats: do cpufreq_cpu_put() corresponding to cpufreq_cpu_get() (viresh kumar) [Orabug: 18464169] - cpufreq_stats: do not remove sysfs files if frequency table is not present (Dirk Brandewie) [Orabug: 18464169] - cpufreq: Do not track governor name for scaling drivers with internal governors. (Dirk Brandewie) [Orabug: 18464169] - cpufreq: Only call cpufreq_out_of_sync() for driver that implement cpufreq_driver.target() (Dirk Brandewie) [Orabug: 18464169] - cpufreq: Retrieve current frequency from scaling drivers with internal governors (Dirk Brandewie) [Orabug: 18464169] - cpufreq: Fix locking issues (Viresh Kumar) [Orabug: 18464169] - cpufreq: Create a macro for unlock_policy_rwsem{read,write} (Viresh Kumar) [Orabug: 18464169] - cpufreq: Remove unused HOTPLUG_CPU code (Viresh Kumar) [Orabug: 18464169] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2013-4579 CVE-2014-1690 CVE-2013-2930 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [3.8.13-44.1.1] - auditsc: audit_krule mask accesses need bounds checking (Andy Lutomirski) [Orabug: 19590596] {CVE-2014-3917} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3917 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.8uek] - auditsc: audit_krule mask accesses need bounds checking (Andy Lutomirski) [Orabug: 19590638] {CVE-2014-3917} - futex: Fix errors in nested key ref-counting (Darren Hart) [Orabug: 19590443] {CVE-2014-0205} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3917 CVE-2014-0205 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.10] - auditsc: audit_krule mask accesses need bounds checking (Andy Lutomirski) [Orabug: 19590597] {CVE-2014-3917} [2.6.39-400.215.9] - oracleasm: Add support for new error return codes from block/SCSI (Martin K. Petersen) [Orabug: 18438934] [2.6.39-400.215.8] - ib_ipoib: CSUM support in connected mode (Yuval Shaia) [Orabug: 18692878] - net: Reduce high cpu usage in bonding driver by do_csum (Venkat Venkatsubra) [Orabug: 18141731] - [random] Partially revert 6d7c7e49: random: make 'add_interrupt_randomness() (John Sobecki) [Orabug: 17740293] - oracleasm: claim FMODE_EXCL access on disk during asm_open (Srinivas Eeda) [Orabug: 19453460] - notify block layer when using temporary change to cache_type (Vaughan Cao) [Orabug: 19448451] - sd: Fix parsing of 'temporary ' cache mode prefix (Ben Hutchings) [Orabug: 19448451] - sd: fix array cache flushing bug causing performance problems (James Bottomley) [Orabug: 19448451] - block: fix max discard sectors limit (James Bottomley) [Orabug: 18961244] - xen-netback: fix deadlock in high memory pressure (Junxiao Bi) [Orabug: 18959416] - sdp: fix keepalive functionality (shamir rabinovitch) [Orabug: 18728784] - SELinux: Fix possible NULL pointer dereference in selinux_inode_permission() (Steven Rostedt) [Orabug: 18552029] - refcount: take rw_lock in ocfs2_reflink (Wengang Wang) [Orabug: 18406219] - ipv6: check return value for dst_alloc (Madalin Bucur) [Orabug: 17865160] - cciss: bug fix to prevent cciss from loading in kdump crash kernel (Mike Miller) [Orabug: 17740446] - configfs: fix race between dentry put and lookup (Junxiao Bi) [Orabug: 17627075] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3917 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 [4.1.2-15.1.0.1] - Preliminary fix for CVE-2014-7169 CRITICAL Copyright 2014 Oracle, Inc. CVE-2014-7169 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-44.1.3.el7uek] - ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817785] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817747] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) (Michael S. Tsirkin) [Orabug: 19817646] {CVE-2014-3601} - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816067] {CVE-2014-5077} [3.8.13-44.1.2.el7uek] - CVE-2014-3535: NULL pointer dereference in VxLAN packet logging. (Sasha Levin) [Orabug: 19613139] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4655 CVE-2014-4653 CVE-2014-4654 CVE-2014-3601 CVE-2014-3535 CVE-2014-5077 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.11] - ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817786] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817748] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) (Michael S. Tsirkin) [Orabug: 19817647] {CVE-2014-3601} - mm: try_to_unmap_cluster() should lock_page() before mlocking (Vlastimil Babka) [Orabug: 19817323] {CVE-2014-3122} - vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) [Orabug: 19816563] {CVE-2013-2596} - vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 19816563] {CVE-2013-2596} - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816068] {CVE-2014-5077} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-5077 CVE-2014-4654 CVE-2014-3122 CVE-2013-2596 CVE-2014-4655 CVE-2014-3601 CVE-2014-4653 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.9uek] - ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817787] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817749] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - mm: try_to_unmap_cluster() should lock_page() before mlocking (Vlastimil Babka) [Orabug: 19817324] {CVE-2014-3122} - vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) [Orabug: 19816564] {CVE-2013-2596} - vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 19816564] {CVE-2013-2596} - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816069] {CVE-2014-5077} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4654 CVE-2014-4655 CVE-2014-3122 CVE-2013-2596 CVE-2014-4653 CVE-2014-5077 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-44.1.4.el7uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849334] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849317] {CVE-2014-3181} - kvm: vmx: handle invvpid vm exit gracefully (Petr Matousek) [Orabug: 19906300] {CVE-2014-3646} - nEPT: Nested INVEPT (Nadav Har'El) [Orabug: 19906267] {CVE-2014-3645} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905686] {CVE-2014-3611} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3645 CVE-2014-3611 CVE-2014-3185 CVE-2014-3181 CVE-2014-3646 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.12] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849335] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849318] {CVE-2014-3181} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905687] {CVE-2014-3611} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3185 CVE-2014-3181 CVE-2014-3611 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.10uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849336] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3181} logging macros to functions (Joe Perches) [Orabug: 19847630] {CVE-2014-3535} logging macros to functions (Joe Perches) [Orabug: 19847630] - vsprintf: Recursive vsnprintf: Add '%pV', struct va_format (Joe Perches) [Orabug: 19847630] - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905688] {CVE-2014-3611} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3185 CVE-2014-3181 CVE-2014-3535 CVE-2014-3611 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-44.1.5.el6uek] - net: sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [Orabug: 20010590] {CVE-2014-3687} - net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [Orabug: 20010577] {CVE-2014-3673} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3673 CVE-2014-3687 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.13] - net: sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [Orabug: 20010591] {CVE-2014-3687} - net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [Orabug: 20010578] {CVE-2014-3673} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3687 CVE-2014-3673 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.11uek] - net: sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [Orabug: 20010592] {CVE-2014-3687} - net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [Orabug: 20010579] {CVE-2014-3673} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3673 CVE-2014-3687 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [4.1.2-29.0.1] - Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905294] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-6278 CVE-2014-6277 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1.3.2-1.0.1] - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 - Require Oracle Unbreakable Enterprise Kernel Release 3 or higher - Rename as docker. - Re-enable btrfs graphdriver support [1.3.2-1] - Update source to 1.3.2 from https://github.com/docker/docker/releases/tag/v1.3.2 Prevent host privilege escalation from an image extraction vulnerability (CVE-2014-6407). Prevent container escalation from malicious security options applied to images (CVE-2014-6408). The '--insecure-registry' flag of the 'docker run' command has undergone several refinements and additions. You can now specify a sub-net in order to set a range of registries which the Docker daemon will consider insecure. By default, Docker now defines 'localhost' as an insecure registry. Registries can now be referenced using the Classless Inter-Domain Routing (CIDR) format. When mirroring is enabled, the experimental registry v2 API is skipped. [1.3.1-2] - Remove pandoc from build reqs [1.3.1-1] - update to v1.3.1 [1.3.0-1] - Resolves: rhbz#1153936 - update to v1.3.0 - iptables=false => ip-masq=false [1.2.0-3] - Resolves: rhbz#1139415 - correct path for bash completion /usr/share/bash-completion/completions - sysvinit script update as per upstream commit 640d2ef6f54d96ac4fc3f0f745cb1e6a35148607 - dont own dirs for vim highlighting, bash completion and udev [1.2.0-2] - Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage From: Colin Walters <walters@redhat.com> - patch to ignore selinux if its disabled https://github.com/docker/docker/commit/9e2eb0f1cc3c4ef000e139f1d85a20f0e00971e6 From: Dan Walsh <dwalsh@redhat.com> - Resolves: rhbz#1139415 - correct path for bash completion - init script waits upto 5 mins before terminating daemon [1.2.0-1] - Resolves: rhbz#1132824 - update to v1.2.0 IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-6407 CVE-2014-6408 cpe:/a:oracle:linux:6::addons cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-55] - freezer: set PF_SUSPEND_TASK flag on tasks that call freeze_processes (Colin Cross) [Orabug: 20082843] [3.8.13-54] - netfilter: nf_nat: fix oops on netns removal (Florian Westphal) [Orabug: 19988779] - tcp: tsq: restore minimal amount of queueing (Eric Dumazet) [Orabug: 19909542] - qedf: Fixes for compilation issues on oracle uek3r4. (Saurav Kashyap) [Orabug: 20027243] - qla2xxx: fix wrongly report 'PCI EEH busy' when get_thermal_temp (Vaughan Cao) [Orabug: 19916135] - Revert 'ib_cm: reduce latency when destroying large number of ids' (Guangyu Sun) [Orabug: 20012864] - Revert 'rds: avoid duplicate connection drops for active bonding' (Guangyu Sun) [Orabug: 20012864] - xen/pciback: Restore configuration space when detaching from a guest. (Konrad Rzeszutek Wilk) [Orabug: 19970142] - cpufreq: remove race while accessing cur_policy (Bibek Basu) [Orabug: 19945473] - cpufreq: serialize calls to __cpufreq_governor() (Viresh Kumar) [Orabug: 19945473] - cpufreq: don't allow governor limits to be changed when it is disabled (Viresh Kumar) [Orabug: 19945473] - net: sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [Orabug: 19953088] {CVE-2014-3687} - net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [Orabug: 19953087] {CVE-2014-3673} - perf/x86: Check all MSRs before passing hw check (George Dunlap) [Orabug: 19803968] - o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper (Srinivas Eeda) [Orabug: 19825227] - RDS: add module parameter to allow module unload or not (Wengang Wang) [Orabug: 19927376] - dwarf2ctf: don't use O_PATH in rel_abs_file_name(). (Jamie Iles) [Orabug: 19957565] - dwarf2ctf: don't leak directory fd. (Jamie Iles) [Orabug: 19957565] [3.8.13-53] - net: reset mac header in dev_start_xmit() (Eric Dumazet) [Orabug: 19951043] [3.8.13-52] - xen/efi: rebased version of xen.efi (Jan Beulich) [Orabug: 19878307] [3.8.13-51] - config: enable pm80xx module (Guangyu Sun) [Orabug: 19890236] - free ib_device related resource (Wengang Wang) [Orabug: 19479464] - srq initialization and cleanup -v3.1 (Wengang Wang) [Orabug: 19010606] - rds: avoid duplicate connection drops for active bonding (Ajaykumar Hotchandani) [Orabug: 19870095] - ib_cm: reduce latency when destroying large number of ids (Ajaykumar Hotchandani) [Orabug: 19870101] - IPoIB: Change default IPOIB_RX_RING_SIZE to 2048 (Chien-Hua Yen) [Orabug: 19870157] - ipv6: ip6_dst_check needs to check for expired dst_entries (Hannes Frederic Sowa) [Orabug: 19073604] - netxen: Fix bug in Tx completion path. (Manish Chopra) [Orabug: 19877613] - netxen: Fix BUG 'sleeping function called from invalid context' (Manish Chopra) [Orabug: 19877613] - drivers/net: Convert remaining uses of pr_warning to pr_warn (Joe Perches) [Orabug: 19877613] - treewide: Fix typo in printk (Masanari Iida) [Orabug: 19877613] - PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use (Benoit Taine) [Orabug: 19877613] - bnx2fc: upgrade to 2.5.5.1 (Vaughan Cao) [Orabug: 19892175] - bnx2i: upgrade to 2.7.10.31d1 (Vaughan Cao) [Orabug: 19892173] - bnx2x: upgrade to 1.710.51 (Vaughan Cao) [Orabug: 19877629] - cnic: upgrade to 2.5.20b (Vaughan Cao) [Orabug: 19877628] - bnx2: upgrade to 2.2.5i (Vaughan Cao) [Orabug: 19877628] - Update lpfc version for 10.2.8061.0 driver release. (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8061.0: Fix ExpressLane priority setup (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8061.0: Removed obsolete PCI IDs from the driver. (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8061.0: Fix for initializing RRQ bitmap (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8061.0: Fix for cleaning up stale ring flag and sp_queue_event entries. (Dick Kennedy) [Orabug: 19877605] - lpfc: Add iotag memory barrier (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060.0: Update Copyright on changed files from 8.3.45 patches (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060.0: Fixed locking for scsi task management commands (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060.0: Convert runtime references to old xlane cfg param to fof cfg param (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060: Fix FW dump using sysfs (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060.0: Fix SLI4 s abort loop to process all FCP rings and under ring_lock (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060.0: Fixed kernel panic in lpfc_abort_handler (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060.0: Fix locking for postbufq when freeing (Dick Kennedy) [Orabug: 19877605] - lpfc: remove self-assignments (Dick Kennedy) [Orabug: 19877605] - lpfc 8.3.43: use NULL instead of 0 for pointer (Daeseok Youn) [Orabug: 19877605] - lpfc 10.2.8060.0: Fix locking for lpfc_hba_down_post (Dick Kennedy) [Orabug: 19877605] - lpfc 10.2.8060.0: Fix dynamic transitions of FirstBurst from on to off (Dick Kennedy) [Orabug: 19877605] - lpfc 8.3.45: Fixed crash during driver unload. (James Smart) [Orabug: 19877605] - lpfc 8.3.45: Fixed driver error messages after firmware download (James Smart) [Orabug: 19877605] - lpfc 8.3.45: Fixed missing initialization for task management IOCBs (James Smart) [Orabug: 19877605] - lpfc 8.3.45: Fix sysfs buffer overrun in read of lpfc_fcp_cpu_map for 128 CPUs. (James Smart) [Orabug: 19877605] - lpfc 8.3.45: Incorporate changes to use reason in change_queue_depth function. (James Smart) [Orabug: 19877605] - lpfc 8.3.45: Incorporated support of a low-latency io path (James Smart) [Orabug: 19877605] - lpfc 8.3.45: Added dport mailbox pass through support. (James Smart) [Orabug: 19877605] - be2iscsi : Bump the driver version (John Soni Jose) [Orabug: 19877611] - be2iscsi : Fix kernel panic during reboot/shutdown (John Soni Jose) [Orabug: 19877611] - be2iscsi: Fix processing CQE before connection resources are freed (Jayamohan Kallickal) [Orabug: 19877611] - be2iscsi: Fix updating the boot enteries in sysfs (Jayamohan Kallickal) [Orabug: 19877611] - be2iscsi: Fix the copyright year (Jayamohan Kallickal) [Orabug: 19877611] - be2iscsi: Fix the sparse warning introduced in previous submission (Jayamohan Kallickal) [Orabug: 19877611] - turbostat: fix build breakage (Brian Maly) [Orabug: 19894618] - kvm: vmx: handle invvpid vm exit gracefully (Petr Matousek) [Orabug: 19906290] {CVE-2014-3646} - nEPT: Nested INVEPT (Nadav Har'El) [Orabug: 19905739] {CVE-2014-3645} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905575] {CVE-2014-3611} [3.8.13-50] - NVMe: Do not over allocate for discard requests (Keith Busch) [Orabug: 19791123] - NVMe: Do not open disks that are being deleted (Keith Busch) [Orabug: 19791123] - NVMe: Clear QUEUE_FLAG_STACKABLE (Keith Busch) [Orabug: 19791123] - NVMe: Fix device probe waiting on kthread (Keith Busch) [Orabug: 19791123] - NVMe: Updates for 1.1 spec (Keith Busch) [Orabug: 19791123] - NVMe: Passthrough IOCTL for IO commands (Keith Busch) [Orabug: 19791123] - NVMe: Add revalidate_disk callback (Keith Busch) [Orabug: 19791123] - NVMe: Fix nvmeq waitqueue entry initialization (Keith Busch) [Orabug: 19791123] - NVMe: Translate NVMe status to errno (Keith Busch) [Orabug: 19791123] - NVMe: Fix SG_IO status values (Keith Busch) [Orabug: 19791123] - NVMe: Remove duplicate compat SG_IO code (Keith Busch) [Orabug: 19791123] - NVMe: Reference count pci device (Keith Busch) [Orabug: 19791123] - nvme: Replace rcu_assign_pointer() with RCU_INIT_POINTER() (Andreea-Cristina Bernat) [Orabug: 19791123] - NVMe: Correctly handle IOCTL_SUBMIT_IO when cpus > online queues (Sam Bradshaw) [Orabug: 19791123] - NVMe: Fix filesystem sync deadlock on removal (Keith Busch) [Orabug: 19791123] - NVMe: Add shutdown timeout as module parameter. (Dan McLeran) [Orabug: 19791123] - NVMe: Skip orderly shutdown on failed devices (Keith Busch) [Orabug: 19791123] - NVMe: Whitespace fixes (Keith Busch) [Orabug: 19791123] - NVMe: Handling devices incapable of I/O (Keith Busch) [Orabug: 19791123] - NVMe: Change nvme_enable_ctrl to set EN and manage CC thru ctrl_config. (Dan McLeran) [Orabug: 19791123] - NVMe: Mismatched host/device page size support (Keith Busch) [Orabug: 19791123] - NVMe: Update list of status codes (Matthew Wilcox) [Orabug: 19791123] - NVMe: Async event request (Keith Busch) [Orabug: 19791123] - qlge: Fix compilation warning (Harish Patil) [Orabug: 19877615] - qlge: Fix TSO for non-accelerated vlan traffic (Vlad Yasevich) [Orabug: 19877615] - PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use (Benoit Taine) [Orabug: 19877615] - i40e: Update flow director error messages to reduce user confusion (Carolyn Wyborny) [Orabug: 19882061] - i40evf: enable module build (Brian Maly) [Orabug: 19528533] - i40e/i40evf: Bump build versions (Catherine Sullivan) [Orabug: 19528533] - i40e: Tweak for-loop in i40e_ethtool.c (Catherine Sullivan) [Orabug: 19528533] - i40e: Cleanup if/else statements (Catherine Sullivan) [Orabug: 19528533] - i40e: abstract the close path for better netdev vsis (Shannon Nelson) [Orabug: 19528533] - i40e/i40evf: add tracking to NVM busy state (Shannon Nelson) [Orabug: 19528533] - i40e: Fix an issue with displaying IPv4 FD filters (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Remove a FW workaround (Catherine Sullivan) [Orabug: 19528533] - i40e/i40evf: Bump build versions (Catherine Sullivan) [Orabug: 19528533] - i40e: Enable VF Tx bandwidth setting (Mitch Williams) [Orabug: 19528533] - i40e: Reset the VF upon conflicting VLAN configuration (Greg Rose) [Orabug: 19528533] - i40e: remove open-coded skb_cow_head (Francois Romieu) [Orabug: 19528533] - i40evf: program RSS LUT correctly (Mitch A Williams) [Orabug: 19528533] - i40evf: remove open-coded skb_cow_head (Francois Romieu) [Orabug: 19528533] - i40e: Remove casts of pointer to same type (Joe Perches) [Orabug: 19528533] - i40e/i40evf: Remove addressof casts to same type (Joe Perches) [Orabug: 19528533] - i40e: fix function kernel doc description (Jean Sacren) [Orabug: 19528533] - i40e: Use DEBUG_FD message level for an FD message (Anjali Singhai Jain) [Orabug: 19528533] - i40e/i40evf: Add an FD message level (Anjali Singhai Jain) [Orabug: 19528533] - i40e: check for netdev before debugfs use (Shannon Nelson) [Orabug: 19528533] - i40evf: remove double space after return (Jesse Brandeburg) [Orabug: 19528533] - i40e: Add functionality for FD SB to drop packets (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Cleanup in FDIR SB ethtool code (Anjali Singhai Jain) [Orabug: 19528533] - i40e: eeprom integrity check on load and empr (Shannon Nelson) [Orabug: 19528533] - i40e: Make the alloc and free queue vector calls orthogonal (Greg Rose) [Orabug: 19528533] - i40evf: fix oops in watchdog handler (Mitch Williams) [Orabug: 19528533] - i40e: Delete ATR filter on RST (Anjali Singhai Jain) [Orabug: 19528533] - i40evf: clean up init error messages (Mitch Williams) [Orabug: 19528533] - i40evf: don't shut down admin queue on error (Mitch Williams) [Orabug: 19528533] - i40e: Fix a message string (Anjali Singhai Jain) [Orabug: 19528533] - i40e/i40evf: Add EEE LPI stats (Anjali Singhai Jain) [Orabug: 19528533] - i40e/i40evf: Bump build versions (Catherine Sullivan) [Orabug: 19528533] - i40e: potential array underflow in i40e_vc_process_vf_msg() (Dan Carpenter) [Orabug: 19528533] - i40e/i40evf: reduce context descriptors (Jesse Brandeburg) [Orabug: 19528533] - i40e/i40evf: enable hardware feature head write back (Jesse Brandeburg) [Orabug: 19528533] - i40e: Patch to enable Ethtool/netdev feature flag for NTUPLE control (Anjali Singhai Jain) [Orabug: 19528533] - i40evf: use min_t (Mitch Williams) [Orabug: 19528533] - i40evf: correctly program RSS HLUT table (Mitch Williams) [Orabug: 19528533] - net/i40e: Avoid double setting of NETIF_F_SG for the HW encapsulation feature mask (Or Gerlitz) [Orabug: 19528533] - i40evf: Rename i40e_ptype_lookup i40evf_ptype_lookup (Eric W Biederman) [Orabug: 19528533] - i40e: Don't receive packets when the napi budget == 0 (Eric W. Biederman) [Orabug: 19528533] - i40e/i40evf: Use correct number of VF vectors (Mitch Williams) [Orabug: 19528533] - i40e: Let MDD events be handled by MDD handler (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Bug fix for FDIR replay logic (Anjali Singhai Jain) [Orabug: 19528533] - i40e: add missing variable to i40e_ethtool (Brian Maly) [Orabug: 19528533] - i40e: Add code to handle FD table full condition (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Define a new state variable to keep track of feature auto disable (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Fix function comments (Akeem G Abodunrin) [Orabug: 19528533] - i40e: make string references to q be queue (Jesse Brandeburg) [Orabug: 19528533] - i40e/i40evf: Some flow director HW definition fixes (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Fix a bug in the update logic for FDIR SB filter. (Anjali Singhai Jain) [Orabug: 19528533] - i40e: delete netdev after deleting napi and vectors (Shannon Nelson) [Orabug: 19528533] - i40e/i40evf: Bump pf&vf build versions (Catherine Sullivan) [Orabug: 19528533] - i40e/i40evf: carefully fill tx ring (Jesse Brandeburg) [Orabug: 19528533] - i40e: fix nvm version and remove firmware report (Jesse Brandeburg) [Orabug: 19528533] - i40e: Remove a redundant filter addition (Anjali Singhai Jain) [Orabug: 19528533] - i40e: count timeout events (Jesse Brandeburg) [Orabug: 19528533] - i40e: Remove a FW workaround for Number of MSIX vectors (Anjali Singhai Jain) [Orabug: 19528533] - i40e: clean up comment style (Shannon Nelson) [Orabug: 19528533] - i40e: Prevent overflow due to kzalloc (Akeem G Abodunrin) [Orabug: 19528533] - i40e: Flow Director sideband accounting (Joseph Gasparakis) [Orabug: 19528533] - i40evf: Enable the ndo_set_features netdev op (Greg Rose) [Orabug: 19528533] - i40e and i40evf: Bump driver versions (Catherine Sullivan) [Orabug: 19528533] - i40e: Change MSIX to MSI-X (Catherine Sullivan) [Orabug: 19528533] - i40e: tighten up ring enable/disable flow (Mitch Williams) [Orabug: 19528533] - i40e: remove unnecessary delay (Mitch Williams) [Orabug: 19528533] - i40evf: remove errant space (Mitch A Williams) [Orabug: 19528533] - i40evf: update version and copyright date (Mitch Williams) [Orabug: 19528533] - i40evf: store ring size in ring structs (Mitch Williams) [Orabug: 19528533] - i40evf: don't guess device name (Mitch Williams) [Orabug: 19528533] - i40evf: remove bogus comment (Mitch Williams) [Orabug: 19528533] - i40evf: fix up strings in init task (Mitch Williams) [Orabug: 19528533] - i40evf: get rid of pci_using_dac (Mitch Williams) [Orabug: 19528533] - i40evf: fix multiple crashes on remove (Mitch Williams) [Orabug: 19528533] - i40evf: remove VLAN filters on close (Mitch Williams) [Orabug: 19528533] - i40evf: request reset on tx hang (Mitch Williams) [Orabug: 19528533] - i40e: Use pci_enable_msix_range() instead of pci_enable_msix() (Alexander Gordeev) [Orabug: 19528533] - net: i40evf: Remove duplicate include (Sachin Kamat) [Orabug: 19528533] - i40evf: refactor reset handling (Mitch Williams) [Orabug: 19528533] - i40evf: change type of flags variable (Mitch Williams) [Orabug: 19528533] - i40evf: don't store unnecessary array of strings (Mitch Williams) [Orabug: 19528533] - i40evf: fix bogus comment (Mitch Williams) [Orabug: 19528533] - i40evf: clean up adapter struct (Mitch Williams) [Orabug: 19528533] - i40e: don't handle VF reset on unload (Mitch Williams) [Orabug: 19528533] - i40e: enable extant VFs (Mitch Williams) [Orabug: 19528533] - i40e: reset VFs after PF reset (Mitch Williams) [Orabug: 19528533] - i40e: set VF state to active when reset is complete (Mitch Williams) [Orabug: 19528533] - i40e: remove dead code (Mitch Williams) [Orabug: 19528533] - i40e: Setting i40e_down bit for tx_timeout (Akeem G Abodunrin) [Orabug: 19528533] - i40evf: clean up memsets (Mitch Williams) [Orabug: 19528533] - i40evf: trivial fixes (Jesse Brandeburg) [Orabug: 19528533] - i40e: bump driver version (Jesse Brandeburg) [Orabug: 19528533] - i40e: spelling error (Jesse Brandeburg) [Orabug: 19528533] - i40e: refactor flow director (Anjali Singhai Jain) [Orabug: 19528533] - i40e: rename defines (Jesse Brandeburg) [Orabug: 19528533] - i40e: whitespace fixes (Jesse Brandeburg) [Orabug: 19528533] - i40e: Change firmware workaround (Jesse Brandeburg) [Orabug: 19528533] - i40e: fix compile warning on checksum_local (Jesse Brandeburg) [Orabug: 19528533] - i40e: updates to AdminQ interface (Shannon Nelson) [Orabug: 19528533] - i40e: check desc pointer before printing (Shannon Nelson) [Orabug: 19528533] - i40e: Remove autogenerated Module.symvers file. (David S. Miller) [Orabug: 19528533] - i40e: Retain MAC filters on port VLAN deletion (Greg Rose) [Orabug: 19528533] - i40e: Warn admin to reload VF driver on port VLAN configuration (Greg Rose) [Orabug: 19528533] - i40e: Bump version number (Catherine Sullivan) [Orabug: 19528533] - i40e: trivial cleanup (Jesse Brandeburg) [Orabug: 19528533] - i40e: whitespace fixes (Jesse Brandeburg) [Orabug: 19528533] - i40e: make message meaningful (Mitch Williams) [Orabug: 19528533] - i40e: associate VMDq queue with VM type (Shannon Nelson) [Orabug: 19528533] - i40e: remove extra register write (Mitch Williams) [Orabug: 19528533] - i40e: Bump version (Catherine Sullivan) [Orabug: 19528533] - i40e: fix log message wording (Shannon Nelson) [Orabug: 19528533] - i40e: enable PTP (Jacob Keller) [Orabug: 19528533] - i40e: call clear_pxe after adminq is initialized (Shannon Nelson) [Orabug: 19528533] - i40e: clear qtx_head before enabling Tx queue (Shannon Nelson) [Orabug: 19528533] - i40e: adjust ITR max and min values (Shannon Nelson) [Orabug: 19528533] - i40e: check for possible incorrect ipv6 checksum (Shannon Nelson) [Orabug: 19528533] - i40e: allow VF to remove any MAC filter (Mitch Williams) [Orabug: 19528533] - i40e: do not bail when disabling if Tx queue disable fails (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Setting queue count to 1 using ethtool is valid (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Cleanup Doxygen warnings (Jeff Kirsher) [Orabug: 19528533] - i40e: fix long lines (Mitch Williams) [Orabug: 19528533] - i40e: Bump version (Catherine Sullivan) [Orabug: 19528533] - i40e: Update the Current NVM version Low value (Anjali Singhai Jain) [Orabug: 19528533] - i40e: drop unused macros (Jesse Brandeburg) [Orabug: 19528533] - i40e: use assignment instead of memcpy (Mitch Williams) [Orabug: 19528533] - i40e: Turn flow director off in MFP mode (Catherine Sullivan) [Orabug: 19528533] - i40e: Add a dummy packet template (Jesse Brandeburg) [Orabug: 19528533] - i40e: fix spelling errors (Jesse Brandeburg) [Orabug: 19528533] - i40e: trivial: formatting and checkpatch fixes (Mitch Williams) [Orabug: 19528533] - i40e: shorten wordy fields (Mitch Williams) [Orabug: 19528533] - i40e: accept pf to pf adminq messages (Shannon Nelson) [Orabug: 19528533] - i40e: remove interrupt on AQ error (Shannon Nelson) [Orabug: 19528533] - i40e: release NVM resource reservation on startup (Shannon Nelson) [Orabug: 19528533] - i40e: Cleanup reconfig rss path (Anjali Singhai Jain) [Orabug: 19528533] - i40e: disable packet split (Jesse Brandeburg) [Orabug: 19528533] - i40e: add a comment on barrier and fix panic on reset (Greg Rose) [Orabug: 19528533] - i40e: Fix MAC format in Write MAC address AQ cmd (Kamil Krawczyk) [Orabug: 19528533] - i40e: Fix GPL header (Greg Rose) [Orabug: 19528533] - i40e: use kernel specific defines (Jesse Brandeburg) [Orabug: 19528533] - i40e: Re-enable interrupt on ICR0 (Anjali Singhai Jain) [Orabug: 19528533] - i40e: correctly setup ARQ descriptors (Mitch Williams) [Orabug: 19528533] - i40e: remove redundant AQ enable (Kamil Krawczyk) [Orabug: 19528533] - i40e: Enable/Disable PF switch LB on SR-IOV configure changes (Greg Rose) [Orabug: 19528533] - i40e: whitespace paren and comment tweaks (Shannon Nelson) [Orabug: 19528533] - i40e: rework shadow ram read functions (Shannon Nelson) [Orabug: 19528533] - i40e: check MAC type before any REG access (Shannon Nelson) [Orabug: 19528533] - i40e: move PF ID init from PF reset to SC init (Shannon Nelson) [Orabug: 19528533] - i40e: Reduce range of interrupt reg in reg test (Shannon Nelson) [Orabug: 19528533] - i40e: update firmware api to 1.1 (Shannon Nelson) [Orabug: 19528533] - i40e: Add code to wait for FW to complete in reset path (Shannon Nelson) [Orabug: 19528533] - i40e: Bump version (Catherine Sullivan) [Orabug: 19528533] - i40e: Allow VF to set already assigned MAC address (Greg Rose) [Orabug: 19528533] - i40e: Stop accepting any VLAN tag on VLAN 0 filter set (Greg Rose) [Orabug: 19528533] - i40e: Do not enable broadcast promiscuous by default (Greg Rose) [Orabug: 19528533] - i40e: Expose AQ debugfs hooks (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Do not allow AQ calls from ndo-ops (Anjali Singhai Jain) [Orabug: 19528533] - i40e: check asq alive before notify (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Admin queue shutdown fixes (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Hide the Port VLAN VLAN ID (Greg Rose) [Orabug: 19528533] - i40e: use correct struct for get and update vsi params (Shannon Nelson) [Orabug: 19528533] - i40e: Fix VF driver MAC address configuration (Greg Rose) [Orabug: 19528533] - i40e: support VFs on PFs other than 0 (Mitch Williams) [Orabug: 19528533] - i40e: acknowledge VFLR when disabling SR-IOV (Mitch Williams) [Orabug: 19528533] - i40e: don't allocate zero size (Mitch Williams) [Orabug: 19528533] - i40e: use struct assign instead of memcpy (Mitch Williams) [Orabug: 19528533] - i40e: Do not enable default port on the VEB (Greg Rose) [Orabug: 19528533] - i40e: avoid unnecessary register read (Mitch Williams) [Orabug: 19528533] - i40e: fix whitespace (Jesse Brandeburg) [Orabug: 19528533] - i40e: Fix SR-IOV VF port VLAN (Greg Rose) [Orabug: 19528533] - i40e: Record dma buffer info for dummy packets (Anjali Singhai Jain) [Orabug: 19528533] - i40e: remove un-necessary io-write (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Remove unnecessary prototypes (Anjali Singhai Jain) [Orabug: 19528533] - i40e: I40E_FLAG_MQ_ENABLED is not used (Neerav Parikh) [Orabug: 19528533] - i40e: Fix ring allocation (Neerav Parikh) [Orabug: 19528533] - i40e: catch unset q_vector (Shannon Nelson) [Orabug: 19528533] - i40e: keep allocated memory in structs (David Cassard) [Orabug: 19528533] - i40e: fix error handling when alloc of vsi array fails (Shannon Nelson) [Orabug: 19528533] - i40e: reinit buffer size each time (Mitch Williams) [Orabug: 19528533] - i40e: use functions to enable and disable icr 0 (Mitch Williams) [Orabug: 19528533] - i40e: add header file flag _I40E_TXRX_H_ (Vasu Dev) [Orabug: 19528533] - i40e: guard against vf message races (Mitch Williams) [Orabug: 19528533] - i40e: fix constant cast issues (Jesse Brandeburg) [Orabug: 19528533] - i40e: Change the ethtool NVM read method to use AQ (Anjali Singhai Jain) [Orabug: 19528533] - i40e: fix mac address checking (Jesse Brandeburg) [Orabug: 19528533] - i40e: Dump the whole NVM, not half (Anjali Singhai Jain) [Orabug: 19528533] - i40e: report VF MAC addresses correctly (Mitch Williams) [Orabug: 19528533] - i40e: update led set args (Jesse Brandeburg) [Orabug: 19528533] - i40e: make a define from a large constant (Mitch Williams) [Orabug: 19528533] - i40e: be more informative (Mitch Williams) [Orabug: 19528533] - i40e: fix error return (Mitch Williams) [Orabug: 19528533] - i40e: remove chatty log messages (Mitch Williams) [Orabug: 19528533] - i40e: remove redundant code (Mitch Williams) [Orabug: 19528533] - i40e: refactor VF reset flow (Mitch Williams) [Orabug: 19528533] - i40e: move i40e_reset_vf (Mitch Williams) [Orabug: 19528533] - i40e: fix curly brace use and return type (Shannon Nelson) [Orabug: 19528533] - i40e: add wake-on-lan support (Shannon Nelson) [Orabug: 19528533] - i40e: Suppress HMC error to Interrupt message level (Anjali Singhai Jain) [Orabug: 19528533] - i40e: using for_each_set_bit to simplify the code (Wei Yongjun) [Orabug: 19528533] - i40e: make functions static and remove dead code (Stephen Hemminger) [Orabug: 19528533] - i40e: Fix off by one in i40e_dbg_command_write (Alan Cox) [Orabug: 19528533] - i40e: Bump version number (Catherine Sullivan) [Orabug: 19528533] - i40e: Fix wrong mask bits being used in misc interrupt (Anjali Singhai Jain) [Orabug: 19528533] - i40e: more print_hex_dump use (Shannon Nelson) [Orabug: 19528533] - i40e: fix up scanf decoders (Shannon Nelson) [Orabug: 19528533] - i40e: simplify error messages for dump descriptor (Shannon Nelson) [Orabug: 19528533] - i40e: prevent null pointer exception in dump descriptor (Shannon Nelson) [Orabug: 19528533] - i40e: Fix dump output from debugfs calls (Neerav Parikh) [Orabug: 19528533] - i40e: Remove FCoE in i40e_virtchnl_pf.c code (Neerav Parikh) [Orabug: 19528533] - i40e: support for suspend and resume (Shannon Nelson) [Orabug: 19528533] - i40e: rtnl_lock in reset path fixes (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Add basic support for get/set channels for RSS (Anjali Singhai Jain) [Orabug: 19528533] - i40e: function to reconfigure RSS queues and rebuild (Anjali Singhai Jain) [Orabug: 19528533] - i40e: reinit flow for the main VSI (Anjali Singhai Jain) [Orabug: 19528533] - i40e: use same number of queues as CPUs (Jesse Brandeburg) [Orabug: 19528533] - i40e: trivial fixes (Jesse Brandeburg) [Orabug: 19528533] - i40e: init flow control settings to disabled (Jesse Brandeburg) [Orabug: 19528533] - i40e: Tell the stack about our actual number of queues (Anjali Singhai Jain) [Orabug: 19528533] - i40e: fix pf reset after offline test (Shannon Nelson) [Orabug: 19528533] - i40e: fix up some of the ethtool connection reporting (Brian Maly) [Orabug: 19528533] - i40e: Bump version number (Catherine Sullivan) [Orabug: 19528533] - i40e: remove and fix confusing define name (Jesse Brandeburg) [Orabug: 19528533] - i40e: complain about out-of-range descriptor request (Shannon Nelson) [Orabug: 19528533] - i40e: loopback info and set loopback fix (Kamil Krawczyk) [Orabug: 19528533] - i40e: restrict diag test messages (Shannon Nelson) [Orabug: 19528533] - i40e: Add a new variable to track number of pf instances (Anjali Singhai Jain) [Orabug: 19528533] - i40e: add num_VFs message (Anjali Singhai Jain) [Orabug: 19528533] - i40e: refactor ethtool tests (Shannon Nelson) [Orabug: 19528533] - i40e: clear test state bit after all ethtool tests (Shannon Nelson) [Orabug: 19528533] - i40e: only set up the rings to be used (Shannon Nelson) [Orabug: 19528533] - i40e: Enable all PCTYPEs except FCOE for RSS. (Anjali Singhai Jain) [Orabug: 19528533] - i40e: refactor reset code (Anjali Singhai Jain) [Orabug: 19528533] - i40e: Bump version (Catherine Sullivan) [Orabug: 19528533] - i40e: whitespace (Jeff Kirsher) [Orabug: 19528533] - i40e: enable early hardware support (Jesse Brandeburg) [Orabug: 19528533] - i40e: Add flag for L2 VEB filtering (Kevin Scott) [Orabug: 19528533] - i40e: get media type during link info (Jesse Brandeburg) [Orabug: 19528533] - i40e: check multi-bit state correctly (Jesse Brandeburg) [Orabug: 19528533] - i40e: separate TSYNVALID and TSYNINDX fields in Rx descriptor (Jacob Keller) [Orabug: 19528533] - i40e: sync header files with hardware (Anjali Singhai Jain) [Orabug: 19528533] - i40e: restrict diag test length (Kamil Krawczyk) [Orabug: 19528533] - i40e: add support for triggering EMPR (Shannon Nelson) [Orabug: 19528533] - i40e: add interrupt test (Shannon Nelson) [Orabug: 19528533] - i40e: default debug mask setting (Shannon Nelson) [Orabug: 19528533] - i40e: fix debugging messages (Mitch Williams) [Orabug: 19528533] - i40e: properly add VF MAC addresses (Mitch Williams) [Orabug: 19528533] - i40e: retry call on timeout (Shannon Nelson) [Orabug: 19528533] - i40e: select reset counters correctly (Shannon Nelson) [Orabug: 19528533] - i40e: allow one more vector for VFs (Mitch Williams) [Orabug: 19528533] - i40e: firmware version fields offsets update (Anjali Singhai jain) [Orabug: 19528533] - i40e: simplify aq head-tail-len setups (Shannon Nelson) [Orabug: 19528533] - i40e: clear AQ head and tail registers (Shannon Nelson) [Orabug: 19528533] - i40e: register file updates (Anjali Singhai jain) [Orabug: 19528533] - i40e: set pf_id based on device and function numbers (Christopher Pau) [Orabug: 19528533] - i40e: fix null dereference (Jesse Brandeburg) [Orabug: 19528533] - i40e: fix error return code in i40e_probe() (Wei Yongjun) [Orabug: 19528533] (Wei Yongjun) [Orabug: 19528533] - i40e: Bump version (Catherine Sullivan) [Orabug: 19528533] - i40e: use pf_id for pf function id in qtx_ctl (Shannon Nelson) [Orabug: 19528533] - i40e: check vsi ptrs before dumping them (Shannon Nelson) [Orabug: 19528533] - i40e: reorder block declarations in debugfs (Shannon Nelson) [Orabug: 19528533] - i40e: tweaking icr0 handling for legacy irq (Shannon Nelson) [Orabug: 19528533] - i40e: refactor fdir setup function (Jesse Brandeburg) [Orabug: 19528533] - i40e: fix sign extension issue (Jesse Brandeburg) [Orabug: 19528533] - i40e: fix use of untrusted scalar value warning (Jesse Brandeburg) [Orabug: 19528533] - i40e: clamp debugfs nvm read command (Jesse Brandeburg) [Orabug: 19528533] - i40e: debugfs fixups (Jesse Brandeburg) [Orabug: 19528533] - i40e: fixup legacy interrupt handling (Shannon Nelson) [Orabug: 19528533] - i40e: assign correct vector to VF (Mitch Williams) [Orabug: 19528533] - i40e: don't free nonexistent rings (Mitch Williams) [Orabug: 19528533] - i40e: do not flush after re-enabling interrupts (Jesse Brandeburg) [Orabug: 19528533] - i40e: Bump version (Catherine Sullivan) [Orabug: 19528533] - i40e: Add support for 64 bit netstats (Alexander Duyck) [Orabug: 19528533] - i40e: Move rings from pointer to array to array of pointers (Alexander Duyck) [Orabug: 19528533] - i40e: Replace ring container array with linked list (Alexander Duyck) [Orabug: 19528533] - i40e: Move q_vectors from pointer to array to array of pointers (Alexander Duyck) [Orabug: 19528533] - i40e: Split bytes and packets from Rx/Tx stats (Alexander Duyck) [Orabug: 19528533] - i40e: Add support for Tx byte queue limits (Alexander Duyck) [Orabug: 19528533] - i40e: Drop dead code and flags from Tx hotpath (Alexander Duyck) [Orabug: 19528533] - i40e: clean up Tx fast path (Alexander Duyck) [Orabug: 19528533] - i40e: Do not directly increment Tx next_to_use (Alexander Duyck) [Orabug: 19528533] - i40e: Cleanup Tx buffer info layout (Alexander Duyck) [Orabug: 19528533] - i40e: Drop unused completed stat (Alexander Duyck) [Orabug: 19528533] - i40e: Link code updates (Anjali Singhai) [Orabug: 19528533] - i40e: clean up coccicheck reported errors (Jesse Brandeburg) [Orabug: 19528533] - i40e: better return values (Jesse Brandeburg) [Orabug: 19528533] - i40e: convert ret to aq_ret (Jesse Brandeburg) [Orabug: 19528533] - i40e: small clean ups from review (Jesse Brandeburg) [Orabug: 19528533] - i40e: use common failure flow (Jesse Brandeburg) [Orabug: 19528533] - i40e: Fix device ID define names to align to standard (Shannon Nelson) [Orabug: 19528533] - i40evf: conform to UEK kapi (Brian Maly) [Orabug: 19528533] - i40evf: A0 silicon specific (Greg Rose) [Orabug: 19528533] - i40evf: add driver to kernel build system (Greg Rose) [Orabug: 19528533] - i40evf: init code and hardware support (Greg Rose) [Orabug: 19528533] - i40evf: driver core headers (Greg Rose) [Orabug: 19528533] - i40evf: virtual channel interface (Greg Rose) [Orabug: 19528533] - i40evf: core ethtool functionality (Greg Rose) [Orabug: 19528533] - i40evf: transmit and receive functionality (Greg Rose) [Orabug: 19528533] - i40evf: main driver core (Greg Rose) [Orabug: 19528533] - Revert 'i40e: upgrade to 1.0.15' (Brian Maly) [Orabug: 19528533] - ixgbe: Look up MAC address on SPARC systems (Martin K. Petersen) [Orabug: 18182472] - cpufreq: intel_pstate: allow driver to be built as a module (Brian Maly) [Orabug: 19250051] - cpufreq: intel_pstate: enable driver in kernel config (Brian Maly) [Orabug: 19250051] - cpufreq: intel_pstate: Remove core_pct rounding (Stratos Karafotis) [Orabug: 19250051] - cpufreq: intel_pstate: Simplify P state adjustment logic. (Stratos Karafotis) [Orabug: 19250051] - cpufreq: intel_pstate: Keep values in aperf/mperf in full precision (Stratos Karafotis) [Orabug: 19250051] - cpufreq: intel_pstate: Disable interrupts during MSRs reading (Stratos Karafotis) [Orabug: 19250051] IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-1739 CVE-2014-4014 CVE-2014-3184 CVE-2014-4171 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-55.1.1] - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192540] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192516] {CVE-2014-4027} - HID: logitech: perform bounds checking on device_id early enough (Jiri Kosina) [Orabug: 20192477] {CVE-2014-3182} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192448] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192416] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192367] {CVE-2014-4656} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192208] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192058] {CVE-2014-3688} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-3186 CVE-2014-6410 CVE-2014-4656 CVE-2014-4652 CVE-2014-3688 CVE-2014-3182 CVE-2014-4027 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.14] - HID: magicmouse: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 19849355] {CVE-2014-3181} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192542] {CVE-2014-4652} - target/rd: Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug: 20192517] {CVE-2014-4027} - media-device: fix infoleak in ioctl media_enum_entities() (Salva Peiro) [Orabug: 20192501] {CVE-2014-1739} {CVE-2014-1739} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192449] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192418] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192376] {CVE-2014-465} - HID: picolcd: sanity check report size in raw_event() callback (Jiri Kosina) [Orabug: 20192205] {CVE-2014-3186} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192059] {CVE-2014-3688} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-6410 CVE-2014-4652 CVE-2014-1739 CVE-2014-3181 CVE-2014-3186 CVE-2014-3688 CVE-2014-4656 CVE-2014-4027 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.12] - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3184} - ALSA: control: Protect user controls against concurrent access (Lars-Peter Clausen) [Orabug: 20192545] {CVE-2014-4652} - udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) [Orabug: 20192451] {CVE-2014-6410} - ALSA: control: Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192420] {CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug: 20192379] {CVE-2014-4656} - net: sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [Orabug: 20192060] {CVE-2014-3688} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-4656 CVE-2014-3688 CVE-2014-3184 CVE-2014-6410 CVE-2014-4652 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-55.1.2.el6uek] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224059] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224027] {CVE-2014-9090} {CVE-2014-9322} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-5472 CVE-2014-9090 CVE-2014-9322 CVE-2014-5471 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.215.15] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224060] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224028] {CVE-2014-9090} {CVE-2014-9322} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-5472 CVE-2014-5471 CVE-2014-9090 CVE-2014-9322 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.13uek] - net: guard tcp_set_keepalive() to tcp sockets (Eric Dumazet) [Orabug: 20224099] {CVE-2012-6657} - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224061] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224029] {CVE-2014-9090} {CVE-2014-9322} IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-9090 CVE-2012-6657 CVE-2014-5471 CVE-2014-9322 CVE-2014-5472 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 [1.3.3-1.0.1] - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 - Require Oracle Unbreakable Enterprise Kernel Release 3 or higher - Rename as docker. - Re-enable btrfs graphdriver support [1.3.3-1] - Update source to 1.3.3 from https://github.com/docker/docker/releases/tag/v1.3.3 Path traversal during processing of absolute symlinks (CVE-2014-9356) Escalation of privileges during decompression of LZMA (.xz) archives (CVE-2014-9357) IMPORTANT Copyright 2014 Oracle, Inc. CVE-2014-9358 CVE-2014-9357 CVE-2014-9356 cpe:/a:oracle:linux:6::addons cpe:/a:oracle:linux:7::addons Oracle Linux 6 [2.12-1.149.4] - Fix recursive dlopen() (#1173469). [2.12-1.149.3] - Fix typo in res_send and res_query (#rh1172023). [2.12-1.149.2] - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1139571). [2.12-1.149.1] - Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170121). MODERATE Copyright 2015 Oracle, Inc. CVE-2014-6040 CVE-2014-7817 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [31.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [31.4.0-1] - Update to 31.4.0 ESR [31.3.0-9] - Fixed problems with dictionaries (mozbz#1097550) - Fixed rhbz#1164855 - firefox.desktop is missing x-scheme-handler MimeType entries [31.3.0-7] - Added Python 2.7 to build Firefox [31.3.0-6] - ia64 fix (mozbz#1093278) CRITICAL Copyright 2015 Oracle, Inc. CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 [31.4.0-1.0.1.el6_6] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.4.0-1] - Update to 31.4.0 [31.3.0-3] - Fixed problems with dictionaries (mozbz#1097550) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8634 CVE-2014-8639 CVE-2014-8638 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1.0.1e-34.7] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records MODERATE Copyright 2015 Oracle, Inc. CVE-2014-3572 CVE-2015-0206 CVE-2015-0205 CVE-2014-3571 CVE-2014-3570 CVE-2014-8275 CVE-2015-0204 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 Oracle Linux 7 [1:1.7.0.75-2.5.4.0.0.1.el6_6] - Update DISTRO_NAME in specfile [1:1.7.0.75-2.5.4.0] - Fix abrt_friendly_hs_log_jdk7.patch to apply again. [1:1.7.0.75-2.5.4.0] - Bump to 2.5.4 using OpenJDK 7u75 b13. - Remove earlier temporary patch for RH1146622 (included upstream) - Fix elliptic curve list as part of fsg.sh - Resolves: rhbz#1180295 - Resolves: rhbz#1173706 CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-0395 CVE-2014-3566 CVE-2014-6593 CVE-2014-6585 CVE-2015-0383 CVE-2014-6587 CVE-2015-0410 CVE-2015-0412 CVE-2014-6601 CVE-2015-0407 CVE-2015-0408 CVE-2014-6591 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 [1:1.8.0.31-1.b13] - Update to January CPU patch update. - Resolves: RHBZ#1180299 [1:1.8.0.25-4.b17] - updated aarch64 sources - epoch synced to 1 - all ppcs excluded from classes dump(1156151) - Resolves: rhbz#1173706 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-3566 CVE-2015-0437 CVE-2014-6587 CVE-2015-0408 CVE-2014-6591 CVE-2015-0412 CVE-2014-6549 CVE-2014-6585 CVE-2014-6593 CVE-2015-0383 CVE-2015-0407 CVE-2014-6601 CVE-2015-0395 CVE-2015-0410 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1.900.1-16.3] - CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1183671) - CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183679) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8157 CVE-2014-8158 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.33-1.13.6.1.0.1.el5_11] - Add oracle-enterprise.patch [1:1.6.0.34-1.13.6.1] - Update to latest 1.13.6 release candidate tarball - Fixes a number of issues found with b34: - * OJ51, PR2187: Sync patch for 4873188 with 7 version - * OJ52, PR2185: Application of 6786276 introduces compatibility issue - * OJ53, PR2181: strict-aliasing warnings issued on PPC32 - * OJ54, PR2182: 6911104 reintroduces test fragment removed in existing 6964018 backport - * S6730740, PR2186: Fix for 6729881 has apparently broken several 64 bit tests: 'Bad address' - * S7031830, PR2183: bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine - Also includes PR2180, so patch dropped from RPM. - Resolves: rhbz#1180289 [1:1.6.0.34-1.13.6.0] - Apply pr2180.patch to work around issue with older autotools. - Resolves: rhbz#1180289 [1:1.6.0.34-1.13.6.0] - Update to IcedTea 1.13.6 - Apply pr2125.patch in generate_rhel_zip.sh to remove unwanted elliptic curves. - Add no_pr2125.patch to avoid repeating the procedure during the IcedTea build. - Avoid duplicating the OpenJDK build version by making more use of %{openjdkver}. - Add US_export_policy.jar and local_policy.jar to packages. - Resolves: rhbz#1180289 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-6601 CVE-2014-6587 CVE-2015-0395 CVE-2015-0383 CVE-2015-0407 CVE-2015-0412 CVE-2014-6591 CVE-2014-3566 CVE-2014-6585 CVE-2014-6593 CVE-2015-0408 CVE-2015-0410 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [2.6.32-504.8.1] - [crypto] crc32c: Kill pointless CRYPTO_CRC32C_X86_64 option (Jarod Wilson) [1175509 1036212] - [crypto] testmgr: add larger crc32c test vector to test FPU path in crc32c_intel (Jarod Wilson) [1175509 1036212] - [crypto] tcrypt: Added speed test in tcrypt for crc32c (Jarod Wilson) [1175509 1036212] - [crypto] crc32c: Optimize CRC32C calculation with PCLMULQDQ instruction (Jarod Wilson) [1175509 1036212] - [crypto] crc32c: Rename crc32c-intel.c to crc32c-intel_glue.c (Jarod Wilson) [1175509 1036212] [2.6.32-504.7.1] - [kernel] ipc/sem: Fully initialize sem_array before making it visible (Rik van Riel) [1172029 1165277] - [kernel] ipc/sem: synchronize semop and semctl with IPC_RMID (Rik van Riel) [1172029 1165277] - [kernel] ipc/sem: update sem_otime for all operations (Larry Woodman) [1172025 1168588] - [fs] fuse: prevent null nd panic on dentry revalidate (Brian Foster) [1172022 1162782] - [net] netfilter: ipset: timeout values corrupted on set resize (Marcelo Leitner) [1172764 1152754] - [net] netfilter: fix xt_TCPOPTSTRIP in forwarding path (Marcelo Leitner) [1172027 1135650] - [usb] ehci: Fix panic on hotplug race condition (Don Zickus) [1172024 1107010] - [usb] usb_wwan: replace release and disconnect with a port_remove hook (Stanislaw Gruszka) [1172030 1148615] - [x86] traps: stop using IST for #SS (Petr Matousek) [1172810 1172811] {CVE-2014-9322} [2.6.32-504.6.1] - [fs] ext4: don't count external journal blocks as overhead (Eric Sandeen) [1168504 1163811] - [net] sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [1163090 1153980] {CVE-2014-7841} - [netdrv] e100: fix typo in MDI/MDI-X eeprom check in e100_phy_init (John Greene) [1165985 1156417] - [powerpc] Add smp_mb()s to arch_spin_unlock_wait() (Gustavo Duarte) [1165986 1136224] - [powerpc] Add smp_mb() to arch_spin_is_locked() (Gustavo Duarte) [1165986 1136224] - [kernel] cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags (Aaron Tomlin) [1165002 1045310] - [documentation] cpuset: Update the cpuset flag file (Aaron Tomlin) [1165002 1045310] - [alsa] control: Make sure that id->index does not overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656} - [alsa] control: Handle numid overflow (Jacob Tanenbaum) [1149140 1117312] {CVE-2014-4656} - [s390] mm: fix SIGBUS handling (Hendrik Brueckner) [1169433 1145070] - [fs] gfs2: fix bad inode i_goal values during block allocation (Abhijith Das) [1165001 1130684] - [md] dm-thin: fix pool_io_hints to avoid looking at max_hw_sectors (Mike Snitzer) [1161420 1161421 1142773 1145230] [2.6.32-504.5.1] - [fs] nfsd: don't halt scanning the DRC LRU list when there's an RC_INPROG entry (J. Bruce Fields) [1168129 1150675] [2.6.32-504.4.1] - [fs] nfs: Make sure pre_change_attr is initialized correctly (Scott Mayhew) [1163214 1160042] - [usb] ehci: Fix a regression in the ISO scheduler (Gustavo Duarte) [1162072 1145805] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-4656 CVE-2014-7841 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 Oracle Linux 7: [2.17-55.0.4.el7_0.5] - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi) [2.17-55.5] - Rebuild and run regression testing. [2.17-55.4] - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535). [2.17-55.3] - Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118) [2.17-55.2] - ftell: seek to end only when there are unflushed bytes (#1170187). [2.17-55.1] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, Oracle Linux 6 : [2.12-1.149.5] - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533). CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-0235 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch Oracle Linux 6 Oracle Linux 7 [0.1.3-4] - Add patch for CVE-2014-9130 (RHBZ#1169369) MODERATE Copyright 2015 Oracle, Inc. CVE-2014-9130 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:1:base cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 Oracle Linux 6 [1.6.11-12] - mod_dav_svn fix for CVE-2014-3580 backport [1.6.11-11] - add security fixes for CVE-2014-3528, CVE_2014-3580 MODERATE Copyright 2015 Oracle, Inc. CVE-2014-3580 CVE-2014-3528 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [4.0.0-66.rc4] - related: #1191387 - Update patchset for CVE-2015-0240. [4.0.0-65.rc4] - resolves: #1191387 - CVE-2015-0240: RCE in netlogon. CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-0240 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [3.6.23-14.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-14] - related: #1191338 - Update patchset for CVE-2015-0240. [3.6.23-13] - resolves: #1191338 - CVE-2015-0240: RCE in netlogon. CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-0240 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 firefox [31.5.0-2.0.1.el7_0] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [31.5.0-2] - Update to 31.5.0 ESR Build 2 xulrunner [31.5.0-1.0.1-el7_0] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [31.5.0-1] - Update to 31.5.0 ESR [31.4.0-2] - Added -std=gnu++0x to libxul library build flags (rhbz#1170226) CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-0831 CVE-2015-0836 CVE-2015-0822 CVE-2015-0827 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:0:patch cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 [31.5.0-1.0.1.el6_6] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.5.0-1] - Update to 31.5.0 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-0822 CVE-2015-0831 CVE-2015-0827 CVE-2015-0836 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [1.2.11.15-50] - Release 1.2.11.15-50 - Resolves: #1179099 - Problem with single value attribute MMR replication (DS 47915, DS 569) [1.2.11.15-49] - Release 1.2.11.15-49 - Resolves: #1180629 - CVE-2014-8105: information disclosure through 'cn=changelog' subtree - Resolves: #1179099 - Problem with single value attribute MMR replication (DS 47915) - Resolves: #1179595 - default nsslapd-sasl-max-buffer-size should be 2MB (DS 47457) - Resolves: #1179100 - ACI's are replaced by 'ACI_ALL' after editing goup of ACI's including invalid one (DS 47953) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8105 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [32:9.9.4-18.1] - Fix CVE-2015-1349 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-1349 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-504.12.2] - [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159} [2.6.32-504.12.1] - [fs] splice: perform generic write checks (Eric Sandeen) [1163798 1155900] {CVE-2014-7822} [2.6.32-504.11.1] - [virt] kvm: excessive pages un-pinning in kvm_iommu_map error path (Jacob Tanenbaum) [1156520 1156521] {CVE-2014-8369} - [x86] crypto: Add support for 192 & 256 bit keys to AESNI RFC4106 (Jarod Wilson) [1184332 1176211] - [block] nvme: Clear QUEUE_FLAG_STACKABLE (David Milburn) [1180555 1155715] - [net] netfilter: conntrack: disable generic tracking for known protocols (Daniel Borkmann) [1182071 1114697] {CVE-2014-8160} - [xen] pvhvm: Fix vcpu hotplugging hanging (Vitaly Kuznetsov) [1179343 1164278] - [xen] pvhvm: Don't point per_cpu(xen_vpcu, 33 and larger) to shared_info (Vitaly Kuznetsov) [1179343 1164278] - [xen] enable PVHVM VCPU placement when using more than 32 CPUs (Vitaly Kuznetsov) [1179343 1164278] - [xen] support large numbers of CPUs with vcpu info placement (Vitaly Kuznetsov) [1179343 1164278] [2.6.32-504.10.1] - [netdrv] tg3: Change nvram command timeout value to 50ms (Ivan Vecera) [1182903 1176230] [2.6.32-504.9.1] - [net] ipv6: increase ip6_rt_max_size to 16384 (Hannes Frederic Sowa) [1177581 1112946] - [net] ipv6: don't set DST_NOCOUNT for remotely added routes (Hannes Frederic Sowa) [1177581 1112946] - [net] ipv6: don't count addrconf generated routes against gc limit (Hannes Frederic Sowa) [1177581 1112946] - [net] ipv6: Don't put artificial limit on routing table size (Hannes Frederic Sowa) [1177581 1112946] - [scsi] bnx2fc: fix tgt spinlock locking (Maurizio Lombardi) [1179098 1079656] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8159 CVE-2014-7822 CVE-2014-8369 CVE-2014-8160 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [2.3.11-15.el6_6.1] - Fixes CVE-2014-9657 - Check minimum size of record_size. - Fixes CVE-2014-9658 - Use correct value for minimum table length test. - Fixes CVE-2014-9675 - New macro that checks one character more than strncmp. - Fixes CVE-2014-9660 - Check _BDF_GLYPH_BITS. - Fixes CVE-2014-9661 - Initialize face->ttf_size. - Always set face->ttf_size directly. - Exclusively use the truetype font driver for loading the font contained in the sfnts array. - Fixes CVE-2014-9663 - Fix order of validity tests. - Fixes CVE-2014-9664 - Add another boundary testing. - Fix boundary testing. - Fixes CVE-2014-9667 - Protect against addition overflow. - Fixes CVE-2014-9669 - Protect against overflow in additions and multiplications. - Fixes CVE-2014-9670 - Add sanity checks for row and column values. - Fixes CVE-2014-9671 - Check size and offset values. - Fixes CVE-2014-9673 - Fix integer overflow by a broken POST table in resource-fork. - Fixes CVE-2014-9674 - Fix integer overflow by a broken POST table in resource-fork. - Additional overflow check in the summation of POST fragment lengths. - Work around behaviour of X11s pcfWriteFont and pcfReadFont functions - Resolves: #1197737 [2.3.11-15] - Fix CVE-2012-5669 (Use correct array size for checking glyph_enc) - Resolves: #903543 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9675 CVE-2014-9658 CVE-2014-9671 CVE-2014-9661 CVE-2014-9664 CVE-2014-9657 CVE-2014-9663 CVE-2014-9660 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9673 CVE-2014-9674 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 7 Oracle Linux 6 [6.0-2] - Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Resolves: #1196132 #1196120 #1196124 #1196128 MODERATE Copyright 2015 Oracle, Inc. CVE-2014-9636 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1.0.1e-30.7] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-30.6] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server MODERATE Copyright 2015 Oracle, Inc. CVE-2015-0209 CVE-2015-0286 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2015-0287 CVE-2015-0288 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [31.5.3-1.0.1.el5_11] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [31.5.3-1] - Update to 31.5.3 ESR [31.5.2-1] - Update to 31.5.2 ESR [31.5.1-1] - Update to 31.5.1 ESR CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-0818 CVE-2015-0817 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [3.2.17-4.1.0.1] - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com [3.2.17-4.1] - Fix get_rpm_nvr_*_temporary functions Resolves:#1203352 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1815 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [8.4.20-2] - fix for CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 CVE-2014-8161 (rhbz#1198651 & rhbz#1198652) MODERATE Copyright 2015 Oracle, Inc. CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [31.6.0-2.0.1.el5_11] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [31.6.0-1] - Update to 31.6.0 ESR Build 2 [31.6.0-1] - Update to 31.6.0 ESR CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-0816 CVE-2015-0807 CVE-2015-0813 CVE-2015-0801 CVE-2015-0815 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.3.0-5] - fix buffer overflow when processing ID3v2 metadata (CVE-2014-8962) - fix buffer overflow with invalid blocksize (CVE-2014-9028) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9028 CVE-2014-8962 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [31.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.6.0-1] - Update to 31.6.0 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-0807 CVE-2015-0801 CVE-2015-0815 CVE-2015-0816 CVE-2015-0813 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [1.10.3-37] - fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated denial of service in recvauth_common() and others' [1.10.3-36] - fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy name crash' [1.10.3-35] - Changelog fixes to make errata subsystem happy. [1.10.3-34] - fix for CVE-2014-5352 (#1179856) 'gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)' - fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)' - fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)' MODERATE Copyright 2015 Oracle, Inc. CVE-2014-5352 CVE-2014-9421 CVE-2014-5353 CVE-2014-5355 CVE-2014-9422 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1.15.0-26] - CVE fixes for: CVE-2015-0255 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-0255 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1:1.7.0.75-2.5.5.1.0.1.el7_1] - Update DISTRO_NAME in specfile [1:1.7.0.75-2.5.5.1] - repacked sources - Resolves: rhbz#1209072 [1:1.7.0.75-2.5.5.0] - Bump to 2.5.5 using OpenJDK 7u79 b14. - Update OpenJDK tarball creation comments - Remove test case for RH1191652 now fix has been verified. - Drop AArch64 version of RH1191652 HotSpot patch as included upstream. - Resolves: rhbz#1209072 CRITICAL Copyright 2015 Oracle, Inc. CVE-2005-1080 CVE-2015-0477 CVE-2015-0460 CVE-2015-0469 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.35-1.13.7.1] - Repackaged source files - Resolves: rhbz#1209067 [1:1.6.0.35-1.13.7.0] - Update to IcedTea 1.13.7 - Regenerate add-final-location-rpaths patch so as to be less disruptive. - Resolves: rhbz#1209067 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-0460 CVE-2015-0477 CVE-2015-0480 CVE-2015-0478 CVE-2005-1080 CVE-2015-0488 CVE-2015-0469 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1:1.8.0.45-30.b13] - repacked sources - Resolves: RHBZ#1209076 [1:1.8.0.45-7.b13] - Re-add %{name} prefix to patches to avoid conflicts with OpenJDK 7 versions. - Remove ppc64le test case now fix has been verified. - Resolves: rhbz#1194378 [1:1.8.0.45-27.b13] - updated to security u45 - minor sync with 7.2 - generate_source_tarball.sh - adapted java-1.8.0-openjdk-s390-java-opts.patch and java-1.8.0-openjdk-size_t.patch - reworked (synced) zero patches (removed 103,11 added 204, 400-403) - family of 5XX patches renamed to 6XX - added upstreamed patch 501 and 505 - included removeSunEcProvider-RH1154143.patch - returned java (jre only) provides - repacked policies (source20) - removed duplicated NVR provides - added automated test for priority (length7) - Resolves: RHBZ#1209076 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-0470 CVE-2015-0478 CVE-2005-1080 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0460 CVE-2015-0477 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [2.12-1.149.7] - Fix invalid file descriptor reuse while sending DNS query (#1207995, CVE-2013-7423). - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209375, CVE-2015-1781). [2.12-1.149.6] - Enhance nscd to detect any configuration file changes (#1194149). MODERATE Copyright 2015 Oracle, Inc. CVE-2013-7423 CVE-2015-1781 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [2.6.32-504.16.2] - [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159} [2.6.32-504.16.1] - [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559] - [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529} - [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421} - [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559] - [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334] - [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013] - [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395] - [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395] - [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314] - [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115] - [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690} - [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584} - [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763] - [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884} - [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825} - [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831] - [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831] - [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925] - [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925] - [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398] - [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061] - [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171} - [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215} - [security] Add PR_<GET, SET>_NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215} [2.6.32-504.15.1] - [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061] - [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540] - [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540] - [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540] - [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540] - [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540] - [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540] - [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540] - [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540] - [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168] [2.6.32-504.14.1] - [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137] - [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059] - [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059] - [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059] - [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405] - [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405] [2.6.32-504.13.1] - [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505] - [scsi] Revert 'fix our current target reap infrastructure' (David Milburn) [1188941 1168072] - [scsi] Revert 'dual scan thread bug fix' (David Milburn) [1188941 1168072] - [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289] - [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289] - [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289] - [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289] - [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289] - [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289] - [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8171 CVE-2014-9529 CVE-2014-7825 CVE-2014-7826 CVE-2014-3690 CVE-2014-8884 CVE-2015-1421 CVE-2014-3215 CVE-2014-9584 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [0.12.1.2-2.448.el6_6.2] - kvm-cirrus-fix-blit-region-check.patch [bz#1170571] - kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1170571] - Resolves: bz#1170571 (CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks [rhel-6.6.z]) [0.12.1.2-2.448.el6_6.1] - kvm-net-Forbid-dealing-with-packets-when-VM-is-not-run_2.patch [bz#970103] - kvm-virtio-net-drop-assert-on-vm-stop.patch [bz#970103] - kvm-migration-set-speed-to-maximum-during-last-stage_2.patch [bz#970103] - kvm-migration-only-call-append-when-there-is-something_2.patch [bz#970103] - kvm-migration-Only-call-memmove-when-there-is-anything-t.patch [bz#970103] - kvm-migration-remove-not-needed-ram_save_remaining-fun_2.patch [bz#970103] - kvm-migration-move-bandwidth-calculation-to-inside-sta_2.patch [bz#970103] - kvm-migration-Don-t-calculate-bandwidth-when-last-cycl_2.patch [bz#970103] - kvm-buffered_flush-return-errors.patch [bz#970103] - kvm-bandwidth_limit-standarize-in-size_t.patch [bz#970103] - kvm-fix-bz-1196970.patch [bz#1196970] - Resolves: bz#1196970 (Migrate status is failed after migrate_cancel.) - Resolves: bz#970103 (Downtime during live migration of busy VM is much higher than migration_downtime in vdsm.conf) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8106 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 7 Oracle Linux 5 Oracle Linux 6 [38.0-3.0.1.el7_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [38.0-3] - Enabled system nss - Removed unused patches [38.0-2] - Update to 38.0 ESR [38.0b8-0.11] - Update to 38.0 Beta 8 [38.0b6-0.10] - Added patch for mozbz#1152515 [38.0b6-0.9] - Update to 38.0 Beta 6 [38.0b5-0.8] - Update to 38.0 Beta 5 [38.0b3-0.7] - Update to 38.0 Beta 3 [38.0b1-0.6] - Added patch for mozbz#1152391 [38.0b1-0.5] - Fix build on AArch64 (based on upstream skia changes) [38.0b1-0.4] - Enabled debug build [38.0b1-1] - Update to 38.0b1 CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-2713 CVE-2015-2708 CVE-2015-2716 CVE-2015-2710 CVE-2015-0797 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [0:6.0.24-83] - Related: rhbz#1207048 tomcat initscript didn't assign - RETVAL after killing tomcat process [0:6.0.24-82] - Resolves: rhbz#1207048 Tomcat init script needs to be adjusted - to kill tomcat if stop is unsuccessful [0:6.0.24-81] - Resolves: CVE-2014-0227 Limited DoS in chunked transfer encoding - input filter MODERATE Copyright 2015 Oracle, Inc. CVE-2014-0227 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [0.12.1.2-2.448.el6_6.3] - kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219267] - Resolves: bz#1219267 (EMBARGOED CVE-2015-3456 qemu-kvm: qemu: floppy disk controller flaw [rhel-6.6.z]) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-3456 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [31.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.7.0-1] - Update to 31.7.0 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-2716 CVE-2015-2710 CVE-2015-2713 CVE-2015-2708 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 php55 [2.0-1] - fix incorrect selinux contexts #1194336 php55-php [5.5.21-2.0.1] - add dtrace-utils as build dependency [5.5.21-2] - core: fix use-after-free vulnerability in the process_nested_data function (unserialize) CVE-2015-2787 - core: fix NUL byte injection in file name argument of move_uploaded_file() CVE-2015-2348 - date: fix use after free vulnerability in unserialize() with DateTimeZone CVE-2015-0273 - enchant: fix heap buffer overflow in enchant_broker_request_dict() CVE-2014-9705 - ereg: fix heap overflow in regcomp() CVE-2015-2305 - opcache: fix use after free CVE-2015-1351 - phar: fix use after free in phar_object.c CVE-2015-2301 - pgsql: fix NULL pointer dereference CVE-2015-1352 - soap: fix type confusion through unserialize #1204868 [5.5.21-1] - rebase to PHP 5.5.21 [5.5.20-1] - rebase to PHP 5.5.20 #1057089 - fix package name in description - php-fpm own session and wsdlcache dir - php-common doesn't provide php-gmp MODERATE Copyright 2016 Oracle, Inc. CVE-2014-8142 CVE-2014-9427 CVE-2015-4601 CVE-2015-0232 CVE-2015-2301 CVE-2015-0273 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-1351 CVE-2015-2348 CVE-2015-2787 CVE-2015-4600 CVE-2015-1352 CVE-2015-2305 CVE-2015-4599 CVE-2015-4147 CVE-2015-4148 cpe:/a:oracle:linux:6::SoftwareCollections cpe:/a:oracle:linux:6::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections Oracle Linux 6 Oracle Linux 7 python27 [1.1-17] - Require python-pip and python-wheel (note: in rh-python34 this is not necessary, because 'python' depends on these). python27-python [2.7.8-3] - Add httplib fix for CVE-2013-1752 Resolves: rhbz#1187779 [2.7.8-2] - Fix %check unset DISPLAY setion not failing properly on failed test - Fixed CVE-2013-1752, CVE-2013-1753 Resolves: rhbz#1187779 [2.7.8-1] - Update to 2.7.8. Resolves: rhbz#1167912 - Make python-devel depend on scl-utils-build. Resolves: rhbz#1170993 python27-python-pip - New Package added python27-python-setuptools [0.9.8-3] - Enhance patch restoring proxy support in SSL connections Resolves: rhbz#1222507 python27-python-simplejson [3.2.0-2] - Fix CVE-2014-461, add boundary checks Resolves: rhbz#1222534 python27-python-wheel - New Package added MODERATE Copyright 2016 Oracle, Inc. CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 CVE-2013-1753 CVE-2014-4616 CVE-2014-7185 cpe:/a:oracle:linux:6::SoftwareCollections cpe:/a:oracle:linux:6::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections Oracle Linux 6 Oracle Linux 7 php54 [2.0-1] - fix incorrect selinux contexts #1194332 php54-php [5.4.40-1] - rebase to PHP 5.4.40 for various security fix #1209887 [5.4.37-1] - rebase to PHP 5.4.37 [5.4.36-1] - rebase to PHP 5.4.36 #1168193 - fix package name in description - php-fpm own session dir php54-php-pecl-zendopcache [7.0.4-3] - fix use after free CVE-2015-1351 [7.0.4-2] - add upstream patch for failed test [7.0.4-1] - Update to 7.0.4 [7.0.3-1] - update to 7.0.3 #1055927 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-2787 CVE-2015-3307 CVE-2015-3412 CVE-2015-4148 CVE-2015-4600 CVE-2014-8142 CVE-2014-9705 CVE-2015-4147 CVE-2015-2305 CVE-2015-4605 CVE-2015-0231 CVE-2015-0273 CVE-2015-2783 CVE-2015-4599 CVE-2014-9652 CVE-2015-0232 CVE-2015-3329 CVE-2015-3330 CVE-2015-4603 CVE-2015-4604 CVE-2014-9709 CVE-2015-1351 CVE-2014-9427 CVE-2015-2301 CVE-2015-2348 CVE-2015-3411 CVE-2015-4601 CVE-2015-4602 cpe:/a:oracle:linux:6::SoftwareCollections cpe:/a:oracle:linux:6::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections Oracle Linux 6 Oracle Linux 7 [1.0.1e-30.9] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) MODERATE Copyright 2015 Oracle, Inc. CVE-2015-4000 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [2.6.32-504.23.4] - [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907] - [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907] [2.6.32-504.23.3] - [netdrv] bonding: fix locking in enslave failure path (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: primary_slave & curr_active_slave are not cleaned on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: vlans don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: mc addresses don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: IFF_BONDING is not stripped on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: fix error handling if slave is busy v2 (Nikolay Aleksandrov) [1222483 1221856] [2.6.32-504.23.2] - [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1202860 1185166] {CVE-2015-1805} [2.6.32-504.23.1] - [x86] crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations (Herbert Xu) [1218681 1201490] - [scsi] storvsc: ring buffer failures may result in I/O freeze (Vitaly Kuznetsov) [1215754 1171676] - [scsi] storvsc: get rid of overly verbose warning messages (Vitaly Kuznetsov) [1215753 1167967] - [scsi] storvsc: NULL pointer dereference fix (Vitaly Kuznetsov) [1215753 1167967] - [netdrv] ixgbe: fix detection of SFP+ capable interfaces (John Greene) [1213664 1150343] - [x86] crypto: aesni - fix memory usage in GCM decryption (Kurt Stutsman) [1213329 1213330] {CVE-2015-3331} [2.6.32-504.22.1] - [kernel] hrtimer: Prevent hrtimer_enqueue_reprogram race (Prarit Bhargava) [1211940 1136958] - [kernel] hrtimer: Preserve timer state in remove_hrtimer() (Prarit Bhargava) [1211940 1136958] - [crypto] testmgr: fix RNG return code enforcement (Herbert Xu) [1212695 1208804] - [net] netfilter: xtables: make use of caller family rather than target family (Florian Westphal) [1212057 1210697] - [net] dynticks: avoid flow_cache_flush() interrupting every core (Marcelo Leitner) [1210595 1191559] - [tools] perf: Fix race in build_id_cache__add_s() (Milos Vyletel) [1210593 1204102] - [infiniband] ipath+qib: fix dma settings (Doug Ledford) [1208621 1171803] - [fs] dcache: return -ESTALE not -EBUSY on distributed fs race (J. Bruce Fields) [1207815 1061994] - [net] neigh: Keep neighbour cache entries if number of them is small enough (Jiri Pirko) [1207352 1199856] - [x86] crypto: sha256_ssse3 - also test for BMI2 (Herbert Xu) [1204736 1201560] - [scsi] qla2xxx: fix race in handling rport deletion during recovery causes panic (Chad Dupuis) [1203544 1102902] - [redhat] configs: Enable SSSE3 acceleration by default (Herbert Xu) [1201668 1036216] - [crypto] sha512: Create module providing optimized SHA512 routines using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216] - [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX2 RORX instruction (Herbert Xu) [1201668 1036216] - [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX instructions (Herbert Xu) [1201668 1036216] - [crypto] sha512: Optimized SHA512 x86_64 assembly routine using Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216] - [crypto] sha512: Expose generic sha512 routine to be callable from other modules (Herbert Xu) [1201668 1036216] - [crypto] sha256: Create module providing optimized SHA256 routines using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216] - [crypto] sha256: Optimized sha256 x86_64 routine using AVX2's RORX instructions (Herbert Xu) [1201668 1036216] - [crypto] sha256: Optimized sha256 x86_64 assembly routine with AVX instructions (Herbert Xu) [1201668 1036216] - [crypto] sha256: Optimized sha256 x86_64 assembly routine using Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216] - [crypto] sha256: Expose SHA256 generic routine to be callable externally (Herbert Xu) [1201668 1036216] - [crypto] rng: RNGs must return 0 in success case (Herbert Xu) [1201669 1199230] - [fs] isofs: infinite loop in CE record entries (Jacob Tanenbaum) [1175243 1175245] {CVE-2014-9420} - [x86] vdso: ASLR bruteforce possible for vdso library (Jacob Tanenbaum) [1184896 1184897] {CVE-2014-9585} - [kernel] time: ntp: Correct TAI offset during leap second (Prarit Bhargava) [1201674 1199134] - [scsi] lpfc: correct device removal deadlock after link bounce (Rob Evers) [1211910 1194793] - [scsi] lpfc: Linux lpfc driver doesn't re-establish the link after a cable pull on LPe12002 (Rob Evers) [1211910 1194793] - [x86] switch_to(): Load TLS descriptors before switching DS and ES (Denys Vlasenko) [1177353 1177354] {CVE-2014-9419} - [net] vlan: Don't propagate flag changes on down interfaces (Jiri Pirko) [1173501 1135347] - [net] bridge: register vlan group for br ports (Jiri Pirko) [1173501 1135347] - [netdrv] tg3: Use new VLAN code (Jiri Pirko) [1173501 1135347] - [netdrv] be2net: move to new vlan model (Jiri Pirko) [1173501 1135347] - [net] vlan: mask vlan prio bits (Jiri Pirko) [1173501 1135347] - [net] vlan: don't deliver frames for unknown vlans to protocols (Jiri Pirko) [1173501 1135347] - [net] vlan: allow nested vlan_do_receive() (Jiri Pirko) [1173501 1135347] - [net] allow vlan traffic to be received under bond (Jiri Pirko) [1173501 1135347] - [net] vlan: goto another_round instead of calling __netif_receive_skb (Jiri Pirko) [1173501 1135347] - [net] bonding: fix bond_arp_rcv setting and arp validate desync state (Jiri Pirko) [1173501 1135347] - [net] bonding: remove packet cloning in recv_probe() (Jiri Pirko) [1173501 1135347] - [net] bonding: Fix LACPDU rx_dropped commit (Jiri Pirko) [1173501 1135347] - [net] bonding: don't increase rx_dropped after processing LACPDUs (Jiri Pirko) [1173501 1135347] - [net] bonding: use local function pointer of bond->recv_probe in bond_handle_frame (Jiri Pirko) [1173501 1135347] - [net] bonding: move processing of recv handlers into handle_frame() (Jiri Pirko) [1173501 1135347] - [netdrv] revert 'bonding: fix bond_arp_rcv setting and arp validate desync state' (Jiri Pirko) [1173501 1135347] - [netdrv] revert 'bonding: check for vlan device in bond_3ad_lacpdu_recv()' (Jiri Pirko) [1173501 1135347] - [net] vlan: Always untag vlan-tagged traffic on input (Jiri Pirko) [1173501 1135347] - [net] Make skb->skb_iif always track skb->dev (Jiri Pirko) [1173501 1135347] - [net] vlan: fix a potential memory leak (Jiri Pirko) [1173501 1135347] - [net] vlan: fix mac_len recomputation in vlan_untag() (Jiri Pirko) [1173501 1135347] - [net] vlan: reset headers on accel emulation path (Jiri Pirko) [1173501 1135347] - [net] vlan: Fix the ingress VLAN_FLAG_REORDER_HDR check (Jiri Pirko) [1173501 1135347] - [net] vlan: make non-hw-accel rx path similar to hw-accel (Jiri Pirko) [1173501 1135347] - [net] allow handlers to be processed for orig_dev (Jiri Pirko) [1173501 1135347] - [net] bonding: get netdev_rx_handler_unregister out of locks (Jiri Pirko) [1173501 1135347] - [net] bonding: fix rx_handler locking (Jiri Pirko) [1173501 1135347] - [net] introduce rx_handler results and logic around that (Jiri Pirko) [1173501 1135347] - [net] bonding: register slave pointer for rx_handler (Jiri Pirko) [1173501 1135347] - [net] bonding: COW before overwriting the destination MAC address (Jiri Pirko) [1173501 1135347] - [net] bonding: convert bonding to use rx_handler (Jiri Pirko) [1173501 1135347] - [net] openvswitch: use rx_handler_data pointer to store vport pointer (Jiri Pirko) [1173501 1135347] - [net] add a synchronize_net() in netdev_rx_handler_unregister() (Jiri Pirko) [1173501 1135347] - [net] add rx_handler data pointer (Jiri Pirko) [1173501 1135347] - [net] replace hooks in __netif_receive_skb (Jiri Pirko) [1173501 1135347] - [net] fix conflict between null_or_orig and null_or_bond (Jiri Pirko) [1173501 1135347] - [net] remove the unnecessary dance around skb_bond_should_drop (Jiri Pirko) [1173501 1135347] - [net] revert 'bonding: fix receiving of dups due vlan hwaccel' (Jiri Pirko) [1173501 1135347] - [net] uninline skb_bond_should_drop() (Jiri Pirko) [1173501 1135347] - [net] bridge: Set vlan_features to allow offloads on vlans (Jiri Pirko) [1173501 1135347] - [net] bridge: convert br_features_recompute() to ndo_fix_features (Jiri Pirko) [1173501 1135347] - [net] revert 'bridge: explictly tag vlan-accelerated frames destined to the host' (Jiri Pirko) [1173501 1135347] - [net] revert 'fix vlan gro path' (Jiri Pirko) [1173501 1135347] - [net] revert 'bridge: do not learn from exact matches' (Jiri Pirko) [1173501 1135347] - [net] revert 'bridge gets duplicate packets when using vlan over bonding' (Jiri Pirko) [1173501 1135347] - [net] llc: remove noisy WARN from llc_mac_hdr_init (Jiri Pirko) [1173501 1135347] - [net] bridge: stp: ensure mac header is set (Jiri Pirko) [1173501 1135347] - [net] vlan: remove reduntant check in ndo_fix_features callback (Jiri Pirko) [1173501 1135347] - [net] vlan: enable soft features regardless of underlying device (Jiri Pirko) [1173501 1135347] - [net] vlan: don't call ndo_vlan_rx_register on hardware that doesn't have vlan support (Jiri Pirko) [1173501 1135347] - [net] vlan: Fix vlan_features propagation (Jiri Pirko) [1173501 1135347] - [net] vlan: convert VLAN devices to use ndo_fix_features() (Jiri Pirko) [1173501 1135347] - [net] revert 'vlan: Avoid broken offload configuration when reorder_hdr is disabled' (Jiri Pirko) [1173501 1135347] - [net] vlan: vlan device is lockless do not transfer real_num_<tx|rx>_queues (Jiri Pirko) [1173501 1135347] - [net] vlan: consolidate 8021q tagging (Jiri Pirko) [1173501 1135347] - [net] propagate NETIF_F_HIGHDMA to vlans (Jiri Pirko) [1173501 1135347] - [net] Fix a memmove bug in dev_gro_receive() (Jiri Pirko) [1173501 1135347] - [net] vlan: remove check for headroom in vlan_dev_create (Jiri Pirko) [1173501 1135347] - [net] vlan: set hard_header_len when VLAN offload features are toggled (Jiri Pirko) [1173501 1135347] - [net] vlan: Calling vlan_hwaccel_do_receive() is always valid (Jiri Pirko) [1173501 1135347] - [net] vlan: Centralize handling of hardware acceleration (Jiri Pirko) [1173501 1135347] - [net] vlan: finish removing vlan_find_dev from public header (Jiri Pirko) [1173501 1135347] - [net] vlan: make vlan_find_dev private (Jiri Pirko) [1173501 1135347] - [net] vlan: Avoid hash table lookup to find group (Jiri Pirko) [1173501 1135347] - [net] revert 'vlan: Add helper functions to manage vlans on bonds and slaves' (Jiri Pirko) [1173501 1135347] - [net] revert 'bonding: assign slaves their own vlan_groups' (Jiri Pirko) [1173501 1135347] - [net] revert 'bonding: fix regression on vlan module removal' (Jiri Pirko) [1173501 1135347] - [net] revert 'bonding: Always add vid to new slave group' (Jiri Pirko) [1173501 1135347] - [net] revert 'bonding: Fix up refcounting issues with bond/vlan config' (Jiri Pirko) [1173501 1135347] - [net] revert '8021q/vlan: filter device events on bonds' (Jiri Pirko) [1173501 1135347] - [net] vlan: Use vlan_dev_real_dev in vlan_hwaccel_do_receive (Jiri Pirko) [1173501 1135347] - [net] gro: __napi_gro_receive() optimizations (Jiri Pirko) [1173501 1135347] - [net] vlan: Rename VLAN_GROUP_ARRAY_LEN to VLAN_N_VID (Jiri Pirko) [1173501 1135347] - [net] vlan: make vlan_hwaccel_do_receive() return void (Jiri Pirko) [1173501 1135347] - [net] vlan: init_vlan should not copy slave or master flags (Jiri Pirko) [1173501 1135347] - [net] vlan: updates vlan real_num_tx_queues (Jiri Pirko) [1173501 1135347] - [net] vlan: adds vlan_dev_select_queue (Jiri Pirko) [1173501 1135347] - [net] llc: use dev_hard_header (Jiri Pirko) [1173501 1135347] - [net] vlan: support 'loose binding' to the underlying network device (Jiri Pirko) [1173501 1135347] - [net] revert 'net: don't set VLAN_TAG_PRESENT for VLAN 0 frames' (Jiri Pirko) [1173501 1135347] - [net] bridge: Add support for TX vlan offload (Jiri Pirko) [1173562 1146391] - [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] [2.6.32-504.21.1] - [netdrv] ixgbe: Fix memory leak in ixgbe_free_q_vector, missing rcu (John Greene) [1210901 1150343] - [netdrv] ixgbe: Fix tx_packets and tx_bytes stats not updating (John Greene) [1210901 1150343] - [netdrv] qlcnic: Fix update of ethtool stats (Chad Dupuis) [1210902 1148019] [2.6.32-504.20.1] - [fs] exec: do not abuse ->cred_guard_mutex in threadgroup_lock() (Petr Oros) [1208620 1169225] - [kernel] cgroup: always lock threadgroup during migration (Petr Oros) [1208620 1169225] - [kernel] threadgroup: extend threadgroup_lock() to cover exit and exec (Petr Oros) [1208620 1169225] - [kernel] threadgroup: rename signal->threadgroup_fork_lock to ->group_rwsem (Petr Oros) [1208620 1169225] [2.6.32-504.19.1] - [mm] memcg: fix crash in re-entrant cgroup_clear_css_refs() (Johannes Weiner) [1204626 1168185] [2.6.32-504.18.1] - [fs] cifs: Use key_invalidate instead of the rh_key_invalidate() (Sachin Prabhu) [1203366 885899] - [fs] KEYS: Add invalidation support (Sachin Prabhu) [1203366 885899] - [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159} [2.6.32-504.17.1] - [x86] fpu: shift clear_used_math() from save_i387_xstate() to handle_signal() (Oleg Nesterov) [1199900 1196262] - [x86] fpu: change save_i387_xstate() to rely on unlazy_fpu() (Oleg Nesterov) [1199900 1196262] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1805 CVE-2014-8159 CVE-2015-3331 CVE-2014-9420 CVE-2014-9419 CVE-2014-9585 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [0.12.1.2-2.448.el6_6.4] - kvm-pcnet-fix-Negative-array-index-read.patch [bz#1225886] - kvm-pcnet-force-the-buffer-access-to-be-in-bounds-during.patch [bz#1225886] - Resolves: bz#1225886 (EMBARGOED CVE-2015-3209 qemu-kvm: qemu: pcnet: multi-tmd buffer overflow in the tx path [rhel-6.6.z]) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-3209 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1.0.1e-42.8] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-42.7] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3216 CVE-2015-1792 CVE-2014-8176 CVE-2015-1790 CVE-2015-1791 CVE-2015-1789 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1:1.4.2-67.1] - CVE-2015-1158, CVE-2015-1159, CVE-2014-9679 (bug #1229982). IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9679 CVE-2015-1159 CVE-2015-1158 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 nss [3.19.1-3.0.1] - Added nss-vendor.patch to change vendor [3.19.1-3] - Additional NULL initialization. [3.19.1-2] - Updated the patch to keep old cipher suite order - Resolves: Bug 1224449 [3.19.1-1] - Rebase to nss-3.19.1 - Resolves: Bug 1224449 nss-util [3.19.0-1] - Rebase to nss-3.19.1 - Resolves: Bug 1224449 [3.18.0-1] - Resolves: - Bug 1205064 - [RHEL6.6] nss-util 3.18 rebase required for firefox 38 ESR MODERATE Copyright 2015 Oracle, Inc. CVE-2015-4000 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [9.2.13-1] - update to 9.2.13 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-13.html [9.2.12-1] - update to 9.2.12 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-12.html [9.2.11-1] - update to 9.2.11 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-11.html MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3166 CVE-2015-3165 CVE-2015-3167 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.1.0-1.0.1.el7_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-2737 CVE-2015-2740 CVE-2015-2725 CVE-2015-2728 CVE-2015-2731 CVE-2015-2736 CVE-2015-2738 CVE-2015-2739 CVE-2015-2743 CVE-2015-2722 CVE-2015-2727 CVE-2015-2729 CVE-2015-2735 CVE-2015-2741 CVE-2015-2734 CVE-2015-2724 CVE-2015-2733 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 abrt [2.0.8-26.0.1.el6_6.1] - Add abrt-oracle-enterprise.patch to be product neutral - Remove abrt-plugin-rhtsupport dependency for cli and desktop - Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot [2.0.8-26.el6_6.1] - remove old dump directories in upgrade - remove outdated rmp scriptlets - daemon: allow only root to submit CCpp, Koops, VMCore and Xorg problems - abrt-action-install-debuginfo-to-abrt-cache: sanitize arguments and umask - make the problem directories owned by abrt and the group root - validate uploaded problem directories in abrt-handle-upload - don't override nor remove files with user core dump files - fix symbolic link and race condition flaws - Resolves: #1211966 libreport [2.0.9-21.0.1.el6_6.1] - Add oracle-enterprise.patch and oracle-enterprise-po.patch - Remove libreport-plugin-rhtsupport pkg [2.0.9-21.el6_6.1] - switch dump directory owner from 'abrt:user' to 'user:abrt' (rhbz#1212093) - harden against directory traversal, crafted symbolic links (rhbz#1212093) - avoid race-conditions in dump dir opening (rhbz#1212093) - Resolves: #1211966 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3147 CVE-2015-3142 CVE-2015-1870 CVE-2015-1869 CVE-2015-3159 CVE-2015-3315 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [5.3.3-46] - fix gzfile accept paths with NUL character #1213407 - fix patch for CVE-2015-4024 [5.3.3-45] - fix more functions accept paths with NUL character #1213407 [5.3.3-44] - soap: missing fix for #1222538 and #1204868 [5.3.3-43] - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4026, #1213407 - ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022 - phar: fix buffer over-read in metadata parsing CVE-2015-2783 - phar: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3307 - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 - phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021 - soap: more fix type confusion through unserialize #1222538 [5.3.3-42] - soap: more fix type confusion through unserialize #1204868 [5.3.3-41] - core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 - core: fix use-after-free in unserialize CVE-2015-2787 - exif: fix free on unitialized pointer CVE-2015-0232 - gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 - date: fix use after free vulnerability in unserialize CVE-2015-0273 - enchant: fix heap buffer overflow in enchant_broker_request_dict CVE-2014-9705 - phar: use after free in phar_object.c CVE-2015-2301 - soap: fix type confusion through unserialize MODERATE Copyright 2015 Oracle, Inc. CVE-2015-4024 CVE-2015-4603 CVE-2015-0273 CVE-2015-2783 CVE-2014-9425 CVE-2015-4598 CVE-2015-4601 CVE-2015-3412 CVE-2015-4148 CVE-2015-4602 CVE-2015-4600 CVE-2014-9709 CVE-2015-0232 CVE-2015-2301 CVE-2015-3411 CVE-2015-4021 CVE-2015-4026 CVE-2014-9705 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-4022 CVE-2015-4147 CVE-2015-4599 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [5.4.40-3] - fix more functions accept paths with NUL character #1213407 [5.4.40-2] - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4025, CVE-2015-4026 - ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022 - phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021 - pgsql: fix NULL pointer dereference CVE-2015-1352 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-4598 CVE-2015-4021 CVE-2015-4024 CVE-2015-4643 CVE-2015-4644 CVE-2015-4025 CVE-2015-4022 CVE-2015-4026 cpe:/a:oracle:linux:6::SoftwareCollections cpe:/a:oracle:linux:6::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections Oracle Linux 6 [2.6.32-504.30.3] - [redhat] spec: Update dracut dependency to pull in drbg module (Frantisek Hrbata) [1241517 1241338] [2.6.32-504.30.2] - [crypto] rng: Remove krng (Herbert Xu) [1233512 1226418] - [crypto] drbg: Add stdrng alias and increase priority (Herbert Xu) [1233512 1226418] - [crypto] seqiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418] - [crypto] eseqiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418] - [crypto] chainiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418] [2.6.32-504.30.1] - [net] Fix checksum features handling in netif_skb_features() (Vlad Yasevich) [1231690 1220247] [2.6.32-504.29.1] - [net] gso: fix skb_segment for non-offset skb pointers (Jiri Benc) [1229586 1200533] [2.6.32-504.28.1] - [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1202860 1185166] {CVE-2015-1805} - [net] ipv4: Missing sk_nulls_node_init in ping_unhash (Denys Vlasenko) [1218102 1218103] {CVE-2015-3636} - [net] conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (Jesper Brouer) [1227467 1227468 1212801 1200541] - [net] tcp: Restore RFC5961-compliant behavior for SYN packets (Jesper Brouer) [1227467 1227468 1212801 1200541] - [x86] kernel: ignore NMI IOCK when in kdump kernel (Jerry Snitselaar) [1225054 1196263] - [x86] asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Mateusz Guzik) [1209232 1209233] {CVE-2015-2830} - [fs] gfs2: try harder to obtain journal lock during recovery (Abhijith Das) [1222588 1110846] for core_pmu (Jiri Olsa) [1219149 1188336] - [x86] mm: Linux stack ASLR implementation (Jacob Tanenbaum) [1195682 1195683] {CVE-2015-1593} - [fs] xfs: DIO write completion size updates race (Brian Foster) [1218499 1198440] - [net] ipv6: Don't reduce hop limit for an interface (Denys Vlasenko) [1208492 1208493] - [net] vlan: more careful checksum features handling (Vlad Yasevich) [1221844 1212384] - [kernel] tracing: Export tracing clock functions (Jerry Snitselaar) [1217986 1212502] - [edac] sb_edac: fix corruption/crash on imbalanced Haswell home agents (Seth Jennings) [1213468 1210148] - [netdrv] tun: Fix csum_start with VLAN acceleration (Jason Wang) [1217189 1036482] - [netdrv] tun: unbreak truncated packet signalling (Jason Wang) [1217189 1036482] - [netdrv] tuntap: hardware vlan tx support (Jason Wang) [1217189 1036482] - [vhost] vhost-net: fix handle_rx buffer size (Jason Wang) [1217189 1036482] - [netdrv] ixgbe: fix X540 Completion timeout (John Greene) [1215855 1150343] - [char] tty: drop driver reference in tty_open fail path (Mateusz Guzik) [1201893 1201894] - [netdrv] macvtap: Fix csum_start when VLAN tags are present (Vlad Yasevich) [1215914 1123697] - [netdrv] macvtap: signal truncated packets (Vlad Yasevich) [1215914 1123697] - [netdrv] macvtap: restore vlan header on user read (Vlad Yasevich) [1215914 1123697] - [netdrv] macvlan: Initialize vlan_features to turn on offload support (Vlad Yasevich) [1215914 1123697] - [netdrv] macvlan: Add support for 'always_on' offload features (Vlad Yasevich) [1215914 1123697] - [netdrv] mactap: Fix checksum errors for non-gso packets in bridge mode (Vlad Yasevich) [1215914 1123697] - [netdrv] revert 'macvlan: fix checksums error when we are in bridge mode' (Vlad Yasevich) [1215914 1123697] - [net] core: Correctly set segment mac_len in skb_segment() (Vlad Yasevich) [1215914 1123697] - [net] core: generalize skb_segment() (Vlad Yasevich) [1215914 1123697] - [net] core: Add skb_headers_offset_update helper function (Vlad Yasevich) [1215914 1123697] - [netdrv] ixgbe: Correctly disable VLAN filter in promiscuous mode (Vlad Yasevich) [1215914 1123697] - [netdrv] ixgbe: remove vlan_filter_disable and enable functions (Vlad Yasevich) [1215914 1123697] - [netdrv] qlge: Fix TSO for non-accelerated vlan traffic (Vlad Yasevich) [1215914 1123697] - [netdrv] i40evf: Fix TSO and hw checksums for non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697] - [netdrv] i40e: Fix TSO and hw checksums for non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697] - [netdrv] ehea: Fix TSO and hw checksums with non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697] - [netdrv] e1000: Fix TSO for non-accelerated vlan traffic (Vlad Yasevich) [1215914 1123697] - [kernel] ipc: sysv shared memory limited to 8TiB (George Beshers) [1224301 1171218] - [mm] hugetlb: improve page-fault scalability (Larry Woodman) [1212300 1120365] - [netdrv] hyperv: Fix the total_data_buflen in send path (Jason Wang) [1222556 1132918] - [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907] - [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907] [2.6.32-504.27.1] - [netdrv] mlx4_en: current_mac isn't updated in port up (Amir Vadai) [1224383 1081667] - [netdrv] mlx4_en: Fix mac_hash database inconsistency (Amir Vadai) [1224383 1081667] - [netdrv] mlx4_en: Protect MAC address modification with the state_lock mutex (Amir Vadai) [1224383 1081667] - [netdrv] mlx4_en: Fix errors in MAC address changing when port is down (Amir Vadai) [1224383 1081667] - [netdrv] mlx4: Verify port number in __mlx4_unregister_mac (Amir Vadai) [1224383 1081667] - [netdrv] mlx4_en: Adding missing initialization of perm_addr (Amir Vadai) [1225489 1120930] [2.6.32-504.26.1] - [kernel] sched: Fix clock_gettime(CLOCK_[PROCESS/THREAD]_CPUTIME_ID) monotonicity (Seth Jennings) [1219501 1140024] - [kernel] sched: Replace use of entity_key() (Larry Woodman) [1219123 1124603] [2.6.32-504.25.1] - [net] ipvs: allow rescheduling of new connections when port reuse is detected (Marcelo Leitner) [1222771 1108514] - [net] ipvs: Fix reuse connection if real server is dead (Marcelo Leitner) [1222771 1108514] - [netdrv] bonding: fix locking in enslave failure path (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: primary_slave & curr_active_slave are not cleaned on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: vlans don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: mc addresses don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: IFF_BONDING is not stripped on enslave failure (Nikolay Aleksandrov) [1222483 1221856] - [netdrv] bonding: fix error handling if slave is busy v2 (Nikolay Aleksandrov) [1222483 1221856] [2.6.32-504.24.1] - [mm] readahead: get back a sensible upper limit (Rafael Aquini) [1215755 1187940] MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3636 CVE-2015-1593 CVE-2011-5321 CVE-2015-2830 CVE-2015-2922 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 Oracle Linux 7 [1:1.8.0.51-1.b16] - Add md5sum for January 2015 java.security update so it gets updated this time. - Resolves: rhbz#1235162 [1:1.8.0.51-0.b16] - July 2015 security update to u51b16. - Add script for generating OpenJDK tarballs from a local Mercurial tree. - Add %{name} prefix to patches to avoid conflicts with OpenJDK 7 versions. - Add patches for RH issues fixed in IcedTea 2.x and/or the upcoming u60. - Use 'openjdk' as directory prefix to allow patch interchange with IcedTea. - Re-generate EC disablement patch following CPU DH changes. - Resolves: rhbz#1235162 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-3149 CVE-2015-4749 CVE-2015-4760 CVE-2015-2625 CVE-2015-2632 CVE-2015-2659 CVE-2015-4733 CVE-2015-2590 CVE-2015-2621 CVE-2015-2628 CVE-2015-4000 CVE-2015-4732 CVE-2015-2601 CVE-2015-2808 CVE-2015-4748 CVE-2015-4731 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 7 Oracle Linux 6 [1:1.7.0.85-2.6.1.2.0.1.el7_1] - Update DISTRO_NAME in specfile [1:1.7.0.85-2.6.1.2] - Bump upstream tarball to u25b01 to fix issue with 8075374 backport. - Resolves: rhbz#1235158 [1:1.7.0.85-2.6.1.1] - Update OpenJDK tarball so correct version is used. - Resolves: rhbz#1235158 [1:1.7.0.85-2.6.1.0] - Add additional java.security md5sum from January CPU - Resolves: rhbz#1235158 [1:1.7.0.85-2.6.1.0] - Bump to 2.6.1 and u85b00. - Resolves: rhbz#1235158 [1:1.7.0.80-2.6.0.1] - Pass SYSTEM_GSETTINGS='true' to the OpenJDK build to explicitly enable the GSettings API. - Resolves: rhbz#1235158 [1:1.7.0.80-2.6.0.0] - Add GConf2-devel dependency for native proxy fallback support. - Remove libxslt dependency pulled in from IcedTea builds. - Reduce redhat-lsb dependency to redhat-lsb-core (lsb_release) - Resolves: rhbz#1235158 [1:1.7.0.80-2.6.0.0] - Bump to 2.6.0 and u80b32. - Drop upstreamed patches and separate AArch64 HotSpot. - Add dependencies on pcsc-lite-devel (PR2496) and lksctp-tools-devel (PR2446) - Only run -Xshare:dump on JIT archs other than power64 as port lacks support - Update remove-intree-libraries script to cover LCMS and PCSC headers and SunEC. - Resolves: rhbz#1235158 CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-2621 CVE-2015-2628 CVE-2015-4000 CVE-2015-4733 CVE-2015-4749 CVE-2015-4760 CVE-2015-2601 CVE-2015-4732 CVE-2015-2590 CVE-2015-2625 CVE-2015-2808 CVE-2015-4731 CVE-2015-4748 CVE-2015-2632 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6:6:patch Oracle Linux 6 [2.2.15-45.0.1] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-45] - mod_proxy_balancer: add support for 'drain mode' (N) (#767130) [2.2.15-44] - set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES (#1086771) [2.2.15-43] - revert DirectoryMatch patch from 2.2.15-40 (#1016963) [2.2.15-42] - core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704) [2.2.15-41] - fix compilation with older OpenSSL caused by misspelling in patch (#1162268) [2.2.15-40] - mod_proxy: do not mix workers shared memory during graceful restart (#1149906) - mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache are used and SSL session is resumed (#1149703) - mod_ssl: log revoked certificates at the INFO level (#1161328) - mod_ssl: use -extensions v3_req for certificate generation (#906476) - core: check the config file before restarting the server (#1146194) - core: do not match files when using DirectoryMatch (#1016963) - core: improve error message for inaccessible DocumentRoot (#987590) - rotatelogs: improve support for localtime (#922844) - mod_deflate: fix decompression of files larger than 4GB (#1057695) - ab: fix integer overflow when printing stats with lot of requests (#1092419) - ab: try all addresses instead of failing on first one when not available (#1125269) - ab: fix read failure when targeting SSL server (#1045477) - apachectl: support HTTPD_LANG variable from /etc/sysconfig/httpd (#963146) - do not display 'bomb' icon for files ending with 'core' (#1069625) LOW Copyright 2015 Oracle, Inc. CVE-2013-5704 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [7.19.7-46] - require credentials to match for NTLM re-use (CVE-2015-3143) - close Negotiate connections when done (CVE-2015-3148) [7.19.7-45] - reject CRLFs in URLs passed to proxy (CVE-2014-8150) [7.19.7-44] - use only full matches for hosts used as IP address in cookies (CVE-2014-3613) - fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707) [7.19.7-43] - fix manpage typos found using aspell (#1011101) - fix comments about loading CA certs with NSS in man pages (#1011083) - fix handling of DNS cache timeout while a transfer is in progress (#835898) - eliminate unnecessary inotify events on upload via file protocol (#883002) - use correct socket type in the examples (#997185) - do not crash if MD5 fingerprint is not provided by libssh2 (#1008178) - fix SIGSEGV of curl --retry when network is down (#1009455) - allow to use TLS 1.1 and TLS 1.2 (#1012136) - docs: update the links to cipher-suites supported by NSS (#1104160) - allow to use ECC ciphers if NSS implements them (#1058767) - make curl --trace-time print correct time (#1120196) - let tool call PR_Cleanup() on exit if NSPR is used (#1146528) - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747) - allow to enable/disable new AES cipher-suites (#1156422) - include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163) - disable libcurl-level downgrade to SSLv3 (#1154059) [7.19.7-42] - do not force connection close after failed HEAD request (#1168137) - fix occasional SIGSEGV during SSL handshake (#1168668) [7.19.7-41] - fix a connection failure when FTPS handle is reused (#1154663) MODERATE Copyright 2015 Oracle, Inc. CVE-2014-3613 CVE-2014-3707 CVE-2015-3148 CVE-2014-8150 CVE-2015-3143 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-573] - [security] selinux: dont waste ebitmap space when importing NetLabel categories (Paul Moore) [1130197] - [x86] Revert Add driver auto probing for x86 features v4 (Prarit Bhargava) [1231280] - [net] bridge: netfilter: dont call iptables on vlan packets if sysctl is off (Florian Westphal) [1236551] - [net] ebtables: Allow filtering of hardware accelerated vlan frames (Florian Westphal) [1236551] [2.6.32-572] - [fs] Revert fuse: use clear_highpage and KM_USER0 instead of KM_USER1 (Brian Foster) [1229562] [2.6.32-571] - [netdrv] bnx2x: Move statistics implementation into semaphores (Michal Schmidt) [1231348] - [scsi] storvsc: Set the SRB flags correctly when no data transfer is needed (Vitaly Kuznetsov) [1221404] [2.6.32-570] - [block] fix ext_dev_lock lockdep report (Jeff Moyer) [1230927] - [md] Revert md dm: run queue on re-queue (Mike Snitzer) [1232007] - [firmware] another cxgb4 firmware load fixup (Sai Vemuri) [1189255] - [char] tty: Dont protect atomic operation with mutex (Aristeu Rozanski) [1184182] - [edac] i5100 add 6 ranks per channel (Aristeu Rozanski) [1171333] - [edac] i5100 clean controller to channel terms (Aristeu Rozanski) [1171333] - [crypto] rng - Remove krng (Herbert Xu) [1226418] - [crypto] drbg - Add stdrng alias and increase priority (Herbert Xu) [1226418] - [crypto] seqiv - Move IV seeding into init function (Herbert Xu) [1226418] - [crypto] eseqiv - Move IV seeding into init function (Herbert Xu) [1226418] - [crypto] chainiv - Move IV seeding into init function (Herbert Xu) [1226418] [2.6.32-569] - [gpu] drm/radeon: fix freeze for laptop with Turks/Thames GPU (Jerome Glisse) [1213297] - [md] dm: fix casting bug in dm_merge_bvec (Mike Snitzer) [1226453] - [fs] nfs: Send the size attribute on open(O_TRUNC) (Benjamin Coddington) [1208065] - [net] inet: fix processing of ICMP frag_needed messages (Sabrina Dubroca) [1210321] - [net] tcp: double default TSQ output bytes limit (Hannes Frederic Sowa) [1140590] - [hv] hv_balloon: correctly handle num_pages>INT_MAX case (Vitaly Kuznetsov) [1006234] - [hv] hv_balloon: correctly handle val.freeram<num_pages case (Vitaly Kuznetsov) [1006234] - [hv] hv_balloon: survive ballooning request with num_pages=0 (Vitaly Kuznetsov) [1006234] - [hv] hv_balloon: eliminate jumps in piecewiese linear floor function (Vitaly Kuznetsov) [1006234] - [hv] hv_balloon: do not online pages in offline blocks (Vitaly Kuznetsov) [1006234] - [hv] hv_balloon: dont lose memory when onlining order is not natural (Vitaly Kuznetsov) [1006234] [2.6.32-568] - [base] reduce boot delay on large memory systems (Seth Jennings) [1221389] - [md] dm: run queue on re-queue (Mike Snitzer) [1225158] - [fs] take i_mutex during prepare_binprm for set<u,g>id executables (Mateusz Guzik) [1216269] {CVE-2015-3339} - [netdrv] i40e: Make sure to be in VEB mode if SRIOV is enabled at probe (Stefan Assmann) [1206000] - [netdrv] i40e: start up in VEPA mode by default (Stefan Assmann) [1206000] - [netdrv] e1000e: Bump the version to 3.2.5 (John Greene) [1211531] - [netdrv] e1000e: fix unit hang during loopback test (John Greene) [1211531] - [netdrv] e1000e: fix systim issues (John Greene) [1211531] - [netdrv] e1000e: fix legacy interrupt handling in i219 (John Greene) [1211531] - [netdrv] e1000e: fix flush_desc_ring implementation (John Greene) [1211531] - [netdrv] e1000e: fix logical error in flush_desc_rings (John Greene) [1211531] - [netdrv] e1000e: remove call to do_div and sign mismatch warning (John Greene) [1211531] - [netdrv] e1000e: i219 execute unit hang fix on every reset or power state transition (John Greene) [1211531] - [netdrv] e1000e: i219 fix unit hang on reset and runtime D3 (John Greene) [1211531] - [netdrv] e1000e: fix call to do_div to use u64 arg (John Greene) [1211531] - [netdrv] e1000e: Cleanup handling of VLAN_HLEN as a part of max frame size (John Greene) [1211531] - [netdrv] e1000e: Correctly include VLAN_HLEN when changing interface MTU (John Greene) [1211531] - [netdrv] e1000e: call netif_carrier_off early on down (John Greene) [1211531] [2.6.32-567] - [serial] add ability to set IRQ via module parameter (Prarit Bhargava) [1210848] - [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1185166] {CVE-2015-1805} - [netdrv] macvlan: add VLAN filters to lowerdev (Ivan Vecera) [1213846] - [x86] Mark Intel Broadwell-DE processor as unsupported (Steve Best) [1226904] - [net] ipv6: reallocate addrconf router for ipv6 address when lo device up (Hannes Frederic Sowa) [1223610] - [mm] memory-failure: move refcount only in !MF_COUNT_INCREASED (Rafael Aquini) [1222832] - [mm] memory-failure: shift page lock from head page to tail page after thp split (Rafael Aquini) [1222832] - [mm] memory-failure: transfer page count from head page to tail page after split thp (Rafael Aquini) [1222832] - [scsi] lpfc: Correct loss of target discovery after cable swap (Rob Evers) [1226779] [2.6.32-566] - [netdrv] iwlwifi: use custom workqueue (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: remove not used *bt-coex* files (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: avoid use-after-free on iwl_mvm_d0i3_enable_tx() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: clean net-detect info if device was reset during suspend (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: take the UCODE_DOWN reference when resuming (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: BT Coex - duplicate the command if sent ASYNC (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: nvm: force mac from otp in case nvm mac is reserved (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Free fw_status after use to avoid memory leak (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix MLME trigger (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: dont disable the busmaster DMA clock for family 8000 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: 7000: modify the firmware name for 3165 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: forbid MIMO on devices that dont support it (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: force quota update update after FW restart (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix typo in CONFIG option (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont power off the device between INIT and OPER firmwares (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: prevent using unmapped memory in fw monitor (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Avoid signal based decisions if ave beacon RSSI is 0 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix scan iteration complete notification handling (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont stop the FW monitor too early (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix Tx Power firmware API (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: capture connection loss as part of MLME trigger (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add trigger for time events (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: do string formatting in debug triggers (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: fix spelling errors (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont return uninitialized value in get_survey() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove unused arguments (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Fix wrongfully flushing frames in the roc/off channel queue (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add debugfs entry with the number of net-detect scans (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: refactor rs_update_rate_tbl (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: check the size of the trigger struct from the firmware file (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add trigger for firmware dump upon MLME failures (Stanislaw Gruszka) [1134606] - [net] mac80211: Fix mac80211.h docbook comments (Stanislaw Gruszka) [1134606] - [net] mac80211: notify the driver about deauth (Stanislaw Gruszka) [1134606] - [net] mac80211: notify the driver about association status (Stanislaw Gruszka) [1134606] - [net] mac80211: notify the driver about authentication status (Stanislaw Gruszka) [1134606] - [netdrv] mac80211: convert rssi_callback() to event_callback() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: fix comment indentation (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Clean up UMAC scan UIDs in the reset and drv_stop flows (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: 8000: change PNVM in case it doesnt match to the HW step (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix debug print in the RSA ownership workaround (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: allow to configure the timeout for the Tx queues (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: drop support for early versions of 8000 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: use debugfs_create_bool() for enable_scan_iteration_notif (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: initialize trans_pcie->ref_count on configure() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: inform mac80211 about umac scans that was aborted by restart (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove d0i3 ref correctly during AP start (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: Fix memory leak in iwl_req_fw_callback() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove WARN_ON for invalid BA notification (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: take IWL_MVM_REF_UCODE_DOWN before restarting hw (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont wait for firmware verification (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: add new 3165 series PCI IDs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove time-event start/end failure warning (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add iccm data to 8000 b-step data dump (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: add rx packet sequence number to dbg print (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: properly flush the queues for buffering transport (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: assign new TLV bit for multi-source LAR (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: continue (with error) CSA on GO time event failure (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: simplify iwl_mvm_get_wakeup_status() return (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont double unlock the mutex in __iwl_mvm_resume() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: clarify time event end handling (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Always enable the smart FIFO (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: update copyright to include 2015 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: add more new 8260 series PCI IDs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: BT Coex - update the new API (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix force NMI for 8000 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: freeze the non-shared queues when a station goes to sleep (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: allow the op_mode to freeze the stuck queue timer (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: update Tx statistics when using fixed rate (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont init MCC during CT-kill (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove warning on station exhaustion (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: trans: Take ownership on secure machine before FW load (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: add new 8260 series PCI IDs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: improve ss_params debug print (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: dont allow the FW to return invalid ch indices (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: reflect TDLS pm state in mvmvif->pm_enabled (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix identation (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove unneeded include iwl-fw-error-dump.h (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: use correct NVM offset for LAR enable for new NVMs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: fix smatch warning: warn: inconsistent indenting (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: include more registers in the prph dump (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: speed up the Tx DMA stop flow (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support family 8000 B2/C steps (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: always update the quota after association (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: BT Coex - disable RRC by default (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove IWL_UCODE_TLV_API_SF_NO_DUMMY_NOTIF (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove IWL_UCODE_TLV_API_DISABLE_STA_TX (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: bump API to 13 for devices that use iwlmvm (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: set LAR MCC on D3/D0 transitions (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support LAR updates from BIOS (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: take the MAC address from HW registers (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: allow disabling LAR via module param (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support new PHY_SKU nvm section for family 8000 B0 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: disable 11ac if 11n is disabled (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: iwlmvm: LAR: disable LAR support due to NVM vs TLV conflict (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: change last 5ghz channel to 165 & add support for 8000 family (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: use IWL_DEFAULT_MAX_TX_POWER for max_eirp (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: nvm: init correct nvm channel list for 8000 devices (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: LAR: Add chub mcc change notify command (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: dont declare support for 5ghz if not supported (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: ignore IBSS flag as regulatory NO-IR indication (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: consider LAR support during NVM parse (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: create regdomain from mcc_update_cmd response (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: init country code on init/recovery (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add MCC update FW API (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: disconnect if CSA time event fails scheduling (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: dvm: drop VO packets when mac80211 tells us to (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix compilation with IWLWIFI_DEBUGFS not set (Stanislaw Gruszka) [1134606] - [netdrv] wireless: Use eth_<foo>_addr instead of memset (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont override passive dwell in case of fragmented scan (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add trigger for firmware dump upon low RSSI (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add trigger for firmware dump upon statistics (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: restart firmware recording when no configuration is set (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add trigger for firmware dump upon command response (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add trigger for firmware dump upon channel switch (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add trigger for firmware dump upon missed beacons (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add the cause of the firmware dump in the dump (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add framework for triggers for fw dump (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: use only 40 ms for fragmented scan (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: allow to force the Rx chains from debugfs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: add new TLV capability flag for BT PLCR (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont iterate interfaces to disconnect in net-detect (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: new Alive / error table API (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support beacon statistics for BSS client (Stanislaw Gruszka) [1134606] - [net] cfg80211: add nl80211 beacon-only statistics (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont write to DBGC_OUT_CTRL when stopping the recording (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove deprecated scan API code (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: deprecate -9.ucode for 3160 / 7260 / 7265 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support radio statistics as global survey (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add statistics API version 10 (Stanislaw Gruszka) [1134606] - [net] cfg80211: add scan time to survey data (Stanislaw Gruszka) [1134606] - [netdrv] cfg80211: remove channel from survey names (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: apply destination before releasing reset (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove unused function in BT coex (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix BT coex shared antenna activity check (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: print single stream params via debugfs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: avoid ss_force from being reset after tx idle (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: increase the number of PAPD channel groups to 9 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: consider TDLS queues as used during drain (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: disable MIMO for low latency P2P (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: adapt rate matching to new STBC/BFER (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: disable beamformer unless FW supports it (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont try to stop scans that are not running anymore (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: better match tx response rate to the LQ table (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: call ieee80211_scan_completed() even if scan abort fails (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: reduce quota threshold (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont send a command the firmware doesnt know (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Fix building channels in scan_config_cmd (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Enable EBS also in single scan on umac interface (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Fix a few EBS error handling bugs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: allow to define the stuck queue timer per queue (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: enable watchdog on Tx queues for mvm (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: ignore stale TDLS ch-switch responses (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: improve TDLS ch-sw state machine (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: prepare the enablement of 31 TFD queues (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: enable forcing single stream Tx decision (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: remove space padding after sysassert description (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add beamformer support (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: dont dump useless data when a TFD queue hangs (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont reprobe if we fail during reconfig and fw_restart is false (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: check IWL_UCODE_TLV_API_SCD_CFG in API and not in capa (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: fix rx chains configuration in phy ctxt cmd (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: support secured boot flow for family 8000 B step (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: use a new API for enabling STBC (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: refactor ht/vht init (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: remove stats argument from functions (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: really disable TDLS queues (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: BT Coex - set all the co-running values to 0 (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Do not consider invalid HW queues in queue mask (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support family 8000 C step (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: init ref_lock (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: document switch case fall-through in iwl_mvm_send_sta_key (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: use STBC regardless of power save mode (Stanislaw Gruszka) [1134606] - [netdrv] Revert iwlwifi: mvm: drop non VO frames when flushing (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add support for new LTR command (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: BT Coex - fine tune the MPLUT register (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: move U-APSD decision to authentication (Stanislaw Gruszka) [1134606] - [netdrv] mac80211: move U-APSD enablement to vif flags (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: ignore temperature updates in the RX statistics notification (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: cleanup unuseful and overflowing traces (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: generate statistics debugfs code (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: move statistics API to new header file (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: sync statistics firmware API (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: correctly set the NMI register (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add rxf and txf to dump data (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add support for dumping a secondary SRAM (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add debugfs file for misbehaving U-APSD AP (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: let the firmware configure the scheduler (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: remove unused TLV capability flags (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add print of he nvm version (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: set max_out_time equal to frag_passive_dwell in fragmented scan (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: allow to disable MIMO for P2P only (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: allow to collect debug data from non-sleepable context (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: make sure state isnt in d0i3 when stopping fw monitor (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Add debugfs entry to enable scan offload notification (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: add new config and PCI IDs for 4165 series (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: make sure state isnt in d0i3 when collecting fw dbg (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: repeat initial legacy rates in LQ table (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: dont indicate no BA if STA was in powersave (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: organize and cleanup consts (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Alter passive scan fragmentation parameters in case of multi-MAC (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: call to pcie_apply_destination also on family 8000 B step (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: ask the fw to wakeup (from d0i3) on sysassert (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: tlv: add support for IWL_UCODE_TLV_SDIO_ADMA_ADDR TLV (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: use iwl_mvm_sta_from_mac80211() consistently (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: use iwl_mvm_vif_from_mac80211() consistently (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: remove useless extern definition of iwl4265_2ac_sdio_cfg (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: clean refs before stop_device() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: dvm: main: Use setup_timer (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: dvm: tt: Use setup_timer (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support 2 different channels (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: wait for d0i3 exit on hw restart (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: consider d0i3_disable in iwl_mvm_is_d0i3_supported() (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: support multiple d0i3 modes (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support IWL_D0I3_MODE_ON_SUSPEND d0i3 mode (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: allow both d0i3 and d3 wowlan configuration modes (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: add basic reference accounting (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: convert the SRAM dump to the generic memory dump (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: change SMEM dump to general purpose memory dump (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add smem content to dump data (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support additional nvm_file in family 8000 B step (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: rs: fix max rate allowed if no rate is allowed (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: clear tt values when entering CT-kill (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: Set the HW step in the core dump (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: allow RSSI compensation (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add debugfs to trigger fw debug logs collection (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: pcie: let the Manageability Engine know when we leave (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: support LnP 1x1 antenna configuration (Stanislaw Gruszka) [1134606] - [netdrv] Revert iwlwifi: use correct fw file in 8000 b-step (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: mvm: add fw runtime stack to dump data (Stanislaw Gruszka) [1134606] - [netdrv] iwlwifi: remove MODULE_VERSION (Stanislaw Gruszka) [1134606] [2.6.32-565] - [x86] perf/intel: Add INST_RETIRED.ALL workarounds (Jiri Olsa) [1189949] - [x86] perf/intel: Add Broadwell core support (Jiri Olsa) [1189949] - [x86] perf/intel: Add new cache events table for Haswell (Jiri Olsa) [1189949] MODERATE Copyright 2015 Oracle, Inc. CVE-2014-9683 CVE-2015-3339 CVE-2014-3184 CVE-2014-8709 CVE-2015-0239 CVE-2014-3940 CVE-2014-4652 CVE-2014-8133 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.2.6-4] - Move OpenSSL init out of version check Resolves: Bug#1189394 radiusd segfaults after update - Comment-out ippool-dhcp.conf inclusion Resolves: Bug#1189386 radiusd fails to start after 'clean' installation [2.2.6-3] - Disable OpenSSL version check Resolves: Bug#1189011 [2.2.6-2] - Fix a number of new Coverity errors and compiler warnings. Resolves: Bug#1188598 [2.2.6-1] - Upgrade to the latest upstream release v2.2.6 Resolves: Bug#921563 raddebug not working correctly Resolves: Bug#921567 raddebug -t 0 exists immediately Resolves: Bug#1060319 MSCHAP Authentication is not working using automatic windows user credentials Resolves: Bug#1078736 Rebase FreeRADIUS to 2.2.4 Resolves: Bug#1135439 Default message digest defaults to sha1 Resolves: Bug#1142669 EAP-TLS and OCSP validation causing segmentation fault Resolves: Bug#1173388 dictionary.mikrotik missing Attributes - Remove radutmp rotation Resolves: Bug#904578 radutmp should not rotate - Check for start_servers not exceeding max_servers Resolves: Bug#1146828 radiusd silently fails when start_servers is higher than max_servers MODERATE Copyright 2015 Oracle, Inc. CVE-2014-2015 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.6-64.0.1] - Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma) [2.6.6-64] - Enable use of deepcopy() with instance methods Resolves: rhbz#1223037 [2.6.6-63] - Since -libs now provide python-ordered dict, added ordereddict dist-info to site-packages Resolves: rhbz#1199997 [2.6.6-62] - Fix CVE-2014-7185/4650/1912 CVE-2013-1752 Resolves: rhbz#1206572 [2.6.6-61] - Fix logging module error when multiprocessing module is not initialized Resolves: rhbz#1204966 [2.6.6-60] - Add provides for python-ordereddict Resolves: rhbz#1199997 [2.6.6-59] - Let ConfigParse handle options without values - Add check phase to specfile, fix and skip relevant failing tests Resolves: rhbz#1031709 [2.6.6-58] - Make Popen.communicate catch EINTR error Resolves: rhbz#1073165 [2.6.6-57] - Add choices for sort option of cProfile for better output Resolves: rhbz#1160640 [2.6.6-56] - Make multiprocessing ignore EINTR Resolves: rhbz#1180864 [2.6.6-55] - Fix iteration over files with very long lines Resolves: rhbz#794632 [2.6.6-54] - Fix subprocess.Popen.communicate() being broken by SIGCHLD handler. Resolves: rhbz#1065537 - Rebuild against latest valgrind-devel. Resolves: rhbz#1142170 [2.6.6-53] - Bump release up to ensure proper upgrade path. Related: rhbz#958256 MODERATE Copyright 2015 Oracle, Inc. CVE-2013-1752 CVE-2014-1912 CVE-2014-7185 CVE-2014-4650 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 Oracle Linux 6 [5.0.5-113.0.1] - add autofs-5.0.5-lookup-mounts.patch [Orabug:12658280] (Bert Barbe) use tcp instead of udp [5.0.5-113] - bz1201195 - autofs: MAPFMT_DEFAULT is not macro in lookup_program.c - fix macro usage in lookup_program.c. - Resolves: rhbz#1201195 [5.0.5-112] - bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate exports in the NFS server - fix use after free in patch to handle duplicate in multi mounts. - change log messages to try and make them more sensible. - fix log entry for rev 5.0.5-111 below. - Related: rhbz#1124083 [5.0.5-111] - bz1153130 - autofs-5.0.5-109 with upgrade to RHEL 6.6 no longer recognizes +yp: in auto.master - fix fix master map type check. - bz1156387 - autofs /net maps do not refresh list of shares exported on the NFS server - fix typo in update_hosts_mounts(). - fix hosts map update on reload. - bz1160446 - priv escalation via interpreter load path for program based automount maps - add a prefix to program map stdvars. - add config option to force use of program map stdvars. - bz1175671 - automount segment fault in parse_sun.so for negative parser tests - fix incorrect check in parse_mount(). - bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate exports in the NFS server - fix fix map entry duplicate offset detection (dependednt patch). - handle duplicates in multi mounts. - Resolves: rhbz#1153130 rhbz#1156387 rhbz#1160446 rhbz#1175671 rhbz#1124083 [5.0.5-110] - bz1163957 - Autofs unable to mount indirect after attempt to mount wildcard - make negative cache update consistent for all lookup modules. - ensure negative cache isn't updated on remount. - dont add wildcard to negative cache. - Resolves: rhbz#1163957 MODERATE Copyright 2015 Oracle, Inc. CVE-2014-8169 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [9.0.3-43] - Resolves #1225589 - unable to create rhel 7.1 replica from rhel 6 replica CA because subsystem user does not exist [9.0.3-42] - Resolves #1221900 - pki-core: cross-site scripting flaw in the dogtag administration page (port 9180, port 9444) [rhel-6.7] [9.0.3-41] - Resolves #1212557 - ipa-server-install fails when configuring CA [9.0.3-40] - Resolves #1171848 - IPA - port 9443 (pki-core) is vulnerable to SSLv3 POODLE (based upon upstream changes provided by cfu and alee) MODERATE Copyright 2015 Oracle, Inc. CVE-2012-2662 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.3.3-4.3] - Add missing checks for small/truncated files resolves: rhbz#1158993 - Fix typo in man page Win::Hivex.3.pm resolves: rhbz#1164693 MODERATE Copyright 2015 Oracle, Inc. CVE-2014-9273 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1:5.5-54.0.1] - Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373] [1:5.5-54] - Quicker loading of IP-MIB::ipAddrTable (#1191393) [1:5.5-53] - Quicker loading of IP-MIB::ipAddressTable (#1191393) [1:5.5-52] - Fixed snmptrapd crash when '-OQ' parameter is used and invalid trap is received (#CVE-2014-3565) [1:5.5-51] - added faster caching into IP-MIB::ipNetToMediaTable (#789500) - fixed compilation with '-Werror=format-security' (#1181994) - added clear error message when port specified in 'clientaddrr' config option cannot be bound (#886468) - fixed error check in IP-MIB::ipAddressTable (#1012430) - fixed agentx client crash on failed response (#1023570) - fixed dashes in net-snmp-config.h (#1034441) - fixed crash on monitor trigger (#1050970) - fixed 'netsnmp_assert 1 == new_val->high failed' message in system log (#1065210) - fixed parsing of 64bit counters from SMUX subagents (#1069046) - Fixed HOST-RESOURCES-MIB::hrProcessorTable on machines with >100 CPUs (#1070075) - fixed net-snmp-create-v3-user to have the same content on 32 and 64bit installations (#1073544) - fixed IPADDRESS value length in Python bindings (#1100099) - fixed hrStorageTable to contain 31 bits integers (#1104293) - fixed links to developer man pages (#1119567) - fixed storageUseNFS functionality in hrStorageTable (#1125793) - fixed netsnmp_set Python bindings call truncating at the first '\000' character (#1126914) - fixed log level of SMUX messages (#1140234) - use python/README to net-snmp-python subpackage (#1157373) - fixed forwarding of traps with RequestID=0 in snmptrapd (#1146948) - fixed typos in NET-SNMP-PASS-MIB and SMUX-MIB (#1162040) - fixed close() overhead of extend commands (#1188295) - fixed lmSensorsTable not reporting sensors with duplicate names (#967871) - fixed hrDeviceTable with interfaces with large ifIndex (#1195547) MODERATE Copyright 2015 Oracle, Inc. CVE-2014-3565 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.8.6p3-19] - RHEL-6.7 erratum - modified the authlogicfix patch to fix #1144448 - fixed a bug in the ldapusermatchfix patch Resolves: rhbz#1144448 Resolves: rhbz#1142122 [1.8.6p3-18] - RHEL-6.7 erratum - fixed the mantypos-ldap.patch Resolves: rhbz#1138267 [1.8.6p3-17] - RHEL-6.7 erratum - added patch for CVE-2014-9680 - added BuildRequires for tzdata Resolves: rhbz#1200253 [1.8.6p3-16] - RHEL-6.7 erratum - added zlib-devel build required to enable zlib compression support - fixed two typos in the sudoers.ldap man page - fixed a hang when duplicate nss entries are specified in nsswitch.conf - SSSD: implemented sorting of the result entries according to the sudoOrder attribute - LDAP: fixed logic handling the computation of the 'user matched' flag - fixed restoring of the SIGPIPE signal in the tgetpass function - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD Resolves: rhbz#1106433 Resolves: rhbz#1138267 Resolves: rhbz#1147498 Resolves: rhbz#1138581 Resolves: rhbz#1142122 Resolves: rhbz#1094548 Resolves: rhbz#1144448 MODERATE Copyright 2015 Oracle, Inc. CVE-2014-9680 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 Oracle Linux 6 [3:2.1.12-25] - fix CVE-2002-0389 - local users able to read private mailing list archives [3:2.1.12-24] - fix CVE-2015-2775 - directory traversal in MTA transports [3:2.1.12-23] - fix #1095359 - handle update when some mailing lists have been created by newer Mailman than this one [3:2.1.12-22] - fix #1095359 - add support for DMARC [3:2.1.12-21] - fix #1056366 - fix bad subject of the welcome email when creating list using newlist command [3:2.1.12-20] - fix #745409 - do not set Indexes in httpd configuration for public archive - fix #1008139 - fix traceback when list_data_dir is not a child of var_prefix [3:2.1.12-19] - fix #765807 - fix traceback when message is received to moderated list MODERATE Copyright 2015 Oracle, Inc. CVE-2002-0389 CVE-2015-2775 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.7.6-20.0.1.el6] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [libxml2-2.7.6-20.el6] - CVE-2015-1819 Enforce the reader to run in constant memory(rhbz#1214163) [libxml2-2.7.6-19.el6] - Stop parsing on entities boundaries errors - Fix missing entities after CVE-2014-3660 fix (rhbz#1149086) [libxml2-2.7.6-18.el6] - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149086) - Fix html serialization error and htmlSetMetaEncoding (rhbz#1004513) LOW Copyright 2015 Oracle, Inc. CVE-2015-1819 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 Oracle Linux 6 [1:0.7.3-6] - AP WMM: Fix integer underflow in WMM Action frame parser (rh #1221178) (rh #1226396) [1:0.7.3-5] - Add domain_match config option from upstream (rh #1186806) (rh #1178263) - Include peer certificate in EAP events for use by clients - Add dbus signal for information about server certification - eapol_test: Add option for writing server certificate chain to a file LOW Copyright 2015 Oracle, Inc. CVE-2015-4142 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.20-3] - Updated pcre buildrequires to require pcre-devel >= 7.8-7 Related: rhbz#1193030 [2.20-2] - Fixed invalid UTF-8 byte sequence error in PCRE mode (by pcre-backported-fixes patch) Resolves: rhbz#1193030 - Fixed buffer overrun for grep -F Resolves: CVE-2015-1345 - Fixed bogus date in the changelog [2.20-1] - New version Resolves: rhbz#1064668 Resolves: rhbz#982215 Resolves: rhbz#1126757 Resolves: rhbz#1167766 Resolves: rhbz#1171806 - Fixed \w and \W behaviour in multibyte locales Resolves: rhbz#799863 - Documented --fixed-regexp option Resolves: rhbz#1103270 LOW Copyright 2015 Oracle, Inc. CVE-2015-1345 CVE-2012-5667 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [31.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [31.8.0-1] - Update to 31.8.0 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-2731 CVE-2015-2741 CVE-2015-2725 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2724 CVE-2015-2739 CVE-2015-2737 CVE-2015-2740 CVE-2015-2738 cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.8.5-18] - fix CVE-2015-0282 (#1198159) - fix CVE-2015-0294 (#1198159) [2.8.5-17] - Corrected value initialization in mpi printing (#1129241) [2.8.5-16] - Check for expiry information in the CA certificates (#1159778) [2.8.5-15] - fix issue with integer padding in certificates and keys (#1036385) MODERATE Copyright 2015 Oracle, Inc. CVE-2015-0294 CVE-2015-0282 CVE-2014-8155 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 Oracle Linux 6 [1:4.2.8.2-11.0.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile (jingdong.lu@oracle.com) - Build with --with-vendor='Oracle America, Inc.' (jingdong.lu@oracle.com) [1:4.2.8.2-11] - Resolves: rhbz#1223696 some labels in print dialog are not translated, even though the translations exist [1:4.2.8.2-10] - Resolves: rhbz#1217466 CVE-2015-1774 HWP filter fix [1:4.2.8.2-9] - Resolves: rhbz#1209852 enable accidentally disabled GIO UCP [1:4.2.8.2-8] - Related: rhbz#1150048 rpmdiff: avoid multilib conflict [1:4.2.8.2-7] - Related: rhbz#1150048 packaging fix [1:4.2.8.2-6] - Related: rhbz#1150048 rpmdiff fixes [1:4.2.8.2-5] - Related: rhbz#1150048 fix some indic shortcuts [1:4.2.8.2-4] - Resolves: rhbz#1150048 rebase to latest stable 4.2.8.2 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-1774 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [4.2.6p5-5] - reject packets without MAC when authentication is enabled (CVE-2015-1798) - protect symmetric associations with symmetric key against DoS attack (CVE-2015-1799) - fix generation of MD5 keys with ntp-keygen on big-endian systems (CVE-2015-3405) - log when stepping clock for leap second or ignoring it with -x (#1204625) [4.2.6p5-4] - fix typos in ntpd man page (#1194463) MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3405 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 Oracle Linux 6 [1.8.10-17.0.2] - Fix ocfs2 dissector (John Haxby) [orabug 21505640] [1.8.10-17.0.1.el6] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.8.10-17] - security patches - Resolves: CVE-2015-2189 CVE-2015-2191 [1.8.10-16] - security patches - Resolves: CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0562 CVE-2015-0564 [1.8.10-15] - fix AES-GCM decoding - Related: rhbz#1095065 [1.8.10-14] - fix requires: shadow-utils - Resolves: rhbz#1121275 [1.8.10-13] - add elliptic curves decoding in DTLS HELLO - Resolves: rhbz#1131203 [1.8.10-12] - add AES-GCM decryption - Resolves: rhbz#1095065 [1.8.10-11] - fix reading from pipes - Resolves: rhbz#1104210 [1.8.10-10] - introduced nanosecond time precision - Resolves: rhbz#1146578 [1.8.10-9] - fix gtk2 required version - Resolves: rhbz#1160388 MODERATE Copyright 2015 Oracle, Inc. CVE-2014-8712 CVE-2015-0562 CVE-2015-0564 CVE-2014-8710 CVE-2014-8711 CVE-2015-2189 CVE-2014-8713 CVE-2014-8714 CVE-2015-2191 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [3.0.0-47.el6] - Resolves: #1220788 - Some IPA schema files are not RFC 4512 compliant [3.0.0-46.el6] - Use tls version range in NSSHTTPS initialization - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1012224 - host certificate not issued to client during ipa-client-install [3.0.0-45.el6] - Resolves: #1205660 - ipa-client rpm should require keyutils [3.0.0-44.el6] - Release 3.0.0-44 - Resolves: #1201454 - ipa breaks sshd config [3.0.0-43.el6] - Release 3.0.0-43 - Resolves: #1191040 - ipa-client-automount: failing with error LDAP server returned UNWILLING_TO_PERFORM. This likely means that minssf is enabled. - Resolves: #1185207 - ipa-client dont end new line character in /etc/nsswitch.conf - Resolves: #1166241 - CVE-2010-5312 CVE-2012-6662 ipa: various flaws - Resolves: #1161722 - IDM client registration failure in a high load environment - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1146870 - ipa-client-install fails with 'KerbTransport instance has no attribute '__conn'' traceback - Resolves: #1132261 - ipa-client-install failing produces a traceback instead of useful error message - Resolves: #1131571 - Do not allow IdM server/replica/client installation in a FIPS-140 mode - Resolves: #1198160 - /usr/sbin/ipa-server-install --uninstall does not clean /var/lib/ipa/pki-ca - Resolves: #1198339 - ipa-client-install adds extra sss to sudoers in nsswitch.conf - Require: 389-ds-base >= 1.2.11.15-51 - Require: mod_nss >= 1.0.10 - Require: pki-ca >= 9.0.3-40 - Require: python-nss >= 0.16 MODERATE Copyright 2015 Oracle, Inc. CVE-2012-6662 CVE-2010-5312 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [32:9.8.2-0.37.rc1.1] - Fix CVE-2015-4620 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-4620 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [0.56.13-8] - Update CVE-2015-3246 patch based on review comments Resolves: #1235518 [0.56.13-7] - Dont use 512-bit RSA private keys in tests Related: #1235518 - Fix testsuite failures if more than one architecture is building concurrently Related: #1235518 [0.56.13-6] - Fix CVE-2015-3246 Resolves: #1235518 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-3245 CVE-2015-3246 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [32:9.8.2-0.37.rc1.2] - Fix CVE-2015-5477 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5477 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.36-1.13.8.1] - Update tarball to fix TCK regression (PR2565) - Resolves: rhbz#1235153 [1:1.6.0.36-1.13.8.0] - Update to IcedTea 1.13.8 - Update no_pr2125.patch to work against new version. - Resolves: rhbz#1235153 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-2625 CVE-2015-4732 CVE-2015-2621 CVE-2015-4000 CVE-2015-4748 CVE-2015-2590 CVE-2015-2601 CVE-2015-4731 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4760 CVE-2015-4733 CVE-2015-4749 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.1.1-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [38.1.1-1] - Update to 38.1.1 ESR IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-4495 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.2.0-4.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [38.2.0-4] - Update to 38.2.0 ESR CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-4478 CVE-2015-4487 CVE-2015-4488 CVE-2015-4492 CVE-2015-4493 CVE-2015-4473 CVE-2015-4480 CVE-2015-4484 CVE-2015-4486 CVE-2015-4489 CVE-2015-4491 CVE-2015-4475 CVE-2015-4479 CVE-2015-4485 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [2.6.32-573.3.1] - [md] Revert 'dm: don't schedule delayed run of the queue if nothing to do' (Mike Snitzer) [1246095 1240767] - [md] Revert 'dm: only run the queue on completion if congested or no requests pending' (Mike Snitzer) [1246095 1240767] [2.6.32-573.2.1] - [net] udp: fix behavior of wrong checksums (Denys Vlasenko) [1240758 1240759] {CVE-2015-5364 CVE-2015-5366} - [fs] vfs: Unhash and evict unused children dentries after rmdir (Lukas Czerner) [1243400 1241030] - [fs] vfs: Prevent syncing frozen file system (Lukas Czerner) [1243404 1241791] - [fs] vfs: Prevent freeing unlinked file to be indefinitely delayed (Lukas Czerner) [1243406 1236736] - [fs] vmcore: continue vmcore initialization if PT_NOTE is found empty (Baoquan He) [1245195 1236437] - [fs] vmcore: prevent PT_NOTE p_memsz overflow during header update (Baoquan He) [1245195 1236437] - [kernel] audit/fix non-modular users of module_init in core code (Baoquan He) [1245195 1236437] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5364 CVE-2015-5366 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [1.6.11-15] - add security fixes for CVE-2015-0248, CVE-2015-0251, CVE-2015-3187 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3187 CVE-2015-0251 CVE-2015-0248 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [3.6.20-1.2] - Add patch for compiler warnings highlighted by rpmdiff. Related: rhbz#1244727 [3.6.20-1.el6_7.1] - fix for CVE-2015-3416 Resolves: #1244727 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3416 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [1:5.5-54.0.1.el6_7.1] - Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373] [1:5.5-54.el6_7.1] - Fixed parsing of invalid variables in incoming packets (#1248410) MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5621 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.1.1-20.1] - fix CVE-2015-3238 - DoS due to blocking pipe with very long password MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3238 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.2.15-47.0.1] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-47] - fix regressions caused by fix for CVE-2015-3183 [2.2.15-46] - core: fix chunk header parsing defect (CVE-2015-3183) MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3183 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 Oracle Linux 5 Oracle Linux 6 [38.2.0-4.0.1.el6_7] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.2.0-4] - Update to 38.2.0 [38.1.0-4] - Update to 38.1.0 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-4488 CVE-2015-4489 CVE-2015-4487 CVE-2015-4473 CVE-2015-4491 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.2.1-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [38.2.1-1] - Update to 38.2.1 ESR CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-4497 CVE-2015-4498 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [2.24.1-6] - Fix CVE 2015-4491 - Resolves #1253210 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-4491 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [0:1.1.1-11.7] - Gracefully handle parsers without FSP support (e.g. Java 5 GCJ) - Resolves: CVE-2015-0254 [0:1.1.1-11.6] - Prevent XXE and RCE in JSTL XML tags - Apply correction for previous CVE-2015-0254 patch (prevent XXE in <x:transform>) - Resolves: CVE-2015-0254 [0:1.1.1-11.5] - Prevent XXE and RCE in JSTL XML tags - Resolves: CVE-2015-0254 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-0254 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [3.14.3-23] - Pick up upstream freebl patch for CVE-2015-2730 - Check for P == Q or P ==-Q before adding P and Q MODERATE Copyright 2015 Oracle, Inc. CVE-2015-2730 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [32:9.8.2-0.37.rc1.4] - Apply previously not applied patch for CVE-2015-5722 [32:9.8.2-0.37.rc1.3] - Fix CVE-2015-5722 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5722 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 6 Oracle Linux 7 [1.4.5-5] - CVE-2015-1802: missing range check in bdfReadProperties (bug 1258892) - CVE-2015-1803: crash on invalid read in bdfReadCharacters (bug 1258892) - CVE-2015-1804: out-of-bounds memory access in bdfReadCharacters (bug 1258892) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1803 CVE-2015-1804 CVE-2015-1802 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0.12.4-12.1] - Avoid race conditions reading monitor configs from guest. This race could trigger memory corruption host-side Resolves: rhbz#1239124 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-3247 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [0.12.1.2-2.479.el6_7.1] - kvm-rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-20.patch [bz#1248761] - kvm-rtl8139-drop-tautologous-if-ip-.-statement-CVE-2015-.patch [bz#1248761] - kvm-rtl8139-skip-offload-on-short-Ethernet-IP-header-CVE.patch [bz#1248761] - kvm-rtl8139-check-IP-Header-Length-field-CVE-2015-5165.patch [bz#1248761] - kvm-rtl8139-check-IP-Total-Length-field-CVE-2015-5165.patch [bz#1248761] - kvm-rtl8139-skip-offload-on-short-TCP-header-CVE-2015-51.patch [bz#1248761] - kvm-rtl8139-check-TCP-Data-Offset-field-CVE-2015-5165.patch [bz#1248761] - Resolves: bz#1248761 (CVE-2015-5165 qemu-kvm: Qemu: rtl8139 uninitialized heap memory information leakage to guest [rhel-6.7.z]) MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5165 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.3.0-2.0.1.el6_7] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [38.3.0-2] - Update to 38.3.0 ESR CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-4509 CVE-2015-4500 CVE-2015-4510 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 7 Oracle Linux 6 [2.3.43-29] - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263170) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-6908 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.3.0-1.0.1.el6_7] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.3.0-1] - Update to 38.3.0 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-4500 CVE-2015-4522 CVE-2015-7175 CVE-2015-4517 CVE-2015-4520 CVE-2015-4509 CVE-2015-4519 CVE-2015-7180 CVE-2015-4521 CVE-2015-7174 CVE-2015-7176 CVE-2015-7177 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 6 [0.12.4-12.3] - CVE-2015-5260 CVE-2015-5261 fixed various security flaws Resolves: rhbz#1262769 [0.12.4-12.2] - Validate surface_id Resolves: rhbz#1262769 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5261 CVE-2015-5260 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 [0.2.8.4-25] - Resolves: rhbz#1227428 - CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 [0.2.8.4-24] - Resolves: rhbz#1227429 CVE-2015-0848 libwmf: heap overflow when decoding BMP images IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1:1.8.0.65-0.b17] - October 2015 security update to u65b17. - Add script for generating OpenJDK tarballs from a local Mercurial tree. - Update RH1191652 patch to build against current AArch64 tree. - Use appropriate source ID to avoid unpacking both tarballs on AArch64. - Fix library removal script so jpeg, giflib and png sources are removed. - Update system-lcms.patch to regenerated upstream (8042159) version. - Drop LCMS update from rhel6-built.patch - Resolves: rhbz#1257654 [1:1.8.0.51-4.b16] - bumped release to do an build, so test whether 1251560 was really fixed - Resolves: rhbz#1254197 [1:1.8.0.60-4.b27] - updated to u60 (1255352) - Resolves: rhbz#1257654 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-4911 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4842 CVE-2015-4881 CVE-2015-4903 CVE-2015-4843 CVE-2015-4734 CVE-2015-4840 CVE-2015-4883 CVE-2015-4893 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4882 CVE-2015-4835 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 7 Oracle Linux 6 [1:1.7.0.91-2.6.2.2.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.91-2.6.2.2] - added and applied patch500 8072932or8074489.patch to fix tck failure - Resolves: rhbz#1271919 [1:1.7.0.91-2.6.2.1] - Bump to 2.6.2 and u91b00. - Resolves: rhbz#1271919 CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-4844 CVE-2015-4803 CVE-2015-4806 CVE-2015-4842 CVE-2015-4911 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4843 CVE-2015-4883 CVE-2015-4734 CVE-2015-4805 CVE-2015-4840 CVE-2015-4882 CVE-2015-4903 CVE-2015-4893 CVE-2015-4835 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 6 [0.12.1.2-2.479.el6_7.2] - kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE-.patch [bz#1263274] - Resolves: bz#1263274 (CVE-2015-5279 qemu-kvm: qemu: Heap overflow vulnerability in ne2000_receive() function [rhel-6.7.z]) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5279 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 Oracle Linux 6 [4.2.6p5-5.el6_7.2] - check origin timestamp before accepting KoD RATE packet (CVE-2015-7704) - allow only one step larger than panic threshold with -g (CVE-2015-5300) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-7704 CVE-2015-5300 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 nspr [4.10.8-2] - Resolves: Bug 1269360 - CVE-2015-7183 - nspr: heap-buffer overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption nss [3.19.1-5.0.1] - Added nss-vendor.patch to change vendor [3.19.1-5] - Rebuild against updated NSPR [3.19.1-4] - Sync up with the rhel-6.6 branch - Resolves: Bug 1224450 nss-util [3.19.1-2] - Resolves: Bug 1269355 - CVE-2015-7182 CVE-2015-7181 CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-7182 CVE-2015-7181 CVE-2015-7183 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.4.0-1.0.1.el5_11] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [38.4.0-1] - Update to 38.4.0 ESR CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-4513 CVE-2015-7188 CVE-2015-7189 CVE-2015-7197 CVE-2015-7196 CVE-2015-7198 CVE-2015-7193 CVE-2015-7194 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [1.12.4-47.4] - Resolves: rhbz#1268783 - Memory leak / possible DoS with krb auth. [1.12.4-47.3] - Resolves: rhbz#1268784 - SSSD POSIX attribute check is too strict [1.12.4-47.2] - Resolves: rhbz#1264098 - cleanup_groups should sanitize dn of groups [1.12.4-47.1] - Resolves: rhbz#1258398 - sysdb sudo search doesn't escape special characters LOW Copyright 2015 Oracle, Inc. CVE-2015-5292 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [8.4.20-4] - fix for CVE-2015-5288 (rhbz#1273446) MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5288 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.35-1.13.9.4.0.1.el5_11] - Add oracle-enterprise.patch [1:1.6.0.37-1.13.9.4] - Update with new IcedTea & b37 tarballs, including fix for appletviewer regression. - Resolves: rhbz#1271926 [1:1.6.0.37-1.13.9.3] - Update with new IcedTea & b37 tarballs, including more Kerberos fixes for TCK regression. - Resolves: rhbz#1271926 [1:1.6.0.37-1.13.9.2] - Update with new IcedTea & b37 tarballs, including Kerberos fixes for TCK regression. - Resolves: rhbz#1271926 [1:1.6.0.37-1.13.9.1] - Update with newer tarball, including 6763122 fix for TCK regression. - Resolves: rhbz#1271926 [1:1.6.0.37-1.13.9.1] - Drop java-1.6.0-openjdk-pstack.patch. 6310967, the upstream version, is applied in OpenJDK 6. - Resolves: rhbz#1271926 [1:1.6.0.37-1.13.9.0] - Update to IcedTea 1.13.9 - Resolves: rhbz#1271926 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-4842 CVE-2015-4860 CVE-2015-4911 CVE-2015-4734 CVE-2015-4803 CVE-2015-4843 CVE-2015-4872 CVE-2015-4882 CVE-2015-4903 CVE-2015-4844 CVE-2015-4881 CVE-2015-4893 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4883 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:1:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [2.0.9-25.0.1] - Add Fix-for-bug-21110293.patch [bug 21110293] - Add oracle-enterprise.patch and oracle-enterprise-po.patch - Remove libreport-plugin-rhtsupport pkg [2.0.9-25] - save all files changed by the reporter in the reporting GUI - Fixes CVE-2015-5302 - Resolves: #1282143 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5302 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 [1.9.4-3.1] - fix arbitrary code execution via crafted URLs Resolves: #1273889 [1.9.4-3] - fix CVE-2014-9390 Resolves: rhbz#1220552 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7545 cpe:/a:oracle:linux:6::SoftwareCollections cpe:/a:oracle:linux:6::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections12 cpe:/a:oracle:linux:7::SoftwareCollections Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.4.0-1.0.1.el6_7] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.4.0-1] - Update to 38.4.0 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-7198 CVE-2015-7199 CVE-2015-7193 CVE-2015-7200 CVE-2015-7189 CVE-2015-4513 CVE-2015-7197 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0:3.2.1-3.5] - Fix Java object de-serialization vulnerability - Resolves: CVE-2015-7501 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-7501 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.7.6-20.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-20.1] - Fix a series of CVEs (rhbz#1286495) - CVE-2015-7941 Cleanup conditional section error handling - CVE-2015-8317 Fail parsing early on if encoding conversion failed - CVE-2015-7942 Another variation of overflow in Conditional sections - CVE-2015-7942 Fix an error in previous Conditional section patch - Fix parsing short unclosed comment uninitialized access - CVE-2015-7498 Avoid processing entities after encoding conversion failures - CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey - CVE-2015-5312 Another entity expansion issue - CVE-2015-7499 Add xmlHaltParser() to stop the parser - CVE-2015-7499 Detect incoherency on GROW - CVE-2015-7500 Fix memory access error due to incorrect entities boundaries - CVE-2015-8242 Buffer overead with HTML parser in push mode - Libxml violates the zlib interface and crashes MODERATE Copyright 2015 Oracle, Inc. CVE-2015-7500 CVE-2015-5312 CVE-2015-7499 CVE-2015-7498 CVE-2015-7942 CVE-2015-8317 CVE-2015-7497 CVE-2015-7941 CVE-2015-8242 CVE-2015-8241 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2:1.2.49-2] - Security fix for CVE-2015-7981 and CVE-2015-8126 - Resolves: #1283572 MODERATE Copyright 2015 Oracle, Inc. CVE-2015-8472 CVE-2015-8126 CVE-2015-7981 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [1.0.1e-51.1] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-51] - fix the CVE-2015-1791 fix (broken server side renegotiation) [1.0.1e-50] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-49] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-48] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-47] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-46] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-45] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-44] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-43] - fix broken error detection when unwrapping unpadded key [1.0.1e-42.1] - fix the RFC 5649 for key material that does not need padding MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3195 CVE-2015-3194 CVE-2015-3196 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [4.2.8.2-11.0.1.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile (jingdong.lu@oracle.com) - Build with --with-vendor='Oracle America, Inc.' (jingdong.lu@oracle.com) [1:4.2.8.2-11.1] - Resolves: rhbz#1285818 various flaws - CVE-2015-4551 Arbitrary file disclosure in Calc and Writer - CVE-2015-5212 Integer underflow in PrinterSetup length - CVE-2015-5213 Integer overflow in DOC files - CVE-2015-5214 Bookmarks in DOC documents are insufficiently checked causing memory corruption MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5214 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-573.12.1] - Revert: [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551] [2.6.32-573.11.1] - [kvm] svm: unconditionally intercept DB (Paolo Bonzini) [1279467 1279468] {CVE-2015-8104} - [x86] virt: guest to host DoS by triggering an infinite loop in microcode (Paolo Bonzini) [1277557 1277559] {CVE-2015-5307} [2.6.32-573.10.1] - [sound] Fix USB audio issues (wrong URB_ISO_ASAP semantics) (Jaroslav Kysela) [1273916 1255071] - [security] keys: Don't permit request_key() to construct a new keyring (David Howells) [1275927 1273463] {CVE-2015-7872} - [security] keys: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [1275927 1273463] {CVE-2015-7872} - [security] keys: Fix race between key destruction and finding a keyring by name (David Howells) [1275927 1273463] {CVE-2015-7872} - [ipc] Initialize msg/shm IPC objects before doing ipc_addid() (Stanislav Kozina) [1271504 1271505] {CVE-2015-7613} - [fs] vfs: Test for and handle paths that are unreachable from their mnt_root (Eric W. Biederman) [1209368 1209369] {CVE-2015-2925} - [fs] dcache: Handle escaped paths in prepend_path (Eric W. Biederman) [1209368 1209369] {CVE-2015-2925} - [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551] - [hid] fix unused rsize usage (Don Zickus) [1268203 1256568] - [hid] fix data access in implement() (Don Zickus) [1268203 1256568] - [fs] NFS: Hold i_lock in nfs_wb_page_cancel() while locking a request (Benjamin Coddington) [1273721 1135601] [2.6.32-573.9.1] - [mm] hugetlb: fix race in region tracking (Herton R. Krzesinski) [1274599 1260755] - [mm] hugetlb: improve, cleanup resv_map parameters (Herton R. Krzesinski) [1274599 1260755] - [mm] hugetlb: unify region structure handling (Herton R. Krzesinski) [1274599 1260755] - [mm] hugetlb: change variable name reservations to resv (Herton R. Krzesinski) [1274599 1260755] - [fs] dcache: Log ELOOP rather than creating a loop (Benjamin Coddington) [1272858 1254020] - [fs] dcache: Fix loop checks in d_materialise_unique (Benjamin Coddington) [1272858 1254020] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5307 CVE-2015-2925 CVE-2015-8104 CVE-2015-7613 CVE-2015-7872 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 [32:9.8.2-0.44.rc1.5] - Fix CVE-2015-8000 IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-8000 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.5.0-2.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [38.5.0-2] - Update to 38.5.0 ESR CRITICAL Copyright 2015 Oracle, Inc. CVE-2015-7222 CVE-2015-7201 CVE-2015-7205 CVE-2015-7213 CVE-2015-7210 CVE-2015-7212 CVE-2015-7214 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [0.12.1.2-2.479.el6_7.3] - kvm-net-pcnet-add-check-to-validate-receive-data-size-CV.patch [bz#1287950] - kvm-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch [bz#1287950] - Resolves: bz#1287950 (CVE-2015-7504 CVE-2015-7512 qemu-kvm: various flaws [rhel-6.7.z]) IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-7512 CVE-2015-7504 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-55.1.5] - [CIFS] Possible null ptr deref in SMB2_tcon (Steve French) [Orabug: 20433140] {CVE-2014-7145} [3.8.13-55.1.4] - net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425332] {CVE-2014-7841} [3.8.13-55.1.3] - ACPI: x2apic entry ignored (Cathy Avery) [Orabug: 19475776] - i40e: relax the firmware API version check (Shannon Nelson) [Orabug: 20216831] - x86, fpu: remove the logic of non-eager fpu mem allocation at the first usage (Annie Li) [Orabug: 20232585] - iommu/{vt-d,amd}: Remove multifunction assumption around grouping (Alex Williamson) [Orabug: 20192796] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-7145 CVE-2014-7841 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.246.2] - net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425333] {CVE-2014-7841} [2.6.39-400.246.1] - sched: Fix possible divide by zero in avg_atom() calculation (Mateusz Guzik) [Orabug: 20148169] - include/linux/math64.h: add div64_ul() (Alex Shi) - deadlock when two nodes are converting same lock from PR to EX and idletimeout closes conn (Tariq Saeed) [Orabug: 18639535] - bonding: Bond master should reflect slave's features. (Ashish Samant) [Orabug: 20231825] - x86, fpu: remove the logic of non-eager fpu mem allocation at the first usage (Annie Li) [Orabug: 20239143] - x86, fpu: remove cpu_has_xmm check in the fx_finit() (Suresh Siddha) [Orabug: 20239143] - x86, fpu: make eagerfpu= boot param tri-state (Suresh Siddha) [Orabug: 20239143] - x86, fpu: enable eagerfpu by default for xsaveopt (Suresh Siddha) [Orabug: 20239143] - x86, fpu: decouple non-lazy/eager fpu restore from xsave (Suresh Siddha) [Orabug: 20239143] - x86, fpu: use non-lazy fpu restore for processors supporting xsave (Suresh Siddha) [Orabug: 20239143] - lguest, x86: handle guest TS bit for lazy/non-lazy fpu host models (Suresh Siddha) [Orabug: 20239143] - x86, fpu: always use kernel_fpu_begin/end() for in-kernel FPU usage (Suresh Siddha) [Orabug: 20239143] - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (Suresh Siddha) [Orabug: 20239143] - x86, fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Suresh Siddha) [Orabug: 20239143] - raid5: add AVX optimized RAID5 checksumming (Jim Kukunas) [Orabug: 20239143] - x86, fpu: drop the fpu state during thread exit (Suresh Siddha) [Orabug: 20239143] - x32: Add a thread flag for x32 processes (H. Peter Anvin) [Orabug: 20239143] - x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels (Suresh Siddha) [Orabug: 20239143] - x86, fpu: Consolidate inline asm routines for saving/restoring fpu state (Suresh Siddha) [Orabug: 20239143] - x86, signal: Cleanup ifdefs and is_ia32, is_x32 (Suresh Siddha) [Orabug: 20239143] into exported and internal interfaces (Linus Torvalds) [Orabug: 20239143] - i387: Uninline the generic FP helpers that we expose to kernel modules (Linus Torvalds) [Orabug: 20239143] - i387: use 'restore_fpu_checking()' directly in task switching code (Linus Torvalds) [Orabug: 20239143] - i387: fix up some fpu_counter confusion (Linus Torvalds) [Orabug: 20239143] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-7841 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.36.14uek] - net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (Daniel Borkmann) [Orabug: 20425334] {CVE-2014-7841} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-7841 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68] - ttusb-dec: buffer overflow in ioctl (Dan Carpenter) [Orabug: 20673373] {CVE-2014-8884} - mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support (Kirill A. Shutemov) [Orabug: 20673279] {CVE-2014-8173} - netfilter: conntrack: disable generic tracking for known protocols (Florian Westphal) [Orabug: 20673235] {CVE-2014-8160} [3.8.13-67] - sparc64: Remove deprecated __GFP_NOFAIL from mdesc_kmalloc (Eric Snowberg) [Orabug: 20055909] - x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618880] - sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618880] - xen-netfront: Fix handling packets on compound pages with skb_linearize (Zoltan Kiss) [Orabug: 19546077] - qla2xxx: Add adapter checks for FAWWN functionality. (Saurav Kashyap) [Orabug: 20474227] - config: enable CONFIG_MODULE_SIG_SHA512 (Guangyu Sun) [Orabug: 20611400] - net: rds: use correct size for max unacked packets and bytes (Sasha Levin) [Orabug: 20585918] - watchdog: w83697hf_wdt: return ENODEV if no device was found (Stanislav Kholmanskikh) [Orabug: 18122938] - NVMe: Disable pci before clearing queue (Keith Busch) [Orabug: 20564650] [3.8.13-66] - bnx2fc: upgrade to 2.8.2 (Dan Duval) [Orabug: 20523502] - bnx2i: upgrade to 2.11.0.0 (Dan Duval) [Orabug: 20523502] - bnx2x: upgrade to 1.712.10 (Dan Duval) [Orabug: 20523502] - cnic: upgrade to 2.721.01 (Dan Duval) [Orabug: 20523502] - bnx2: upgrade to 2.712.01 (Dan Duval) [Orabug: 20523502] - Update lpfc version for 10.6.61 (rkennedy) [Orabug: 20539686] - Remove consolidated merge lines from previous patch, they require a 3.19 kernel to build with. (rkennedy) [Orabug: 20539686] - Implement support for wire-only DIF devices (rkennedy) [Orabug: 20539686] - lpfc: Update copyright to 2015 (rkennedy) [Orabug: 20539686] - lpfc: Update Copyright on changed files (James Smart) [Orabug: 20539686] - lpfc: Fix for lun discovery issue with 8Gig adapter. (rkennedy) [Orabug: 20539686] - lpfc: Fix crash in device reset handler. (rkennedy) [Orabug: 20539686] - lpfc: application causes OS crash when running diagnostics (rkennedy) [Orabug: 20539686] - lpfc: Fix internal loopback failure (rkennedy) [Orabug: 20539686] - lpfc: Fix premature release of rpi bit in bitmask (rkennedy) [Orabug: 20539686] - lpfc: Initiator sends wrong BBCredit value for either FLOGI or FLOGI_ACC (rkennedy) [Orabug: 20539686] - lpfc: Fix null ndlp derefernce in target_reset_handler (rkennedy) [Orabug: 20539686] - lpfc: Fix FDMI Fabric support (rkennedy) [Orabug: 20539686] - lpfc: Fix provide host name and OS name in RSNN-NN FC-GS command (rkennedy) [Orabug: 20539686] - lpfc: Parse the new 20G, 25G and 40G link speeds in the lpfc driver (rkennedy) [Orabug: 20539686] - lpfc: lpfc does not support option_rom_version sysfs attribute on newer adapters (rkennedy) [Orabug: 20539686] - lpfc: Fix setting of EQ delay Multiplier (rkennedy) [Orabug: 20539686] - lpfc: Fix host reset escalation killing all IOs. (rkennedy) [Orabug: 20539686] - lpfc: Linux lpfc driver doesnt re-establish the link after a cable pull on LPe12002 (rkennedy) [Orabug: 20539686] - lpfc: Fix to handle PLOGI when already logged in (rkennedy) [Orabug: 20539686] - lpfc: EnableBootCode from hbacmd fails on Lancer (rkennedy) [Orabug: 20539686] - lpfc: Add Lancer Temperature Event support to the lpfc driver (rkennedy) [Orabug: 20539686] - lpfc: Fix the iteration count to match the 30 sec comment (rkennedy) [Orabug: 20539686] - lpfc: fix low priority issues from fortify source code scan (James Smart) [Orabug: 20539686] - lpfc: fix high priority issues from fortify source code scan (James Smart) [Orabug: 20539686] - lpfc: fix for handling unmapped ndlp in target reset handler (James Smart) [Orabug: 20539686] - lpfc: fix crash from page fault caused by use after rport delete (James Smart) [Orabug: 20539686] - lpfc: fix locking issues with abort data paths (James Smart) [Orabug: 20539686] - lpfc: fix race between LOGO/PLOGI handling causing NULL pointer (James Smart) [Orabug: 20539686] - lpfc: fix quarantined XRI recovery qualifier state in link bounce (James Smart) [Orabug: 20539686] - lpfc: fix discovery timeout during nameserver login (James Smart) [Orabug: 20539686] - lpfc: fix IP Reset processing - wait for RDY before proceeding (James Smart) [Orabug: 20539686] - lpfc: Update lpfc version to driver version 10.2.8000.0 (James Smart) [Orabug: 20539686] - net: Check for presence of IFLA_AF_SPEC (Thomas Graf) [Orabug: 20382857] - net: Validate IFLA_BRIDGE_MODE attribute length (Thomas Graf) [Orabug: 20382857] - be2net: fix alignment on line wrap (Kalesh AP) [Orabug: 20382857] - be2net: remove multiple assignments on a single line (Kalesh AP) [Orabug: 20382857] - be2net: remove space after typecasts (Kalesh AP) [Orabug: 20382857] - be2net: remove unnecessary blank lines after an open brace (Kalesh AP) [Orabug: 20382857] - be2net: insert a blank line after function/struct//enum definitions (Kalesh AP) [Orabug: 20382857] - be2net: remove multiple blank lines (Kalesh AP) [Orabug: 20382857] - be2net: add blank line after declarations (Kalesh AP) [Orabug: 20382857] - be2net: remove return statements for void functions (Kalesh AP) [Orabug: 20382857] - be2net: add speed reporting for 20G-KR interface (Vasundhara Volam) [Orabug: 20382857] - be2net: add speed reporting for 40G/KR interface (Kalesh AP) [Orabug: 20382857] - be2net: fix sparse warnings in be_cmd_req_port_type{} (Suresh Reddy) [Orabug: 20382857] - be2net: fix a sparse warning in be_cmd_modify_eqd() (Kalesh AP) [Orabug: 20382857] - enic: fix rx napi poll return value (Govindarajulu Varadarajan) [Orabug: 20342354] - net: rename vlan_tx_* helpers since 'tx' is misleading there (Jiri Pirko) [Orabug: 20342354] - enic: free all rq buffs when allocation fails (Govindarajulu Varadarajan) [Orabug: 20342354] - net: ethernet: cisco: enic: enic_dev: Remove some unused functions (Rickard Strandqvist) [Orabug: 20342354] - enic: add stats for dma mapping error (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: check dma_mapping_error (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: make vnic_wq_buf doubly linked (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: fix rx skb checksum (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: fix work done in tx napi_poll (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: update desc properly in rx_copybreak (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: handle error condition properly in enic_rq_indicate_buf (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: Do not call napi_disable when preemption is disabled. (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: fix possible deadlock in enic_stop/ enic_rfs_flw_tbl_free (Govindarajulu Varadarajan) [Orabug: 20342354] - drivers/net: Convert remaining uses of pr_warning to pr_warn (Joe Perches) [Orabug: 20342354] - enic: implement rx_copybreak (Govindarajulu Varadarajan) [Orabug: 20342354] - PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use (Benoit Taine) [Orabug: 20342354] - enic: add pci_zalloc_consistent to kcompat.h (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: use pci_zalloc_consistent (Joe Perches) [Orabug: 20342354] - enic: Add ethtool support to show classifier filters added by the driver (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: remove #ifdef CONFIG_RFS_ACCEL around filter structures (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: fix return values in enic_set_coalesce (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: fix compile issue when CONFIG_NET_RX_BUSY_POLL is N (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: add kcompat file (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: Make dummy rfs functions inline to fix !CONFIG_RFS_ACCEL build (Geert Uytterhoeven) [Orabug: 20342354] - enic: do tx cleanup in napi poll (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: add low latency socket busy_poll support (Govindarajulu Varadarajan) [Orabug: 20342354] - net: vlan: add protocol argument to packet tagging functions (Patrick McHardy) [Orabug: 20342354] - net: vlan: prepare for 802.1ad VLAN filtering offload (Patrick McHardy) [Orabug: 20342354] - net: vlan: rename NETIF_F_HW_VLAN_* feature flags to NETIF_F_HW_VLAN_CTAG_* (Patrick McHardy) [Orabug: 20342354] - enic: fix lockdep around devcmd_lock (Tony Camuso) [Orabug: 20342354] - enic: Add Accelerated RFS support (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: alloc/free rx_cpu_rmap (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: devcmd for adding IP 5 tuple hardware filters (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: fix return value in _vnic_dev_cmd (Govindarajulu Varadarajan) [Orabug: 20342354] - net: use SPEED_UNKNOWN and DUPLEX_UNKNOWN when appropriate (Jiri Pirko) [Orabug: 20342354] - enic: Fix 64 bit divide on 32bit system (Govindarajulu Varadarajan) [Orabug: 20342354] - enic: Add support for adaptive interrupt coalescing (Sujith Sankar) [Orabug: 20342354] - net: get rid of SET_ETHTOOL_OPS (Wilfried Klaebe) [Orabug: 20342354] - enic: Use pci_enable_msix_range() instead of pci_enable_msix() (Alexander Gordeev) [Orabug: 20342354] - bnx2x: Not use probe_defer (Vaughan Cao) [Orabug: 20405577] - Revert 'nfsd4: fix leak of inode reference on delegation failure' (Dan Duval) [Orabug: 20280060] - ipoib/ib core: set module_unload_allowed = 0 as default (Qing Huang) [Orabug: 20048920] - xfs: fix directory hash ordering bug (Mark Tinguely) [Orabug: 19695297] - xfs: fix node forward in xfs_node_toosmall (Mark Tinguely) [Orabug: 19695297] - XFS: Assertion failed: first <= last && last < BBTOB(bp->b_length), file: fs/xfs/xfs_trans_buf.c, line: 568 (Dave Chinner) [Orabug: 19695297] - mlx4_vnic: Skip fip discover restart if pkey index not changed (Yuval Shaia) [Orabug: 19153757] [3.8.13-65] - uek-rpm: ol7: update update-el to 7.1 (Guangyu Sun) [Orabug: 20524699] [3.8.13-64] - storvsc: ring buffer failures may result in I/O freeze (Long Li) [Orabug: 20328185] - crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 20429934] {CVE-2013-7421} - crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 20429934] {CVE-2014-9644} - crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 20429934] {CVE-2013-7421} - be2iscsi : Bump the driver version (John Soni Jose) [Orabug: 20426078] - be2iscsi : Fix memory leak in the unload path (John Soni Jose) [Orabug: 20426078] - be2iscsi : Fix the PCI request region reserving. (John Soni Jose) [Orabug: 20426078] - be2iscsi : Fix the retry count for boot targets (John Soni Jose) [Orabug: 20426078] - fuse: Ensure request structure is not modified after being reused. (Ashish Samant) [Orabug: 20396380] - x86, apic, kexec: Add disable_cpu_apicid kernel parameter (HATAYAMA Daisuke) [Orabug: 20344754] - nfsd4: zero op arguments beyond the 8th compound op (J. Bruce Fields) [Orabug: 20070817] - ocfs2: implement delayed dropping of last dquot reference (Jan Kara) [Orabug: 19559063] - ib/sdp: fix null dereference of sk->sk_wq in sdp_rx_irq() (Chuck Anderson) [Orabug: 20482741] [3.8.13-63] - ext4: protect write with sb_start/end_write in ext4_file_dio_write (Guangyu Sun) [Orabug: 20427284] - fs/pipe.c: skip file_update_time on frozen fs (Dmitry Monakhov) [Orabug: 20427126] - hpsa: remove 'action required' phrasing (Stephen M. Cameron) [Orabug: 20363086] - hpsa: remove spin lock around command allocation (Stephen M. Cameron) [Orabug: 20363086] - hpsa: always call pci_set_master after pci_enable_device (Robert Elliott) [Orabug: 20363086] - hpsa: Convert SCSI LLD ->queuecommand() for host_lock less operation (Nicholas Bellinger) [Orabug: 20363086] - hpsa: do not be so noisy about check conditions (Stephen M. Cameron) [Orabug: 20363086] - hpsa: use atomics for commands_outstanding (Stephen M. Cameron) [Orabug: 20363086] - hpsa: get rid of type/attribute/direction bit field where possible (Stephen M. Cameron) [Orabug: 20363086] - hpsa: fix endianness issue with scatter gather elements (Stephen M. Cameron) [Orabug: 20363086] - hpsa: fix allocation sizes for CISS_REPORT_LUNs commands (Stephen M. Cameron) [Orabug: 20363086] - hpsa: correct off-by-one sizing of chained SG block (Webb Scales) [Orabug: 20363086] - hpsa: fix a couple pci id table mistakes (Stephen M. Cameron) [Orabug: 20363086] - hpsa: remove dev_warn prints from RAID-1ADM (Robert Elliott) [Orabug: 20363086] - hpsa: Clean up warnings from sparse. (Don Brace) [Orabug: 20363086] - hpsa: add missing pci_set_master in kdump path (Tomas Henzl) [Orabug: 20363086] - hpsa: refine the pci enable/disable handling (Tomas Henzl) [Orabug: 20363086] - hpsa: Fallback to MSI rather than to INTx if MSI-X failed (Alexander Gordeev) [Orabug: 20363086] - libata: prevent HSM state change race between ISR and PIO (David Jeffery) [Orabug: 20019302] [3.8.13-62] - i40e: Bump i40e version to 1.2.2 and i40evf version to 1.0.6 (Catherine Sullivan) [Orabug: 20199714] - i40e: get pf_id from HW rather than PCI function (Shannon Nelson) [Orabug: 20199714] - i40e: increase ARQ size (Mitch Williams) [Orabug: 20199714] - i40e: Increase reset delay (Kevin Scott) [Orabug: 20199714] - i40evf: make early init sequence even more robust (Mitch Williams) [Orabug: 20199714] - i40e: fix netdev_stat macro definition (Shannon Nelson) [Orabug: 20199714] - i40e: Define and use i40e_is_vf macro (Anjali Singhai Jain) [Orabug: 20199714] - i40e: Add a virtual channel op to config RSS (Anjali Singhai Jain) [Orabug: 20199714] - i40e: dont enable PTP support on more than one PF per port (Jacob Keller) [Orabug: 20199714] - i40e: allow various base numbers in debugfs aq commands (Shannon Nelson) [Orabug: 20199714] - i40e: remove useless debug noise (Shannon Nelson) [Orabug: 20199714] - i40e: Remove unneeded break statement (Shannon Nelson) [Orabug: 20199714] - i40e: trigger SW INT with no ITR wait (Shannon Nelson) [Orabug: 20199714] - i40evf: remove unnecessary else (Mitch Williams) [Orabug: 20199714] - i40evf: make checkpatch happy (Mitch Williams) [Orabug: 20199714] - i40evf: update header comments (Mitch Williams) [Orabug: 20199714] - i40e: dont overload fields (Mitch Williams) [Orabug: 20199714] - i40e: Prevent link flow control settings when PFC is enabled (Neerav Parikh) [Orabug: 20199714] - i40e: Update VEBs enabled_tc after reconfiguration (Neerav Parikh) [Orabug: 20199714] - i40e: Bump version to 1.1.23 (Catherine Sullivan) [Orabug: 20199714] - i40e: re-enable VFLR interrupt sooner (Mitch Williams) [Orabug: 20199714] - i40e: only warn once of PTP nonsupport in 100Mbit speed (Shannon Nelson) [Orabug: 20199714] - i40evf: dont use more queues than CPUs (Mitch Williams) [Orabug: 20199714] - i40evf: make early init processing more robust (Mitch Williams) [Orabug: 20199714] - i40e: clean up throttle rate code (Jesse Brandeburg) [Orabug: 20199714] - i40e: dont do link_status or stats collection on every ARQ (Shannon Nelson) [Orabug: 20199714] - i40e: poll firmware slower (Kamil Krawczyk) [Orabug: 20199714] - i40e: properly parse MDET registers (Mitch Williams) [Orabug: 20199714] - i40e: configure VM ID in qtx_ctl (Mitch Williams) [Orabug: 20199714] - i40e: enable debug earlier (Shannon Nelson) [Orabug: 20199714] - i40e: better wording for resource tracking errors (Shannon Nelson) [Orabug: 20199714] - i40e: scale msix vector use when more cores than vectors (Shannon Nelson) [Orabug: 20199714] - i40e: remove debugfs dump stats (Shannon Nelson) [Orabug: 20199714] - i40e: avoid disable of interrupt when changing ITR (Jesse Brandeburg) [Orabug: 20199714] - i40evf: Add support for 10G base T parts (Paul M Stillwell Jr) [Orabug: 20199714] - i40e: fix link checking logic (Mitch Williams) [Orabug: 20199714] - i40evf: properly handle multiple AQ messages (Mitch Williams) [Orabug: 20199714] - i40e: Add condition to enter fdir flush and reinit (Akeem G Abodunrin) [Orabug: 20199714] - i40e: Bump version (Catherine Sullivan) [Orabug: 20199714] - i40e: Moving variable declaration out of the loops (Akeem G Abodunrin) [Orabug: 20199714] - i40e: Add 10GBaseT support (Mitch Williams) [Orabug: 20199714] - i40e: process link events when setting up switch (Mitch Williams) [Orabug: 20199714] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-3610 CVE-2014-9644 CVE-2013-7421 CVE-2014-7975 CVE-2014-8134 CVE-2014-8133 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-55.1.8] - kvm: fix excessive pages un-pinning in kvm_iommu_map error path. (Quentin Casasnovas) [Orabug: 20687313] {CVE-2014-3601} {CVE-2014-8369} {CVE-2014-3601} [3.8.13-55.1.7] - ttusb-dec: buffer overflow in ioctl (Dan Carpenter) [Orabug: 20673376] {CVE-2014-8884} - mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support (Kirill A. Shutemov) [Orabug: 20673281] {CVE-2014-8173} - netfilter: conntrack: disable generic tracking for known protocols (Florian Westphal) [Orabug: 20673239] {CVE-2014-8160} - tracing/syscalls: Ignore numbers outside NR_syscalls' range (Rabin Vincent) [Orabug: 20673163] {CVE-2014-7826} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8160 CVE-2014-7825 CVE-2014-8369 CVE-2014-8884 CVE-2014-8173 CVE-2014-7826 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.248.3] - kvm: fix excessive pages un-pinning in kvm_iommu_map error path. (Quentin Casasnovas) [Orabug: 20687314] {CVE-2014-3601} {CVE-2014-8369} {CVE-2014-3601} - Revert 'mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support' (Guangyu Sun) [Orabug: 20673281] {CVE-2014-8173} [2.6.39-400.248.2] - netfilter: conntrack: disable generic tracking for known protocols (Florian Westphal) [Orabug: 20679630] {CVE-2014-8160} - mac80211: fix fragmentation code, particularly for encryption (Johannes Berg) [Orabug: 20673313] {CVE-2014-8709} - mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support (Kirill A. Shutemov) [Orabug: 20673282] {CVE-2014-8173} - tracing/syscalls: Ignore numbers outside NR_syscalls' range (Rabin Vincent) [Orabug: 20673164] {CVE-2014-7825} {CVE-2014-7826} - tracing/syscalls: Fix perf syscall tracing when syscall_nr == -1 (Will Deacon) [Orabug: 20673164] {CVE-2014-7825} {CVE-2014-7826} [2.6.39-400.248.1] - NVMe: Disable pci before clearing queue (Keith Busch) [Orabug: 20533100] - x86, fpu: disable eagerfpu by default (Santosh Shilimkar) [Orabug: 20521543] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-7826 CVE-2014-8709 CVE-2014-7825 CVE-2014-8160 CVE-2014-8369 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.2uek] - netfilter: conntrack: disable generic tracking for known protocols (Florian Westphal) [Orabug: 20679631] {CVE-2014-8160} - mac80211: fix fragmentation code, particularly for encryption (Johannes Berg) [Orabug: 20673314] {CVE-2014-8709} - tracing/syscalls: Ignore numbers outside NR_syscalls' range (Rabin Vincent) [Orabug: 20673165] {CVE-2014-7825} {CVE-2014-7826} - tracing/syscalls: Fix perf syscall tracing when syscall_nr == -1 (Will Deacon) [Orabug: 20673165] {CVE-2014-7825} {CVE-2014-7826} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8709 CVE-2014-7826 CVE-2014-8160 CVE-2014-8369 CVE-2014-7825 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68.1.2] - IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159} [3.8.13-68.1.1] - xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20697017] {CVE-2015-2150} {CVE-2015-2150} - net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780347] {CVE-2015-1421} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-2150 CVE-2014-8159 CVE-2015-1421 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.249.3] - IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159} [2.6.39-400.249.2] - xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150} - net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8159 CVE-2015-1421 CVE-2015-2150 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.3] - net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780349] {CVE-2015-1421} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1421 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.0.1m-2.0.1] - update to upstream 1.0.1m - update to fips canister 2.0.9 - regenerated below patches openssl-1.0.1-beta2-rpmbuild.patch openssl-1.0.1m-rhcompat.patch openssl-1.0.1m-ecc-suiteb.patch openssl-1.0.1m-fips-mode.patch openssl-1.0.1m-version.patch openssl-1.0.1m-evp-devel.patch [1.0.1j-2.0.4] - [Orabug 20182267] The openssl-fips-devel package should Provide: openssl-devel and openssl-devel(x86-64) like the standard -devel package - The openssl-fips-devel package should include fips.h and fips_rand.h for apps that want to build against FIPS* APIs [1.0.1j-2.0.3] - [Orabug 20086847] reintroduce patch openssl-1.0.1e-ecc-suiteb.patch, update ec_curve.c which gets copied into build tree to match the patch (ie only have curves which are advertised). The change items from the orignal patch are as follows: - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1j-2.0.2] - update README.FIPS with step-by-step install instructions [1.0.1j-2.0.1] - update to upstream 1.0.1j - change name to openssl-fips - change Obsoletes: openssl to Conflicts: openssl - add Provides: openssl [1.0.1i-2.0.3.fips] - update to fips canister 2.0.8 to remove Dual EC DRBG - run gcc -v so the gcc build version is captured in the build log [1.0.1i-2.0.2.fips] - flip EVP_CIPH_* flag bits for compatibility with original RH patched pkg [1.0.1i-2.0.1.fips] - build against upstream 1.0.1i - build against fips validated canister 2.0.7 - add patch to support fips=1 - rename pkg to openssl-fips and Obsolete openssl [1.0.1e-16.14] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-16.7] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-16.4] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-16.3] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-16.2] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-16.1] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document [1.0.0-8] - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode [1.0.0-7] - listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6 (#601612) - fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers (#619762) [1.0.0-6] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-5] - fix race in extension parsing code - CVE-2010-3864 (#649304) [1.0.0-4] - openssl man page fix (#609484) [1.0.0-3] - fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738) - fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732) [1.0.0-2] - make CA dir readable - the private keys are in private subdir (#584810) - a few fixes from upstream CVS - make X509_NAME_hash_old work in FIPS mode (#568395) [1.0.0-1] - update to final 1.0.0 upstream release [1.0.0-0.22.beta5] - make TLS work in the FIPS mode [1.0.0-0.21.beta5] - gracefully handle zero length in assembler implementations of OPENSSL_cleanse (#564029) - do not fail in s_server if client hostname not resolvable (#561260) [1.0.0-0.20.beta5] - new upstream release [1.0.0-0.19.beta4] - fix CVE-2009-4355 - leak in applications incorrectly calling CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling [1.0.0-0.18.beta4] - add support for Intel AES-NI [1.0.0-0.17.beta4] - upstream fix compression handling on session resumption - various null checks and other small fixes from upstream - upstream changes for the renegotiation info according to the latest draft [1.0.0-0.16.beta4] - fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS [1.0.0-0.15.beta4] - add better error reporting for the unsafe renegotiation [1.0.0-0.14.beta4] - fix build on s390x [1.0.0-0.13.beta4] - disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot [1.0.0-0.12.beta4] - keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check [1.0.0-0.11.beta4] - update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final. [1.0.0-0.10.beta3] - fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342) [1.0.0-0.9.beta3] - fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION() [1.0.0-0.8.beta3] - fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127) [1.0.0-0.7.beta3] - temporarily disable x86_64 camellia assembler code (#521127) [1.0.0-0.6.beta3] - fix openssl dgst -dss1 (#520152) [1.0.0-0.5.beta3] - drop the compat symlink hacks [1.0.0-0.4.beta3] - constify SSL_CIPHER_description() [1.0.0-0.3.beta3] - fix WWW:Curl:Easy reference in tsget [1.0.0-0.2.beta3] - enable MD-2 [1.0.0-0.1.beta3] - update to new major upstream release [0.9.8k-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Bill Nottingham <notting@redhat.com> - do not build special 'optimized' versions for i686, as that's the base arch in Fedora now [0.9.8k-6] - abort if selftests failed and random number generator is polled - mention EVP_aes and EVP_sha2xx routines in the manpages - add README.FIPS - make CA dir absolute path (#445344) - change default length for RSA key generation to 2048 (#484101) [0.9.8k-5] - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572) [0.9.8k-4] - support compatibility DTLS mode for CISCO AnyConnect (#464629) [0.9.8k-3] - correct the SHLIB_VERSION define [0.9.8k-2] - add support for multiple CRLs with same subject - load only dynamic engine support in FIPS mode [0.9.8k-1] - update to new upstream release (minor bug fixes, security fixes and machine code optimizations only) [0.9.8j-10] - move libraries to /usr/lib (#239375) [0.9.8j-9] - add a static subpackage [0.9.8j-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [0.9.8j-7] - must also verify checksum of libssl.so in the FIPS mode - obtain the seed for FIPS rng directly from the kernel device - drop the temporary symlinks [0.9.8j-6] - drop the temporary triggerpostun and symlinking in post - fix the pkgconfig files and drop the unnecessary buildrequires on pkgconfig as it is a rpmbuild dependency (#481419) [0.9.8j-5] - add temporary triggerpostun to reinstate the symlinks [0.9.8j-4] - no pairwise key tests in non-fips mode (#479817) [0.9.8j-3] - even more robust test for the temporary symlinks [0.9.8j-2] - try to ensure the temporary symlinks exist [0.9.8j-1] - new upstream version with necessary soname bump (#455753) - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) - add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493) [0.9.8g-11] - do not add tls extensions to server hello for SSLv3 either [0.9.8g-10] - move root CA bundle to ca-certificates package [0.9.8g-9] - fix CVE-2008-0891 - server name extension crash (#448492) - fix CVE-2008-1672 - server key exchange message omit crash (#448495) [0.9.8g-8] - super-H arch support - drop workaround for bug 199604 as it should be fixed in gcc-4.3 [0.9.8g-7] - sparc handling [0.9.8g-6] - update to new root CA bundle from mozilla.org (r1.45) [0.9.8g-5] - Autorebuild for GCC 4.3 [0.9.8g-4] - merge review fixes (#226220) - adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846) [0.9.8g-3] - set default paths when no explicit paths are set (#418771) - do not add tls extensions to client hello for SSLv3 (#422081) [0.9.8g-2] - enable some new crypto algorithms and features - add some more important bug fixes from openssl CVS [0.9.8g-1] - update to latest upstream release, SONAME bumped to 7 [0.9.8b-17] - update to new CA bundle from mozilla.org [0.9.8b-16] - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) - add alpha sub-archs (#296031) [0.9.8b-15] - rebuild [0.9.8b-14] - use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys (#250577) - make ssl session cache id matching strict (#233599) [0.9.8b-13] - allow building on ARM architectures (#245417) - use reference timestamps to prevent multilib conflicts (#218064) - -devel package must require pkgconfig (#241031) [0.9.8b-12] - detect duplicates in add_dir properly (#206346) [0.9.8b-11] - the previous change still didn't make X509_NAME_cmp transitive [0.9.8b-10] - make X509_NAME_cmp transitive otherwise certificate lookup is broken (#216050) [0.9.8b-9] - aliasing bug in engine loading, patch by IBM (#213216) [0.9.8b-8] - CVE-2006-2940 fix was incorrect (#208744) [0.9.8b-7] - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940) [0.9.8b-6] - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) [0.9.8b-5] - set buffering to none on stdio/stdout FILE when bufsize is set (#200580) patch by IBM [0.9.8b-4.1] - rebuild with new binutils (#200330) [0.9.8b-4] - add a temporary workaround for sha512 test failure on s390 (#199604) * Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) - add patches for BN threadsafety, AES cache collision attack hazard fix and pkcs7 code memleak fix from upstream CVS [0.9.8b-3.1] - rebuild [0.9.8b-3] - dropped libica and ica engine from build * Wed Jun 21 2006 Joe Orton <jorton@redhat.com> - update to new CA bundle from mozilla.org; adds CA certificates from netlock.hu and startcom.org [0.9.8b-2] - fixed a few rpmlint warnings - better fix for #173399 from upstream - upstream fix for pkcs12 [0.9.8b-1] - upgrade to new version, stays ABI compatible - there is no more linux/config.h (it was empty anyway) [0.9.8a-6] - fix stale open handles in libica (#177155) - fix build if 'rand' or 'passwd' in buildroot path (#178782) - initialize VIA Padlock engine (#186857) [0.9.8a-5.2] - bump again for double-long bug on ppc(64) [0.9.8a-5.1] - rebuilt for new gcc4.1 snapshot and glibc changes [0.9.8a-5] - don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [0.9.8a-4] - fix build (-lcrypto was erroneusly dropped) of the updated libica - updated ICA engine to 1.3.6-rc3 [0.9.8a-3] - disable builtin compression methods for now until they work properly (#173399) [0.9.8a-2] - don't set -rpath for openssl binary [0.9.8a-1] - new upstream version - patches partially renumbered [0.9.7f-11] - updated IBM ICA engine library and patch to latest upstream version [0.9.7f-10] - fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803) [0.9.7f-9] - add *.so.soversion as symlinks in /lib (#165264) - remove unpackaged symlinks (#159595) - fixes from upstream (constant time fixes for DSA, bn assembler div on ppc arch, initialize memory on realloc) [0.9.7f-8] - Updated ICA engine IBM patch to latest upstream version. [0.9.7f-7] - fix CAN-2005-0109 - use constant time/memory access mod_exp so bits of private key aren't leaked by cache eviction (#157631) - a few more fixes from upstream 0.9.7g [0.9.7f-6] - use poll instead of select in rand (#128285) - fix Makefile.certificate to point to /etc/pki/tls - change the default string mask in ASN1 to PrintableString+UTF8String [0.9.7f-5] - update to revision 1.37 of Mozilla CA bundle [0.9.7f-4] - move certificates to _sysconfdir/pki/tls (#143392) - move CA directories to _sysconfdir/pki/CA - patch the CA script and the default config so it points to the CA directories [0.9.7f-3] - uninitialized variable mustn't be used as input in inline assembly - reenable the x86_64 assembly again [0.9.7f-2] - add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken - disable broken bignum assembly on x86_64 [0.9.7f-1] - reenable optimizations on ppc64 and assembly code on ia64 - upgrade to new upstream version (no soname bump needed) - disable thread test - it was testing the backport of the RSA blinding - no longer needed - added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903) [0.9.7e-3] - libcrypto shouldn't depend on libkrb5 (#135961) [0.9.7e-2] - rebuild [0.9.7e-1] - new upstream source, updated patches - added patch so we are hopefully ABI compatible with upcoming 0.9.7f * Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com> - Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq [0.9.7a-46] - generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32) [0.9.7a-45] - Fixed and updated libica-1.3.4-urandom.patch patch (#122967) [0.9.7a-44] - rebuild [0.9.7a-43] - rebuild [0.9.7a-42] - rebuild [0.9.7a-41] - remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040) [0.9.7a-40] - Include latest libica version with important bugfixes * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-38] - Updated ICA engine IBM patch to latest upstream version. [0.9.7a-37] - build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik) [0.9.7a-36] - handle %{_arch}=i486/i586/i686/athlon cases in the intermediate header (#124303) [0.9.7a-35] - add security fixes for CAN-2004-0079, CAN-2004-0112 * Tue Mar 16 2004 Phil Knirsch <pknirsch@redhat.com> - Fixed libica filespec. [0.9.7a-34] - ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix the intermediate header [0.9.7a-33] - add an intermediate <openssl/opensslconf.h> which points to the right arch-specific opensslconf.h on multilib arches * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-32] - Updated libica to latest upstream version 1.3.5. [0.9.7a-31] - Update ICA crypto engine patch from IBM to latest version. * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-29] - rebuilt [0.9.7a-28] - Fixed libica build. * Wed Feb 04 2004 Nalin Dahyabhai <nalin@redhat.com> - add '-ldl' to link flags added for Linux-on-ARM (#99313) [0.9.7a-27] - updated ca-bundle.crt: removed expired GeoTrust roots, added freessl.com root, removed trustcenter.de Class 0 root [0.9.7a-26] - Fix link line for libssl (bug #111154). [0.9.7a-25] - add dependency on zlib-devel for the -devel package, which depends on zlib symbols because we enable zlib for libssl (#102962) [0.9.7a-24] - Use /dev/urandom instead of PRNG for libica. - Apply libica-1.3.5 fix for /dev/urandom in icalinux.c - Use latest ICA engine patch from IBM. [0.9.7a-22.1] - rebuild [0.9.7a-22] - rebuild (22 wasn't actually built, fun eh?) [0.9.7a-23] - re-disable optimizations on ppc64 * Tue Sep 30 2003 Joe Orton <jorton@redhat.com> - add a_mbstr.c fix for 64-bit platforms from CVS [0.9.7a-22] - add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged as not needing executable stacks [0.9.7a-21] - rebuild * Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> - re-enable optimizations on ppc64 * Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> - remove exclusivearch [0.9.7a-20] - only parse a client cert if one was requested - temporarily exclusivearch for %{ix86} * Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> - add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544) and heap corruption (CAN-2003-0545) - update RHNS-CA-CERT files - ease back on the number of threads used in the threading test [0.9.7a-19] - rebuild to fix gzipped file md5sums (#91211) [0.9.7a-18] - Updated libica to version 1.3.4. [0.9.7a-17] - rebuild [0.9.7a-10.9] - free the kssl_ctx structure when we free an SSL structure (#99066) [0.9.7a-16] - rebuild [0.9.7a-15] - lower thread test count on s390x [0.9.7a-14] - rebuild [0.9.7a-13] - disable assembly on arches where it seems to conflict with threading [0.9.7a-12] - Updated libica to latest upstream version 1.3.0 [0.9.7a-9.9] - rebuild [0.9.7a-11] - rebuild [0.9.7a-10] - ubsec: don't stomp on output data which might also be input data [0.9.7a-9] - temporarily disable optimizations on ppc64 * Mon Jun 09 2003 Nalin Dahyabhai <nalin@redhat.com> - backport fix for engine-used-for-everything from 0.9.7b - backport fix for prng not being seeded causing problems, also from 0.9.7b - add a check at build-time to ensure that RSA is thread-safe - keep perlpath from stomping on the libica configure scripts * Fri Jun 06 2003 Nalin Dahyabhai <nalin@redhat.com> - thread-safety fix for RSA blinding [0.9.7a-8] - rebuilt [0.9.7a-7] - Added libica-1.2 to openssl (featurerequest). [0.9.7a-6] - fix building with incorrect flags on ppc64 [0.9.7a-5] - add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's attack (CAN-2003-0131) [ 0.9.7a-4] - add patch to enable RSA blinding by default, closing a timing attack (CAN-2003-0147) [0.9.7a-3] - disable use of BN assembly module on x86_64, but continue to allow inline assembly (#83403) [0.9.7a-2] - disable EC algorithms [0.9.7a-1] - update to 0.9.7a [0.9.7-8] - add fix to guard against attempts to allocate negative amounts of memory - add patch for CAN-2003-0078, fixing a timing attack [0.9.7-7] - Add openssl-ppc64.patch [0.9.7-6] - EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(), to get the right behavior when passed uninitialized context structures (#83766) - build with -mcpu=ev5 on alpha family (#83828) * Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt [0.9.7-4] - Added IBM hw crypto support patch. * Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> - add missing builddep on sed [0.9.7-3] - debloat - fix broken manpage symlinks [0.9.7-2] - fix double-free in 'openssl ca' [0.9.7-1] - update to 0.9.7 final [0.9.7-0] - update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) * Wed Dec 11 2002 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) [0.9.6b-30] - add configuration stanza for x86_64 and use it on x86_64 - build for linux-ppc on ppc - start running the self-tests again [0.9.6b-29hammer.3] - Merge fixes from previous hammer packages, including general x86-64 and multilib [0.9.6b-29] - rebuild [0.9.6b-28] - update asn patch to fix accidental reversal of a logic check [0.9.6b-27] - update asn patch to reduce chance that compiler optimization will remove one of the added tests [0.9.6b-26] - rebuild [0.9.6b-25] - add patch to fix ASN.1 vulnerabilities [0.9.6b-24] - add backport of Ben Laurie's patches for OpenSSL 0.9.6d [0.9.6b-23] - own {_datadir}/ssl/misc * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Sun May 26 2002 Tim Powers <timp@redhat.com> - automated rebuild [0.9.6b-20] - free ride through the build system (whee!) [0.9.6b-19] - rebuild in new environment [0.9.6b-17, 0.9.6b-18] - merge RHL-specific bits into stronghold package, rename [stronghold-0.9.6c-2] - add support for Chrysalis Luna token * Tue Mar 26 2002 Gary Benson <gbenson@redhat.com> - disable AEP random number generation, other AEP fixes [0.9.6b-15] - only build subpackages on primary arches [0.9.6b-13] - on ia32, only disable use of assembler on i386 - enable assembly on ia64 [0.9.6b-11] - fix sparcv9 entry [stronghold-0.9.6c-1] - upgrade to 0.9.6c - bump BuildArch to i686 and enable assembler on all platforms - synchronise with shrimpy and rawhide - bump soversion to 3 * Wed Oct 10 2001 Florian La Roche <Florian.LaRoche@redhat.de> - delete BN_LLONG for s390x, patch from Oliver Paukstadt [0.9.6b-9] - update AEP driver patch * Mon Sep 10 2001 Nalin Dahyabhai <nalin@redhat.com> - adjust RNG disabling patch to match version of patch from Broadcom [0.9.6b-8] - disable the RNG in the ubsec engine driver [0.9.6b-7] - tweaks to the ubsec engine driver [0.9.6b-6] - tweaks to the ubsec engine driver [0.9.6b-5] - update ubsec engine driver from Broadcom [0.9.6b-4] - move man pages back to %{_mandir}/man?/foo.?ssl from %{_mandir}/man?ssl/foo.? - add an [ engine ] section to the default configuration file * Thu Aug 09 2001 Nalin Dahyabhai <nalin@redhat.com> - add a patch for selecting a default engine in SSL_library_init() [0.9.6b-3] - add patches for AEP hardware support - add patch to keep trying when we fail to load a cert from a file and there are more in the file - add missing prototype for ENGINE_ubsec() in engine_int.h [0.9.6b-2] - actually add hw_ubsec to the engine list * Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com> - add in the hw_ubsec driver from CVS [0.9.6b-1] - update to 0.9.6b * Thu Jul 05 2001 Nalin Dahyabhai <nalin@redhat.com> - move .so symlinks back to %{_libdir} * Tue Jul 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move shared libraries to /lib (#38410) * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com> - switch to engine code base * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com> - add a script for creating dummy certificates - move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.? * Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de> - add s390x support * Fri Jun 01 2001 Nalin Dahyabhai <nalin@redhat.com> - change two memcpy() calls to memmove() - don't define L_ENDIAN on alpha [stronghold-0.9.6a-1] - Add 'stronghold-' prefix to package names. - Obsolete standard openssl packages. * Wed May 16 2001 Joe Orton <jorton@redhat.com> - Add BuildArch: i586 as per Nalin's advice. * Tue May 15 2001 Joe Orton <jorton@redhat.com> - Enable assembler on ix86 (using new .tar.bz2 which does include the asm directories). * Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com> - make subpackages depend on the main package * Tue May 01 2001 Nalin Dahyabhai <nalin@redhat.com> - adjust the hobble script to not disturb symlinks in include/ (fix from Joe Orton) * Fri Apr 27 2001 Nalin Dahyabhai <nalin@redhat.com> - drop the m2crypo patch we weren't using * Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com> - configure using 'shared' as well * Sun Apr 08 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6a - use the build-shared target to build shared libraries - bump the soversion to 2 because we're no longer compatible with our 0.9.5a packages or our 0.9.6 packages - drop the patch for making rsatest a no-op when rsa null support is used - put all man pages into <section>ssl instead of <section> - break the m2crypto modules into a separate package * Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com> - use BN_LLONG on s390 * Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com> - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) * Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move c_rehash to the perl subpackage, because it's a perl script now * Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0 * Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de> - change hobble-openssl for disabling MD2 again * Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com> - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> - disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) * Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - fix s390 patch * Fri Dec 08 2000 Than Ngo <than@redhat.com> - added support s390 * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> - remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage * Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com> - always build with -mcpu=ev5 on alpha * Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com> - add a symlink from cert.pem to ca-bundle.crt * Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com> - add a ca-bundle file for packages like Samba to reference for CA certificates * Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com> - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) * Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com> - add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4 * Tue Sep 26 2000 Bill Nottingham <notting@redhat.com> - fix some issues in building when it's not installed * Wed Sep 06 2000 Nalin Dahyabhai <nalin@redhat.com> - make sure the headers we include are the ones we built with (aaaaarrgh!) * Fri Sep 01 2000 Nalin Dahyabhai <nalin@redhat.com> - add Richard Henderson's patch for BN on ia64 - clean up the changelog * Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com> - fix the building of python modules without openssl-devel already installed * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com> - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) by marking them as .PRECIOUS * Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com> - break out python extensions into a subpackage * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more * Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com> - disable MD2 support * Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com> - disable MDC2 support * Sun Jul 02 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the disabling of RC5, IDEA support - tweak the makefile * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> - strip binaries and libraries - rework certificate makefile to have the right parts for Apache * Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com> - use %{_perl} instead of /usr/bin/perl - disable alpha until it passes its own test suite * Fri Jun 09 2000 Nalin Dahyabhai <nalin@redhat.com> - move the passwd.1 man page out of the passwd package's way * Fri Jun 02 2000 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - move certificate makefile to another package - disable RC5, IDEA, RSA support - remove optimizations for now * Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package * Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs * Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ * Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - Fix build on non-x86 platforms * Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package * Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS openssl-1.0.1-beta2-rpmbuild.patch openssl-0.9.8a-no-rpath.patch MODERATE Copyright 2015 Oracle, Inc. CVE-2015-0286 CVE-2015-0292 CVE-2015-0209 CVE-2015-0289 CVE-2015-0293 CVE-2015-0287 CVE-2015-0288 cpe:/a:oracle:linux:6::addons Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68.1.3] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584} - KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529} - mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9584 CVE-2014-3215 CVE-2014-8171 CVE-2014-9529 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.249.4] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584} - selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215} - Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9584 CVE-2014-3215 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.4] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930553] {CVE-2014-9584} - selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215} - Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-3215 CVE-2014-9584 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68.2.2] - crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077385] {CVE-2015-3331} [3.8.13-68.2.1] - xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807438] {CVE-2015-2150} - xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20860817] - Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks (Srivatsa S. Bhat) [Orabug: 20917697] - net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - net/core/flow.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - mm, vmstat: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - trace, ring-buffer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - hwmon, via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - hwmon, coretemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - octeon, watchdog: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - oprofile, nmi-timer: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - intel-idle: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - acpi-cpufreq: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - scsi, fcoe: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - scsi, bnx2i: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - arm64, debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - arm64, hw_breakpoint.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, kvm: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, pci, amd-bus: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, hpet: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, amd, ibs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, mce: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, intel, uncore: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, cpuid: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - x86, msr: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - powerpc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - sparc, sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - s390, smp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - s390, cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - arm, hw-breakpoint: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - ia64, err-inject: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - ia64, topology: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - ia64, palinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - CPU hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) [Orabug: 20917697] - CPU hotplug: Provide lockless versions of callback registration functions (Srivatsa S. Bhat) [Orabug: 20917697] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930551] {CVE-2014-9584} - KEYS: close race between key lookup and freeing (Sasha Levin) [Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529} - mm: memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - fs: buffer: move allocation failure loop into the allocator (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - mm: memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - x86: finish user fault error path with fatal signal (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - arch: mm: pass userspace fault flag to generic fault handler (Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171} - selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215} - IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20799875] {CVE-2014-8159} {CVE-2014-8159} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-2150 CVE-2015-3331 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.250.2] - crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331} [2.6.39-400.250.1] - xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150} - xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114] - Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415] - x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759] - sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759] - isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584} - selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215} - Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215} - IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159} - xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150} - net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-2150 CVE-2015-3331 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 [1.6.1-1.0.1] - Update source to 1.6.1 from https://github.com/docker/docker/releases/tag/v1.6.1 Symlink traversal on container respawn allows local privilege escalation (CVE-2015-3629) Insecure opening of file-descriptor 1 leading to privilege escalation (CVE-2015-3627) Read/write proc paths allow host modification & information disclosure (CVE-2015-3630) Volume mounts allow LSM profile escalation (CVE-2015-3631) AppArmor policy improvements IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-3630 CVE-2015-3627 CVE-2015-3629 cpe:/a:oracle:linux:6::addons cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68.3.2] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226729] {CVE-2014-9585} - isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225975] {CVE-2014-9420} - x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225937] {CVE-2014-9419} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9585 CVE-2014-9420 CVE-2014-9419 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.250.5] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226730] {CVE-2014-9585} - isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225976] {CVE-2014-9420} - x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225938] {CVE-2014-9419} [2.6.39-400.250.4] - IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 20637991] [2.6.39-400.250.3] - af_unix: dont send SCM_CREDENTIALS by default (Eric Dumazet) [Orabug: 20604916] - scm: Capture the full credentials of the scm sender (Tim Chen) [Orabug: 20604916] - af_unix: limit recursion level (Eric Dumazet) [Orabug: 20604916] - af_unix: Allow credentials to work across user and pid namespaces. (Eric W. Biederman) [Orabug: 20604916] - scm: Capture the full credentials of the scm sender. (Eric W. Biederman) [Orabug: 20604916] - BUG_ON(lockres->l_level != DLM_LOCK_EX && !checkpointed) tripped in ocfs2_ci_checkpointed (Tariq Saeed) [Orabug: 20189959] - sched: Prevent divide by zero when cpu power calculation is 0 (Todd Vierling) [Orabug: 17936435] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9585 CVE-2014-9420 CVE-2014-9419 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.5] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226731] {CVE-2014-9585} - isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225977] {CVE-2014-9420} - x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225939] {CVE-2014-9419} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-9419 CVE-2014-9585 CVE-2014-9420 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68.3.3] - x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308309] {CVE-2015-2830} - x86, mm/ASLR: Fix stack randomization on 64-bit systems (Hector Marco-Gisbert) [Orabug: 21307919] {CVE-2015-1593} {CVE-2015-1593} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1593 CVE-2015-2830 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.250.6] - x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308308] {CVE-2015-2830} - x86, mm/ASLR: Fix stack randomization on 64-bit systems (Hector Marco-Gisbert) [Orabug: 21307918] {CVE-2015-1593} {CVE-2015-1593} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1593 CVE-2015-2830 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.6] - x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308307] {CVE-2015-2830} - x86, mm/ASLR: Fix stack randomization on 64-bit systems (Hector Marco-Gisbert) [Orabug: 21307917] {CVE-2015-1593} {CVE-2015-1593} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1593 CVE-2015-2830 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68.3.4] - ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444790] {CVE-2015-2922} - ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444687] {CVE-2015-3636} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-2922 CVE-2015-3636 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.250.7] - ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444791] {CVE-2015-2922} - ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444688] {CVE-2015-3636} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-2922 CVE-2015-3636 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.7] - ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444792] {CVE-2015-2922} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-2922 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:6:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-68.3.5] - KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502739] {CVE-2015-0239} {CVE-2015-0239} - fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502254] {CVE-2015-3339} - eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502065] {CVE-2014-9683} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-3339 CVE-2015-0239 CVE-2014-9683 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.250.9] - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (Andy Lutomirski) [Orabug: 21514969] - x86, tls, ldt: Stop checking lm in LDT_empty (Andy Lutomirski) [Orabug: 21514969] [2.6.39-400.250.8] - KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502740] {CVE-2015-0239} {CVE-2015-0239} - x86/tls: Validate TLS entries to protect espfix (Andy Lutomirski) [Orabug: 20223777] {CVE-2014-8133} - fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502255] {CVE-2015-3339} - eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502066] {CVE-2014-9683} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-0239 CVE-2014-9683 CVE-2015-3339 CVE-2014-8133 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.9uek] - x86, tls: Interpret an all-zero struct user_desc as 'no segment' (Andy Lutomirski) [Orabug: 21518750] - x86, tls, ldt: Stop checking lm in LDT_empty (Andy Lutomirski) [Orabug: 21518750] [2.6.32-400.37.8uek] - KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502741] {CVE-2015-0239} {CVE-2015-0239} - x86/tls: Validate TLS entries to protect espfix (Andy Lutomirski) [Orabug: 20223778] {CVE-2014-8133} - fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502256] {CVE-2015-3339} - eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502067] {CVE-2014-9683} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-0239 CVE-2014-9683 CVE-2015-3339 CVE-2014-8133 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-98] - KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502729] {CVE-2015-0239} {CVE-2015-0239} - fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502159] {CVE-2015-3339} [3.8.13-97] - add ql2400, ql2500 firmware versions to prerequisites (Dan Duval) [Orabug: 21474929] - correct QLogic firmware dependencies in the spec file (Dan Duval) [Orabug: 21474929] [3.8.13-96] - xen-blkfront: don't add indirect page to list when !feature_persistent (Bob Liu) [Orabug: 21459266] [3.8.13-95] - add firmware dependencies to spec files (Dan Duval) [Orabug: 21417522] [3.8.13-94] - ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444784] {CVE-2015-2922} - ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444685] {CVE-2015-3636} [3.8.13-93] - config: sync up config files to make build clean (Guangyu Sun) [Orabug: 21425838] - acpi: fix typo in drivers/acpi/osl.c (Guangyu Sun) [Orabug: 21418329] [3.8.13-92] - Revert 'i40e: Add support for getlink, setlink ndo ops' (Brian Maly) [Orabug: 21314906] - x86: Do not try to sync identity map for non-mapped pages (Dave Hansen) [Orabug: 21326516] [3.8.13-91] - rds: re-entry of rds_ib_xmit/rds_iw_xmit (Wengang Wang) [Orabug: 21324074] - drm/mgag200: Reject non-character-cell-aligned mode widths (Adam Jackson) [Orabug: 20868823] - drm/mgag200: fix typo causing bw limits to be ignored on some chips (Dave Airlie) [Orabug: 20868823] - drm/mgag200: remove unused driver_private access (David Herrmann) [Orabug: 20868823] - drm/mgag200: Invalidate page tables when pinning a BO (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Fix LUT programming for 16bpp (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Fix framebuffer pitch calculation (Takashi Iwai) [Orabug: 20868823] - drm/mgag200: Add sysfs support for connectors (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Add an crtc_disable callback to the crtc helper funcs (Egbert Eich) [Orabug: 20868823] - drm/mgag200: Fix logic in mgag200_bo_pin() (v2) (Egbert Eich) [Orabug: 20868823] - drm/mgag200: inline reservations (Maarten Lankhorst) [Orabug: 20868823] - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (Maarten Lankhorst) [Orabug: 20868823] - drm/mgag200: Added resolution and bandwidth limits for various G200e products. (Julia Lemire) [Orabug: 20868823] - drm/mgag200: Reject modes that are too big for VRAM (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Don't do full cleanup if mgag200_device_init fails (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Hardware cursor support (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Add missing write to index before accessing data register (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Fix framebuffer base address programming (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Convert counter delays to jiffies (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Fix writes into MGA1064_PIX_CLK_CTL register (Christopher Harvey) [Orabug: 20868823] - drm/mgag200: Don't change unrelated registers during modeset (Christopher Harvey) [Orabug: 20868823] - Revert 'lpfc: Fix for lun discovery issue with 8Gig adapter.' (Guru Anbalagane) [Orabug: 21304962] [3.8.13-90] - x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308309] {CVE-2015-2830} - Update patched for lpfc from 10.6.61.0 to 10.6.61.1 for UEK R3 U6 release. (Dick Kennedy) - lpfc: Change buffer pool empty message to miscellaneous category (Dick Kennedy) - lpfc: Fix incorrect log message reported for empty FCF record. (Dick Kennedy) - lpfc: Fix rport leak. (Dick Kennedy) - lpfc: Correct loss of RSCNs during array takeaway/giveback testing. (Dick Kennedy) - lpfc: Fix crash in vport_delete. (Dick Kennedy) - lpfc: Fix to remove IRQF_SHARED flag for MSI/MSI-X vectors. (Dick Kennedy) - lpfc: Fix discovery issue when changing from Pt2Pt to Fabric. (Dick Kennedy) - lpfc: Correct reporting of vport state on fdisc command failure. (Dick Kennedy) - lpfc: Add support for RDP ELS command. (Dick Kennedy) - lpfc: Fix ABORTs WQ selection in terminate_rport_io (Dick Kennedy) - lpfc: Correct reference counting of rport (Dick Kennedy) - lpfc: Add support for ELS LCB. (Dick Kennedy) - lpfc: Correct loss of target discovery after cable swap. (Dick Kennedy) - dtrace: sigaltstack is no longer a stub syscall (Kris Van Hees) [Orabug: 21304183] - hpsa: add in new offline mode (Don Brace) [Orabug: 21289871] - hpsa: add in new controllers (Don Brace) [Orabug: 21289871] - hpsa: hpsa decode sense data for io and tmf (Don Brace) [Orabug: 21289871] - hpsa: enable bus mastering during init (Don Brace) [Orabug: 21289871] - hpsa: enhance kdump (Don Brace) [Orabug: 21289871] - hpsa: enhance error checking. (Don Brace) [Orabug: 21289871] - hpsa: enhance driver output (Don Brace) [Orabug: 21289871] - hpsa: update pci device table (Don Brace) [Orabug: 21289871] - vmw_pvscsi: Fix pvscsi_abort() function. (Arvind Kumar) [Orabug: 21266080] - qla2xxx: Update driver version to 8.07.00.18.39.0-k. (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Restore physical port WWPN only, when port down detected for FA-WWPN port. (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Fix virtual port configuration, when switch port is disabled/enabled. (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Prevent multiple firmware dump collection for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Disable Interrupt handshake for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add debugging info for MBX timeout. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add serdes read/write support for ISP27XX (Andrew Vasquez) [Orabug: 21241070] - qla2xxx: Add udev notification to save fw dump for ISP27XX (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add message for sucessful FW dump collected for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] - qla2xxx: Add support to load firmware from file for ISP 26XX/27XX. (Sawan Chandak) [Orabug: 21241070] - qla2xxx: Fix beacon blink for ISP27XX. (Nigel Kirkland) [Orabug: 21241070] - qla2xxx: Increase the wait time for firmware to be ready for P3P. (Chad Dupuis) [Orabug: 21241070] - qla2xxx: Fix printks in ql_log message (Yannick Guerrini) [Orabug: 21241070] - qla2xxx: Fix printk in qla25xx_setup_mode (Yannick Guerrini) [Orabug: 21241070] - bnx2i: update to 2.11.2.0 (Vaughan Cao) [Orabug: 21241055] - bnx2fc: update to 2.9.3 (Vaughan Cao) [Orabug: 21241055] - bnx2x: update to 1.712.33 (Vaughan Cao) [Orabug: 21241055] - cnic: update to 2.5.20h (Vaughan Cao) [Orabug: 21241055] - bnx2: update to 2.2.5o (Vaughan Cao) [Orabug: 21241055] - md: use SRCU to improve performance (Mikulas Patocka) [Orabug: 18231164] - kvm: raise KVM_SOFT_MAX_VCPUS to support more vcpus (Dan Duval) [Orabug: 21144488] - vsock: Make transport the proto owner (Andy King) [Orabug: 21266075] - VSOCK: Move af_vsock.h and vsock_addr.h to include/net (Asias He) [Orabug: 21266075] [3.8.13-89] - drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (Bob Liu) - xen/block: add multi-page ring support (Bob Liu) - driver: xen-blkfront: move talk_to_blkback to a more suitable place (Bob Liu) - drivers: xen-blkback: delay pending_req allocation to connect_ring (Bob Liu) - xen/grant: introduce func gnttab_unmap_refs_sync() (Bob Liu) - xen/blkback: safely unmap purge persistent grants (Bob Liu) - xenbus_client: Extend interface to support multi-page ring (Wei Liu) - be2net: update the driver version to 10.6.0.2 (Sathya Perla) [Orabug: 21275400] - be2net: update copyright year to 2015 (Vasundhara Volam) [Orabug: 21275400] - be2net: use be_virtfn() instead of !be_physfn() (Kalesh AP) [Orabug: 21275400] - be2net: simplify UFI compatibility checking (Vasundhara Volam) [Orabug: 21275400] - be2net: post full RXQ on interface enable (Suresh Reddy) [Orabug: 21275400] - be2net: check for INSUFFICIENT_VLANS error (Kalesh AP) [Orabug: 21275400] - be2net: receive pkts with L3, L4 errors on VFs (Somnath Kotur) [Orabug: 21275400] - be2net: log link status (Ivan Vecera) [Orabug: 21275400] - be2net: Fix a bug in Rx buffer posting (Ajit Khaparde) [Orabug: 21275400] - be2net: bump up the driver version to 10.6.0.1 (Sathya Perla) [Orabug: 21275400] - be2net: use PCI MMIO read instead of config read for errors (Suresh Reddy) [Orabug: 21275400] - be2net: restrict MODIFY_EQ_DELAY cmd to a max of 8 EQs (Suresh Reddy) [Orabug: 21275400] - be2net: Prevent VFs from enabling VLAN promiscuous mode (Vasundhara Volam) [Orabug: 21275400] - ethernet: codespell comment spelling fixes (Joe Perches) [Orabug: 21275400] - be2net: avoid creating the non-RSS default RXQ if FW allows to (Vasundhara Volam) [Orabug: 21275400] - be2net: use a wrapper to schedule and cancel error detection task (Sathya Perla) [Orabug: 21275400] - be2net: shorten AMAP_GET/SET_BITS() macro calls (Sathya Perla) [Orabug: 21275400] - be2net: MODULE_DEVICE_TABLE: fix some callsites (Andrew Morton) [Orabug: 21275400] - be2net: avoid unncessary swapping of fields in eth_tx_wrb (Sathya Perla) [Orabug: 21275400] - be2net: process port misconfig async event (Vasundhara Volam) [Orabug: 21275400] - be2net: refactor be_set_rx_mode() and be_vid_config() for readability (Sathya Perla) [Orabug: 21275400] - be2net: remove duplicate code in be_cmd_rx_filter() (Sathya Perla) [Orabug: 21275400] - be2net: use offset based FW flashing for Skyhawk chip (Vasundhara Volam) [Orabug: 21275400] - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (Vasundhara Volam) [Orabug: 21275400] - be2net: refactor code that checks flash file compatibility (Vasundhara Volam) [Orabug: 21275400] - be2net: replace (1 << x) with BIT(x) (Vasundhara Volam) [Orabug: 21275400] - be2net: move un-exported routines from be.h to respective src files (Sathya Perla) [Orabug: 21275400] - bridge: add flags argument to ndo_bridge_setlink and ndo_bridge_dellink (Roopa Prabhu) [Orabug: 21275400] - be2net: move definitions related to FW cmdsfrom be_hw.h to be_cmds.h (Vasundhara Volam) [Orabug: 21275400] - be2net: issue function reset cmd in resume path (Kalesh AP) [Orabug: 21275400] - be2net: add a log message for POST timeout in Lancer (Kalesh AP) [Orabug: 21275400] - be2net: fix failure case in setting flow control (Kalesh AP) [Orabug: 21275400] - be2net: move interface create code to a separate routine (Kalesh AP) [Orabug: 21275400] - VMCI: Guard against overflow in queue pair allocation (Jorgen Hansen) [Orabug: 21266077] - VMCI: Check userland-provided datagram size (Andy King) [Orabug: 21266077] - VMCI: Fix two UVA mapping bugs (Jorgen Hansen) [Orabug: 21266077] - VMCI: integer overflow in vmci_datagram_dispatch() (Dan Carpenter) [Orabug: 21266077] - VMCI: fix error handling path when registering guest driver (Dmitry Torokhov) [Orabug: 21266077] - VMCI: Add support for virtual IOMMU (Andy King) [Orabug: 21266077] - VMCI: Remove non-blocking/pinned queuepair support (Andy King) [Orabug: 21266077] [3.8.13-88] - Oracle Linux Kernel Module Signing Key (Alexey Petrenko) [Orabug: 21249387] - extrakeys.pub is not needed for the build (Alexey Petrenko) [Orabug: 21249387] - Fix kabi break due to find_special_page was introduced (Bob Liu) [Orabug: 21250018] - xen/gntdev: provide find_special_page VMA operation (David Vrabel) [Orabug: 21250018] - xen/gntdev: mark userspace PTEs as special on x86 PV guests (David Vrabel) [Orabug: 21250018] - xen-blkback: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] - xen/gntdev: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] - xen/gntdev: convert priv->lock to a mutex (David Vrabel) [Orabug: 21250018] - xen/grant-table: add a mechanism to safely unmap pages that are in use (Jennifer Herbert) [Orabug: 21250018] - xen-netback: use foreign page information from the pages themselves (Jennifer Herbert) [Orabug: 21250018] - xen: mark grant mapped pages as foreign (Jennifer Herbert) [Orabug: 21250018] - xen/grant-table: add helpers for allocating pages (David Vrabel) [Orabug: 21250018] - x86/xen: require ballooned pages for grant maps (Jennifer Herbert) [Orabug: 21250018] - xen: remove scratch frames for ballooned pages and m2p override (David Vrabel) [Orabug: 21250018] - xen/grant-table: pre-populate kernel unmap ops for xen_gnttab_unmap_refs() (David Vrabel) [Orabug: 21250018] - mm: add 'foreign' alias for the 'pinned' page flag (Jennifer Herbert) [Orabug: 21250018] - mm: provide a find_special_page vma operation (David Vrabel) [Orabug: 21250018] - NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (Tariq Saeed) [Orabug: 20933419] - swiotlb: don't assume PA 0 is invalid (Jan Beulich) [Orabug: 21249144] [3.8.13-87] - qla4xxx: Update driver version to v5.04.00.07.06.02-uek3 (Nilesh Javali) [Orabug: 21241091] - qla4xxx: check the return value of dma_alloc_coherent() (Maurizio Lombardi) [Orabug: 21241091] - scsi: qla4xxx: ql4_mbx.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] - scsi: qla4xxx: ql4_os.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] - qla4xxx: fix get_host_stats error propagation (Mike Christie) [Orabug: 21241091] - scsi_ibft: Fix finding Broadcom specific ibft sign (Vikas Chaudhary) [Orabug: 21241091] - dtrace: convert from sdt_instr_t to asm_instr_t (Kris Van Hees) [Orabug: 21267945] - dtrace: percpu: move from __get_cpu_var() to this_cpu_ptr() (Kris Van Hees) [Orabug: 21265599] - dtrace: do not vmalloc/vfree from probe context (Kris Van Hees) [Orabug: 21267934] - dtrace: restructuring for multi-arch support (Kris Van Hees) [Orabug: 21267922] - kallsyms: fix /proc/kallmodsyms to not be misled by const variables (Nick Alcock) [Orabug: 21257170] - storvsc: force discovery of LUNs that may have been removed. (K. Y. Srinivasan) [Orabug: 20768211] - storvsc: in responce to a scan event, scan the host (K. Y. Srinivasan) [Orabug: 20768211] - builds: configs: Enable mgs driver for OL7 (Santosh Shilimkar) [Orabug: 20505584] - aacraid: driver version change (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: AIF raw device remove support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: performance improvement changes (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: IOCTL fix (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: IOP RESET command handling changes (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: 240 simple volume support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: vpd page code 0x83 support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: MSI-x support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: 4KB sector support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: IOCTL pass-through command fix (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: AIF support for SES device add/remove (Mahesh Rajashekhara) [Orabug: 21208741] - scsi: use 64-bit LUNs (Hannes Reinecke) [Orabug: 21208741] - remove deprecated IRQF_DISABLED from SCSI (Michael Opdenacker) [Orabug: 21208741] - aacraid: kdump fix (Mahesh Rajashekhara) [Orabug: 21208741] - drivers: avoid parsing names as kthread_run() format strings (Kees Cook) [Orabug: 21208741] - aacraid: Fix for arrays are going offline in the system. System hangs (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: Dual firmware image support (Mahesh Rajashekhara) [Orabug: 21208741] - aacraid: suppress two GCC warnings (Paul Bolle) [Orabug: 21208741] - aacraid: 1024 max outstanding command support for Series 7 and above (Mahesh Rajashekhara) [Orabug: 21208741] [3.8.13-86] - kallsyms: fix /proc/kallmodsyms to not be misled by external symbols (Nick Alcock) [Orabug: 21245508] - wait: change waitfd() to use wait4(), not waitid(); reduce invasiveness (Nick Alcock) [Orabug: 21245391] - ixgbevf: upgrade to version 2.16.1 (Brian Maly) [Orabug: 21104474] - ipv6: don't call addrconf_dst_alloc again when enable lo (Gao feng) [Orabug: 21088702] - efi/xen: Pass missing argument to EFI runtime Xen hypercall (Daniel Kiper) [Orabug: 21247143] [3.8.13-85] - fanotify: fix notification of groups with inode & mount marks (Jan Kara) [Orabug: 21168905] - NVMe: Fix VPD B0 max sectors translation (Keith Busch) [Orabug: 21117187] - NVMe: Add translation for block limits (Keith Busch) [Orabug: 21117187] - nvme: Fix PRP list calculation for non-4k system page size (Murali Iyer) [Orabug: 21117187] - NVMe: Fix potential corruption on sync commands (Keith Busch) [Orabug: 21117187] - NVMe: Fix potential corruption during shutdown (Keith Busch) [Orabug: 21117187] - NVMe: Initialize device list head before starting (Keith Busch) [Orabug: 21117187] - NVMe: Asynchronous controller probe (Keith Busch) [Orabug: 21117187] - NVMe: Register management handle under nvme class (Keith Busch) [Orabug: 21117187] - NVMe: Update SCSI Inquiry VPD 83h translation (Keith Busch) [Orabug: 21117187] - NVMe: Update data structures for NVMe 1.2 (Matthew Wilcox) [Orabug: 21117187] - NVMe: Update namespace and controller identify structures to the 1.1a spec (Dimitri John Ledkov) [Orabug: 21117187] - NVMe: Update module version (Keith Busch) [Orabug: 21117187] - fnic: Override the limitation on number of scsi timeouts (Narsimhulu Musini) [Orabug: 21084835] - fnic: IOMMU Fault occurs when IO and abort IO is out of order (Anil Chintalapati (achintal)) [Orabug: 21084835] - Fnic: Fnic Driver crashed with NULL pointer reference (Hiral Shah) [Orabug: 21084835] - Fnic: For Standalone C series, 'sending VLAN request' message seen even if the link is down (Hiral Shah) [Orabug: 21084835] - Fnic: Improper resue of exchange Ids (Hiral Shah) [Orabug: 21084835] - Fnic: Memcopy only mimumum of data or trace buffer (Hiral Shah) [Orabug: 21084835] - Fnic: Not probing all the vNICS via fnic_probe on boot (Hiral Shah) [Orabug: 21084835] - fnic: assign FIP_ALL_FCF_MACS to fcoe_all_fcfs (Hiral Shah) [Orabug: 21084835] - uek-rpm: ol6: update build environment to 6.6 (Guangyu Sun) [3.8.13-84] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226722] {CVE-2014-9585} [3.8.13-83] - snic: fix format string overflow (Brian Maly) [Orabug: 21091759] - scsi: add snic driver to makefile (Brian Maly) [Orabug: 21091759] - snic: enable snic in kernel configs (Brian Maly) [Orabug: 21091759] - snic: minor checkpatch fixes (Narsimhulu Musini) [Orabug: 21091759] - snic: Add Makefile, patch Kconfig, MAINTAINERS (Narsimhulu Musini) [Orabug: 21091759] - snic: Add event tracing to capture IO events. (Narsimhulu Musini) [Orabug: 21091759] - snic: Add sysfs entries to list stats and trace data (Narsimhulu Musini) [Orabug: 21091759] - snic: Add low level queuing interfaces (Narsimhulu Musini) [Orabug: 21091759] - snic: add SCSI handling, AEN, and fwreset handling (Narsimhulu Musini) [Orabug: 21091759] - snic: Add snic target discovery (Narsimhulu Musini) [Orabug: 21091759] - snic: Add meta request, handling of meta requests. (Narsimhulu Musini) [Orabug: 21091759] - snic: Add interrupt, resource firmware interfaces (Narsimhulu Musini) [Orabug: 21091759] - snic: snic module infrastructure (Narsimhulu Musini) [Orabug: 21091759] - xen/mmu: Move the setting of pvops.write_cr3 to later phase in bootup. (Konrad Rzeszutek Wilk) [Orabug: 21197204] - x86-64, xen, mmu: Provide an early version of write_cr3. (Konrad Rzeszutek Wilk) [Orabug: 21197204] - uek-rpm: build: Use SHA512 instead of SHA256 for module signing (Natalya Naumova) [Orabug: 20687425] - config: ol6: make CONFIG_SERIAL_8250_NR_UARTS 64 (Guangyu Sun) [Orabug: 21141039] - config: enable CONFIG_INTEL_TXT (Guangyu Sun) [Orabug: 21176777] - export host-only net/core and net/ipv4 parameters to a container as read-only (Thomas Tanaka) [Orabug: 21151210] - Revert 'i40e: Add FW check to disable DCB and wrap autoneg workaround with FW check' (Brian Maly) [Orabug: 21103806] - xen-netfront: print correct number of queues (David Vrabel) [Orabug: 21150627] - xen-netfront: release per-queue Tx and Rx resource when disconnecting (David Vrabel) [Orabug: 21150627] - xen-netfront: fix locking in connect error path (David Vrabel) [Orabug: 21150627] - xen-netfront: call netif_carrier_off() only once when disconnecting (David Vrabel) [Orabug: 21150627] - xen-netfront: don't nest queue locks in xennet_connect() (David Vrabel) [Orabug: 21150627] - xen-net{back, front}: Document multi-queue feature in netif.h (Andrew J. Bennieston) [Orabug: 21150627] - xen-netfront: recreate queues correctly when reconnecting (David Vrabel) [Orabug: 21150627] - xen-netfront: fix oops when disconnected from backend (David Vrabel) [Orabug: 21150627] - xen-netfront: initialise queue name in xennet_init_queue (Wei Liu) [Orabug: 21150627] - xen-netfront: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] - xen-netfront: Factor queue-specific data into queue struct. (Andrew J. Bennieston) [Orabug: 21150627] - xen-netback: bookkeep number of active queues in our own module (Wei Liu) [Orabug: 21150627] - net: xen-netback: include linux/vmalloc.h again (Arnd Bergmann) [Orabug: 21150627] - xen-netback: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] - xen-netback: Factor queue-specific data into queue struct (Wei Liu) [Orabug: 21150627] - xen-netback: Move grant_copy_op array back into struct xenvif. (Andrew J. Bennieston) [Orabug: 21150627] - ixgbe: Look up MAC address in Open Firmware or IDPROM (Martin K Petersen) [Orabug: 20983421] - ixgbe: update to ver 4.0.3 (Ethan Zhao) [Orabug: 20983421] [3.8.13-82] - config: enable some secure boot features for ol7 (Guangyu Sun) [Orabug: 18961720] - efi: Disable secure boot if shim is in insecure mode (Josh Boyer) [Orabug: 18961720] - hibernate: Disable in a signed modules environment (Josh Boyer) [Orabug: 18961720] - efi: Add EFI_SECURE_BOOT bit (Josh Boyer) [Orabug: 18961720] - Add option to automatically set securelevel when in Secure Boot mode (Matthew Garrett) [Orabug: 18961720] - asus-wmi: Restrict debugfs interface when securelevel is set (Matthew Garrett) [Orabug: 18961720] - x86: Restrict MSR access when securelevel is set (Matthew Garrett) [Orabug: 18961720] - uswsusp: Disable when securelevel is set (Matthew Garrett) [Orabug: 18961720] - kexec: Disable at runtime if securelevel has been set. (Matthew Garrett) [Orabug: 18961720] - acpi: Ignore acpi_rsdp kernel parameter when securelevel is set (Matthew Garrett) [Orabug: 18961720] - acpi: Limit access to custom_method if securelevel is set (Matthew Garrett) [Orabug: 18961720] - Restrict /dev/mem and /dev/kmem when securelevel is set. (Matthew Garrett) [Orabug: 18961720] - x86: Lock down IO port access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] - PCI: Lock down BAR access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] - Enforce module signatures when securelevel is greater than 0 (Matthew Garrett) [Orabug: 18961720] - Add BSD-style securelevel support (Matthew Garrett) [Orabug: 18961720] - MODSIGN: Support not importing certs from db (Josh Boyer) [Orabug: 18961720] - MODSIGN: Import certificates from UEFI Secure Boot (Josh Boyer) [Orabug: 18961720] - MODSIGN: Add module certificate blacklist keyring (Josh Boyer) [Orabug: 18961720] - Add an EFI signature blob parser and key loader. (Dave Howells) [Orabug: 18961720] - Add EFI signature data types (Dave Howells) [Orabug: 18961720] - efi: fix error handling in add_sysfs_runtime_map_entry() (Dan Carpenter) [Orabug: 18961720] - PEFILE: Relax the check on the length of the PKCS#7 cert (David Howells) [Orabug: 18961720] - kexec: purgatory: add clean-up for purgatory directory (Michael Welling) [Orabug: 18961720] - x86/purgatory: use approprate -m64/-32 build flag for arch/x86/purgatory (Vivek Goyal) [Orabug: 18961720] - kexec: remove CONFIG_KEXEC dependency on crypto (Vivek Goyal) [Orabug: 18961720] - kexec: create a new config option CONFIG_KEXEC_FILE for new syscall (Vivek Goyal) [Orabug: 18961720] - resource: fix the case of null pointer access (Vivek Goyal) [Orabug: 18961720] - kexec: verify the signature of signed PE bzImage (Vivek Goyal) [Orabug: 18961720] - kexec: support kexec/kdump on EFI systems (Vivek Goyal) [Orabug: 18961720] - kexec: support for kexec on panic using new system call (Vivek Goyal) [Orabug: 18961720] - kexec-bzImage64: support for loading bzImage using 64bit entry (Vivek Goyal) [Orabug: 18961720] - kexec: load and relocate purgatory at kernel load time (Vivek Goyal) [Orabug: 18961720] - purgatory: core purgatory functionality (Vivek Goyal) [Orabug: 18961720] - purgatory/sha256: provide implementation of sha256 in purgaotory context (Vivek Goyal) [Orabug: 18961720] - kexec: implementation of new syscall kexec_file_load (Vivek Goyal) [Orabug: 18961720] - kexec: new syscall kexec_file_load() declaration (Vivek Goyal) [Orabug: 18961720] - kexec: make kexec_segment user buffer pointer a union (Vivek Goyal) [Orabug: 18961720] - resource: provide new functions to walk through resources (Vivek Goyal) [Orabug: 18961720] - kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc() (Vivek Goyal) [Orabug: 18961720] - kexec: move segment verification code in a separate function (Vivek Goyal) [Orabug: 18961720] - kexec: rename unusebale_pages to unusable_pages (Vivek Goyal) [Orabug: 18961720] - kernel: build bin2c based on config option CONFIG_BUILD_BIN2C (Vivek Goyal) [Orabug: 18961720] - bin2c: move bin2c in scripts/basic (Vivek Goyal) [Orabug: 18961720] - kexec: remove unnecessary return (Xishi Qiu) [Orabug: 18961720] - keys: remove duplicated loads of ksplice certificate (Guangyu Sun) [Orabug: 21034277] - X.509: Support parse long form of length octets in Authority Key Identifier (Chun-Yi Lee) [Orabug: 18961720] - KEYS: Pre-clear struct key on allocation (David Howells) [Orabug: 18961720] - KEYS: Fix searching of nested keyrings (David Howells) [Orabug: 18961720] - KEYS: Fix multiple key add into associative array (David Howells) [Orabug: 18961720] - KEYS: Fix the keyring hash function (David Howells) [Orabug: 18961720] - PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs (David Howells) [Orabug: 18961720] - PKCS#7: Provide a single place to do signed info block freeing (David Howells) [Orabug: 18961720] - PKCS#7: Add a missing static (David Howells) [Orabug: 18961720] - X.509: Need to export x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] - PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 (David Howells) [Orabug: 18961720] - PKCS#7: Use x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] - X.509: x509_request_asymmetric_keys() doesn't need string length arguments (David Howells) [Orabug: 18961720] - PKCS#7: fix sparse non static symbol warning (Wei Yongjun) [Orabug: 18961720] - PKCS#7: Missing inclusion of linux/err.h (David Howells) [Orabug: 18961720] - ima: define '.ima' as a builtin 'trusted' keyring (Mimi Zohar) [Orabug: 18961720] - KEYS: validate certificate trust only with builtin keys (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: validate certificate trust only with selected key (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: verify a certificate is signed by a 'trusted' key (Mimi Zohar) [Orabug: 18961720] - KEYS: make partial key id matching as a dedicated function (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: Reinstate EPERM for a key type name beginning with a '.' (David Howells) [Orabug: 18961720] - KEYS: special dot prefixed keyring name bug fix (Mimi Zohar) [Orabug: 18961720] - pefile: Validate PKCS#7 trust chain (David Howells) [Orabug: 18961720] - pefile: Digest the PE binary and compare to the PKCS#7 data (David Howells) [Orabug: 18961720] - pefile: Handle pesign using the wrong OID (Vivek Goyal) [Orabug: 18961720] - pefile: Parse the 'Microsoft individual code signing' data blob (David Howells) [Orabug: 18961720] - pefile: Parse the presumed PKCS#7 content of the certificate blob (David Howells) [Orabug: 18961720] - pefile: Strip the wrapper off of the cert data block (David Howells) [Orabug: 18961720] - pefile: Parse a PE binary to find a key and a signature contained therein (David Howells) [Orabug: 18961720] - Provide PE binary definitions (David Howells) [Orabug: 18961720] - KEYS: X.509: Fix a spelling mistake (David Howells) [Orabug: 18961720] - PKCS#7: Provide a key type for testing PKCS#7 (David Howells) [Orabug: 18961720] - PKCS#7: Find intersection between PKCS#7 message and known, trusted keys (David Howells) [Orabug: 18961720] - PKCS#7: Verify internal certificate chain (David Howells) [Orabug: 18961720] - PKCS#7: Find the right key in the PKCS#7 key list and verify the signature (David Howells) [Orabug: 18961720] - PKCS#7: Digest the data in a signed-data message (David Howells) [Orabug: 18961720] - PKCS#7: Implement a parser [RFC 2315] (David Howells) [Orabug: 18961720] - X.509: Export certificate parse and free functions (David Howells) [Orabug: 18961720] - X.509: Add bits needed for PKCS#7 (David Howells) [Orabug: 18961720] - x86/efi: Support initrd loaded above 4G (Yinghai Lu) [Orabug: 18961720] - x86, boot: Do not include boot.h in string.c (Vivek Goyal) [Orabug: 18961720] - x86, boot: Move memcmp() into string.h and string.c (Vivek Goyal) [Orabug: 18961720] - x86, boot: Create a separate string.h file to provide standard string functions (Vivek Goyal) [Orabug: 18961720] - kexec: add sysctl to disable kexec_load (Kees Cook) [Orabug: 18961720] - x86: Add xloadflags bit for EFI runtime support on kexec (Dave Young) [Orabug: 18961720] - x86/efi: Pass necessary EFI data for kexec via setup_data (Dave Young) [Orabug: 18961720] - efi: Export EFI runtime memory mapping to sysfs (Dave Young) [Orabug: 18961720] - efi: Export more EFI table variables to sysfs (Dave Young) [Orabug: 18961720] - x86/efi: Cleanup efi_enter_virtual_mode() function (Dave Young) [Orabug: 18961720] - x86/efi: Fix off-by-one bug in EFI Boot Services reservation (Dave Young) [Orabug: 18961720] - x86/efi: Add a wrapper function efi_map_region_fixed() (Dave Young) [Orabug: 18961720] - keys: change asymmetric keys to use common hash definitions (Dmitry Kasatkin) [Orabug: 18961720] - crypto: provide single place for hash algo information (Dmitry Kasatkin) [Orabug: 18961720] - KEYS: fix error return code in big_key_instantiate() (Wei Yongjun) [Orabug: 18961720] - KEYS: Fix keyring quota misaccounting on key replacement and unlink (David Howells) [Orabug: 18961720] - KEYS: Fix a race between negating a key and reading the error set (David Howells) [Orabug: 18961720] - KEYS: Make BIG_KEYS boolean (Josh Boyer) [Orabug: 18961720] - X.509: remove possible code fragility: enumeration values not handled (Antonio Alecrim Jr) [Orabug: 18961720] - X.509: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720] - MPILIB: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8989 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [1.0.7-2.0.7] - [Orabug 21533491] CVE-2015-1334: Don't use the container's /proc during attach [1.0.7-2.0.6] - [Orabug 21526922] CVE-2015-1331: LXCLOCK: USE /RUN/LXC/LOCK RATHER THAN /RUN/LOCK/LXC IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1331 CVE-2015-1334 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-98.1.1] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563041] {CVE-2015-5697} LOW Copyright 2015 Oracle, Inc. CVE-2015-5697 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.250.10] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563042] {CVE-2015-5697} - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey Vagin) [Orabug: 21562780] {CVE-2014-9715} MODERATE Copyright 2015 Oracle, Inc. CVE-2014-9715 CVE-2015-5697 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.10] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563043] {CVE-2015-5697} - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey Vagin) [Orabug: 21562781] {CVE-2014-9715} MODERATE Copyright 2015 Oracle, Inc. CVE-2014-9715 CVE-2015-5697 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-98.1.2] - udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628850] {CVE-2015-5364} {CVE-2015-5366} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5366 CVE-2015-5364 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.250.11] - udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628851] {CVE-2015-5364} {CVE-2015-5366} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5364 CVE-2015-5366 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.11uek] - udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628852] {CVE-2015-5364} {CVE-2015-5366} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5366 CVE-2015-5364 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-98.2.2] - sctp: fix ASCONF list handling (Marcelo Ricardo Leitner) [Orabug: 21842668] {CVE-2015-3212} - KEYS: ensure we free the assoc array edit if edit is valid (Colin Ian King) [Orabug: 21842655] {CVE-2015-1333} IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-3212 CVE-2015-1333 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [1.8.3-1.0.1] - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Add documentation files to binary RPM [1.8.3] - Fix layer IDs lead to local graph poisoning (CVE-2014-8178) - Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179) - Add --disable-legacy-registry to prevent a daemon from using a v1 registry IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-8178 CVE-2014-8179 cpe:/a:oracle:linux:6::addons cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 [1.0.7-2.0.12] - [Orabug 22011867] ol6 ct shutdown script remounts /dev/pts/* devices as ro on host system. [1.0.7-2.0.11] - [Orabug 21842483] failed to create directory '/RUN/LXC/LOCK//CONTAINER/OL7.1/SNAPS' - CVE-2015-1335: Protect container mounts against symlinks. - Fixed build failure on OL6. IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-1335 cpe:/a:oracle:linux:7:2:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:1:patch Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-98.5.2] - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145600] {CVE-2015-5156} [3.8.13-98.5.1] - netdev: fix NETIF_F_GSO_UDP_TUNNEL_BIT enum shift in i40e driver import (Todd Vierling) [Orabug: 22066176] MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5156 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.264.5] - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145599] {CVE-2015-5156} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5156 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.12uek] - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145596] {CVE-2015-5156} MODERATE Copyright 2015 Oracle, Inc. CVE-2015-5156 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118] - Update ql2400/ql2500 firmware version to 8.02.00 (Dan Duval) [Orabug: 22159505] - update qla2400/ql2500 firmware version to 8.02.00 (Dan Duval) [Orabug: 22159505] [3.8.13-117] - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145600] {CVE-2015-5156} - team: check return value of team_get_port_by_index_rcu() for NULL (Jiri Pirko) [Orabug: 21944235] - team: check return value of team_get_port_by_index_rcu() for NULL (Jiri Pirko) [Orabug: 21944235] [3.8.13-116] - team: check return value of team_get_port_by_index_rcu() for NULL (Jiri Pirko) [Orabug: 21944235] [3.8.13-115] - Disable VLAN 0 tagging for none VLAN traffic (Joe Jin) [Orabug: 20832922] - x86/efi: Make efi virtual runtime map passing more robust (Borislav Petkov) [Orabug: 22020990] - IB/rds_rdma: unloading of ofed stack causes page fault panic (Rama Nichanamatlu) [Orabug: 22039748] - xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing) (Cathy Avery) [Orabug: 21924428] [3.8.13-114] - rds: revert commit 4348013 (Rama Nichanamatlu) [Orabug: 22039425] - qlcnic: Fix mailbox completion handling in spurious interrupt (Rajesh Borundia) - xen-netfront: set max_queue default to 8 (Joe Jin) [Orabug: 21981690] - xen-netfront: update num_queues to real created (Joe Jin) [Orabug: 21981690] - lpfc: Update version to 11.0.0.1 for patch set (James Smart) [Orabug: 21860804] - lpfc: Fix default RA_TOV and ED_TOV in the FC/FCoE driver for all topologies (James Smart) [Orabug: 21860804] - lpfc: The linux driver does not reinitiate discovery after a failed FLOGI (James Smart) [Orabug: 21860804] - lpfc: Fix for discovery failure in PT2PT when FLOGIs ELS ACC response gets aborted (James Smart) [Orabug: 21860804] - lpfc: Add support for Lancer G6 and 32G FC links (James Smart) [Orabug: 21860804] - fix: lpfc_send_rscn_event sends bigger buffer size (James Smart) [Orabug: 21860804] - lpfc: Fix possible use-after-free and double free (James Smart) [Orabug: 21860804] - lpfc: remove set but not used variables (James Smart) [Orabug: 21860804] - lpfc: Make the function lpfc_sli4_mbox_completions_pending static (James Smart) [Orabug: 21860804] - Fix kmalloc overflow in LPFC driver at large core count (James Smart) [Orabug: 21860804] - lpfc: Destroy lpfc_hba_index IDR on module exit (James Smart) [Orabug: 21860804] - lpfc: in sli3 use configured sg_seg_cnt for sg_tablesize (James Smart) [Orabug: 21860804] - lpfc: Remove unnessary cast (James Smart) [Orabug: 21860804] - lpfc: fix model description (James Smart) [Orabug: 21860804] - lpfc: Fix to drop PLOGIs from fabric node till LOGO proce ssing completes (James Smart) [Orabug: 21860804] - lpfc: Fix scsi task management error message. (James Smart) [Orabug: 21860804] - lpfc: Fix cq_id masking problem. (James Smart) [Orabug: 21860804] - lpfc: Fix scsi prep dma buf error. (James Smart) [Orabug: 21860804] - lpfc: Add support for using block multi-queue (James Smart) [Orabug: 21860804] - lpfc: Devices are not discovered during takeaway/giveback testing. (James Smart) [Orabug: 21860804] - lpfc: Fix vport deletion failure. (James Smart) [Orabug: 21860804] - lpfc: Check for active portpeerbeacon. (James Smart) [Orabug: 21860804] - RDS: fix race condition when sending a message on unbound socket. (Quentin Casasnovas) [Orabug: 21882586] {CVE-2015-6937} - RDS: make send_batch_count tunable effective (Santosh Shilimkar) [Orabug: 21882586] - RDS: make use of kfree_rcu() and avoid the call_rcu() chain (Santosh Shilimkar) [Orabug: 21882586] - RDS: verify the underlying transport exists before creating a connection (Sasha Levin) [Orabug: 21882586] - RDS: Disable broken APM feature code (Santosh Shilimkar) [Orabug: 22045256] - RDS: return EMSGSIZE for oversize requests before processing/queueing (Mukesh Kacker) [Orabug: 21882586] - RDS: Make active bonding parameters names consistent (Santosh Shilimkar) [Orabug: 21882586] - IB/mlx4: Use vmalloc for WR buffers when needed (Wengang Wang) [Orabug: 21835374] - mm: move kvfree to mm/util (Wengang Wang) [Orabug: 21835374] - x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map (Malcolm Crossley) - netdev: fix NETIF_F_GSO_UDP_TUNNEL_BIT enum shift in i40e driver import (Todd Vierling) [Orabug: 21958024] [3.8.13-113] - mlx4_core: Release counters while releasing slave resources (Wengang Wang) [Orabug: 21116780] - IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 21684386] - Revert 'IB/ipoib: Disable TSO in connected mode' (Yuval Shaia) [Orabug: 21968983] - Revert 'IB/ipoib: Disable TSO in connected mode' (Yuval Shaia) [Orabug: 21968983] [3.8.13-112] - i40e/i40evf: Bump i40e to 1.3.21 and i40evf to 1.3.13 (Catherine Sullivan) [Orabug: 21539654] - i40e/i40evf: add get AQ result command to nvmupdate utility (Shannon Nelson) [Orabug: 21539654] - i40e/i40evf: add exec_aq command to nvmupdate utility (Shannon Nelson) [Orabug: 21539654] - i40e/i40evf: add wait states to NVM state machine (Shannon Nelson) [Orabug: 21539654] - i40e/i40evf: add GetStatus command for nvmupdate (Shannon Nelson) [Orabug: 21539654] - i40e/i40evf: add handling of writeback descriptor (Shannon Nelson) [Orabug: 21539654] - i40e/i40evf: save aq writeback for future inspection (Shannon Nelson) [Orabug: 21539654] - i40e: rename variable to prevent clash of understanding (Shannon Nelson) [Orabug: 21539654] - i40e: Set defport behavior for the Main VSI when in promiscuous mode (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Bump i40e to 1.3.9 and i40evf to 1.3.5 (Catherine Sullivan) [Orabug: 21539654] - i40e/i40evf: Cache the CEE TLV status returned from firmware (Neerav Parikh) [Orabug: 21539654] - i40e/i40evf: add VIRTCHNL_VF_OFFLOAD flag (Anjali Singhai Jain) [Orabug: 21539654] - i40e: Remove redundant and unneeded messages (Greg Rose) [Orabug: 21539654] - i40evf: Remove PF specific register definitions from the VF (Anjali Singhai Jain) [Orabug: 21539654] - i40evf: Use the correct defines to match the VF registers (Anjali Singhai Jain) [Orabug: 21539654] - i40e: Fix comment for ethtool diagnostic link test (Greg Rose) [Orabug: 21539654] - i40e/i40evf: Add capability to gather VEB per TC stats (Neerav Parikh) [Orabug: 21539654] - i40e: Fix ethtool offline diagnostic with netqueues (Greg Rose) [Orabug: 21539654] - i40e: Fix legacy interrupt mode in the driver (Anjali Singhai Jain) [Orabug: 21539654] - i40e: Move function calls to i40e_shutdown instead of i40e_suspend (Catherine Sullivan) [Orabug: 21539654] - i40e: add RX to port CRC errors label (Shannon Nelson) [Orabug: 21539654] - i40e: dont degrade __le16 (Mitch Williams) [Orabug: 21539654] - i40e: Add AQ commands for NVM Update for X722 (Shannon Nelson) [Orabug: 21539654] - i40e/i40evf: Add ATR HW eviction support for X722 (Anjali Singhai Jain) [Orabug: 21539654] - i40e: Add IWARP support for X722 (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Add TX/RX outer UDP checksum support for X722 (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Add support for writeback on ITR feature for X722 (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Update register.h file for X722 (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Update FW API with X722 support (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Add flags for X722 capabilities (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Add device ids for X722 (Anjali Singhai Jain) [Orabug: 21539654] - i40e: use BIT and BIT_ULL macros (Jesse Brandeburg) [Orabug: 21539654] - i40e: clean up error status messages (Shannon Nelson) [Orabug: 21539654] - i40e: clean up error status messages (Shannon Nelson) [Orabug: 21539654] - i40e: provide correct API version to older VF drivers (Mitch Williams) [Orabug: 21539654] - i40evf: support virtual channel API version 1.1 (Mitch Williams) [Orabug: 21539654] - i40evf: handle big resets (Mitch Williams) [Orabug: 21539654] - i40e: support virtual channel API 1.1 (Mitch Williams) [Orabug: 21539654] - i40e/i40evf: add macros for virtual channel API version and device capability (Mitch Williams) [Orabug: 21539654] - i40e: add VF capabilities to virtual channel interface (Mitch Williams) [Orabug: 21539654] - i40e: clean up unneeded gotos (Shannon Nelson) [Orabug: 21539654] - i40e/i40evf: Fix and refactor dynamic ITR code (Carolyn Wyborny) [Orabug: 21539654] - i40e: only report generic filters in get_ts_info (Jacob Keller) [Orabug: 21539654] - i40e/i40evf: Bump version to 1.3.6 for i40e and 1.3.2 for i40evf (Catherine Sullivan) [Orabug: 21539654] - i40e: Refine an error message to avoid confusion (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Add support for pre-allocated pages for PD (Faisal Latif) [Orabug: 21539654] - i40evf: add MAC address filter in open, not init (Mitch Williams) [Orabug: 21539654] - i40evf: dont delete all the filters (Mitch Williams) [Orabug: 21539654] - i40e: un-disable VF after reset (Mitch Williams) [Orabug: 21539654] - i40e: do a proper reset when disabling a VF (Mitch Williams) [Orabug: 21539654] - i40e: correctly program filters for VFs (Mitch Williams) [Orabug: 21539654] - i40e/i40evf: Update the admin queue command header (Greg Rose) [Orabug: 21539654] - i40e: ignore duplicate port VLAN requests (Mitch Williams) [Orabug: 21539654] - i40evf: Allow for an abundance of vectors (Mitch Williams) [Orabug: 21539654] - i40e/i40evf: Update Flex-10 related device/function capabilities (Pawel Orlowski) [Orabug: 21539654] - i40e/i40evf: Add stats to track FD ATR and SB dynamic enable state (Anjali Singhai Jain) [Orabug: 21539654] - i40evf: dont configure unused RSS queues (Mitch Williams) [Orabug: 21539654] - i40evf: fix panic during MTU change (Mitch Williams) [Orabug: 21539654] - i40e: Bump version to 1.3.4 (Catherine Sullivan) [Orabug: 21539654] - i40e/i40evf: remove time_stamp member (Jesse Brandeburg) [Orabug: 21539654] - i40e/i40evf: force inline transmit functions (Jesse Brandeburg) [Orabug: 21539654] - i40e: Move the FD ATR/SB messages to a higher debug level (Anjali Singhai Jain) [Orabug: 21539654] - i40e: fix unrecognized FCOE EOF case (Vasu Dev) [Orabug: 21539654] - i40e: Remove unnecessary pf members (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Add stats to count Tunnel ATR hits (Anjali Singhai Jain) [Orabug: 21539654] - i40e/i40evf: Add ATR support for tunneled TCP/IPv4/IPv6 packets. (Anjali Singhai Jain) [Orabug: 21539654] - i40e: Disable offline diagnostics if VFs are enabled (Greg Rose) [Orabug: 21539654] - i40e: Collect PFC XOFF RX stats even in single TC case (Neerav Parikh) [Orabug: 21539654] - i40e/i40evf: Fix mixed size frags and linearization (Anjali Singhai Jain) [Orabug: 21539654] [3.8.13-111] - qla2xxx: Update driver version to 8.07.00.26.39.0-k. (Sawan Chandak) [Orabug: 21946579] - qla2xxx: Add pci device id 0x2261. (Sawan Chandak) [Orabug: 21946579] - qla2xxx: Fix missing device login retries. (Arun Easi) [Orabug: 21946579] - qla2xxx: do not clear slot in outstanding cmd array (Himanshu Madhani) [Orabug: 21946579] - qla2xxx: Remove decrement of sp reference count in abort handler. (Chad Dupuis) [Orabug: 21946579] - qla2xxx: Add support to show MPI and PEP FW version for ISP27xx. (Sawan Chandak) [Orabug: 21946579] - qla2xxx: Do not reset ISP for error entry with an out of range handle. (Chad Dupuis) [Orabug: 21946579] - qla2xxx: Do not reset adapter if SRB handle is in range. (Chad Dupuis) [Orabug: 21946579] - qla2xxx: Do not crash system for sp ref count zero (Hiral Patel) [Orabug: 21946579] - qla2xxx: Pause risc before manipulating risc semaphore. (Joe Carnuccio) [Orabug: 21946579] - qla2xxx: Use ssdid to gate semaphore manipulation. (Joe Carnuccio) [Orabug: 21946579] - qla2xxx: Handle AEN8014 incoming port logout. (Joe Carnuccio) [Orabug: 21946579] - qla2xxx: Add serdes register read/write support for ISP25xx. (Joe Carnuccio) [Orabug: 21946579] - qla2xxx: Remove dead code (Bart Van Assche) [Orabug: 21946579] - qla2xxx: Remove a superfluous test (Bart Van Assche) [Orabug: 21946579] - qla2xxx: Avoid that sparse complains about duplicate [noderef] attributes (Bart Van Assche) [Orabug: 21946579] - qla2xxx: Remove __constant_ prefix (Bart Van Assche) [Orabug: 21946579] - qla2xxx: Replace two macros with an inline function (Bart Van Assche) [Orabug: 21946579] - qla2xxx: Remove set-but-not-used variables (Bart Van Assche) [Orabug: 21946579] - qla2xxx: Declare local functions static (Bart Van Assche) [Orabug: 21946579] - bnx2i: rebase 2.11.2.0 (Brian Maly) [Orabug: 21955132] - bnx2fc: update to 2.9.6 (Brian Maly) [Orabug: 21955132] - bnx2x: update to 1.713.01 (Brian Maly) [Orabug: 21955132] - bnx2: update to 2.2.5p (Brian Maly) [Orabug: 21955132] [3.8.13-110] - xen-netfront: respect user provided max_queues (Wei Liu) [Orabug: 21976319] - net/xen-netfront: only napi_synchronize() if running (Chas Williams) [Orabug: 21976319] - net/xen-netfront: only clean up queues if present (Chas Williams) [Orabug: 21976319] - xen-netfront: Remove the meaningless code (Li, Liang Z) [Orabug: 21976319] - net/xen-netfront: Correct printf format in xennet_get_responses (Julien Grall) [Orabug: 21976319] - xen-netfront: properly destroy queues when removing device (David Vrabel) [Orabug: 21976319] - xen-netfront: Use setup_timer (Vaishali Thakkar) [Orabug: 21976319] - xen-netfront: transmit fully GSO-sized packets (Jonathan Davies) [Orabug: 21976319] - xen-netfront: Use static attribute groups for sysfs entries (Takashi Iwai) [Orabug: 21976319] - xen-netfront: use different locks for Rx and Tx stats (David Vrabel) [Orabug: 21976319] - xen-netfront: refactor making Tx requests (David Vrabel) [Orabug: 21976319] - xen-netfront: refactor skb slot counting (David Vrabel) [Orabug: 21976319] - drivers: net: xen-netfront: remove residual dead code (Vincenzo Maffione) [Orabug: 21976319] - xen-netfront: use napi_complete() correctly to prevent Rx stalling (David Vrabel) [Orabug: 21976319] - xen-netfront: always keep the Rx ring full of requests (David Vrabel) [Orabug: 21976319] - xen-netback: respect user provided max_queues (Wei Liu) [Orabug: 21976319] - xen-netback: require fewer guest Rx slots when not using GSO (David Vrabel) [Orabug: 21976319] - xen/netback: Wake dealloc thread after completing zerocopy work (Ross Lagerwall) [Orabug: 21976319] - xen-netback: Allocate fraglist early to avoid complex rollback (Ross Lagerwall) [Orabug: 21976319] - net/xen-netback: off by one in BUG_ON() condition (Dan Carpenter) [Orabug: 21976319] - xen-netback: remove duplicated function definition (Li, Liang Z) [Orabug: 21976319] - xen-netback: fix a BUG() during initialization (Palik, Imre) [Orabug: 21976319] - net/xen-netback: Dont mix hexa and decimal with 0x in the printf format (Julien Grall) [Orabug: 21976319] - net/xen-netback: Remove unused code in xenvif_rx_action (Julien Grall) [Orabug: 21976319] - xen: netback: read hotplug script once at start of day. (Ian Campbell) [Orabug: 21976319] - xen: netback: fix printf format string warning (Ian Campbell) [Orabug: 21976319] - xen/netback: Properly initialize credit_bytes (Ross Lagerwall) [Orabug: 21976319] - net:xen-netback - Change 1 to true for bool type variable. (Shailendra Verma) [Orabug: 21976319] - xen-netback: notify immediately after pushing Tx response. (David Vrabel) [Orabug: 21976319] - xen-netback: making the bandwidth limiter runtime settable (Palik, Imre) [Orabug: 21976319] - xen-netback: refactor xenvif_handle_frag_list() (David Vrabel) [Orabug: 21976319] - xen-netback: return correct ethtool stats (David Vrabel) [Orabug: 21976319] - xen-netback: release pending index before pushing Tx responses (David Vrabel) [Orabug: 21976319] - xen-netback: fix sparse warning (Lad, Prabhakar) [Orabug: 21976319] - xen-netback: always fully coalesce guest Rx packets (David Vrabel) [Orabug: 21976319] - xen-netback: stop the guest rx thread after a fatal error (David Vrabel) [Orabug: 21976319] - xen-netback: fixing the propagation of the transmit shaper timeout (Palik, Imre) [Orabug: 21976319] - xen-netback: support frontends without feature-rx-notify again (David Vrabel) [Orabug: 21976319] - netback: dont store invalid vif pointer (Jan Beulich) [Orabug: 21976319] - xen-netback: do not report success if backend_create_xenvif() fails (Alexey Khoroshilov) [Orabug: 21976319] - xen-netback: remove unconditional __pskb_pull_tail() in guest Tx path (Malcolm Crossley) [Orabug: 21976319] - xen-netback: reintroduce guest Rx stall detection (David Vrabel) [Orabug: 21976319] - xen-netback: fix unlimited guest Rx internal queue and carrier flapping (David Vrabel) [Orabug: 21976319] - xen-netback: make feature-rx-notify mandatory (David Vrabel) [Orabug: 21976319] - xen-netback: Remove __GFP_COLD (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Disable NAPI after disabling interrupts (Zoltan Kiss) [Orabug: 21976319] - xen-netback: move netif_napi_add before binding interrupt (Wei Liu) [Orabug: 21976319] - xen-netback: remove loop waiting function (Wei Liu) [Orabug: 21976319] - xen-netback: dont stop dealloc kthread too early (Wei Liu) [Orabug: 21976319] - xen-netback: move NAPI add/remove calls (Wei Liu) [Orabug: 21976319] - xen-netback: fix debugfs entry creation (Wei Liu) [Orabug: 21976319] - xen-netback: fix debugfs write length check (Wei Liu) [Orabug: 21976319] - xen-netback: Dont deschedule NAPI when carrier off (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Fix vif->disable handling (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Turn off the carrier if the guest is not able to receive (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Using a new state bit instead of carrier (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Fix pointer incrementation to avoid incorrect logging (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Fix releasing header slot on error path (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Fix releasing frag_list skbs in error path (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Fix handling frag_list on grant op error path (Zoltan Kiss) [Orabug: 21976319] - xen-netback: Adding debugfs 'io_ring_qX' files (Zoltan Kiss) [Orabug: 21976319] [3.8.13-109] - mm: check if section present during memory block registering (Yinghai Lu) [Orabug: 20382859] - be2net: post buffers before destroying RXQs in Lancer (Kalesh AP) - be2net: enable IFACE filters only after creating RXQs (Kalesh AP) - be2net: bump up the driver version to 10.6.0.3 (Sathya Perla) - be2net: make SET_LOOPBACK_MODE cmd asynchrounous (Suresh Reddy) - be2net: return error status from be_mcc_notify() (Suresh Reddy) - ipoib/ib: fix merge of Orabug 19468224 fix from uek2 into uek3 resulting in ipoib not functioning. (Rama Nichanamatlu) [Orabug: 21897912] - mlx4: indicate memory resource exhaustion (Ajaykumar Hotchandani) [Orabug: 21549766] - be2iscsi: Bump the driver version (Jitendra Bhivare) [Orabug: 21903294] - be2iscsi: Fix updating the next pointer during WRB posting (Jitendra Bhivare) [Orabug: 21903294] - be2iscsi: add obsolete warning messages (Jitendra Bhivare) [Orabug: 21903294] - be2iscsi: ownership change (Jitendra Bhivare) [Orabug: 21903294] - be2iscsi: update MAINTAINERS list (Jitendra Bhivare) [Orabug: 21903294] - be2iscsi : Logout of FW Boot Session (Jitendra Bhivare) [Orabug: 21903294] - be2iscsi : Fix memory check before unmapping. (Jitendra Bhivare) [Orabug: 21903294] [3.8.13-108] - prevent spurious PMU NMIs on Haswell systems (Dan Duval) [Orabug: 21616327] - sched/x86: Fix up typo in topology detection (Dave Hansen) [Orabug: 21662502] - mlx4_ib: Memory leak on Dom0 with SRIOV. (Venkat Venkatsubra) [Orabug: 21675212] - mlx4_core: On CQ access violation print syndrome and vendor_error_syndrome (Venkat Venkatsubra) [Orabug: 21675224] - IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 21684386] - xen/blkfront: remove redundant flush_op (Vitaly Kuznetsov) [Orabug: 21833822] - xen/blkfront: improve protection against issuing unsupported REQ_FUA (Vitaly Kuznetsov) [Orabug: 21833822] [3.8.13-107] - sctp: fix ASCONF list handling (Marcelo Ricardo Leitner) [Orabug: 21842665] {CVE-2015-3212} - KEYS: ensure we free the assoc array edit if edit is valid (Colin Ian King) [Orabug: 21842653] {CVE-2015-1333} [3.8.13-106] - NVMe: Setup max hardware sector count to 512KB (Santosh Shilimkar) [Orabug: 21818575] - Btrfs: optimize the error handling of use_block_rsv() (Ashish Samant) [Orabug: 21539248] - xen-blkfront: introduce blkfront_gather_backend_features() (Bob Liu) [Orabug: 21825900] - iw/rds: fixed big endianness conversion issue for dp->dp_ack_seq (Qing Huang) [Orabug: 21825863] - bonding: change error message to debug message in bond_release (Wengang Wang) [Orabug: 21825838] [3.8.13-105] - rds: make sure base connection is up on both sides (Ajaykumar Hotchandani) [Orabug: 21439115] - IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 21439115] - ib/rds: fixed big endianness conversion issue for dp->dp_ack_seq (Qing Huang) [Orabug: 21439115] - ib/rds: fixed crashes caused by incoming requests with wrong destination (Qing Huang) [Orabug: 21439115] - RDS: Handle RDMA_CM_EVENT_TIMEWAIT_EXIT (Venkat Venkatsubra) [Orabug: 21439115] - RDS/IP: RDS takes 10 seconds to plumb the second IP back (Mukesh Kacker) [Orabug: 21439115] - RDS/IB: Tune failover-on-reboot scheduling (Mukesh Kacker) [Orabug: 21439115] - RDS: mark netdev UP for intfs added post module load (Mukesh Kacker) [Orabug: 21439115] - rds: fix list corruption and tx hang when netfilter is used (shamir rabinovitch) [Orabug: 21439115] - RDS: move more queing for loopback connections to separate queue (Mukesh Kacker) [Orabug: 21439115] - IPoIB/pkey: delete_child should only delete create_child devices (Mukesh Kacker) [Orabug: 21439115] - IB/ipoib: order:1 failure in ipoib_cm_alloc_rx_skb causes softlockup (Rama Nichanamatlu) [Orabug: 21439115] - rds: fix NULL pointer dereference panic during rds module unload (Rama Nichanamatlu) [Orabug: 21439115] - RDS:active bonding: disable failover across HCAs(failover groups) (Mukesh Kacker) [Orabug: 21439115] - RDS/IB: active bonding - failover down interfaces on reboot. (Guangyu Sun) [Orabug: 21439115] - RFE: remove pkey coupling to device name (Mukesh Kacker) [Orabug: 21439115] - RDS/IB: Remove dangling rcu_read_unlock() and other cleanups (Mukesh Kacker) [Orabug: 21439115] - rds: new extension header: rdma bytes (Shamir Rabinovitch) [Orabug: 21439115] - RDS: Ensure non-zero SL uses correct path before lane 0 connection is dropped (Ajaykumar Hotchandani) [Orabug: 21439115] - iser: handle RDMA_CM_EVENT_TIMEWAIT_EXIT in iser code (Shamir Rabinovitch) [Orabug: 21439115] - RDS: active bonding - failover/failback only to matching pkey (Mukesh Kacker) [Orabug: 21439115] - RDS: active bonding - ports may not failback if all ports go down (Mukesh Kacker) [Orabug: 21439115] - RDS: Use rds_local_wq for loopback connections in rds_conn_connect_if_down() (Chien-Hua Yen) [Orabug: 21439115] - RDS: add workqueue for local loopback connections (Chien-Hua Yen) [Orabug: 21439115] - APM/cma: Kernel panic during IB port failover test (Chien-Hua Yen) [Orabug: 21439115] - RDS: SA query optimization (Bang Nguyen) [Orabug: 21439115] - RDS: Remove cond_resched() in RX tasklet (Bang Nguyen) [Orabug: 21439115] - RDS: Replace queue_work() by cond_resched() in the tasklet to breakup RX stream (Bang Nguyen) [Orabug: 21439115] - RDS: looping to reap cq recv queue in rds_conn_shutdown (Chien-Hua Yen) [Orabug: 21439115] - rds: Fix regression in dynamic active bonding configuration (Bang Nguyen) [Orabug: 21439115] - RDS: Idle QoS connections during remote peer reboot causing application brownout (Chien-Hua Yen) [Orabug: 21439115] - rds: dynamic active bonding configuration (Bang Nguyen) [Orabug: 21439115] - RDS: active bonding needs to set brcast and mask for its primary interface (Chien-Hua Yen) [Orabug: 21439115] - (REAPPLY!) rds: limit the size allocated by rds_message_alloc() (Cong Wang) [Orabug: 21439115] - xen/events: Set irq_info->evtchn before binding the channel to CPU in __startup_pirq() (Boris Ostrovsky) [Orabug: 20891536] - xen/console: Update console event channel on resume (Boris Ostrovsky) [Orabug: 20891536] - xen/xenbus: Update xenbus event channel on resume (Boris Ostrovsky) [Orabug: 20891536] - xen/events: Clear cpu_evtchn_mask before resuming (Boris Ostrovsky) [Orabug: 20891536] - x86/efi: Quirk out SGI UV (Borislav Petkov) [Orabug: 21771830] - oracleasm: Classify device connectivity issues as global errors (Martin K. Petersen) [Orabug: 21760144] - IB/ipoib: Potential false positive with peer support for ib-crc-as-csum (Yuval Shaia) [Orabug: 21684866] [3.8.13-104] - idr: fix unexpected ID-removal when idr_remove(unallocated_id) (Lai Jiangshan) [Orabug: 21684956] - idr: remove WARN_ON_ONCE() on negative IDs (Tejun Heo) [Orabug: 21684956] - ipc,shm: fix shm_file deletion races (Greg Thelen) [Orabug: 21684956] - rds_rdma: setup connection before rds_cmsg_send (Wengang Wang) [Orabug: 21683962] - mm/hugetlb: Add locking to region_{add,change,truncate,count} when using shared files with hugepages (Mike Kravetz) [Orabug: 21683388] [3.8.13-103] - xen-netback: unref frags when handling a from-guest skb with a frag list (David Vrabel) [Orabug: 21571556] [3.8.13-102] - megaraid_sas : Firmware crash dump feature support (Sumit.Saxena@avagotech.com) [Orabug: 21660728] - NVMe: Use pci_stop_and_remove_bus_device_locked() (Keith Busch) [Orabug: 21576939] - xen/pciback: Dont print scary messages when unsupported by hypervisor. (Konrad Rzeszutek Wilk) [Orabug: 21660162] - config: ol7: enable teaming driver build (Guangyu Sun) [Orabug: 21517939] - config: enable CONFIG_CHELSIO_T4VF option (Guangyu Sun) [Orabug: 21500967] - ext4: fix warning in ext4_da_update_reserve_space() (Jan Kara) [Orabug: 21621299] - ext4: remove unused variable in ext4_free_blocks() (Lukas Czerner) [Orabug: 21621299] - quota: provide interface for readding allocated space into reserved space (Jan Kara) [Orabug: 21621299] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2014-7822 CVE-2015-6937 CVE-2015-1805 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.2.1] - ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22277382] {CVE-2015-7613} - ipc: fix msg newqueue add (Guru Anbalagane) [Orabug: 22277382] {CVE-2015-7613} [3.8.13-118.1.1] - sctp: fix race on protocol/netns initialization (Marcelo Ricardo Leitner) [Orabug: 22249981] {CVE-2015-5283} - Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250045] {CVE-2015-7613} - ixgbe: reset copper phy power mode (Ethan Zhao) [Orabug: 22271769] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-7613 CVE-2015-5283 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.2.2] - KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} - KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307} - KVM: x86: Defining missing x86 vectors (Nadav Amit) [Orabug: 22333689] IMPORTANT Copyright 2015 Oracle, Inc. CVE-2015-5307 CVE-2015-8104 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.5.0-1] - Update to 38.5.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-7213 CVE-2015-7201 CVE-2015-7214 CVE-2015-7205 CVE-2015-7212 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [0.2.0-11.el6_7] - Fix memory corruption in PMAP_CALLIT code (bz 1283638) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7236 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 Oracle Linux 6 [3.19.1-8.0.1] - Added nss-vendor.patch to change vendor [3.19.1-8] - Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Resolves: Bug 1289881 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7575 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.0.1e-42.2] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7575 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.1.13-3.1] - Resolves: rhbz#1290712 - CVE-2015-5330 libldb: samba: Remote memory read in Samba LDAP server [rhel-7.2.z] - Remove the patch from the previous commit, it doesn't fix a remotely eploitable issue. Add patches from upstream #11636 instead. MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5330 CVE-2015-3223 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.0.0-67.rc4] - resolves: #1290708 - CVE-2015-7540 - related: #1290708 - CVE-2015-5299 - related: #1290708 - CVE-2015-5296 - related: #1290708 - CVE-2015-5252 - related: #1290708 - CVE-2015-5330 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5299 CVE-2015-7540 CVE-2015-5252 CVE-2015-5296 CVE-2015-3223 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0:3.6.23-24.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-24] - related: #1290706 - Update patch for CVE-2015-5330 [3.6.23-22] - resolves: #1290706 - CVE-2015-5299 - related: #1290706 - CVE-2015-5296 - related: #1290706 - CVE-2015-5252 - related: #1290706 - CVE-2015-5330 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 [3.3.8-14] - Prevent downgrade attack to RSA-MD5 in server key exchange. [3.3.8-13] - Corrected reseed and respect of max_number_of_bits_per_request in FIPS140-2 mode. Also enhanced the initial tests. (#1228199) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7575 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1:1.8.0.71-1.b15] - Add patch to turn off strict overflow on IndicRearrangementProcessor{,2}.cpp - Resolves: rhbz#1295751 [1:1.8.0.71-0.b15] - January 2016 security update to u71b15. - Improve verbosity and helpfulness of tarball generation script. - Update patch documentation using version originally written for Fedora. - Drop prelink requirement as we no longer use execstack. - Drop ifdefbugfix patch as this is fixed upstream. - Provide optional boostrap build and turn it off by default. - Add patch for size_t formatting on s390 as size_t != intptr_t there. - Resolves: rhbz#1295751 [1:1.8.0.65-4.b17] - Add flag logic back to spec file but disable for now. - Restore system-lcms.patch as used in October CPU. - Resolves: rhbz#1295751 [1:1.8.0.65-3.b17] - moved to integration forest - sync with rhel7 - Resolves: rhbz#1295751 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0483 CVE-2016-0494 CVE-2016-0466 CVE-2016-0448 CVE-2015-7575 CVE-2016-0402 CVE-2016-0475 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [1.7.0.95-2.6.4.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.95-2.6.4.0] - Remove reference to jre/lib/audio. - Resolves: rhbz#1295765 [1:1.7.0.95-2.6.4.0] - Bump to 2.6.4 and u95b00. - Backport tarball creation script from OpenJDK 8 RPMs and update fsg.sh to work with it. - Drop 8072932or8074489 patch as applied upstream in u91b01. - Drop installation of soundfont symlink following inclusion of 8140620/PR2710 in 2.6.3 - Resolves: rhbz#1295765 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0494 CVE-2015-4871 CVE-2016-0402 CVE-2016-0483 CVE-2015-7575 CVE-2016-0448 CVE-2016-0466 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 Oracle Linux 6 [4.2.6p5-5.el6_7.4] - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8138 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1.6.0.38-1.13.10.0.0.1] - Add oracle-enterprise.patch [1:1.6.0.38-1.13.10.0] - Add patch to replace -fno-strict-overflow with -fwrapv on older RHEL 5.11 GCC. - Resolves: rhbz#1295772 [1:1.6.0.38-1.13.10.0] - Update to IcedTea 1.13.10 & OpenJDK 6 b38. - Resolves: rhbz#1295772 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0402 CVE-2016-0483 CVE-2016-0448 CVE-2016-0466 CVE-2016-0494 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.6.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [38.6.0-1] - Update to 38.6.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1935 CVE-2016-1930 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [30:9.3.6-25.P1.6] - Fix CVE-2015-8704 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8704 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [0.12.1.2-2.479.el6_7.4] - kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298045] - Resolves: bz#1298045 (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-6.7.z]) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1714 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [3.2-28.0.1.2] - Add vendor, vendor URL info for Oracle Linux [orabug 17656507] (joe.jin@oracle.com) - Direct traceroute to linux.oracle.com (John Haxby) [orabug 11713272] (joe.jin@oracle.com) - Check oraclelinux-release instead of redhat-release to get OS version (John Haxby) [bug 11681869] (joe.jin@oracle.com) - Remove RH ftp URL and support email (joe.jin@oracle.com) - add sos-oracle-enterprise.patch (joe.jin@oracle.com) - Add smartmon plugin (John Haxby) [orabug 17995005] (joe.jin@oracle.com) [= 3.2-28.el6_7.2] - [sosreport] Report correct final path with --build Related: bz1290953 [= 3.2-28.el6_7.1] - [hpasm] Add timeout. Resolves: bz1291828 [= 3.2-28.el6_7] - [sosreport] Prepare report in a private subdirectory Resolves: bz1290953 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7529 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 Oracle Linux 6 [2.12-1.166.7] - Update fix for CVE-2015-7547 (#1296028). [2.12-1.166.6] - Create helper threads with enough stack for POSIX AIO and timers (#1301625). [2.12-1.166.5] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028). [2.12-1.166.4] - Support loading more libraries with static TLS (#1291270). CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-7547 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.6.1-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [38.6.1-1] - Update to 38.6.1 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1522 CVE-2016-1521 CVE-2016-1523 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.6.0-1] - Update to 38.6.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1935 CVE-2016-1930 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.0.1e-42.4] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-42.3] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0800 CVE-2016-0705 CVE-2015-3197 CVE-2016-0797 CVE-2016-0702 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [8.4.20-5] - fix for CVE-2016-0773 (rhbz#1308598) - fix tests for new libxml2 (rhbz#1303972) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0773 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [3.19.1-5] - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... [3.19.1-4] - Rebuild to ensure use of correct NSPR. [3.19.1-3] - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1950 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [0.9.8e-20.0.1.1] - Updated the description [0.9.8e-20.1] - fix CVE-2015-0293 - triggerable assert in SSLv2 server - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [0.9.8e-20] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.7.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [38.7.0-1] - Update to 38.7.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1966 CVE-2016-2790 CVE-2016-2793 CVE-2016-2797 CVE-2016-2799 CVE-2016-1958 CVE-2016-1961 CVE-2016-1962 CVE-2016-1952 CVE-2016-1957 CVE-2016-1964 CVE-2016-2794 CVE-2016-2802 CVE-2016-1960 CVE-2016-1973 CVE-2016-1974 CVE-2016-1977 CVE-2016-2791 CVE-2016-2792 CVE-2016-2798 CVE-2016-2800 CVE-2016-2801 CVE-2016-1965 CVE-2016-2796 CVE-2016-1954 CVE-2016-2795 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1.4.2-2.el6_7.1] - use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787) [1.4.2-2] - fix basic functionality of libssh2 in FIPS mode (#968575) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0787 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 Oracle Linux 7 [3.6.23-25.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-25] - resolves: #1314668 - Fix CVE-2015-7560 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7560 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.0.0-68.rc4] - resolves: #1314670 - Fix CVE-2015-7560 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7560 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [30:9.3.6-25.P1.8] - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite [30:9.3.6-25.P1.7] - Fix CVE-2016-1285 and CVE-2016-1286 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1285 CVE-2016-1286 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.7.0-1] - Update to 38.7.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1964 CVE-2016-1966 CVE-2016-1952 CVE-2016-2790 CVE-2016-2796 CVE-2016-2802 CVE-2016-2795 CVE-2016-2801 CVE-2016-1957 CVE-2016-1977 CVE-2016-2799 CVE-2016-1961 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-1954 CVE-2016-1974 CVE-2016-2800 CVE-2016-1960 CVE-2016-2794 CVE-2016-2797 CVE-2016-2798 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [5.3p1-114] - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969) [5.3p1-113] - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5600 CVE-2016-3115 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 Oracle Linux 6 [4.0.4-5] - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, CVE-2015-8560 [4.0.4-4] - Prevent foomatic-rip overrun (bug #1214534). MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8560 CVE-2010-5325 CVE-2015-8327 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0:6.0.24-94] - Resolves: rhbz#1293289 CVE-2014-7810 tomcat6 security manager bypass via EL expressions [0:6.0.24-93] - Resolves: rhbz#1301646 Resolving NIO connector memory leak MODERATE Copyright 2016 Oracle, Inc. CVE-2014-7810 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.10.3-42z1] - Fix CVE-2015-8629 and CVE-2015-8631 - Also fix a spec trigger issue that prevents building - Resolves: #1306973 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8631 CVE-2015-8629 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.6.32-573.22.1] - [mm] always decrement anon_vma degree when the vma list is empty (Jerome Marchand) [1318364 1309898] [2.6.32-573.21.1] - [fs] pipe: fix offset and len mismatch on pipe_iov_copy_to_user failure (Seth Jennings) [1310148 1302223] {CVE-2016-0774} - [fs] gfs2: Add missing else in trans_add_meta/data (Robert S Peterson) [1304332 1267995] - [fs] fs-cache: Synchronise object death state change vs operation submission (David Howells) [1308471 1096893] - [fs] fs-cache: Reduce cookie ref count if submit fails (David Howells) [1308471 1096893] - [mm] memcg: oom_notify use-after-free fix (Rafael Aquini) [1302763 1294400] - [x86] fix corruption of XMM registers when interrupt handlers use FPU (Mikulas Patocka) [1298994 1259023] - [net] tcp: honour SO_BINDTODEVICE for TW_RST case too (Florian Westphal) [1303044 1292300] - [net] add inet_sk_transparent() helper (Florian Westphal) [1303044 1292300] - [net] ipv6: tcp_ipv6 policy route issue (Florian Westphal) [1303044 1292300] - [net] ipv6: reuse rt6_need_strict (Florian Westphal) [1303044 1292300] - [net] tcp: resets are misrouted (Florian Westphal) [1303044 1292300] - [net] tcp: tcp_v4_send_reset: binding oif to iif in no sock case (Florian Westphal) [1303044 1292300] - [crypto] api: Only abort operations on fatal signal (Herbert Xu) [1296014 1272314] - [crypto] testmgr: don't use interruptible wait in tests (Herbert Xu) [1296014 1272314] - [kernel] sched: add wait_for_completion_killable_timeout (Herbert Xu) [1296014 1272314] - [net] sctp: add routing output fallback (Xin Long) [1307073 1229124] - [net] sctp: fix dst leak (Xin Long) [1307073 1229124] - [net] sctp: fix src address selection if using secondary addresses (Xin Long) [1307073 1229124] - [net] sctp: reduce indent level on sctp_v4_get_dst (Xin Long) [1307073 1229124] - [scsi] hpsa: Update driver revision to RH5 (Joseph Szczypek) [1306192 1244959] - [scsi] hpsa: fix issues with multilun devices (Joseph Szczypek) [1306192 1244959] [2.6.32-573.20.1] - [sched] kernel: sched: Fix nohz load accounting -- again (Rafael Aquini) [1300349 1167755] - [sched] kernel: sched: Move sched_avg_update to update_cpu_load (Rafael Aquini) [1300349 1167755] - [sched] kernel: sched: Cure more NO_HZ load average woes (Rafael Aquini) [1300349 1167755] - [sched] kernel: sched: Cure load average vs NO_HZ woes (Rafael Aquini) [1300349 1167755] [2.6.32-573.19.1] - [scsi] lpfc: in sli3 use configured sg_seg_cnt for sg_tablesize (Rob Evers) [1297838 1227036] MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0774 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 [1.7.1-4.1] - fix heap overflow CVE-2016-2315 CVE-2016-2324 Resolves: #1318252 [1.7.1-4] - fix CVE-2013-0308 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2324 CVE-2016-2315 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1:1.7.0.99-2.6.5.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.99-2.6.5.0] - Bump to 2.6.5 and u99b00. - Correct check for fsg.sh in tarball creation script - Resolves: rhbz#1320656 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0636 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [1:1.8.0.77-0.b03] - Remove what remains of the SunEC sources in the remove-intree-libraries script. - Resolves: rhbz#1320661 [1:1.8.0.77-0.b03] - Update to u77b03. - Drop 8146566 which is applied upstream. - Replace s390 Java options patch with general version from IcedTea. - Apply s390 patches unconditionally to avoid arch-specific patch failures. - Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le. - Remove aarch64-specific suffix as update/build version are now the same as for other archs. - Only use z format specifier on s390, not s390x. - Adjust tarball generation script to allow ecc_impl.h to be included. - Correct spelling mistakes in tarball generation script. - Synchronise minor changes from Fedora. - Use a simple backport for PR2462/8074839. - Don't backport the crc check for pack.gz. It's not tested well upstream. - Resolves: rhbz#1320661 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0636 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 nspr [4.11.0-0.1] - Rebase to NSPR 4.11 nss [3.21.0-0.3.0.1] - Added nss-vendor.patch to change vendor [3.21.0-0.3] - Ensure all ssl.sh tests are executed [3.21.0-0.2] - Ensure abi compatibility [3.21.0-0.1] - Rebase to NSS-3.21 nss-util [3.21.0-0.3] - Rebase RHEL 6.7.z to NSS-util 3.21 in preparation for Firefox 45 - Resolves: Bug 1299874 - Update upstream patch for CVE-2016-1950 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1979 CVE-2016-1978 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [3.6.23-30.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-30] - related: #1322686 - Update manpages [3.6.23-29] - related: #1322686 - Update CVE patchset [3.6.23-28] - related: #1322686 - Update manpages [3.6.23-27] - related: #1322686 - Update CVE patchset [3.6.23-26] - resolves: #1322686 - Fix CVE-2015-5370 - resolves: #1322686 - Fix CVE-2016-2110 - resolves: #1322686 - Fix CVE-2016-2111 - resolves: #1322686 - Fix CVE-2016-2112 - resolves: #1322686 - Fix CVE-2016-2115 - resolves: #1322686 - Fix CVE-2016-2118 (Known as Badlock) CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-5370 CVE-2016-2111 CVE-2016-2115 CVE-2016-2112 CVE-2016-2118 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 7 Oracle Linux 6 ipa [4.2.0-15.0.1.6.1] - Drop redhat-access-plugin-ipa requires for OL7 Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818] [4.2.0-15.6.1] - Rebuild against newer Samba version - Related: #1322690 libldb [1.1.25-1] - Rebase libldb to 1.1.25 - Related: rhbz#1322690 libtalloc [2.1.5-1] - Rebase to libtalloc 2.1.5 - Related: rhbz#1322690 libtdb [1.3.8-1] - Rebase libtdb to 1.3.8 - Related: rhbz#1322690 libtevent [0.9.26-1] - Rebase libtevent to 0.9.26 - Related: rhbz#1322690 openchange [2.0-10] - Add a patch to fix connection string (Related: #1322690) samba [4.2.10-6] - Fix domain member winbind not being able to talk to trusted domains' DCs - relates: #1322690 [4.2.10-5] - Fix crash in smb.conf processing - relates: #1322690 [4.2.10-4] - Fix LDAP SASL bind with arcfour-hmac-md5 - resolves: #1322690 [4.2.10-3] - Make sure the package owns /var/lib/samba and uses it for cache purposes - resolves: #1322690 [4.2.10-2] - Remove ldb modules and internal libraries for DC when not packaging DC build - resolves: #1322690 [4.2.10-1] - resolves: #1322690 CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-5370 CVE-2016-2113 CVE-2016-2118 CVE-2016-2110 CVE-2016-2112 CVE-2016-2114 CVE-2016-2111 CVE-2016-2115 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [1:1.8.0.91-1.b03] - Update to u91b14. - Resolves: rhbz#1325420 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-3426 CVE-2016-3427 CVE-2016-0695 CVE-2016-0686 CVE-2016-0687 CVE-2016-3425 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [1:1.7.0.101-2.6.6.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.101-2.6.6.1] - added Patch666 fontpath.patch to fix tck regressions - Resolves: rhbz#1325425 [1:1.7.0.101-2.6.6.0] - Fix ztos handling in templateTable_ppc_64.cpp to be same as others in 7. - Resolves: rhbz#1325425 [1:1.7.0.101-2.6.6.0] - Bump to 2.6.6 and u101b00. - Drop a leading zero from the priority as the update version is now three digits - Resolves: rhbz#1325425 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-3425 CVE-2016-0687 CVE-2016-0695 CVE-2016-3427 CVE-2016-0686 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.1.0-1.0.1.el7_2] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.1.0-1] - Update to 45.1.0 ESR [45.0.2-1] - Update to 45.0.2 ESR [45.0.1-1] - Update to 45.0.1 ESR [45.0-5] - Fixed crashed after start (rhbz#1323744, rhbz#1323738) [45.0-4] - Added system-level location for configuring Firefox (rhbz#1206239) [45.0-3] - Update to 45.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-2814 CVE-2016-2807 CVE-2016-2805 CVE-2016-2806 CVE-2016-2808 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [2.6.32-573.26.1] - [kernel] revert 'sched: core: Use hrtimer_start_expires' (Jiri Olsa) [1326043 1324318] - [kernel] Revert 'Cleanup bandwidth timers' (Jiri Olsa) [1326043 1324318] - [kernel] revert 'fair: Test list head instead of list entry in throttle_cfs_rq' (Jiri Olsa) [1326043 1324318] - [kernel] revert 'sched, perf: Fix periodic timers' (Jiri Olsa) [1326043 1324318] - [kernel] Revert 'fix KABI break' (Jiri Olsa) [1326043 1324318] [2.6.32-573.25.1] - [x86] nmi/64: Fix a paravirt stack-clobbering bug in the NMI code (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157} - [x86] nmi/64: Switch stacks on userspace NMI entry (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157} - [fs] anon_inodes implement dname (Aristeu Rozanski) [1322707 1296019] - [fs] xfs: Avoid pathological backwards allocation (Bill O'Donnell) [1320031 1302777] - [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Jacob Tanenbaum) [1297421 1297422] {CVE-2015-8767} - [net] udp: move logic out of udp[46]_ufo_send_check (Sabrina Dubroca) [1319276 1299975] - [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1315696 1309241] - [md] raid10: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546] - [md] raid1: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546] - [md] raid10: submit_bio_wait returns 0 on success (Jes Sorensen) [1320863 1273546] - [md] raid1: submit_bio_wait() returns 0 on success (Jes Sorensen) [1320863 1273546] - [md] crash in md-raid1 and md-raid10 due to incorrect list manipulation (Jes Sorensen) [1320863 1273546] - [md] raid10: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546] - [md] raid1: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546] [2.6.32-573.24.1] - [sched] fix KABI break (Seth Jennings) [1314878 1230310] - [sched] fair: Test list head instead of list entry in throttle_cfs_rq (Seth Jennings) [1314878 1230310] - [sched] sched,perf: Fix periodic timers (Seth Jennings) [1314878 1230310] - [sched] sched: debug: Remove the cfs bandwidth timer_active printout (Seth Jennings) [1314878 1230310] - [sched] Cleanup bandwidth timers (Seth Jennings) [1314878 1230310] - [sched] sched: core: Use hrtimer_start_expires (Seth Jennings) [1314878 1230310] - [sched] fair: Fix unlocked reads of some cfs_b->quota/period (Seth Jennings) [1314878 1230310] - [sched] Fix potential near-infinite distribute_cfs_runtime loop (Seth Jennings) [1314878 1230310] - [sched] fair: Fix tg_set_cfs_bandwidth deadlock on rq->lock (Seth Jennings) [1314878 1230310] - [sched] Fix hrtimer_cancel/rq->lock deadlock (Seth Jennings) [1314878 1230310] - [sched] Fix cfs_bandwidth misuse of hrtimer_expires_remaining (Seth Jennings) [1314878 1230310] - [sched] Refine the code in unthrottle_cfs_rq (Seth Jennings) [1314878 1230310] - [sched] Update rq clock earlier in unthrottle_cfs_rq (Seth Jennings) [1314878 1230310] - [block] Fix q_suspended logic error for io submission (David Milburn) [1314209 1227342] - [block] nvme: No lock while DMA mapping data (David Milburn) [1314209 1227342] - [netdrv] ixgbe: finish ixgbe: Update ixgbe to use new vlan accleration (John Greene) [1315706 1249244] [2.6.32-573.23.1] - [x86] perf: Add more Broadwell model numbers (Jiri Olsa) [1320035 1242694] - [perf] perf/x86/intel: Remove incorrect model number from Haswell perf (Jiri Olsa) [1320035 1242694] MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5157 CVE-2015-8767 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.39-1.13.11.0] - Update to IcedTea 1.13.11 & OpenJDK 6 b39. - Resolves: rhbz#1325432 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0695 CVE-2016-3425 CVE-2016-0686 CVE-2016-0687 CVE-2016-3427 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [6.7.2.7-4] - Add fix for CVE-2016-3714, CVE-2016-3715, CVE-2016-3716 and CVE-2016-3717 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3716 CVE-2016-3714 CVE-2016-3715 CVE-2016-3718 CVE-2016-3717 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [5.3p1-117] - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317817) [5.3p1-116] - Restore functionallity of pam_ssh_agent_auth in FIPS mode (#1278315) - Initialize devices_done variable for challenge response (#1281468) - Update behaviour of X11 forwarding to match upstream (#1299048) [5.3p1-115] - Ammends previous release, fixing typos and behaviour changes MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1908 CVE-2015-6563 CVE-2015-6564 CVE-2015-5352 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [5.04-30] - fix CVE-2014-3538 (unrestricted regular expression matching) [5.04-29] - fix #1284826 - try to read ELF header to detect corrupted one [5.04-28] - fix #1263987 - fix bugs found by coverity in the patch [5.04-27] - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571) - fix CVE-2014-3710 (out-of-bounds read in elf note headers) - fix CVE-2014-8116 (multiple DoS issues (resource consumption)) - fix CVE-2014-8117 (denial of service issue (resource consumption)) - fix CVE-2014-9620 (limit the number of ELF notes processed) - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory) [5.04-26] - fix #809898 - add support for detection of Python 2.7 byte-compiled files [5.04-25] - fix #1263987 - fix coredump execfn detection on ppc64 and s390 [5.04-24] - fix #966953 - include msooxml file in magic.mgc generation [5.04-23] - fix #966953 - increate the strength of MSOOXML magic patterns [5.04-22] - fix #1169509 - add support for Java 1.7 and 1.8 - fix #1243650 - comment out too-sensitive Pascal magic - fix #1080453 - remove .orig files from magic directory - fix #1161058 - add support for EPUB - fix #1162149 - remove parts of patches patching .orig files - fix #1154802 - fix detection of zip files containing file named 'mime' - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files - fix #1263987 - add new 'execfn' to coredump output to show the real name of executable which generated the coredump - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files - fix #966953 - backport support for MSOOXML MODERATE Copyright 2016 Oracle, Inc. CVE-2014-3710 CVE-2014-3538 CVE-2014-8116 CVE-2014-3587 CVE-2014-9620 CVE-2014-9653 CVE-2014-8117 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 [1.6.2-1] - updated to 1.6.2 - fixed also rhbz#1303437 - package owns /etc/bash_completion.d but it should not own it - Resolves: rhbz#1275523 [1.6.1-4] - updated to 1.6.1 - Resolves: rhbz#1275523 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5234 CVE-2015-5235 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base Oracle Linux 6 [4.2.6p5-10] - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138) - fix crash with reslist command (CVE-2015-7977, CVE-2015-7978) [4.2.6p5-9] - fix crash with invalid logconfig command (CVE-2015-5194) - fix crash when referencing disabled statistic type (CVE-2015-5195) - don't hang in sntp with crafted reply (CVE-2015-5219) - don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) - fix memory leak with autokey (CVE-2015-7701) - don't allow setting driftfile and pidfile remotely (CVE-2015-7703) - don't crash in ntpq with crafted packet (CVE-2015-7852) - add option to set Differentiated Services Code Point (DSCP) (#1228314) - extend rawstats log (#1242895) - fix resetting of leap status (#1243034) - report clock state changes related to leap seconds (#1242937) - allow -4/-6 on restrict lines with mask (#1232146) - retry joining multicast groups (#1288534) - explain synchronised state in ntpstat man page (#1286969) [4.2.6p5-7] - check origin timestamp before accepting KoD RATE packet (CVE-2015-7704) - allow only one step larger than panic threshold with -g (CVE-2015-5300) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5194 CVE-2015-7692 CVE-2015-5219 CVE-2015-7702 CVE-2015-5195 CVE-2015-7701 CVE-2015-7703 CVE-2015-7691 CVE-2015-7978 CVE-2015-7852 CVE-2015-7977 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:base Oracle Linux 6 [2.6.32-642] - [scsi] fc: revert - ensure scan_work isnt active when freeing fc_rport (Ewan Milne) [1326447] - [netdrv] ixgbe: Update ixgbe driver to use __netdev_pick_tx in ixgbe_select_queue (John Greene) [1310749] - [netdrv] mlx5e: Fix adding vlan rule with vid zero twice (Kamal Heib) [1322809] [2.6.32-641] - [netdrv] ixgbe: restore proper CHECKSUM_UNNECESSARY behavior for LRO packets (Neil Horman) [1318426] - [netdrv] revert ' net/mlx5_core: Add pci error handlers to mlx5_core driver' (Don Dutile) [1324599] - [x86] kernel: espfix not working for 32-bit KVM paravirt guests (Jacob Tanenbaum) [1172767] {CVE-2014-8134} [2.6.32-640] - [net] use GFP_ATOMIC in dst_ops_extend_register (Sabrina Dubroca) [1323252] - [kernel] revert 'sched: core: Use hrtimer_start_expires' (Jiri Olsa) [1324318] - [kernel] Revert 'Cleanup bandwidth timers' (Jiri Olsa) [1324318] - [kernel] revert 'fair: Test list head instead of list entry in throttle_cfs_rq' (Jiri Olsa) [1324318] - [kernel] revert 'sched, perf: Fix periodic timers' (Jiri Olsa) [1324318] - [kernel] Revert 'fix KABI break' (Jiri Olsa) [1324318] [2.6.32-639] - [input] wacom: fix ExpressKeys remote events (Aristeu Rozanski) [1318027] - [fs] revert 'writeback: remove wb_list' (Jeff Moyer) [1322297] - [fs] revert 'writeback: bdi_writeback_task must set task state before calling schedule' (Jeff Moyer) [1322297] - [fs] revert 'writeback: merge bdi_writeback_task and bdi_start_fn' (Jeff Moyer) [1322297] - [fs] revert 'writeback: harmonize writeback threads naming' (Jeff Moyer) [1322297] - [fs] revert 'writeback: fix possible race when creating bdi threads' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wake-ups in the forker thread - 1' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wake-ups in the forker thread - 2' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wake-ups in bdi threads' (Jeff Moyer) [1322297] - [fs] revert 'writeback: simplify bdi code a little' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not remove bdi from bdi_list' (Jeff Moyer) [1322297] - [fs] revert 'writeback: move last_active to bdi' (Jeff Moyer) [1322297] - [fs] revert 'writeback: restructure bdi forker loop a little' (Jeff Moyer) [1322297] - [fs] revert 'writeback: move bdi threads exiting logic to the forker thread' (Jeff Moyer) [1322297] - [fs] revert 'writeback: prevent unnecessary bdi threads wakeups' (Jeff Moyer) [1322297] - [fs] revert 'writeback: optimize periodic bdi thread wakeups' (Jeff Moyer) [1322297] - [fs] revert 'writeback: remove unnecessary init_timer call' (Jeff Moyer) [1322297] - [fs] revert 'writeback: cleanup bdi_register' (Jeff Moyer) [1322297] - [fs] revert 'writeback: fix bad _bh spinlock nesting' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wakeup events when forking bdi threads' (Jeff Moyer) [1322297] - [fs] revert 'writeback: Fix lost wake-up shutting down writeback thread' (Jeff Moyer) [1322297] - [mm] revert 'backing-dev: ensure wakeup_timer is deleted' (Jeff Moyer) [1322297] - [perf] revert: perf changes out of 'sched, perf: Fix periodic timers' (Jiri Olsa) [1322488] [2.6.32-638] - [mm] hugetlb: prevent BUG_ON in hugetlb_fault -> hugetlb_cow (Dave Anderson) [1303495] - [mm] hugetlb: fix race condition in hugetlb_fault (Dave Anderson) [1303495] - [s390] kdump: fix wrong BUG_ON statement (Hendrik Brueckner) [1321316] - [scsi] cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (Sai Vemuri) [1320193] - [fs] nfs: fix a regression causing deadlock in nfs_wb_page_cancel() (Benjamin Coddington) [1135601] - [netdrv] cxgb4/ethtool: Get/set rx checksum (Sai Vemuri) [1225167] - [netdrv] cxgb4vf:The RX checksum feature was not completely ported to cxgb4vf driver (Sai Vemuri) [1225167] - [netdrv] cxgb4/cxgb4vf: Enable GRO (Sai Vemuri) [1225167] - [netdrv] cxgb4: Enable RX checksum offload flag (Sai Vemuri) [1225167] - [netdrv] cxgb4: Report correct link speed for unsupported ones (Sai Vemuri) [1296467] - [netdrv] cxgb4: Use vmalloc, if kmalloc fails (Sai Vemuri) [1296473] - [netdrv] cxgb4: Enhance driver to update FW, when FW is too old (Sai Vemuri) [1296472] [2.6.32-637] - [netdrv] mlx4-en: add missing patch to init rss_rings in get_profile (Don Dutile) [1321164] - [netdrv] mlx4-en: disable traffic class queueing by default (Don Dutile) [1321164] - [netdrv] mlx4_core: Fix mailbox leak in error flow when performing update qp (Don Dutile) [1321164] - [x86] nmi/64: Fix a paravirt stack-clobbering bug in the NMI code (Denys Vlasenko) [1259581] {CVE-2015-5157} - [x86] nmi/64: Switch stacks on userspace NMI entry (Denys Vlasenko) [1259581] {CVE-2015-5157} [2.6.32-636] - [netdrv] mlx4_en: Choose time-stamping shift value according to HW frequency (Kamal Heib) [1320448] - [fs] anon_inodes implement dname (Aristeu Rozanski) [1296019] - [net] packet: set transport header before doing xmit (John Greene) [1309526] - [net] tuntap: set transport header before passing it to kernel (John Greene) [1309526] - [netdrv] macvtap: set transport header before passing skb to lower device (John Greene) [1309526] - [net] ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Jakub Sitnicki) [1312740] - [net] ipv6: sctp: add rcu protection around np->opt (Jakub Sitnicki) [1312740] - [net] ipv6: add complete rcu protection around np->opt (Jakub Sitnicki) [1312740] - [net] dccp: remove unnecessary codes in ipv6.c (Jakub Sitnicki) [1312740] - [net] ipv6: remove unnecessary codes in tcp_ipv6.c (Jakub Sitnicki) [1312740] - [net] ipv6: Refactor update of IPv6 flowi destination address for srcrt (RH) option (Jakub Sitnicki) [1312740] - [net] ipv6: protect flow label renew against GC (Sabrina Dubroca) [1313231] - [net] ipv6: fix possible deadlock in ip6_fl_purge / ip6_fl_gc (Sabrina Dubroca) [1313231] - [perf] annotate: Support full source file paths for srcline fix (Jiri Olsa) [1304472 1304479] - [perf] tools: Support full source file paths for srcline (Jiri Olsa) [1304472 1304479] - [perf] annotate: Fix -i option, which is currently ignored (Jiri Olsa) [1304472 1304479] [2.6.32-635] - [mm] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1318930] - [hv] vss: run only on supported host versions (Vitaly Kuznetsov) [1319813] - [sound] hda: Fix internal speaker for HP Z240 (Jaroslav Kysela) [1316673] - [perf] trace: Fix race condition at the end of started workloads (Jiri Olsa) [1302928] - [fs] nfsd: Combine decode operations for v4 and v4.1 (J. Bruce Fields) [1314536] - [hv] revert 'vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: dont loose HVMSG_TIMER_EXPIRED messages' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: remove code duplication in message handling' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: avoid wait_for_completion on crash' (Vitaly Kuznetsov) [1318882] [2.6.32-634] - [scsi] cxgbi: Convert over to dst_neigh_lookup (Sai Vemuri) [1296461] - [netdrv] cxgb4: For T4, dont read the Firmware Mailbox Control register (Sai Vemuri) [1296469] - [netdrv] cxgb4: Use ACCES_ONCE macro to read queues consumer index (Sai Vemuri) [1296484] - [netdrv] cxgb4: prevent simultaneous execution of service_ofldq (Sai Vemuri) [1296483] - [netdrv] cxgb4: Adds PCI device id for new T5 adapters (Sai Vemuri) [1296481] - [netdrv] cxgb4: Dont disallow turning off auto-negotiation (Sai Vemuri) [1296476] - [mm] check if section present during memory block registering (Xunlei Pang) [1297840] - [tty] ldisc: Close/Reopen race prevention should check tty->ldisc (Denys Vlasenko) [1312383] - [fs] proc-vmcore: wrong data type casting fix (Baoquan He) [1312206] - [infiniband] iw_cxgb3: Ignore positive return values from the ofld send functions (Sai Vemuri) [1296999] - [netdrv] cxgb4: Deal with wrap-around of queue for Work request (Sai Vemuri) [1296482] - [infiniband] iw_cxgb4: detect fatal errors while creating listening filters (Sai Vemuri) [1296480] - [md] dm snapshot: suspend merging snapshot when doing exception handover (Mike Snitzer) [1177389] - [md] dm snapshot: suspend origin when doing exception handover (Mike Snitzer) [1177389] - [md] dm snapshot: allocate a per-target structure for snapshot-origin target (Mike Snitzer) [1177389] - [md] dm: fix a race condition in dm_get_md (Mike Snitzer) [1177389] - [infiniband] iw_cxgb4: pass the ord/ird in connect reply events (Sai Vemuri) [1296478] - [infiniband] iw_cxgb4: fix misuse of ep->ord for minimum ird calculation (Sai Vemuri) [1296478] - [infiniband] iw_cxgb4: reverse the ord/ird in the ESTABLISHED upcall (Sai Vemuri) [1296478] - [usb] Revert 'Revert 'Update USB default wakeup settings'' (Torez Smith) [1319081] - [netdrv] ibmveth: add support for TSO6 (Gustavo Duarte) [1318412] [2.6.32-633] - [s390] lib: export udelay_simple for systemtap (Hendrik Brueckner) [1233912] - [netdrv] ixgbe: fix RSS limit for X550 (John Greene) [1314583] - [netdrv] mlx4_core: Fix error message deprecation for ConnectX-2 cards (Don Dutile) [1316013] - [dm] thin metadata: dont issue prefetches if a transaction abort has failed (Mike Snitzer) [1310661] - [scsi] be2iscsi: Add warning message for unsupported adapter (Maurizio Lombardi) [1253016] - [scsi] be2iscsi: Revert 'Add warning message for, unsupported adapter' (Maurizio Lombardi) [1253016] - [scsi] hpsa: update copyright information (Joseph Szczypek) [1315469] - [scsi] hpsa: correct abort tmf for hba devices (Joseph Szczypek) [1315469] - [scsi] hpsa: correct ioaccel2 sg chain len (Joseph Szczypek) [1315469] - [scsi] hpsa: fix physical target reset (Joseph Szczypek) [1315469] - [scsi] hpsa: fix hpsa_adjust_hpsa_scsi_table (Joseph Szczypek) [1315469] - [scsi] hpsa: correct transfer length for 6 byte read/write commands (Joseph Szczypek) [1315469] - [scsi] hpsa: abandon rescans on memory alloaction failures (Joseph Szczypek) [1315469] - [scsi] hpsa: allow driver requested rescans (Joseph Szczypek) [1315469] [2.6.32-632] - [s390] dasd: fix incorrect locking order for LCU device add/remove (Hendrik Brueckner) [1315740] - [s390] dasd: fix hanging device after LCU change (Hendrik Brueckner) [1315729] - [s390] dasd: prevent incorrect length error under z/VM after PAV changes (Hendrik Brueckner) [1313774] - [netdrv] igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [1210699] - [netdrv] 3c59x: mask LAST_FRAG bit from length field in ring (Neil Horman) [1309210] - [ata] ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (Steve Best) [1317045] - [pci] fix truncation of resource size to 32 bits (Myron Stowe) [1316345] - [pci] fix pci_resource_alignment prototype (Myron Stowe) [1316345] - [sound] hda: Fix headphone mic input on a few Dell ALC293 machines (Jaroslav Kysela) [1315932] - [sound] hda: Add some FIXUP quirks for white noise on Dell laptop (Jaroslav Kysela) [1315932] - [sound] hda: Fix the white noise on Dell laptop (Jaroslav Kysela) [1315932] - [sound] hda: one Dell machine needs the headphone white noise fixup (Jaroslav Kysela) [1315932] - [sound] hda: Fix audio crackles on Dell Latitude E7x40 (Jaroslav Kysela) [1315932] - [fs] xfs: Avoid pathological backwards allocation (Bill ODonnell) [1302777] [2.6.32-631] - [input] synaptics: handle spurious release of trackstick buttons, again (Benjamin Tissoires) [1317808] - [hv] kvp: fix IP Failover (Vitaly Kuznetsov) [1312290] - [hv] util: Pass the channel information during the init call (Vitaly Kuznetsov) [1312290] - [hv] utils: Invoke the poll function after handshake (Vitaly Kuznetsov) [1312290] - [hv] utils: run polling callback always in interrupt context (Vitaly Kuznetsov) [1312290] - [hv] util: Increase the timeout for util services (Vitaly Kuznetsov) [1312290] [2.6.32-630] - [mm] avoid hangs in lru_add_drain_all (Vitaly Kuznetsov) [1314683] - [net] esp{4, 6}: fix potential MTU calculation overflows (Herbert Xu) [1304313] - [net] xfrm: take net hdr len into account for esp payload size calculation (Herbert Xu) [1304313] [2.6.32-629] - [x86] acpi: Avoid SRAT table checks for Hyper-V VMs (Vitaly Kuznetsov) [1312711] - [infiniband] ipoib: For sendonly join free the multicast group on leave (Don Dutile) [1315382] - [infiniband] ipoib: increase the max mcast backlog queue (Don Dutile) [1315382] - [infiniband] ipoib: Make sendonly multicast joins create the mcast group (Don Dutile) [1315382] - [infiniband] ipoib: Expire sendonly multicast joins (Don Dutile) [1315382] - [infiniband] ipoib: Clean up send-only multicast joins (Don Dutile) [1315382] - [infiniband] ipoib: Suppress warning for send only join failures (Don Dutile) [1315382] - [drm] i915: shut up gen8+ SDE irq dmesg noise (Rob Clark) [1313681] - [drm] i915: fix the SDE irq dmesg warnings properly (Rob Clark) [1313681] - [hv] vmbus: avoid wait_for_completion on crash (Vitaly Kuznetsov) [1301903] - [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1301903] - [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload (Vitaly Kuznetsov) [1301903] - [hv] vmbus: dont loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1301903] - [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload (Vitaly Kuznetsov) [1301903] [2.6.32-628] - [netdrv] bnx2x: fix crash on big-endian when adding VLAN (Michal Schmidt) [1311433] - [sound] alsa hda: only sync BCLK to the display clock for Haswell & Broadwell (Jaroslav Kysela) [1313672] - [sound] alsa hda: add component support (Jaroslav Kysela) [1313672] - [sound] alsa hda: pass intel_hda to all i915 interface functions (Jaroslav Kysela) [1313672] - [netdrv] igb: fix race accessing page->_count (Corinna Vinschen) [1315402] - [netdrv] igb: fix recent VLAN changes that would leave VLANs disabled after reset (Corinna Vinschen) [1309968] - [mm] always decrement anon_vma degree when the vma list is empty (Jerome Marchand) [1309898] [2.6.32-627] - [net] rds: restore return value in rds_cmsg_rdma_args (Don Dutile) [1313089] - [net] rds: Fix assertion level from fatal to warning (Don Dutile) [1313089] - [netdrv] be2net: dont enable multicast flag in be_enable_if_filters routine (Ivan Vecera) [1309157] - [net] unix: correctly track in-flight fds in sending process user_struct (Hannes Frederic Sowa) [1313052] {CVE-2016-2550} - [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Jacob Tanenbaum) [1297422] {CVE-2015-8767} [2.6.32-626] - [fs] nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (Benjamin Coddington) [1272687] - [fs] quota: fix unwanted soft limit enforcement (Lukas Czerner) [1304603] - [fs] xfs: flush entire last page of old EOF on truncate up (Brian Foster) [1308482] - [fs] xfs: truncate_setsize should be outside transactions (Brian Foster) [1308482] - [scsi] megaraid: overcome a fw deficiency (Maurizio Lombardi) [1294983] - [scsi] megaraid_sas: Add an i/o barrier (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Fix SMAP issue (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Fix for IO failing post OCR in SRIOV environment (Tomas Henzl) [1294983] - [scsi] megaraid: fix null pointer check in megasas_detach_one() (Tomas Henzl) [1294983] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1294983] - [scsi] megaraid_sas: SPERC OCR changes (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Introduce module parameter for SCSI command timeout (Tomas Henzl) [1294983] - [scsi] megaraid_sas: MFI adapter OCR changes (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Make adprecovery variable atomic (Tomas Henzl) [1294983] - [scsi] megaraid_sas: IO throttling support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Dual queue depth support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Code optimization build_and_issue_cmd return-type (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Reply Descriptor Post Queue (RDPQ) support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Fastpath region lock bypass (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Update device queue depth based on interface type (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Task management support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Syncing request flags macro names with firmware (Tomas Henzl) [1294983] - [scsi] megaraid_sas: MFI IO timeout handling (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Do not allow PCI access during OCR (Tomas Henzl) [1294983] - [scsi] hpsa: check for a null phys_disk pointer in ioaccel2 path (Joseph Szczypek) [1311728] [2.6.32-625] - [netdrv] cxgb4 : Patch to fix kernel panic on pinging over vlan interface (Sai Vemuri) [1303493] - [x86] mm: Improve AMD Bulldozer ASLR workaround (Rik van Riel) [1240883] - [x86] Properly export MSR values in kernel headers (Jacob Tanenbaum) [1298255] - [netdrv] tehuti: Firmware filename is tehuti/bdx.bin (Ivan Vecera) [1235961] - [netdrv] ixgbe: convert to ndo_fix_features (John Greene) [1279522] - [drm] revert 'drm: Use vblank timestamps to guesstimate how many vblanks were missed' (Lyude Paul) [1300086] - [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683] - [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683] - [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683] - [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683] - [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683] - [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683] - [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683] - [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683] - [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683] - [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683] - [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683] - [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683] - [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683] - [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683] - [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683] - [fs] writeback: bdi_writeback_task must set task state before calling schedule (Jeff Moyer) [1111683] - [fs] writeback: remove wb_list (Jeff Moyer) [1111683] - [drm] i915: Change WARN_ON(!wm_changed) to I915_STATE_WARN_ON (Lyude Paul) [1309888] - [drm] i915: Quiet down state checks (Lyude Paul) [1309888] - [drm] i915: Fix a few of the !wm_changed warnings (Lyude Paul) [1309888] [2.6.32-624] - [netdrv] tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs (Ivan Vecera) [1222426] - [netdrv] bna: fix list corruption (Ivan Vecera) [1310957] - [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.14.4.0, hardcode driver to the same (Sai Vemuri) [1270347] - [drm] i915: WaRsDisableCoarsePowerGating (Rob Clark) [1302269] - [drm] i915/skl: Add SKL GT4 PCI IDs (Rob Clark) [1302269] [2.6.32-623] - [perf] revert 'perf/x86/intel uncore: Move uncore_box_init() out of driver initialization' (Jiri Olsa) [1313062] - [net] udp: move logic out of udp[46]_ufo_send_check (Sabrina Dubroca) [1299975] - [netdrv] hv_netvsc: Restore needed_headroom request (Vitaly Kuznetsov) [1305000] - [net] pktgen: fix null ptr deref in skb allocation (Vitaly Kuznetsov) [1305000] - [net] pktgen: Observe needed_headroom of the device (Vitaly Kuznetsov) [1305000] - [net] pktgen: ipv6: numa: consolidate skb allocation to pktgen_alloc_skb (Vitaly Kuznetsov) [1305000] - [net] pktgen: fix crash with vlan and packet size less than 46 (Vitaly Kuznetsov) [1305000] - [net] pktgen: speedup fragmented skbs (Vitaly Kuznetsov) [1305000] - [net] pktgen: correct uninitialized queue_map (Vitaly Kuznetsov) [1305000] - [net] pktgen node allocation (Vitaly Kuznetsov) [1305000] - [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1309241] - [net] veth: dont modify ip_summed; doing so treats packets with bad checksums as good (Sabrina Dubroca) [1308586] - [net] ipv6: udp: use sticky pktinfo egress ifindex on connect() (Xin Long) [1301475] - [net] provide default_advmss() methods to blackhole dst_ops (Paolo Abeni) [1305068] - [net] sctp: translate network order to host order when users get a hmacid (Xin Long) [1303822] - [powerpc] pseries: Make 32-bit MSI quirk work on systems lacking firmware support (Oded Gabbay) [1303678] - [powerpc] pseries: Force 32 bit MSIs for devices that require it (Oded Gabbay) [1303678] - [netdrv] bnxt_en: Fix zero padding of tx push data (John Linville) [1310301] - [netdrv] bnxt_en: Failure to update PHY is not fatal condition (John Linville) [1310301] - [netdrv] bnxt_en: Remove unnecessary call to update PHY settings (John Linville) [1310301] - [netdrv] bnxt_en: Poll link at the end of __bnxt_open_nic (John Linville) [1310301] - [netdrv] bnxt_en: Reduce default ring sizes (John Linville) [1310301] - [netdrv] bnxt_en: Fix implementation of tx push operation (John Linville) [1310301] - [netdrv] bnxt_en: Remove 20G support and advertise only 40GbaseCR4 (John Linville) [1310301] - [netdrv] bnxt_en: Cleanup and Fix flow control setup logic (John Linville) [1310301] - [netdrv] bnxt_en: Fix ethtool autoneg logic (John Linville) [1310301] [2.6.32-622] - [netdrv] bonding: Fix ARP monitor validation (Jarod Wilson) [1244170] - [netdrv] sfc: only use RSS filters if were using RSS (Jarod Wilson) [1304311] - [dm] delay: fix RHEL6 specific bug when establishing future 'expires' time (Mike Snitzer) [1311615] - [ata] Adding Intel Lewisburg device IDs for SATA (Steve Best) [1310237] - [i2c] i801: Adding Intel Lewisburg support for iTCO (Rui Wang) [1304872] - [x86] Mark Grangeville ixgbe PCI ID 15AE (1 gig PHY) unsupported (Steve Best) [1310585] - [kernel] lockd: properly convert be32 values in debug messages (Harshula Jayasuriya) [1289848] - [i2c] convert i2c-isch to platform_device (Prarit Bhargava) [1211747] - [tty] do not reset masters packet mode (Denys Vlasenko) [1308660] - [block] dont assume last put of shared tags is for the host (Jeff Moyer) [1300538] - [netdrv] i40evf: use pages correctly in Rx (Stefan Assmann) [1293754] - [netdrv] i40e: fix bug in dma sync (Stefan Assmann) [1293754] - [sched] fix KABI break (Seth Jennings) [1230310] - [sched] fair: Test list head instead of list entry in throttle_cfs_rq (Seth Jennings) [1230310] - [sched] sched,perf: Fix periodic timers (Seth Jennings) [1230310] - [sched] sched: debug: Remove the cfs bandwidth timer_active printout (Seth Jennings) [1230310] - [sched] Cleanup bandwidth timers (Seth Jennings) [1230310] - [sched] sched: core: Use hrtimer_start_expires (Seth Jennings) [1230310] - [sched] fair: Fix unlocked reads of some cfs_b->quota/period (Seth Jennings) [1230310] - [sched] Fix potential near-infinite distribute_cfs_runtime loop (Seth Jennings) [1230310] - [sched] fair: Fix tg_set_cfs_bandwidth deadlock on rq->lock (Seth Jennings) [1230310] - [sched] Fix hrtimer_cancel/rq->lock deadlock (Seth Jennings) [1230310] - [sched] Fix cfs_bandwidth misuse of hrtimer_expires_remaining (Seth Jennings) [1230310] - [sched] Refine the code in unthrottle_cfs_rq (Seth Jennings) [1230310] - [sched] Update rq clock earlier in unthrottle_cfs_rq (Seth Jennings) [1230310] - [drm] radeon: mask out WC from BO on unsupported arches (Oded Gabbay) [1303678] - [drm] add helper to check for wc memory support (Oded Gabbay) [1303678] - [acpi] pci: Account for ARI in _PRT lookups (Ivan Vecera) [1311421] - [pci] Move pci_ari_enabled() to global header (Ivan Vecera) [1311421] - [acpi] tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0 (Jerry Snitselaar) [1309641] - [acpi] Centralized processing of ACPI device resources (Jerry Snitselaar) [1309641] - [acpi] acpi: Add device resources interpretation code to ACPI core (Jerry Snitselaar) [1309641] - [netdrv] cxgb4 : Fix for the kernel panic caused by calling t4_enable_vi_params (Sai Vemuri) [1303493] - [mm] Remove false WARN_ON from pagecache_isize_extended (Brian Foster) [1205014] [2.6.32-621] - [netdrv] net/mlx4_en: Wake TX queues only when theres enough room (Don Dutile) [1309893] - [netdrv] revert ' net/mlx4_core: Fix mailbox leak in error flow when performing update qp' (Don Dutile) [1309893] - [netdrv] revert 'mlx4-en: add missing patch to init rss_rings in get_profile' (Don Dutile) [1309893] - [netdrv] revert 'mlx4-en: disable traffic class queueing by default' (Don Dutile) [1309893] [2.6.32-620] - [netdrv] mlx4-en: disable traffic class queueing by default (Don Dutile) [1309893] - [netdrv] mlx4-en: add missing patch to init rss_rings in get_profile (Don Dutile) [1309893] - [netdrv] net/mlx4_core: Fix mailbox leak in error flow when performing update qp (Don Dutile) [1309893] [2.6.32-619] - [netdrv] cxgb4: add device ID for few T5 adapters (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix for write-combining stats configuration (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix tx flit calculation (Sai Vemuri) [1252598] - [netdrv] cxgb4: changes for new firmware 1.14.4.0 (Sai Vemuri) [1252598] - [netdrv] cxgb4: memory corruption in debugfs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Force uninitialized state if FW in adapter is unsupported (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add MPS tracing support (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add some more details to sge qinfo (Sai Vemuri) [1252598] - [netdrv] cxgb4: missing curly braces in t4_setup_debugfs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add support to dump edc bist status (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs support to dump meminfo (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Read correct FL congestion threshold for T5 and T6 (Sai Vemuri) [1252598] - [netdrv] cxgb4: Allow firmware flash, only if cxgb4 is the master driver (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs entry to enable backdoor access (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix check to use new User Doorbell mechanism (Sai Vemuri) [1252598] - [netdrv] cxgb4: Enable cim_la dump to support T6 (Sai Vemuri) [1252598] - [netdrv] cxgb4: Read stats for only available channels (Sai Vemuri) [1252598] - [netdrv] cxgb4: Update register ranges for T6 adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4: Dont use entire L2T table, use only its slice (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add PCI device ids for few more T5 and T6 adapters (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix incorrect sequence numbers shown in devlog (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add PCI device ID for custom T522 & T520 adapter (Sai Vemuri) [1252598] - [infiniband] iw_cxgb4: support for bar2 qid densities exceeding the page size (Sai Vemuri) [1252598] - [netdrv] cxgb4: Support for user mode bar2 mappings with T4 (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs entry to dump channel rate (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs entry to dump CIM PIF logic analyzer contents (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add a debugfs entry to dump CIM MA logic analyzer logs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix static checker warning (Sai Vemuri) [1252598] - [netdrv] cxgb4: Use FW LDST cmd to access TP_PIO_ADDR, TP_PIO_DATA register first (Sai Vemuri) [1252598] - [netdrv] cxgb4: program pci completion timeout (Sai Vemuri) [1252598] - [netdrv] cxgb4: Set mac addr from vpd, when we cant contact firmware (Sai Vemuri) [1252598] - [netdrv] cxgb4: Rename t4_link_start to t4_link_l1cfg (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add sge ec context flush service (Sai Vemuri) [1252598] - [netdrv] cxgb4: Free Virtual Interfaces in remove routine (Sai Vemuri) [1252598] - [netdrv] cxgb4: Remove WOL get/set ethtool support (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add support to dump loopback port stats (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add support in ethtool to dump channel stats (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add ethtool support to get adapter stats (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Adds SRIOV driver changes for T6 adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4: Adds support for T6 adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add is_t6 macro and T6 register ranges (Sai Vemuri) [1252598] - [netdrv] cxgb4: remove unused fn to enable/disable db coalescing (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: function and argument name cleanup (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs facility to inject FL starvation (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add PHY firmware support for T420-BT cards (Sai Vemuri) [1252598] - [netdrv] cxgb4: Update T4/T5 adapter register ranges (Sai Vemuri) [1252598] - [netdrv] cxgb4: Optimize and cleanup setup memory window code (Sai Vemuri) [1252598] - [netdrv] cxgb4: replace ntohs, ntohl and htons, htonl calls with the generic byteorder (Sai Vemuri) [1252598] - [netdrv] cxgb4: Remove dead function t4_read_edc and t4_read_mc (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Cleanup macros, add comments and add new MACROS (Sai Vemuri) [1252598] - [netdrv] cxgb4: Initialize RSS mode for all Ports (Sai Vemuri) [1252598] - [netdrv] cxgb4: Discard the packet if the length is greater than mtu (Sai Vemuri) [1252598] - [netdrv] cxgb4: Move SGE Ingress DMA state monitor (Don Dutile) [1252598] - [netdrv] cxgb4: Add device node to ULD info (Don Dutile) [1252598] - [netdrv] cxgb4: Pass in a Congestion Channel Map to t4_sge_alloc_rxq (Sai Vemuri) [1252598] - [netdrv] cxgb4: Enable congestion notification from SGE for IQs and FLs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Make sure that Freelist size is larger than Egress Congestion Threshold (Sai Vemuri) [1252598] - [infiniband] iw_cxgb4: Cleanup register defines/MACROS (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix sparse warnings (Sai Vemuri) [1252598] - [netdrv] cxgb4: Improve IEEE DCBx support, other minor open-lldp fixes (Sai Vemuri) [1252598] - [scsi] cxgb4i: Call into recently added cxgb4 ipv6 api (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix queue allocation for 40G adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Initialize mdio_addr before using it (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix ethtool get_settings for VF driver (Sai Vemuri) [1252598] - [netdrv] csiostor: Cleanup macros/register defines related to port and VI (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Fix DCB priority groups being returned in wrong order (Sai Vemuri) [1252598] - [netdrv] cxgb4: dcb open-lldp interop fixes (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Fix bug in DCB app deletion (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Handle dcb enable correctly (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Improve handling of DCB negotiation or loss thereof (Sai Vemuri) [1252598] - [netdrv] cxgb4: IEEE fixes for DCBx state machine (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix endian bug introduced in cxgb4 dcb patchset (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Makefile & Kconfig changes for DCBx support (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Integrate DCBx support into cxgb4 module. Register dbcnl_ops to give access to DCBx functions (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Add DCBx support codebase and dcbnl_ops (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Update fw interface file for DCBx support. Adds all the required fields to fw interface to communicate DCBx info (Sai Vemuri) [1252598] [2.6.32-618] - [documentation] filesystems: describe the shared memory usage/accounting (Rodrigo Freire) [1293615] - [kernel] Fix cgclear failure when encountering the rpciod kernel thread (Larry Woodman) [1220828] - [netdrv] qlcnic: constify qlcnic_mbx_ops structure (Harish Patil) [1252119] - [netdrv] net: qlcnic: delete redundant memsets (Harish Patil) [1252119] - [netdrv] qlcnic: Update version to 5.3.63 (Harish Patil) [1252119] - [netdrv] qlcnic: Dont use kzalloc unncecessarily for allocating large chunk of memory (Harish Patil) [1252119] - [netdrv] qlcnic: Add new VF device ID 0x8C30 (Harish Patil) [1252119] - [netdrv] qlcnic: Print firmware minidump buffer and template header addresses (Harish Patil) [1252119] - [netdrv] qlcnic: Add support to enable capability to extend minidump for iSCSI (Harish Patil) [1252119] - [netdrv] qlcnic: Rearrange ordering of header files inclusion (Harish Patil) [1252119] - [netdrv] qlcnic: Fix corruption while copying (Harish Patil) [1252119] - [netdrv] net: qlcnic: Deletion of unnecessary memset (Harish Patil) [1252119] - [netdrv] net: qlcnic: clean up sysfs error codes (Harish Patil) [1252119] - [netdrv] qlcnic: codespell comment spelling fixes (Harish Patil) [1252119] - [netdrv] qlcnic: Fix typo in printk messages (Harish Patil) [1252119] - [netdrv] qlcnic: Fix trivial typo in comment (Harish Patil) [1252119] - [netdrv] qlogic: Deletion of unnecessary checks before two function calls (Harish Patil) [1252119] - [netdrv] qlcnic: Fix dump_skb output (Harish Patil) [1252119] - [virt] kvm: x86: Dont report guest userspace emulation error to userspace (Bandan Das) [1163764] {CVE-2010-5313 CVE-2014-7842} - [virt] kvm: inject #UD if instruction emulation fails and exit to userspace (Bandan Das) [1163764] {CVE-2010-5313 CVE-2014-7842} - [netdrv] iwlwifi: Add new PCI IDs for the 8260 series (John Linville) [1286871 1308636] - [netdrv] iwlwifi: pcie: fix (again) prepare card flow (John Linville) [1286871 1308636] - [netdrv] nl80211: Fix potential memory leak from parse_acl_data (John Linville) [1286871 1308636] - [netdrv] mac80211: fix divide by zero when NOA update (John Linville) [1286871 1308636] - [netdrv] mac80211: allow null chandef in tracing (John Linville) [1286871 1308636] - [netdrv] mac80211: fix driver RSSI event calculations (John Linville) [1286871 1308636] - [netdrv] mac80211: Fix local deauth while associating (John Linville) [1286871 1308636] - [fs] xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly (Brian Foster) [747564] - [fs] mm: introduce set_page_writeback_keepwrite() (Brian Foster) [747564] - [fs] xfs: always log the inode on unwritten extent conversion (Zorro Lang) [1018465] - [fs] vfs: fix data corruption when blocksize < pagesize for mmaped data (Lukas Czerner) [1205014] [2.6.32-617] - [infiniband] rdma/ocrdma: Bump up ocrdma version number to 11.0.0.0 (Don Dutile) [1253021] - [infiniband] rdma/ocrdma: Prevent CQ-Doorbell floods (Don Dutile) [1253021] - [infiniband] rdma/ocrdma: Check resource ids received in Async CQE (Don Dutile) [1253021] - [infiniband] rdma/ocrdma: Avoid a possible crash in ocrdma_rem_port_stats (Don Dutile) [1253021] - [kernel] driver core : Fix use after free of dev->parent in device_shutdown (Tomas Henzl) [1303215] - [kernel] driver core: fix shutdown races with probe/remove (Tomas Henzl) [1303215] - [kernel] driver core: Protect device shutdown from hot unplug events (Tomas Henzl) [1303215] - [netdrv] bnx2x: Add new device ids under the Qlogic vendor (Michal Schmidt) [1304252] - [kernel] klist: fix starting point removed bug in klist iterators (Ewan Milne) [1190273] - [md] raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (Jes Sorensen) [1309154] - [md] raid1: fix test for 'was read error from last working device' (Jes Sorensen) [1309154] - [s390] cio: update measurement characteristics (Hendrik Brueckner) [1304257] - [s390] cio: ensure consistent measurement state (Hendrik Brueckner) [1304257] - [s390] cio: fix measurement characteristics memleak (Hendrik Brueckner) [1304257] - [fs] pipe: fix offset and len mismatch on pipe_iov_copy_to_user failure (Seth Jennings) [1302223] {CVE-2016-0774} [2.6.32-616] - [kernel] isolcpus: Output warning when the 'isolcpus=' kernel parameter is invalid (Prarit Bhargava) [1304216] - [mmc] Prevent 1.8V switch for SD hosts that dont support UHS modes (Petr Oros) [1307065] - [mmc] sdhci-pci-o2micro: Fix Dell E5440 issue (Petr Oros) [1307065] - [mmc] sdhci-pci-o2micro: Add SeaBird SeaEagle SD3 support (Petr Oros) [1307065] - [watchdog] hung task debugging: Inject NMI when hung and going to panic (Don Zickus) [1305919] - [watchdog] add sysctl knob hardlockup_panic (Don Zickus) [1305919] - [watchdog] perform all-CPU backtrace in case of hard lockup (Don Zickus) [1305919] - [drm] i915: Drop intel_update_sprite_watermarks (Lyude) [1306425] - [drm] i915: Setup DDI clk for MST on SKLi (Lyude) [1306425] - [drm] i915: Explicitly check for eDP in skl_ddi_pll_select (Lyude) [1306425] - [drm] i915: Dont skip mst encoders in skl_ddi_pll_select (Lyude) [1306425] - [scsi] qla2xxx: Set relogin flag when we fail to queue login requests (Chad Dupuis) [1306033] - [s390] kernel/syscalls: correct syscall number for __NR_setns (Hendrik Brueckner) [1219586] - [edac] sb_edac: fix channel/csrow emulation on Broadwell (Aristeu Rozanski) [1301230] - [usb] xhci: Workaround to get Intel xHCI reset working more reliably (Gopal Tiwari) [1146875] - [fs] revert revert 'dlm: print kernel message when we get an error from kernel_sendpage' (Robert S Peterson) [1264492] - [fs] revert '[fs] dlm: Replace nodeid_to_addr with kernel_getpeername' (Robert S Peterson) [1264492] - [s390] sclp: Determine HSA size dynamically for zfcpdump (Hendrik Brueckner) [1303557] - [s390] sclp: Move declarations for sclp_sdias into separate header file (Hendrik Brueckner) [1303557] - [netdrv] mlx4_en: add missing tx_queue init in en_start_port (Don Dutile) [1304016] [2.6.32-615] - [s390] qeth: initialize net_device with carrier off (Hendrik Brueckner) [1198666] - [netdrv] Add rtlwifi driver from linux 4.3 (Stanislaw Gruszka) [1245452 1263386 1289574 761525] [2.6.32-614] - [powerpc] pseries: Limit EPOW reset event warnings (Gustavo Duarte) [1300202] - [perf] tools: Do not show trace command if its not compiled in (Jiri Olsa) [1212539] - [perf] tools spec: Disable trace command on ppc arch (Jiri Olsa) [1212539] - [netdrv] mlx4_en: Fix the blueflame in TX path (Kamal Heib) [1295872 1303661 1303863 1304272] - [netdrv] mlx4_en: Fix HW timestamp init issue upon system startup (Kamal Heib) [1295872 1304272] - [netdrv] mlx4_en: Remove dependency between timestamping capability and service_task (Kamal Heib) [1295872 1304272] - [netdrv] mlx5_core: Fix trimming down IRQ number (Kamal Heib) [1304272] - [x86] Mark Intel Broadwell-DE SoC supported (Steve Best) [1253856] - [s390] zfcpdump: Fix collecting of registers (Hendrik Brueckner) [1303558] - [s390] dasd: fix failfast for disconnected devices (Hendrik Brueckner) [1303559] - [netdrv] bnxt_en: Fix crash in bnxt_free_tx_skbs() during tx timeout (John Linville) [1303703] - [netdrv] bnxt_en: Exclude rx_drop_pkts hw counter from the stacks rx_dropped counter (John Linville) [1303703] - [netdrv] bnxt_en: Ring free response from close path should use completion ring (John Linville) [1303703] - [block] Fix q_suspended logic error for io submission (David Milburn) [1227342] - [block] nvme: No lock while DMA mapping data (David Milburn) [1227342] MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7509 CVE-2015-8324 CVE-2014-8134 CVE-2015-5156 CVE-2015-8215 CVE-2013-4312 CVE-2014-7842 CVE-2010-5313 CVE-2015-8543 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:base Oracle Linux 6 [1.0.1e-48.1] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-0799 CVE-2016-2105 CVE-2016-2842 CVE-2016-2107 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 Oracle Linux 6 [0.12.1.2-2.491.el6_8.1] - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407] - kvm-vga-use-constants-from-vga.h.patch [bz#1331407] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331407] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331407] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331407] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331407] - Resolves: bz#1331407 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z]) [0.12.1.2-2.491.el6] - Revert 'warning when CPU threads>1 for non-Intel CPUs' fix [0.12.1.2-2.490.el6] - kvm-qemu-ga-implement-win32-guest-set-user-password.patch [bz#1174181] - kvm-util-add-base64-decoding-function.patch [bz#1174181] - kvm-qga-convert-to-use-error-checked-base64-decode.patch [bz#1174181] - kvm-qga-use-more-idiomatic-qemu-style-eol-operators.patch [bz#1174181] - kvm-qga-use-size_t-for-wcslen-return-value.patch [bz#1174181] - kvm-qga-use-wide-chars-constants-for-wchar_t-comparisons.patch [bz#1174181] - kvm-qga-fix-off-by-one-length-check.patch [bz#1174181] - kvm-qga-check-utf8-to-utf16-conversion.patch [bz#1174181] - Resolves: bz#1174181 (RFE: provide QEMU guest agent command for setting root account password (Linux guest)) [0.12.1.2-2.489.el6] - kvm-hw-qxl-qxl_send_events-nop-if-stopped.patch [bz#1290743] - kvm-block-mirror-fix-full-sync-mode-when-target-does-not.patch [bz#971312] - Resolves: bz#1290743 (qemu-kvm core dumped when repeat system_reset 20 times during guest boot) - Resolves: bz#971312 (block: Mirroring to raw block device doesnt zero out unused blocks) * Mon Feb 08 2016 Miroslav Rezanina <mrezanin@redhat.com - 0.12.1.2-2.488.el6 - Fixed qemu-ga path configuration [bz#1213233] - Resolves: bz#1213233 ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesnt exist) [0.12.1.2-2.487.el6] - kvm-virtio-scsi-use-virtqueue_map_sg-when-loading-reques.patch [bz#1249740] - kvm-scsi-disk-fix-cmd.mode-field-typo.patch [bz#1249740] - Resolves: bz#1249740 (Segfault occurred at Dst VM while completed migration upon ENOSPC) [0.12.1.2-2.486.el6] - kvm-blockdev-Error-out-on-negative-throttling-option-val.patch [bz#1294619] - kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298046] - Resolves: bz#1294619 (Guest should failed to boot if set iops,bps to negative number) - Resolves: bz#1298046 (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-6.8]) [0.12.1.2-2.485.el6] - kvm-Change-fsfreeze-hook-default-location.patch [bz#1213233] - kvm-qxl-replace-pipe-signaling-with-bottom-half.patch [bz#1290743] - Resolves: bz#1213233 ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesnt exist) - Resolves: bz#1290743 (qemu-kvm core dumped when repeat system_reset 20 times during guest boot) [0.12.1.2-2.484.el6] - kvm-qga-flush-explicitly-when-needed.patch [bz#1210246] - kvm-qga-add-guest-set-user-password-command.patch [bz#1174181] - kvm-qcow2-Zero-initialise-first-cluster-for-new-images.patch [bz#1223216] - kvm-Documentation-Warn-against-qemu-img-on-active-image.patch [bz#1297424] - kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I.patch [bz#1292678] - kvm-qemu-options-Fix-texinfo-markup.patch [bz#1250442] - kvm-qga-Fix-memory-allocation-pasto.patch [] - kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch [bz#1268347] - Resolves: bz#1174181 (RFE: provide QEMU guest agent command for setting root/administrator account password) - Resolves: bz#1210246 ([virtagent]The 'write' content is lost if 'read' it before flush through guest agent) - Resolves: bz#1223216 (qemu-img can not create qcow2 image when backend is block device) - Resolves: bz#1250442 (qemu-doc.html bad markup in section 3.3 Invocation) - Resolves: bz#1268347 (posix_fallocate emulation on NFS fails with Bad file descriptor if fd is opened O_WRONLY) - Resolves: bz#1292678 (Qemu should report error when cmdline set threads=2 in amd host) - Resolves: bz#1297424 (Add warning about running qemu-img on active VMs to its manpage) [0.12.1.2-2.483.el6] - kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1262866] - kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch [bz#1262866] - Resolves: bz#1262866 ([RHEL6] Package is 100% lost when ping from host to Win2012r2 guest with 64000 size) [0.12.1.2-2.482.el6] - kvm-qemu-kvm-get-put-MSR_TSC_AUX-across-reset-and-migrat.patch [bz#1265428] - kvm-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch [bz#1219908] - kvm-net-pcnet-add-check-to-validate-receive-data-size-CV.patch [bz#1286597] - kvm-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch [bz#1286567] - Resolves: bz#1219908 (Writing snapshots with 'virsh snapshot-create-as' command slows as more snapshots are created) - Resolves: bz#1265428 (contents of MSR_TSC_AUX are not migrated) - Resolves: bz#1286567 (CVE-2015-7512 qemu-kvm: Qemu: net: pcnet: buffer overflow in non-loopback mode [rhel-6.8]) [0.12.1.2-2.481.el6] - kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE-.patch [bz#1263275] - Resolves: bz#1263275 (CVE-2015-5279 qemu-kvm: qemu: Heap overflow vulnerability in ne2000_receive() function [rhel-6.8]) [0.12.1.2-2.480.el6] - kvm-virtio-rng-fix-segfault-when-adding-a-virtio-pci-rng.patch [bz#1230068] - kvm-qga-commands-posix-Fix-bug-in-guest-fstrim.patch [bz#1213236] - kvm-rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-20.patch [bz#1248763] - kvm-rtl8139-drop-tautologous-if-ip-.-statement-CVE-2015-.patch [bz#1248763] - kvm-rtl8139-skip-offload-on-short-Ethernet-IP-header-CVE.patch [bz#1248763] - kvm-rtl8139-check-IP-Header-Length-field-CVE-2015-5165.patch [bz#1248763] - kvm-rtl8139-check-IP-Total-Length-field-CVE-2015-5165.patch [bz#1248763] - kvm-rtl8139-skip-offload-on-short-TCP-header-CVE-2015-51.patch [bz#1248763] - kvm-rtl8139-check-TCP-Data-Offset-field-CVE-2015-5165.patch [bz#1248763] - Resolves: bz#1213236 ([virtagent] 'guest-fstrim' failed for guest with os on spapr-vscsi disk) - Resolves: bz#1230068 (Segmentation fault when re-adding virtio-rng-pci device) - Resolves: bz#1248763 (CVE-2015-5165 qemu-kvm: Qemu: rtl8139 uninitialized heap memory information leakage to guest [rhel-6.8]) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3710 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 5 Oracle Linux 7 Oracle Linux 6 [38.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.8.0-2] - Update to 38.8.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2805 CVE-2016-2807 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [7:3.1.23-16.4] - Related: #1334489 - CVE-2016-4554 CVE-2016-4556 squid: various flaws [7:3.1.23-16.3] - Resolved: #1334489 - CVE-2016-4554 CVE-2016-4556 squid: various flaws - Related: #1330572 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [7:3.1.23-16.2] - Related: #1330572 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [7:3.1.23-16.1] - Resolves: #1330572 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws MODERATE Copyright 2016 Oracle, Inc. CVE-2016-4554 CVE-2016-4053 CVE-2016-4054 CVE-2016-4052 CVE-2016-4556 CVE-2016-4051 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [7:3.4.14-9.3] - Resolves: #1334499 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid34: various flaws - Resolves: #1334506 - CVE-2016-4553 squid34: squid: Cache poisoning issue in HTTP Request handling [7:3.4.14-9.2] - Related: #1330574 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid34: various flaws [7:3.4.14-9.1] - Resolves: #1330574 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid34: various flaws MODERATE Copyright 2016 Oracle, Inc. CVE-2016-4053 CVE-2016-4555 CVE-2016-4553 CVE-2016-4554 CVE-2016-4052 CVE-2016-4051 CVE-2016-4054 CVE-2016-4556 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 Oracle Linux 7 [4.2.6p5-10.el6_8.1] - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547) - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548) - check mode of new source in config command (CVE-2016-2518) - make MAC check resilient against timing attack (CVE-2016-1550) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7979 CVE-2016-1547 CVE-2016-2518 CVE-2016-1550 CVE-2016-1548 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [0.12.4-13.1] - Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749 - Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2150 CVE-2016-0749 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.2.0-1] - Update to 45.2.0 ESR [45.1.1-2] - Added fix for mozbz#1270046 - new Samba auth response CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-2828 CVE-2016-2821 CVE-2016-2822 CVE-2016-2819 CVE-2016-2831 CVE-2016-2818 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [6.7.2.7-5] - Add fix for CVE-2016-3714, CVE-2016-3715, CVE-2016-3716 and CVE-2016-3717 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8897 CVE-2015-8898 CVE-2016-5239 CVE-2016-5240 CVE-2016-5118 CVE-2015-8895 CVE-2015-8896 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 setroubleshoot [3.0.47-12.0.1] - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com [3.0.47-12] - Don't use command.get*output() Resolves: CVE-2016-4445 setroubleshoot-plugins [3.0.40-3.1.0.1] - Add setroubleshoot-plugins-oracle-enterprise.patch [3.0.40-3.1] - Don't use commands.get*output() Resolves: CVE-2016-4444, CVE-2016-4446 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4445 CVE-2016-4444 CVE-2016-4446 CVE-2016-4989 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [2.9.1-6.0.1.3] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [libxml2-2.9.1-6.3] - Heap-based buffer overread in xmlNextChar (CVE-2016-1762) - Bug 763071: Heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834) - Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840) - Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838) - Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839) - Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836) - Fix inappropriate fetch of entities content (CVE-2016-4449) - Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837) - Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835) - Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447) - Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833) - Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705) - Avoid building recursive entities (CVE-2016-3627) - Fix some format string warnings with possible format string vulnerability (CVE-2016-4448) - More format string warnings with possible format string vulnerability (CVE-2016-4448) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1838 CVE-2016-1836 CVE-2016-1837 CVE-2016-1762 CVE-2016-1835 CVE-2016-4448 CVE-2016-1839 CVE-2016-4447 CVE-2016-1833 CVE-2016-3705 CVE-2016-1840 CVE-2016-3627 CVE-2016-4449 CVE-2016-1834 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.2-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.2-1] - Update to 45.2 [45.1.1-1] - Update to 45.1.1 [45.1.0-5] - Do not add symlinks to some langpacks [45.1.0-4] - Update to 45.1.0 [45.0-5] - Update to 45.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2818 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-642.3.1] - [infiniband] security: Restrict use of the write interface (Don Dutile) [1332547 1332548] {CVE-2016-4565} [2.6.32-642.2.1] - [sched] Revert 'kernel: sched: Cure load average vs NO_HZ woes' (Rafael Aquini) [1343015 1326373] - [sched] Revert 'kernel: sched: Cure more NO_HZ load average woes' (Rafael Aquini) [1343015 1326373] - [sched] Revert 'kernel: sched: Move sched_avg_update to update_cpu_load' (Rafael Aquini) [1343015 1326373] - [sched] Revert 'kernel: sched: Fix nohz load accounting -- again' (Rafael Aquini) [1343015 1326373] - [fs] lockd: Don't try to register/unregister callbacks on the inet6addr_chain if the ipv6 module isn't loaded (Scott Mayhew) [1341496 1336483] - [fs] nfsd: Don't try to register/unregister callbacks on the inet6addr_chain if the ipv6 module isn't loaded (Scott Mayhew) [1341496 1336483] - [isdn] avoid calling tty_ldisc_flush() in atomic context (Sabrina Dubroca) [1337443 1328115] - [redhat] Update dracut dependency to pull in ecb module (Herbert Xu) [1334431 1315832] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 Oracle Linux 6 Oracle Linux 5 [2.2.3-92.0.1] - Add the ability to read DH parameters from the (first) SSLCertificateFile (John Haxby) [orabug 21671194] - fix mod_ssl always performing full renegotiation (Joe Jin) [orabug 12423387] - replace index.html with Oracle's index page oracle_index.html - update vstring and distro in specfile [2.2.3-92] - add security fix for CVE-2016-5387 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5387 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1:1.8.0.101-3.b13] - Replace bad 8159244 patch from upstream 8u with fresh backport from OpenJDK 9. - Resolves: rhbz#1350034 [1:1.8.0.101-2.b13] - Add missing hunk from 8147771, missed due to inclusion of unneeded 8138811 - Resolves: rhbz#1350034 [1:1.8.0.101-1.b13] - Add workaround for a typo in the CORBA security fix, 8079718 - Resolves: rhbz#1350034 [1:1.8.0.101-0.b13] - Update to u101b13. - Backport REPOS option in generate_source_tarball.sh - Drop a leading zero from the priority as the update version is now three digits - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Add additional fixes (S6260348, S8159244) for u92 update. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Update ppc64le fix with upstream version, S8158260. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Add fix for ppc64le crash due to illegal instruction. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Add backport for S8148752. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Update to u92b14. - Remove upstreamed patches for Zero build failures 8087120 & 8143855. - Add 8132051 Zero fix upstreamed as 8154210 in 8u112. - Add upstreamed patch 6961123 from u102 to fix application name in GNOME Shell. - Add upstreamed patches 8044762 & 8049226 from u112 to fix JDI issues. - Regenerate java-1.8.0-openjdk-rh1191652-root.patch against u92 - Resolves: rhbz#1350034 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-3508 CVE-2016-3500 CVE-2016-3550 CVE-2016-3610 CVE-2016-3606 CVE-2016-3458 CVE-2016-3587 CVE-2016-3598 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.2.10-7] - resolves: #1351957 - Fix CVE-2016-2119 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-2119 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.111-2.6.7.1.0.1] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Oracle Linux' [1:1.7.0.111-2.6.7.1] - Bump to jdk7u111 b01 to fix TCK regressions (7081817 & 8162344) - Resolves: rhbz#1350038 [1:1.7.0.111-2.6.7.0] - Bump to 2.6.7 and u111b00. - Update SystemTap bundle with fix for PR3091/RH1204159 - Drop patches (S8161262 (8147466_wrapv) and PR2939 (fontpath)) applied upstream. - Reset permissions of resources.jar to avoid it only being readable by root (PR1437). - Resolves: rhbz#1350038 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3598 CVE-2016-3500 CVE-2016-3458 CVE-2016-3508 CVE-2016-3606 CVE-2016-3550 CVE-2016-3610 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [3.9.4-18] - Update patch for CVE-2014-8127 - Related: #1335099 [3.9.4-17] - Fix patches for CVE-2016-3990 and CVE-2016-5320 - Related: #1335099 [3.9.4-16] - Add patches for CVEs: - CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 - CVE-2016-3991 CVE-2016-5320 - Related: #1335099 [3.9.4-15] - Update patch for CVE-2014-8129 - Related: #1335099 [3.9.4-14] - Merge previously released fixes for CVEs: - CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 - CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 - Resolves: #1335099 [3.9.4-13] - Patch typos in CVE-2014-8127 - Related: #1299919 [3.9.4-12] - Fix CVE-2014-8127 and CVE-2015-8668 patches - Related: #1299919 [3.9.4-11] - Fixed patches on preview CVEs - Related: #1299919 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2014-9655 CVE-2015-8668 CVE-2016-3990 CVE-2016-3632 CVE-2014-8129 CVE-2015-8783 CVE-2016-3991 CVE-2015-8784 CVE-2014-8127 CVE-2016-5320 CVE-2014-8130 CVE-2016-3945 CVE-2015-1547 CVE-2015-8665 CVE-2015-8782 CVE-2015-7554 CVE-2014-9330 CVE-2015-8683 CVE-2015-8781 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.3.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.3.0-1] - Update to 45.3.0 ESR [45.2.0-3] - Added fix for mozbz#256180 [45.2.0-2] - Added fix for mozbz#975832, rhbz#1343202 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5265 CVE-2016-2836 CVE-2016-2830 CVE-2016-5263 CVE-2016-5252 CVE-2016-5264 CVE-2016-2837 CVE-2016-5262 CVE-2016-2838 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [7:3.1.23-16.6] - Resolves: #1359204 - CVE-2016-5408 squid: Buffer overflow vulnerability in cachemgr.cgi tool MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5408 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0.12.1.2-2.491.el6_8.3] - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359724] - Resolves: bz#1359724 (EMBARGOED CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-6.8.z]) [0.12.1.2-2.491.el6_8.2] - kvm-vga-add-sr_vbe-register-set.patch [bz#1347192] - Resolves: bz#1347192 (Regression from CVE-2016-3712: windows installer fails to start) [0.12.1.2-2.491.el6_8.1] - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407] - kvm-vga-use-constants-from-vga.h.patch [bz#1331407] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331407] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331407] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331407] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331407] - Resolves: bz#1331407 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z]) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5403 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 Oracle Linux 6 [5.3.3-48] - don't set environmental variable based on user supplied Proxy request header CVE-2016-5385 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5385 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [2.6.6-66.0.1] - Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma) [2.6.6-66] - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359161 [2.6.6-65] - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch) - Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346354 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1000110 CVE-2016-5699 CVE-2016-0772 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [2.6.32-642.4.2] - [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696} [2.6.32-642.4.1] - [ipmi] Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg() (David Arcari) [1355980 1347189] - [fs] ext4: Remove useless spinlock in ext4_getattr() (Lukas Czerner) [1355981 1315933] - [net] tcp: increase size at which tcp_bound_to_half_wnd bounds to > TCP_MSS_DEFAULT (Davide Caratti) [1354446 1349776] - [net] tcp: Prevent overzealous packetization by SWS logic (Davide Caratti) [1354446 1349776] - [fs] configfs: fix race between dentry put and lookup (Robert S Peterson) [1353828 1333448] - [drm] move idr2 implementation to lib (Milos Vyletel) [1353827 1316790] - [fs] cifs: Create dedicated keyring for spnego operations (Scott Mayhew) [1351670 1267754] - [infiniband] srp: Fix backport error in ib_srp::srp_queuecommand (Don Dutile) [1348062 1321094] - [fs] gfs2: don't set rgrp gl_object until it's inserted into rgrp tree (Robert S Peterson) [1347539 1344740] - [sched] avoid kernel panic during power off (Frank Ramsay) [1343894 1313035] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5696 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 5 Oracle Linux 7 Oracle Linux 6 [1:1.6.0.40-1.13.12.4.0.1] - Add oracle-enterprise.patch [1:1.6.0.40-1.13.12.4] - Bump source tarballs to try and really fix TCK failures this time. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.3] - Bump source tarballs to missing -DNDEBUG on JDK native code. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.2] - Escape macros in bootstrap comments - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.2] - Bump source tarballs to fix TCK failures. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.1] - Introduce bootstrapping variable to test whether we are bootstrapping or not. - Add build requirement of xsltproc when bootstrapping. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.1] - Separate bootstrap option as it should not be tied to the JDK used. - Enable bootstrapping on JIT architectures going forward. - Temporarily enable bootstrapping on all architectures to work around RH1334465/PR2956. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.0] - Need to also remove DISTRIBUTION_PATCHES reference to wrapv patch. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.0] - Update to IcedTea 1.13.12 & OpenJDK 6 b40. - Depend on mailcap for /etc/mime.types (PR2800) - Use configure macro and disable long-running JTreg & SystemTap tests from make check - Remove redundant patch-ecj target invocation for bootstrap build. - Add check section to run the new tests introduced in 1.13.12. - Add RHEL version of b40 tarball. - Require mailcap at build time as well, so configure finds /etc/mime.types - No need to require openssl at run time. - Drop old_gcc patch as this is now supported upstream (S8161262) - Resolves: rhbz#1350043 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3458 CVE-2016-3606 CVE-2016-3550 CVE-2016-3500 CVE-2016-3508 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [3.0.0-50.el6.2] - Resolves: #1351593 CVE-2016-5404 ipa: Insufficient privileges check in certificate revocation - cert-revoke: fix permission check bypass (CVE-2016-5404) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5404 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.3.0-1] - Update to 45.3.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2836 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.8.3-7] - Fixes variation of CVE-2016-5418: Hard links could include '..' in their path. [2.8.3-6] - Fixes CVE-2016-5418: Archive Entry with type 1 (hardlink) causes file overwrite (#1365774) [2.8.3-5] - enable testsuite - CVE batch in summer 2016 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5844 CVE-2015-8932 CVE-2015-8921 CVE-2016-7166 CVE-2016-5418 CVE-2015-8920 CVE-2016-4809 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.4.0-1] - Update to 45.4.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5261 CVE-2016-5257 CVE-2016-5250 CVE-2016-5270 CVE-2016-5274 CVE-2016-5272 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5284 CVE-2016-5281 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1.0.1e-48.3] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2181 CVE-2016-2177 CVE-2016-6304 CVE-2016-2178 CVE-2016-6306 CVE-2016-6302 CVE-2016-2179 CVE-2016-2180 CVE-2016-2182 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [30:9.3.6-25.P1.9] - Fix CVE-2016-2776 [30:9.3.6-25.P1.8] - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite [30:9.3.6-25.P1.7] - Fix CVE-2016-1285 and CVE-2016-1286 [30:9.3.6-25.P1.6] - Fix CVE-2015-8704 [30:9.3.6-25.P1.5] - Fix CVE-2015-8000 [30:9.3.6-25.P1.4] - Fix CVE-2015-5722 [30:9.3.6-25.P1.3] - Fix CVE-2015-5477 [30:9.3.6-25.P1.2] - Remove files backup after patching (Related: #1171971) [30:9.3.6-25.P1.1] - Fix CVE-2014-8500 (#1171971) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2776 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 Oracle Linux 6 [8.2.0-5] - Rebase HTTPoxy patch and bump release for rebuild Resolves: rhbz#1358789 [8.2.0-4] - Fix HTTPoxy CVE-2016-1000111 Resolves: rhbz#1358789 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1000111 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.4.0-1] - Update to 45.4.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5257 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-642.6.1] - [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696} - [fs] sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott Mayhew) [1366962 1294939] - [usbhid] hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Yauheni Kaliuta) [1359999 1360008] {CVE-2016-5829} [2.6.32-642.5.1] - [scsi] megaraid_sas: Do not fire MR_DCMD_PD_LIST_QUERY to controllers which do not support it (Tomas Henzl) [1359039 1352826] - [scsi] libfc: sanity check cpu number extracted from xid (Chris Leech) [1359036 1351356] - [security] keys: potential uninitialized variable (Mateusz Guzik) [1345945 1345946] {CVE-2016-4470} - [fs] gfs2: Lock holder cleanup (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Large-filesystem fix for 32-bit systems (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Get rid of gfs2_ilookup (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Fix gfs2_lookup_by_inum lock inversion (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Initialize iopen glock holder for new inodes (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Release iopen glock in gfs2_create_inode error cases (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Wait for iopen glock dequeues (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Re-add an omission from upstream (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Eliminate parameter non_block on gfs2_inode_lookup (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Don't filter out I_FREEING inodes anymore (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Check if iopen is held when deleting inode (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Don't do glock put when inode creation fails (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Prevent delete work from occurring on glocks used for create (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Always use iopen glock for gl_deletes (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Update master statfs buffer with sd_statfs_spin locked (Robert S Peterson) [1359037 1173286] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4470 CVE-2016-5829 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [0:6.0.24-98] - Resolves: rhbz#1362210 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz#1368119 [0:6.0.24-97] - Resolves: rhbz#1367051 CVE-2015-5174 URL Normalization issue - Resolves: rhbz#1367054 CVE-2016-0706 Security Manager bypass via StatusManagerServlet - Resolves: rhbz#1367058 CVE-2016-0714 Security Manager bypass via persistence mechanisms - Resolves: rhbz#1367054 CVE-2015-5345 Directory disclosure [0:6.0.24-96] - Resolves: rhbz#1357123 rpm -V tomcat6 fails due on /var/log/tomcat6/catalina.out IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0706 CVE-2016-6325 CVE-2015-5345 CVE-2016-0714 CVE-2016-5388 CVE-2015-5174 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [1:1.8.0.111-0.b15] - added nss restricting requires - Resolves: rhbz#1381990 [1:1.8.0.111-0.b15] - Turn debug builds on for all JIT architectures. Always AssumeMP on RHEL. - Resolves: rhbz#1381990 [1:1.8.0.111-0.b15] - Update to aarch64-jdk8u111-b15, with AArch64 fix for S8160591. - Resolves: rhbz#1381990 [1:1.8.0.111-0.b14] - Update to aarch64-jdk8u111-b14. - Drop the CORBA typo fix, which appears upstream in u111. - Add LCMS 2 patch to fix Red Hat security issue RH1367357 in the local OpenJDK copy. - Resolves: rhbz#1381990 [1:1.8.0.102-1.b14] - New variable, @prefix@, needs to be substituted in tapsets (rhbz1371005) - Resolves: rhbz#1381990 [1:1.8.0.102-0.b14] - Update to aarch64-jdk8u102-b14. - Drop 8140620, 8148752 and 6961123, all of which appear upstream in u102. - Move 8159244 to 8u111 section as it only appears to be in unpublished u102 b31. - Move 8158260 to 8u112 section following its backport to 8u. - Resolves: rhbz#1381990 [1:1.8.0.101-4.b15] - Update to aarch64-jdk8u101-b15. - Rebase SystemTap tarball on IcedTea 3.1.0 versions so as to avoid patching. - Drop additional hunk for 8147771 which is now applied upstream. - Resolves: rhbz#1381990 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5554 CVE-2016-5597 CVE-2016-5582 CVE-2016-5573 CVE-2016-5542 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 [30:9.3.6-25.P1.10] - Fix CVE-2016-2848 [30:9.3.6-25.P1.9] - Fix CVE-2016-2776 [30:9.3.6-25.P1.8] - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite [30:9.3.6-25.P1.7] - Fix CVE-2016-1285 and CVE-2016-1286 [30:9.3.6-25.P1.6] - Fix CVE-2015-8704 [30:9.3.6-25.P1.5] - Fix CVE-2015-8000 [30:9.3.6-25.P1.4] - Fix CVE-2015-5722 [30:9.3.6-25.P1.3] - Fix CVE-2015-5477 [30:9.3.6-25.P1.2] - Remove files backup after patching (Related: #1171971) [30:9.3.6-25.P1.1] - Fix CVE-2014-8500 (#1171971) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2848 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-642.6.2] - [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 5 Oracle Linux 6 [30:9.3.6-25.P1.11] - Fix CVE-2016-8864 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8864 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 Oracle Linux 5 Oracle Linux 6 [1:1.7.0.121-2.6.8.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.121-2.6.8.0] - Turn off HotSpot bootstrap to see if it resolves build issues. - Resolves: rhbz#1381990 [1:1.7.0.121-2.6.8.0] - Bump to 2.6.8 and u121b00. - Drop patches (S7081817, S8140344, S8145017 and S8162344) applied upstream. - Update md5sum list with checksum for the new java.security file. - Resolves: rhbz#1381990 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5554 CVE-2016-5582 CVE-2016-5542 CVE-2016-5597 CVE-2016-5573 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1.5.3-13.1] - fix CVE-2016-6313 - predictable PRNG output (#1366105) [1.5.3-13] - touch only urandom in the selftest and when /dev/random is unavailable for example by SELinux confinement - fix the RSA selftest key (p q swap) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-6313 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:linux:7::security_validation cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [2.0.83-30.1.0.1] - Lazy unmount private, shared entry(Joe Jin)[orabug 12560705] [2.0.83-30.1] - sandbox: create a new session for sandboxed processes Resolves: CVE-2016-7545 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7545 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 [1.2.11.15-84] - Release 1.2.11.15-84 - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462) [1.2.11.15-83] - Release 1.2.11.15-83 - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462) [1.2.11.15-82] - Release 1.2.11.15-82 - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462) [1.2.11.15-81] - Release 1.2.11.15-81 - Resolves: #Bug 1381153 - Crash in import_wait_for_space_in_fifo(). (DS 48960) [1.2.11.15-80] - Release 1.2.11.15-80 - Resolves: #1379599 - ns-slapd general protection ip:7f570c56afd5 sp:7f56dc7edce0 error:0 in libc-2.12.so (DS 48944) [1.2.11.15-79] - Release 1.2.11.15-79 - Resolves: #1358559 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462, 48862, 48243, 48777) - Resolves: #1354331 - Replication changelog can incorrectly skip over updates - Resolves: #1374588 - EASY FIX : dereferencing a NULL sr_candidates pointer in ldbm_back_next_search_entry_ext resulted a segfault (DS 47858) [1.2.11.15-78] - Release 1.2.11.15-78 - Resolves: #1354331 - Replication changelog can incorrectly skip over updates (DS 48954) - Resolves: #1361421 - CVE-2016-5416 389-ds-base: ACI readable by anonymous user (DS 48354) - Resolves: #1360974 - CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack [1.2.11.15-77] - Release 1.2.11.15-77 - Resolves: #1358390 - replication delay when server is configured with multiple replication agreements. (DS 48636) fixing a backport error [1.2.11.15-76] - Release 1.2.11.15-76 - Resolves: #1354331 - Replication changelog can incorrectly skip over updates (DS 48766) - Resolves: #1358390 - replication delay when server is configured with multiple replication agreements. (DS 48636) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5416 CVE-2016-5405 CVE-2016-4992 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [2.6.32-642.11.1] - [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195} [2.6.32-642.10.1] - [scsi] fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (Maurizio Lombardi) [1382620 1341298] [2.6.32-642.9.1] - [net] vlan: Fix FCOE_MTU support (Maurizio Lombardi) [1381592 1367250] - [s390] mm: fix asce_bits handling with dynamic pagetable levels (Steve Best) [1377472 1341758] - [powerpc] eeh: Block PCI configuration space access during EEH (Gustavo Duarte) [1379596 1216944] - [fs] ecryptfs: prevent mounts backed by procfs (Mateusz Guzik) [1347101 1347102] {CVE-2016-1583} - [s390] mm: four page table levels vs. fork (Hendrik Brueckner) [1341546 1316461] {CVE-2016-2143} [2.6.32-642.8.1] - [fs] lockd: unregister notifier blocks if the service fails to come up completely (Scott Mayhew) [1375637 1346317] [2.6.32-642.7.1] - [net] netfilter: ip(6)t_REJECT: fix wrong transport header pointer in TCP reset (William Townsend) [1372266 1343816] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 CVE-2016-2143 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 Oracle Linux 7 Oracle Linux 5 nss [3.21.3-2.0.1] - Added nss-vendor.patch to change vendor [3.21.3-2] - Mozilla #1314604 / Red Hat CVE-2016-8635 [3.21.3-1.1] - rebuild [3.21.3-1] - Rebase to NSS 3.21.3 - Resolves: #1383887 nss-util [3.21.3-1.1] - rebuild [3.21.3-1] - Rebase to nss-3.21.3 - Remove patch for CVE-2016-1950, which is included in the release - Related: Bug 1347908 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-2834 CVE-2016-8635 CVE-2016-5285 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.5.0-1] - Update to 45.5.0 ESR [45.4.0-3] - Added upcoming upstream patches mozbz#1018486 [45.4.0-2] - Added Laszlo Ersek patch for aarch64 crashes CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5291 CVE-2016-9066 CVE-2016-5296 CVE-2016-9064 CVE-2016-5297 CVE-2016-5290 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [0:1.4.4-3.el6_8.1] - fix vulnerabilities allowing remote code execution (CVE-2016-8704, CVE-2016-8705, CVE-2016-8706) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8704 CVE-2016-8705 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [2.0.1-13] - updated security fix for CVE-2016-0718 [2.0.1-12] - add security fix for CVE-2016-0718 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0718 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.5.0-1] - Update to 45.5.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5290 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.1-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.5.1-1] - Update to 45.5.1 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-9079 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.5.1-1] - Update to 45.5.1 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9079 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch Oracle Linux 6 Oracle Linux 7 [1.8.6p3-25] - Update noexec syscall blacklist - Fixes CVE-2016-7032 and CVE-2016-7076 Resolves: rhbz#1391937 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-7032 CVE-2016-7076 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.6.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.6.0-1] - Update to 45.6.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-9893 CVE-2016-9895 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9905 CVE-2016-9897 CVE-2016-9904 CVE-2016-9901 CVE-2016-9902 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 Oracle Linux 6 [7.4.629-5.1] - add fix for CVE-2016-1248 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1248 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.6.0-1] - Update to the latest upstream (45.6.0) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9901 CVE-2016-9893 CVE-2016-9895 CVE-2016-9905 CVE-2016-9899 CVE-2016-9900 CVE-2016-9902 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch Oracle Linux 6 [0.10.19-5] - vmncdec: Sanity-check width/height before using it Resolves: rhbz#1400820 [0.10.19-4] - Remove insecure NSF decoder Resolves: rhbz#1400820 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9447 CVE-2016-9445 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [0.10.23-4] - Remove insecure FLX plugin Resolves: rhbz#1400835 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9634 CVE-2016-9635 CVE-2016-9807 CVE-2016-9808 CVE-2016-9636 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.2.4] - KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373442] {CVE-2015-7872} [3.8.13-118.2.3] - dcache: Handle escaped paths in prepend_path (Eric W. Biederman) [Orabug: 22373283] - vfs: Test for and handle paths that are unreachable from their mnt_root (Eric W. Biederman) [Orabug: 22249875] - KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [Orabug: 22373442] {CVE-2015-7872} - KEYS: Fix race between key destruction and finding a keyring by name (David Howells) [Orabug: 22373442] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-2925 CVE-2015-7872 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.264.13] - KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373449] {CVE-2015-7872} [2.6.39-400.264.12] - crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644} - crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644} - crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644} [2.6.39-400.264.11] - KVM: x86: Don't report guest userspace emulation error to userspace (Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842} [2.6.39-400.264.9] - msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC objects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] {CVE-2015-7613} {CVE-2015-7613} [2.6.39-400.264.8] - ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613} - Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250044] {CVE-2015-7613} [2.6.39-400.264.7] - KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} {CVE-2015-8104} - KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307} [2.6.39-400.264.6] - mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) - IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang) - IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug: 21861366] - IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina) - IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz) - IB: Return error for unsupported QP creation flags (Or Gerlitz) - IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2014-7842 CVE-2015-7613 CVE-2015-8104 CVE-2014-9644 CVE-2015-5307 CVE-2013-7421 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.15uek] - ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250043] {CVE-2015-7613} - Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250043] {CVE-2015-7613} - crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644} - crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644} - crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644} [2.6.32-400.37.14uek] - KVM: add arg to ac_interception() missing from 'KVM: x86: work around infinite loop in microcode when #AC is delivered' (Chuck Anderson) [Orabug: 22336493] {CVE-2015-5307} [2.6.32-400.37.13uek] - KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22336518] {CVE-2015-8104} {CVE-2015-8104} - KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22336493] {CVE-2015-5307} {CVE-2015-5307} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-7421 CVE-2015-7613 CVE-2014-9644 CVE-2015-5307 CVE-2015-8104 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.2.5] - KEYS: Fix keyring ref leak in join_session_keyring() (Yevgeny Pats) [Orabug: 22563965] {CVE-2016-0728} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0728 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-32.1.2] - KEYS: Fix keyring ref leak in join_session_keyring() (Yevgeny Pats) [Orabug: 22563965] {CVE-2016-0728} [4.1.12-32.1.1] - ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218243] - xen/events/fifo: Consume unprocessed events when a CPU dies (Ross Lagerwall) [Orabug: 22498877] - Revert 'xen/fb: allow xenfb initialization for hvm guests' (Konrad Rzeszutek Wilk) - xen/pciback: Dont allow MSI-X ops if PCI_COMMAND_MEMORY is not set. (Konrad Rzeszutek Wilk) - xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled. (Konrad Rzeszutek Wilk) - xen/pciback: Do not install an IRQ handler for MSI interrupts. (Konrad Rzeszutek Wilk) - xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled (Konrad Rzeszutek Wilk) - xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled (Konrad Rzeszutek Wilk) - xen/pciback: Save xen_pci_op commands before processing it (Konrad Rzeszutek Wilk) - xen-scsiback: safely copy requests (David Vrabel) - xen-blkback: read from indirect descriptors only once (Roger Pau Monne) - xen-blkback: only read request operation from shared ring once (Roger Pau Monne) - xen-netback: use RING_COPY_REQUEST() throughout (David Vrabel) - xen-netback: dont use last request to determine minimum Tx credit (David Vrabel) - xen: Add RING_COPY_REQUEST() (David Vrabel) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0728 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [2.12-1.166.7] - Update fix for CVE-2015-7547 (#1296028). [2.12-1.166.6] - Create helper threads with enough stack for POSIX AIO and timers (#1301625). [2.12-1.166.5] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028). [2.12-1.166.4] - Support loading more libraries with static TLS (#1291270). CRITICAL Copyright 2016 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.3.2] - x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/nmi/64: Reorder nested NMI checks (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/nmi/64: Improve nested NMI comments (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/nmi/64: Switch stacks on userspace NMI entry (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/paravirt: Replace the paravirt nop with a bona fide empty function (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-5157 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [1.0.1e-51.4] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-51.3] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-51.2] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-51.1] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint IMPORTANT Copyright 2016 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.4.2] - pipe: Fix buffer offset after partially failed read (Ben Hutchings) [Orabug: 22985903] {CVE-2016-0774} {CVE-2015-1805} {CVE-2016-0774} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0774 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-32.2.3] - rebuild bumping release [4.1.12-32.2.2] - x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) [Orabug: 22997978] {CVE-2016-3157} - fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() (Mike Kravetz) [Orabug: 22667863] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0617 CVE-2016-3157 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.6.1] - skbuff: skb_segment: orphan frags before copying (Dongli Zhang) [Orabug: 23018911] - RDS/IB: VRPC DELAY / OSS RECONNECT CAUSES 5 MINUTE STALL ON PORT FAILURE (Venkat Venkatsubra) [Orabug: 22888920] - mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) - filename should be destroyed via final_putname() instead of __putname() (John Sobecki) [Orabug: 22346320] - RDS: Fix the atomicity for congestion map update (Wengang Wang) [Orabug: 23141554] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222753] {CVE-2015-8767} [3.8.13-118.5.1] - x86_64: expand kernel stack to 16K (Minchan Kim) [Orabug: 21140371] - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [Orabug: 22534160] - xen: remove unneeded variables and one constant (Daniel Kiper) [Orabug: 22288700] - Revert 'x86/xen: delay construction of mfn_list_list' (Daniel Kiper) [Orabug: 22288700] - ocfs2/dlm: fix misuse of list_move_tail() in dlm_run_purge_list() (Tariq Saeed) [Orabug: 22898384] - ocfs2/dlm: do not purge lockres that is queued for assert master (Xue jiufei) [Orabug: 22898384] MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.278.2] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222773] {CVE-2015-8767} MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.16uek] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222781] {CVE-2015-8767} MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.2.2] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222731] {CVE-2015-8767} MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [1.0.1e-48.1] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0799 CVE-2016-2109 CVE-2016-2842 CVE-2016-2108 CVE-2016-2106 CVE-2016-2107 CVE-2016-2105 cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.3.1] - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279022] {CVE-2016-0758} - uek-rpm: ol6: revert DRM for experimental or OL6-incompatible drivers (Todd Vierling) [Orabug: 23270829] - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262277] {CVE-2013-4312} {CVE-2013-4312} - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222731] {CVE-2015-8767} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-4312 CVE-2016-0758 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.6.2] - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279020] {CVE-2016-0758} - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267997] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263252] {CVE-2015-8215} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262276] {CVE-2013-4312} {CVE-2013-4312} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0758 CVE-2015-8215 CVE-2015-8543 CVE-2013-4312 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.278.3] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267976] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263251] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts'o) [Orabug: 23262219] {CVE-2015-7509} - ext4: make orphan functions be no-op in no-journal mode (Anatol Pomozov) [Orabug: 23262219] {CVE-2015-7509} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262265] {CVE-2013-4312} {CVE-2013-4312} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-7509 CVE-2015-8543 CVE-2015-8215 CVE-2013-4312 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.17] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267965] {CVE-2015-8543} {CVE-2015-8543} - ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings) [Orabug: 23263398] {CVE-2015-8324} {CVE-2015-8324} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263242] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts'o) [Orabug: 23262201] {CVE-2015-7509} - ext4: make orphan functions be no-op in no-journal mode (Anatol Pomozov) [Orabug: 23262201] {CVE-2015-7509} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262258] {CVE-2013-4312} {CVE-2013-4312} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8324 CVE-2015-8215 CVE-2015-8543 CVE-2013-4312 CVE-2015-7509 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 [1.10.3-1.0.3] - CVE-2016-3697: docker: Potential privilege escalation via confusion of usernames and UIDs [orabug 23279003] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3697 cpe:/a:oracle:linux:6::addons cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.5.1] - sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23520741] - ocfs2: bump up o2cb network protocol version (Junxiao Bi) [Orabug: 23515810] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23283954] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [1.0.1t-2.0.1] - update to upstream 1.0.1t - Original 1.0.1 test certificates has expired on May 10, 2016. Updated certificatea were copied from 1.0.2h tree (alexey.petrenko@oracle.com) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-2105 CVE-2016-0799 CVE-2016-2107 CVE-2016-2842 cpe:/a:oracle:linux:6::addons Oracle Linux 5 Oracle Linux 6 [2.6.39-400.280.1] - Fix cpu bootup stall with large cpu count (Zhenzhong Duan) [Orabug: 23481040] - megaraid_sas : Update threshold based reply post host index register (Sumit.Saxena@avagotech.com) [Orabug: 23536267] [2.6.39-400.279.1] - IPoIB: increase send queue size to 4 times (Ajaykumar Hotchandani) [Orabug: 22287489] - IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 22287489] - Avoid 60sec timeout when receiving rtpg sense code 06/00/00 (John Sobecki) [Orabug: 22336257] - stop recursive fault in print_context_stack after stack overflow (John Sobecki) [Orabug: 23174777] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23287131] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.7.1] - megaraid_sas : Update threshold based reply post host index register (Sumit.Saxena@avagotech.com) [Orabug: 23562756] - xen/events: Don't move disabled irqs (Ross Lagerwall) [Orabug: 23055234] - xen/events: Mask a moving irq (Boris Ostrovsky) [Orabug: 23055234] - xen/pciback: Save the number of MSI-X entries to be copied later. (Dongli Zhang) [Orabug: 23202410] - xen/pciback: Save xen_pci_op commands before processing it (Dongli Zhang) [Orabug: 23202410] - xen-blkback: read from indirect descriptors only once (Dongli Zhang) [Orabug: 23202410] - xen-blkback: only read request operation from shared ring once (Dongli Zhang) [Orabug: 23202410] - xen-netback: use RING_COPY_REQUEST() throughout (Dongli Zhang) [Orabug: 23202410] - xen-netback: don't use last request to determine minimum Tx credit (Dongli Zhang) [Orabug: 23202410] - xen: Add RING_COPY_REQUEST() (Dongli Zhang) [Orabug: 23202410] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23283925] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.18uek] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23641666] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.6.1] - vfs: rename: check backing inode being equal (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - vfs: add vfs_select_inode() helper (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - ovl: fix getcwd() failure after unsuccessful rmdir (Rui Wang) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - xen: use same main loop for counting and remapping pages (Juergen Gross) [Orabug: 24012238] - Revert 'ocfs2: bump up o2cb network protocol version' (Junxiao Bi) [Orabug: 23710417] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23704078] {CVE-2016-2117} - Revert 'perf tools: Bump default sample freq to 4 kHz' (ashok.vairavan) [Orabug: 23634802] - block: Initialize max_dev_sectors to 0 (Keith Busch) [Orabug: 23333444] - sd: Fix rw_max for devices that report an optimal xfer size (Martin K. Petersen) [Orabug: 23333444] - sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes (Martin K. Petersen) [Orabug: 23333444] - sd: Optimal I/O size is in bytes, not sectors (Martin K. Petersen) [Orabug: 23333444] - sd: Reject optimal transfer length smaller than page size (Martin K. Petersen) [Orabug: 23333444] - Fix kabi issue for upstream commit ca369d51 (Joe Jin) [Orabug: 23333444] - block/sd: Fix device-imposed transfer length limits (Joe Jin) [Orabug: 23333444] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-6197 CVE-2016-6198 CVE-2016-2117 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.9.1] - mlx4: Increase SYNC_TPT command timeout (Mukesh Kacker) [Orabug: 22895790] - neigh: do not modify unlinked entries (Julian Anastasov) [Orabug: 23072705] - mm/slab: Improve performance of slabinfo stats gathering (Aruna Ramakrishna) [Orabug: 23720437] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703901] {CVE-2016-2117} {CVE-2016-2117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2117 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.283.1] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703990] {CVE-2016-2117} - mlx4_core: add module parameter to disable background init (Mukesh Kacker) [Orabug: 23292107] - NFSv4: Don't decode fs_locations if we didn't ask for them... (Trond Myklebust) [Orabug: 23633714] - mm/slab: Improve performance of slabinfo stats gathering (Aruna Ramakrishna) [Orabug: 23050884] - offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 22521735] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2117 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.9.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393864] {CVE-2016-4470} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4470 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.283.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393863] {CVE-2016-4470} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4470 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.6.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393865] {CVE-2016-4470} - ovl: fix permission checking for setattr (Miklos Szeredi) [Orabug: 24393742] {CVE-2015-8660} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8660 CVE-2016-4470 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.6.3] - tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010103] [Orabug: 2401010] {CVE-2016-5696} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5696 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.10.2] - tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010012] [Orabug: 2401010] {CVE-2016-5696} [3.8.13-118.10.1] - ocfs2: call ocfs2_journal_access_di() before ocfs2_journal_dirty() in ocfs2_write_end_nolock() (yangwenfang) [Orabug: 19601200] - ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24395691] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5696 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.6] - blk-mq: avoid setting hctx->tags->cpumask before allocation (Akinobu Mita) [Orabug: 24464170] [4.1.12-61.1.3] - ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24395729] - qed: Utilize FW 8.10.3.0 (Yuval Mintz) [Orabug: 24442553] - blk-mq: mark request queue as mq asap (Ming Lei) [Orabug: 24318720] - lpfc: fix oops in lpfc_sli4_scmd_to_wqidx_distr() from lpfc_send_taskmgmt() (Mauricio Faria de Oliveira) [Orabug: 24312616] [4.1.12-61.1.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24402831] {CVE-2016-4470} [4.1.12-61.1.1] - ol6-spec: update linux-firmware dependency to 20160616-44.git43e96a1e.0.10 (Chuck Anderson) [Orabug: 24311968] - ol7-spec: update dracut version dependency to 033-360.0.3 (Chuck Anderson) [Orabug: 24308248] - [2d8747c2] fixup! blk-mq: prevent double-unlock of mutex (Dan Duval) [Orabug: 24376521] - tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010102] - IBCM: dereference timewait_info only when needed (Santosh Shilimkar) [Orabug: 24326732] - ext4: update c/mtime on truncate up (Eryu Guan) [Orabug: 24325361] - vfs: add vfs_select_inode() helper (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197} - vfs: rename: check backing inode being equal (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197} - ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197} - xen-pciback: mark device to be hidden on AER error trigger (Elena Ufimtseva) [4.1.12-61] - block: Initialize max_dev_sectors to 0 (Keith Busch) [Orabug: 23615929] - sd: Fix rw_max for devices that report an optimal xfer size (Martin K. Petersen) [Orabug: 23615929] - sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes (Martin K. Petersen) [Orabug: 23615929] - sd: Optimal I/O size is in bytes, not sectors (Martin K. Petersen) [Orabug: 23615929] - sd: Reject optimal transfer length smaller than page size (Martin K. Petersen) [Orabug: 23615929] - block/sd: Fix device-imposed transfer length limits (Joe Jin) [Orabug: 23615929] - Fix kabi issue for upstream commit ca369d51 (Joe Jin) [Orabug: 23615929] - Revert 'ocfs2: bump up o2cb network protocol version' (Junxiao Bi) [Orabug: 24292852] - Btrfs: fix leaking of ordered extents after direct IO write error (Filipe Manana) [Orabug: 23717870] - Btrfs: fix error path when failing to submit bio for direct IO write (Filipe Manana) [Orabug: 23717870] - Btrfs: fix memory corruption on failure to submit bio for direct IO (Filipe Manana) [Orabug: 23717870] - Btrfs: fix extent accounting for partial direct IO writes (Filipe Manana) [Orabug: 23717870] - Btrfs: Direct I/O: Fix space accounting (chandan) [Orabug: 23717870] - Btrfs: fix warning of bytes_may_use (Liu Bo) [Orabug: 23717870] - xen: use same main loop for counting and remapping pages (Juergen Gross) [4.1.12-60] - xen-blkfront: dynamic configuration of per-vbd resources (Bob Liu) [Orabug: 23720696] - xen-blkfront: introduce blkif_set_queue_limits() (Bob Liu) [Orabug: 23720696] - xen-blkfront: fix places not updated after introducing 64KB page granularity (Bob Liu) [Orabug: 23720696] - IB: Add RNR timer workaround for PSIF (Santosh Shilimkar) [Orabug: 23633926] - IB/core: Add encode/decode FDR/EDR rates (Hans Westgaard Ry) [Orabug: 23084916] - bfa: Fix for crash when bfa_itnim is NULL (Sudarsana Reddy Kalluru) [Orabug: 23950878] - bfa:Update driver version to 3.2.25.0 (Anil Gurumurthy) [Orabug: 23950878] - bfa:File header and user visible string changes (Anil Gurumurthy) [Orabug: 23950878] - bfa:Updating copyright messages (Anil Gurumurthy) [Orabug: 23950878] - bfa: Fix incorrect de-reference of pointer (Anil Gurumurthy) [Orabug: 23950878] - bfa: Fix indentation (Anil Gurumurthy) [Orabug: 23950878] - lpfc updates to 11.1.0.4 for uek4-r2 (rkennedy) [Orabug: 23762058] - lpfc: Update modified file copyrights (James Smart) [Orabug: 23762058] - lpfc: Fix interaction between fdmi_on and enable_SmartSAN (James Smart) [Orabug: 23762058] - lpfc: Add support for SmartSAN 2.0 (James Smart) [Orabug: 23762058] - lpfc: Fix Device discovery failures during switch reboot test. (James Smart) [Orabug: 23762058] - lpfc: Utilize embedded CDB logic to minimize IO latency (James Smart) [Orabug: 23762058] - lpfc: Fix crash when unregistering default rpi. (James Smart) [Orabug: 23762058] - lpfc: Fix DMA faults observed upon plugging loopback connector (James Smart) [Orabug: 23762058] - lpfc: Correct LOGO handling during login (James Smart) [Orabug: 23762058] - lpfc: fix misleading indentation (Arnd Bergmann) [Orabug: 23762058] - lpfc: fix missing zero termination in debugfs (Alan) [Orabug: 23762058] - lpfc: Remove redundant code block in lpfc_scsi_cmd_iocb_cmpl (Johannes Thumshirn) [Orabug: 23762058] - qla2xxx: Update driver version to 8.07.00.38.40.0-k. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Fix BBCR offset (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Disable the adapter and skip error recovery in case of register disconnect. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Separate ISP type bits out from device type. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Correction to function qla26xx_dport_diagnostics(). (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add support to handle Loop Init error Asynchronus event. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Let DPORT be enabled purely by nvram. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add bsg interface to support statistics counter reset. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Add bsg interface to support D_Port Diagnostics. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Check for device state before unloading the driver. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Properly reset firmware statistics. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Properly initialize IO statistics. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Make debug buffer log easier to view. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add module parameter alternate/short names. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode. (Giridhar Malavali) [Orabug: 23755773] - qla2xxx: Shutdown board on thermal shutdown aen. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add ram area DDR for fwdump template entry T262. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Remove sysfs node fw_dump_template. (Joe Carnuccio) [Orabug: 23755773] - mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Chaitra P B) [Orabug: 22529571] - mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Chaitra P B) [Orabug: 22529571] - mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Chaitra P B) [Orabug: 22529571] - mpt3sas: Fix initial Reference tag field for 4K PI drives. (Chaitra P B) [Orabug: 22529571] - mpt3sas: Handle active cable exception event (Chaitra P B) [Orabug: 22529571] - mpt3sas: Update MPI header to 2.00.42 (Chaitra P B) [Orabug: 22529571] - mpt3sas - remove unused fw_event_work elements (Joe Lawrence) [Orabug: 22529571] - mpt3sas: Remove usage of 'struct timeval' (Tina Ruchandani) [Orabug: 22529571] - mpt3sas: Dont overreach ioc->reply_post[] during initialization (Calvin Owens) [Orabug: 22529571] - mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 22529571] - mpt3sas: Free memory pools before retrying to allocate with different value. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Updated MPI Header to 2.00.42 (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Add support for configurable Chain Frame Size (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Added smp_affinity_enable module parameter. (Suganath Prabu Subramani) [Orabug: 22529571] - mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Never block the Enclosure device (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Fix static analyzer(coverity) tool identified defects (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Added support for high port count HBA variants. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: A correction in unmap_resources (Tomas Henzl) [Orabug: 22529571] - mpt3sas: fix Kconfig dependency problem for mpt2sas back compatibility (James Bottomley) [Orabug: 22529571] - mpt3sas: Add dummy Kconfig option for backwards compatibility (Martin K. Petersen) [Orabug: 22529571] - mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: fix inline markers on non inline function declarations (Stephen Rothwell) [Orabug: 22529571] - mpt3sas: Bump mpt3sas driver version to 09.102.00.00 (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Single driver module which supports both SAS 2.0 & SAS 3.0 HBAs (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas, mpt3sas: Update the driver versions (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: setpci reset kernel oops fix (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Added OEM Gen2 PnP ID branding names (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Refcount fw_events and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Refcount sas_device objects and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: sysfs attribute to report Backup Rail Monitor Status (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Ported WarpDrive product SSS6200 support (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: fix for driver fails EEH, recovery from injected pci bus error (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Manage MSI-X vectors according to HBA device type (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Dont send PHYDISK_HIDDEN RAID action request on SAS2 HBAs (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Build MPI SGL LIST on GEN2 HBAs and IEEE SGL LIST on GEN3 HBAs (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas, mpt3sas: Remove SCSI_MPTXSAS_LOGGING entry from Kconfig (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Define 'hba_mpi_version_belonged' IOC variable (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas: Remove .c and .h files from mpt2sas driver (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas: Move Gen2 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Move Gen3 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Added mpt2sas driver definitions (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas: Use mpi headers from mpt3sas (Christoph Hellwig) [Orabug: 22529571] - ext4: only call ext4_truncate when size <= isize (Josef Bacik) [Orabug: 23598757] - fix kABI breakage from 'blk-mq: fix race between timeout and freeing request' (Dan Duval) [Orabug: 23521058] - blk-mq: fix race between timeout and freeing request (Ming Lei) [Orabug: 23521058] - fix kABI breakage from 'blk-mq: Shared tag enhancements' (Dan Duval) [Orabug: 23521058] - blk-mq: Shared tag enhancements (Keith Busch) [Orabug: 23521058] - propogate_mnt: Handle the first propogated copy being a slave (Eric W. Biederman) [Orabug: 23276659] {CVE-2016-4581} - fs/pnode.c: treat zero mnt_group_id-s as unequal (Maxim Patlasov) [Orabug: 23276659] {CVE-2016-4581} - xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] - xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] - xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] - net/rds: Skip packet filtering if interface does not support ACL (Yuval Shaia) [Orabug: 23541567] - RDS: Fix the rds_conn_destroy panic due to pending messages (Bang Nguyen) [Orabug: 23222944] - RDS: add handshaking for ACL violation detection at passive (Ajaykumar Hotchandani) [Orabug: 23222944] - RDS: IB: enforce IP anti-spoofing based on ACLs (Santosh Shilimkar) [Orabug: 23222944] - RDS: Add acl fields to the rds_connection (Santosh Shilimkar) [Orabug: 23222944] - RDS: IB: invoke connection destruction in worker (Ajaykumar Hotchandani) [Orabug: 23222944] - RDS: Add reset all conns for a source address to CONN_RESET (Santosh Shilimkar) [Orabug: 23222944] - IB/mlx4: Generate alias GUID for slaves (Yuval Shaia) [Orabug: 23222944] - IB/ipoib: ioctl interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] - IB/ipoib: sysfs interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] - IB/{cm,ipoib}: Filter traffic using ACL (Yuval Shaia) [Orabug: 23222944] - IB/{cm,ipoib}: Manage ACL tables (Yuval Shaia) [Orabug: 23222944] [4.1.12-59] - Enable CONFIG_CONNTRACK_ZONES for Ol6 (Manjunath Govindashetty) [Orabug: 23755115] - perf tools: add --sym-lookup arg to enable symbol lookup in hugepage shm segment (ashok.vairavan) [Orabug: 23278057] - offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 23750258] - IB/ipoib: Adjust queue sizes (Ajaykumar Hotchandani) [Orabug: 23302017] - IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 23254764] - qed: Add support for qed and qede drivers from Qlogic in UEK4 (Manjunath Govindashetty) [Orabug: 23732603] - qed: Protect the doorbell BAR with the write barriers. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Add missing port-mode (Yuval Mintz) [Orabug: 23732603] - qed: Fix returning unlimited SPQ entries (Yuval Mintz) [Orabug: 23732603] - qed*: Dont reset statistics on inner reload (Yuval Mintz) [Orabug: 23732603] - qed: Prevent VF from Tx-switching 'promisc' (Yuval Mintz) [Orabug: 23732603] - qed: Correct default vlan behavior (Yuval Mintz) [Orabug: 23732603] - qed: fix qed_fill_link() error handling (Arnd Bergmann) [Orabug: 23732603] - qed: Dont config min BW on 100g on link flap (Yuval Mintz) [Orabug: 23732603] - qed: Prevent 100g from working in MSI (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Add missing 100g init mode (Yuval Mintz) [Orabug: 23732603] - qed: Save min/max accross dcbx-change (Yuval Mintz) [Orabug: 23732603] - qed: Fix allocation in interrupt context (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qede: Dont expose self-test for VFs (Yuval Mintz) [Orabug: 23732603] - qede: Reload on GRO changes (Yuval Mintz) [Orabug: 23732603] - qede: Fix VF minimum BW setting (Yuval Mintz) [Orabug: 23732603] - qed: Reset the enable flag for eth protocol. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: signedness bug in qed_dcbx_process_tlv() (Dan Carpenter) [Orabug: 23732603] - qede: Fix DMA address APIs usage (Manish Chopra) [Orabug: 23732603] - qed: add support for dcbx. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Remove a stray tab (Dan Carpenter) [Orabug: 23732603] - qed: VFs gracefully accept lack of PM (Yuval Mintz) [Orabug: 23732603] - qed: Allow more than 16 VFs (Yuval Mintz) [Orabug: 23732603] - qed: Reset link on IOV disable (Manish Chopra) [Orabug: 23732603] - qed: Improve VF interrupt reset (Yuval Mintz) [Orabug: 23732603] - qed: Correct PF-sanity check (Yuval Mintz) [Orabug: 23732603] - qed*: Tx-switching configuration (Yuval Mintz) [Orabug: 23732603] - qed*: support ndo_get_vf_config (Yuval Mintz) [Orabug: 23732603] - qed*: IOV support spoof-checking (Yuval Mintz) [Orabug: 23732603] - qed*: IOV link control (Yuval Mintz) [Orabug: 23732603] - qed*: Support forced MAC (Yuval Mintz) [Orabug: 23732603] - qed*: Support PVID configuration (Yuval Mintz) [Orabug: 23732603] - qede: Add VF support (Yuval Mintz) [Orabug: 23732603] - qed: Align TLVs (Yuval Mintz) [Orabug: 23732603] - qed: Bulletin and Link (Yuval Mintz) [Orabug: 23732603] - qed: IOV l2 functionality (Yuval Mintz) [Orabug: 23732603] - qed: IOV configure and FLR (Yuval Mintz) [Orabug: 23732603] - qed: Introduce VFs (Yuval Mintz) [Orabug: 23732603] - qed: Add VF->PF channel infrastructure (Yuval Mintz) [Orabug: 23732603] - qed: Add CONFIG_QED_SRIOV (Yuval Mintz) [Orabug: 23732603] - qede: uninitialized variable in qede_start_xmit() (Dan Carpenter) [Orabug: 23732603] - qede: prevent chip hang when increasing channels (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Apply tunnel configurations after PF start (Manish Chopra) [Orabug: 23732603] - qede: add implementation for internal loopback test. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qede: add support for selftests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: add infrastructure for device self tests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Add PF min bandwidth configuration support (Manish Chopra) [Orabug: 23732603] - qed: Add PF max bandwidth configuration support (Manish Chopra) [Orabug: 23732603] - qed: Add vport WFQ configuration APIs (Manish Chopra) [Orabug: 23732603] - qed: add support for link pause configuration. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed*: Conditions for changing link (Yuval Mintz) [Orabug: 23732603] - qede: Add support for ethtool private flags (Yuval Mintz) [Orabug: 23732603] - qed*: Align statistics names (Yuval Mintz) [Orabug: 23732603] - qede: Fix single MTU sized packet from firmware GRO flow (Manish Chopra) [Orabug: 23732603] - qede: Fix setting Skb network header (Manish Chopra) [Orabug: 23732603] - qede: Fix various memory allocation error flows for fastpath (Manish Chopra) [Orabug: 23732603] - qede: Add fastpath support for tunneling (Manish Chopra) [Orabug: 23732603] - qed: Enable GRE tunnel slowpath configuration (Manish Chopra) [Orabug: 23732603] - qed/qede: Add VXLAN tunnel slowpath configuration support (Manish Chopra) [Orabug: 23732603] - qed: Add infrastructure support for tunneling (Manish Chopra) [Orabug: 23732603] - qed* - bump driver versions to 8.7.1.20 (Yuval Mintz) [Orabug: 23732603] - qede: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed*: remove version dependency (Rahul Verma) [Orabug: 23732603] - qed: initialize return rc to avoid returning garbage (Colin Ian King) [Orabug: 23732603] - qed: Enlrage the drain timeout (Yuval Mintz) [Orabug: 23732603] - qed: Notify of transciever changes (Zvi Nachmani) [Orabug: 23732603] - qed: Major changes to MB locking (Tomer Tayar) [Orabug: 23732603] - qed: Prevent MF link notifications (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qede: Fix net-next 'make ARCH=x86_64' (Manish Chopra) [Orabug: 23732603] - qede: Add slowpath/fastpath support and enable hardware GRO (Manish Chopra) [Orabug: 23732603] - qed/qede: Add infrastructure support for hardware GRO (Manish Chopra) [Orabug: 23732603] - qed: Remove unused NVM vendor ID (Yuval Mintz) [Orabug: 23732603] - qed: Fix error flow on slowpath start (Yuval Mintz) [Orabug: 23732603] - qed: Move statistics to L2 code (Yuval Mintz) [Orabug: 23732603] - qed: Support B0 instead of A0 (Yuval Mintz) [Orabug: 23732603] - qed: Correct BAR sizes for older MFW (Ram Amrani) [Orabug: 23732603] - qed: Print additional HW attention info (Yuval Mintz) [Orabug: 23732603] - qed: Print HW attention reasons (Yuval Mintz) [Orabug: 23732603] - qed: Add support for HW attentions (Yuval Mintz) [Orabug: 23732603] - qed: Semantic refactoring of interrupt code (Yuval Mintz) [Orabug: 23732603] - qed, qede: rebrand module description (Yuval Mintz) [Orabug: 23732603] - qed: Prevent probe on previous error (Yuval Mintz) [Orabug: 23732603] - qed: add MODULE_FIRMWARE() (Yuval Mintz) [Orabug: 23732603] - qede: Dont report link change needlessly (Yuval Mintz) [Orabug: 23732603] - qede: Linearize SKBs when needed (Yuval Mintz) [Orabug: 23732603] - qede: Change pci DID for 10g device (Yuval Mintz) [Orabug: 23732603] - qed,qede: Bump driver versions to 8.7.0.0 (Yuval Mintz) [Orabug: 23732603] - qed: Introduce DMA_REGPAIR_LE (Yuval Mintz) [Orabug: 23732603] - qed: Change metadata needed for SPQ entries (Yuval Mintz) [Orabug: 23732603] - qed: Handle possible race in SB config (Yuval Mintz) [Orabug: 23732603] - qed: Turn most GFP_ATOMIC into GFP_KERNEL (Yuval Mintz) [Orabug: 23732603] - qede: Add vlan filtering offload support (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Lay infrastructure for vlan filtering offload (Yuval Mintz) [Orabug: 23732603] - qed/qede: use 8.7.3.0 FW. (Yuval Mintz) [Orabug: 23732603] - qed: Correct slowpath interrupt scheme (Sudarsana Kalluru) [Orabug: 23732603] - qed: Fix BAR size split for some servers (Ariel Elior) [Orabug: 23732603] - qed: fix handling of concurrent ramrods. (Tomer Tayar) [Orabug: 23732603] - qed: Fix corner case for chain in-between pages (Tomer Tayar) [Orabug: 23732603] - qede: Add support for {get, set}_pauseparam (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for nway_reset (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for set_phys_id (Sudarsana Kalluru) [Orabug: 23732603] - qed: Add support for changing LED state (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for {get, set}_ringparam (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for {get, set}_channels (Sudarsana Kalluru) [Orabug: 23732603] - qed: select ZLIB_INFLATE (Arnd Bergmann) [Orabug: 23732603] - qlogic: qed: fix error codes in qed_resc_alloc() (Dan Carpenter) [Orabug: 23732603] - qlogic: qed: fix a test for MODE_MF_SI (Dan Carpenter) [Orabug: 23732603] - qlogic/qed: remove bogus NULL check (Dan Carpenter) [Orabug: 23732603] - qede: Add basic ethtool support (Sudarsana Kalluru) [Orabug: 23732603] - qed: Add statistics support (Manish Chopra) [Orabug: 23732603] - qede: Add support for link (Sudarsana Kalluru) - qed: Add link support (Yuval Mintz) [Orabug: 23732603] - qede: classification configuration (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add basic network device support (Yuval Mintz) [Orabug: 23732603] - qed: Add slowpath L2 support (Manish Chopra) [Orabug: 23732603] - qede: Add basic Network driver (Yuval Mintz) [Orabug: 23732603] - qed: Add basic L2 interface (Yuval Mintz) [Orabug: 23732603] - qed: Add module with basic common support (Yuval Mintz) [Orabug: 23732603] - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (Dan Carpenter) [Orabug: 23711389] - qlcnic: protect qlicnic_attach_func with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23711389] - qlcnic: Update version to 5.3.64 (Manish Chopra) [Orabug: 23711389] - qlcnic: Fix mailbox completion handling during spurious interrupt (Rajesh Borundia) [Orabug: 23711389] - qlcnic: Remove unnecessary usage of atomic_t (Rajesh Borundia) [Orabug: 23711389] - qlcnic: correctly handle qlcnic_alloc_mbx_args (Insu Yun) [Orabug: 23711389] - qlcnic: constify qlcnic_dcb_ops structures (Julia Lawall) [Orabug: 23711389] - qlcnic: fix a loop exit condition better (Dan Carpenter) [Orabug: 23711389] - qlcnic: fix a timeout loop (Dan Carpenter) [Orabug: 23711389] - net/qlcnic: fix mac address restore in bond mode 5/6 (Jarod Wilson) [Orabug: 23711389] - qlcnic: constify qlcnic_mbx_ops structure (Julia Lawall) [Orabug: 23711389] - qlcnic: track vxlan port count (Jiri Benc) [Orabug: 23711389] - net: qlcnic: delete redundant memsets (Rasmus Villemoes) [Orabug: 23711389] [4.1.12-58] - ol6-spec: remove require for ql23xx-firmware-3.03.27 (Ethan Zhao) [Orabug: 23724175] - ol7-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701430] - ol6-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701352] - xen/acpi: Disable ACPI memory hotplug when running under Xen. (Konrad Rzeszutek Wilk) - mlx4_core: use higher log_rdmarc_per_qp when scale_profile is set (Mukesh Kacker) [Orabug: 23725942] - RDS: IB: change rds_ib_active_bonding_excl_ips to only RFC3927 space (Todd Vierling) - RDS: avoid large pages for sg allocation for TCP transport (Santosh Shilimkar) [Orabug: 23635336] - bnx2x: Update driver version to 1.713.10 (Rajesh Borundia) [Orabug: 23718192] - bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [Orabug: 23718192] - bnx2x: avoid leaking memory on bnx2x_init_one() failures (Vitaly Kuznetsov) [Orabug: 23718192] - bnx2x: Prevent false warning for lack of FC NPIV (Yuval Mintz) [Orabug: 23718192] - bnx2x: dont wait for Tx completion on recovery (Yuval Mintz) [Orabug: 23718192] - bnx2x: fix indentation in bnx2x_sp_task() (Michal Schmidt) [Orabug: 23718192] - bnx2x: define event data reserved fields as little-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: define fields of struct cfc_del_event_data as little-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: access cfc_del_event only if the opcode is CFC_DEL (Michal Schmidt) [Orabug: 23718192] - bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: fix crash on big-endian when adding VLAN (Michal Schmidt) [Orabug: 23718192] - bnx2x: Fix 84833 phy command handler (Yuval Mintz) - bnx2x: Fix led setting for 84858 phy. (Yuval Mintz) [Orabug: 23718192] - bnx2x: Correct 84858 PHY fw version (Yuval Mintz) [Orabug: 23718192] - bnx2x: Fix 84833 RX CRC (Yuval Mintz) - bnx2x: Fix link-forcing for KR2 (Yuval Mintz) [Orabug: 23718192] - bnx2x: Add missing HSI for big-endian machines (Yuval Mintz) [Orabug: 23718192] - bnx2x: Warn about grc timeouts in register dump (Yuval Mintz) [Orabug: 23718192] - bnx2x: extend DCBx support (Yuval Mintz) [Orabug: 23718192] - bnx2x: Add support for single-port DCBx (Yuval Mintz) [Orabug: 23718192] - bnx2x: Remove unneccessary EXPORT_SYMBOL (Yuval Mintz) [Orabug: 23718192] - bnx2x: Prevent FW assertion when using Vxlan (Yuval Mintz) [Orabug: 23718192] - bnx2x: remove rx_pkt/rx_calls (Eric Dumazet) [Orabug: 23718192] - bnx2x: avoid soft lockup in bnx2x_poll() (Eric Dumazet) [Orabug: 23718192] - bnx2x: simplify distinction between port and func stats (Michal Schmidt) [Orabug: 23718192] - bnx2x: change FW GRO error message to WARN_ONCE (Michal Schmidt) [Orabug: 23718192] - bnx2x: drop redundant error message about allocation failure (Michal Schmidt) [Orabug: 23718192] - bnx2x: Utilize FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] - bnx2x: Show port statistics in Multi-function (Yuval Mintz) [Orabug: 23718192] - bnx2x: Add new SW stat 'tx_exhaustion_events' (Yuval Mintz) [Orabug: 23718192] - bnx2x: Fix vxlan removal (Yuval Mintz) [Orabug: 23718192] - net: move skb_mark_napi_id() into core networking stack (Eric Dumazet) [Orabug: 23718192] - bnx2x: remove bnx2x_low_latency_recv() support (Eric Dumazet) [Orabug: 23718192] - bnx2x: Add FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] - be2iscsi: Update the driver version (Jitendra Bhivare) [Orabug: 23712824] - be2iscsi: Replace _bh with _irqsave/irqrestore (Jitendra Bhivare) [Orabug: 23712824] - be2iscsi: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 23712824] - be2iscsi:Add missing error check in beiscsi_eeh_resume (Nicholas Krause) [Orabug: 23712824] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703754] {CVE-2016-2117} - be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Somnath Kotur) [Orabug: 23641442] - be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Sriharsha Basavapatna) [Orabug: 23641442] - be2net: use max-TXQs limit too while provisioning VF queue pairs (Suresh Reddy) [Orabug: 23641442] - benet: be_resume needs to protect be_open with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23641442] - be2net: Dont leak iomapped memory on removal. (Douglas Miller) [Orabug: 23641442] - be2net: dont enable multicast flag in be_enable_if_filters() routine (Venkat Duvvuru) [Orabug: 23641442] - be2net: Fix a UE caused by passing large frames to the ASIC (ajit.khaparde@broadcom.com) [Orabug: 23641442] - be2net: Declare some u16 fields as u32 to improve performance (ajit.khaparde@broadcom.com) [Orabug: 23641442] - be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Padmanabh Ratnakar) [Orabug: 23641442] - VSOCK: Only check error on skb_recv_datagram when skb is NULL (Jorgen Hansen) [Orabug: 23718522] - VSOCK: Detach QP check should filter out non matching QPs. (Jorgen Hansen) [Orabug: 23718522] - x86/mce: Ensure offline CPUs dont participate in rendezvous process (Ashok Raj) [Orabug: 23520972] [4.1.12-57] - PCI: Mark Intel i40e NIC INTx masking as broken (Alex Williamson) [Orabug: 23176970] - i40e: fix an uninitialized variable bug (Dan Carpenter) [Orabug: 23176970] - i40e: Bump version from 1.5.10 to 1.5.16 (Bimmy Pujari) [Orabug: 23176970] - i40e: dont add broadcast filter for VFs (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: properly report Rx packet hash (Mitch Williams) [Orabug: 23176970] - i40e: set context to use VSI RSS LUT for SR-IOV (Ashish Shah) [Orabug: 23176970] - i40e: Correct UDP packet header for non_tunnel-ipv6 (Akeem G Abodunrin) [Orabug: 23176970] - i40e: change Rx hang message into a WARN_ONCE (Jacob Keller) [Orabug: 23176970] - i40e: Refactor ethtool get_settings (Catherine Sullivan) [Orabug: 23176970] - i40e: lie to the VF (Mitch Williams) [Orabug: 23176970] - i40e: Add vf-true-promisc-support priv flag (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Implement the API function for aq_set_switch_config (Shannon Nelson) [Orabug: 23176970] - i40e: Add allmulti support for the VF (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Add support for disabling all link and change bits needed for PHY interactions (Kevin Scott) [Orabug: 23176970] - i40e: constify i40e_client_ops structure (Julia Lawall) [Orabug: 23176970] - i40e: fix misleading indentation (Arnd Bergmann) [Orabug: 23176970] - i40e: Test memory before ethtool alloc succeeds (Jesse Brandeburg) [Orabug: 23176970] - i40evf: Allocate Rx buffers properly (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: Remove unused hardware receive descriptor code (Jesse Brandeburg) [Orabug: 23176970] - i40evf: refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40evf: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40e: Refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Remove reference to ring->dtype (Jesse Brandeburg) [Orabug: 23176970] - i40e: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Refactor tunnel interpretation (Jesse Brandeburg) [Orabug: 23176970] - i40evf: make use of BIT() macro to avoid signed left shift (Jacob Keller) [Orabug: 23176970] - i40e: make use of BIT() macro to prevent left shift of signed values (Jacob Keller) [Orabug: 23176970] - i40e/i40evf: fix I40E_MASK signed shift overflow warnings (Jacob Keller) [Orabug: 23176970] - i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Harshitha Ramamurthy) [Orabug: 23176970] - i40e: Update device ids for X722 (Catherine Sullivan) [Orabug: 23176970] - i40e: Drop extra copy of function (Jesse Brandeburg) [Orabug: 23176970] - i40e: Use consistent type for vf_id (Jesse Brandeburg) [Orabug: 23176970] - i40e: PTP - avoid aggregate return warnings (Jesse Brandeburg) [Orabug: 23176970] - i40e: Fix uninitialized variable (Catherine Sullivan) [Orabug: 23176970] - i40evf: RSS Hash Option parameters (Carolyn Wyborny) [Orabug: 23176970] - i40e: Remove HMC AQ API implementation (Neerav Parikh) [Orabug: 23176970] - i40e: Limit the number of MAC and VLAN addresses that can be added for VFs (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Change the default for VFs to be not privileged (Anjali Singhai Jain) [Orabug: 23176970] - i40evf: Add driver support for promiscuous mode (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Add VF promiscuous mode driver support (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Add promiscuous on VLAN support (Greg Rose) [Orabug: 23176970] - i40e/i40evf: Only offload VLAN tag if enabled (Jesse Brandeburg) [Orabug: 23176970] - i40e: Remove zero check (Greg Rose) [Orabug: 23176970] - i40e: Add DeviceID for X722 QSFP+ (Kamil Krawczyk) [Orabug: 23176970] - i40e: Add device capability which defines if update is available (Michal Kosiarz) [Orabug: 23176970] - i40evf: Allow PF driver to configure RSS (Mitch Williams) [Orabug: 23176970] - i40e: Specify AQ event opcode to wait for (Shannon Nelson) [Orabug: 23176970] - i40e: Code cleanup in i40e_add_fdir_ethtool (Shannon Nelson) [Orabug: 23176970] - i40evf: Dont Panic (Mitch Williams) [Orabug: 23176970] - i40e: Add support for configuring VF RSS (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: Add support for IPIP and SIT offloads (Alexander Duyck) [Orabug: 23176970] - i40e/i40evf: Clean up feature flags (Alexander Duyck) [Orabug: 23176970] - i40evf: properly handle VLAN features (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Harshitha Ramamurthy) [Orabug: 23176970] - i40e: Input set mask constants for RSS, flow director, and flex bytes (Kiran Patil) [Orabug: 23176970] - i40e: Move NVM event wait check to NVM code (Shannon Nelson) [Orabug: 23176970] - i40e: Add RSS configuration to virtual channel (Mitch Williams) [Orabug: 23176970] - i40e: Move NVM variable out of AQ struct (Shannon Nelson) [Orabug: 23176970] - i40e: Restrict VF poll mode to only single function mode devices (Shannon Nelson) [Orabug: 23176970] - i40e/i40evf: Faster RX via avoiding FCoE (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Drop unused tx_ring argument (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Move stack var deeper (Jesse Brandeburg) [Orabug: 23176970] - i40e: Move HW flush (Akeem G Abodunrin) [Orabug: 23176970] - i40e: Leave debug_mask cleared at init (Shannon Nelson) [Orabug: 23176970] - i40e: Inserting a HW capability display info (Deepthi Kavalur) [Orabug: 23176970] - i40e/i40evf: Fix TSO checksum pseudo-header adjustment (Alexander Duyck) [Orabug: 23176970] - i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Avinash Dayanand) [Orabug: 23176970] - i40e: Request PHY media event at reset time (Shannon Nelson) [Orabug: 23176970] - i40e: Lower some message levels (Mitch Williams) [Orabug: 23176970] - i40e: Fix for supported link modes in 10GBaseT PHYs (Avinash Dayanand) [Orabug: 23176970] - i40evf: Fix get_rss_aq (Catherine Sullivan) [Orabug: 23176970] - i40e: Disable link polling (Shannon Nelson) [Orabug: 23176970] - i40evf: Add longer wait after remove module (Mitch Williams) [Orabug: 23176970] - i40e: Make VF resets more reliable (Mitch Williams) [Orabug: 23176970] - i40e: Add new device ID for X722 (Catherine Sullivan) [Orabug: 23176970] - i40evf: Fix VLAN features (Mitch Williams) [Orabug: 23176970] - i40e: Remove unused variable (Mitch Williams) [Orabug: 23176970] - i40e: Enable Geneve offload for FW API ver > 1.4 for XL710/X710 devices (Anjali Singhai Jain) [Orabug: 23176970] - i40e: remove redundant check on vsi->active_vlans (Colin King) [Orabug: 23176970] - i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Catherine Sullivan) [Orabug: 23176970] - i40e: Change comment to reflect correct function name (Mitch Williams) [Orabug: 23176970] - i40evf: Add additional check for reset (Mitch Williams) [Orabug: 23176970] - i40e: Change unknown event error msg to ignore message (Shannon Nelson) [Orabug: 23176970] - i40e: Added code to prevent double resets (Mitch Williams) [Orabug: 23176970] - i40e: Notify VFs of all resets (Mitch Williams) [Orabug: 23176970] - i40e: Remove timer and task only if created (Shannon Nelson) [Orabug: 23176970] - i40e: Assure that adminq is alive in debug mode (Shannon Nelson) [Orabug: 23176970] - i40e: Remove MSIx only if created (Shannon Nelson) [Orabug: 23176970] - i40e: Fix up return code (Jesse Brandeburg) [Orabug: 23176970] - i40e: Save off VSI resource count when updating VSI (Kevin Scott) [Orabug: 23176970] - i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Catherine Sullivan) [Orabug: 23176970] - i40e/i40evf: Fix casting in transmit code (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Fix handling of boolean logic in polling routines (Alexander Duyck) [Orabug: 23176970] - i40evf: remove dead code (Alan Cox) [Orabug: 23176970] - i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Alexander Duyck) [Orabug: 23176970] - i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 23176970] - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Alexander Duyck) [Orabug: 23176970] - i40e: fix errant PCIe bandwidth message (Jesse Brandeburg) [Orabug: 23176970] - i40e: Add support for client interface for IWARP driver (Anjali Singhai Jain) [Orabug: 23176970] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4805 CVE-2016-2069 CVE-2016-4951 CVE-2015-8785 CVE-2016-4913 CVE-2015-8816 CVE-2016-3156 CVE-2016-4581 CVE-2015-8787 CVE-2016-0723 CVE-2016-2847 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [4.2.6p5-10.0.1.el6_8.1] - add disable monitor to default ntp.conf [CVE-2013-5211] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-5211 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.11.2] - Btrfs: fix truncation of compressed and inlined extents (Ashish Samant) [Orabug: 22307285] {CVE-2015-8374} - Btrfs: fix file corruption and data loss after cloning inline extents (Divya Indi) [Orabug: 22307285] {CVE-2015-8374} - netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682074] {CVE-2016-4997} {CVE-2016-4998} - netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682074] {CVE-2016-4997} {CVE-2016-4998} [3.8.13-118.11.1] - rds: schedule local connection activity in proper workqueue (Ajaykumar Hotchandani) [Orabug: 24624195] - ib_core: make wait_event uninterruptible in ib_flush_fmr_pool() (Avinash Repaka) [Orabug: 24655952] - net/mlx4: Support shutdown() interface (Gavin Shan) [Orabug: 24624181] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4997 CVE-2016-4998 CVE-2015-8374 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.284.2] - Btrfs: fix truncation of compressed and inlined extents (Divya Indi) [Orabug: 22307286] {CVE-2015-8374} - Btrfs: fix file corruption and data loss after cloning inline extents (Divya Indi) [Orabug: 22307286] {CVE-2015-8374} - netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682073] {CVE-2016-4997} {CVE-2016-4998} - netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682071] {CVE-2016-4997} {CVE-2016-4998} [2.6.39-400.284.1] - rds: schedule local connection activity in proper workqueue (Ajaykumar Hotchandani) [Orabug: 22819661] - ib_core: make wait_event uninterruptible in ib_flush_fmr_pool() (Avinash Repaka) [Orabug: 24525022] - net/mlx4: Support shutdown() interface (Ajaykumar Hotchandani) [Orabug: 24616261] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8374 CVE-2016-4997 CVE-2016-4998 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.10] - netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682076] {CVE-2016-4997} {CVE-2016-4998} - netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682076] {CVE-2016-4997} {CVE-2016-4998} [4.1.12-61.1.9] - xen-blkback: don't get ref for each queue (Bob Liu) [Orabug: 24616917] - NVMe: Fix obtaining command result (Keith Busch) [Orabug: 24655742] [4.1.12-61.1.8] - Revert 'ixgbe: make a workaround to tx hang issue under dom' (Brian Maly) [Orabug: 24618738] [4.1.12-61.1.7] - x86/xen: Add x86_platform.is_untracked_pat_range quirk to ignore ISA regions. (Konrad Rzeszutek Wilk) [Orabug: 24566046] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4997 CVE-2016-4998 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [1.0.1e-48.3] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates [1.0.1e-48.1] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-42] - fix regression caused by mistake in fix for CVE-2015-1791 [1.0.1e-41] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-40] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-39] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-38] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-37] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-36] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-35] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-34] - copy digest algorithm when handling SNI context switch - improve documentation of ciphersuites - patch by Hubert Kario - add support for setting Kerberos service and keytab in s_server and s_client [1.0.1e-33] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records [1.0.1e-32] - use FIPS approved method for computation of d in RSA [1.0.1e-31] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2182 CVE-2016-2178 CVE-2016-2180 CVE-2016-2177 CVE-2016-2181 CVE-2016-6302 CVE-2016-2179 CVE-2016-6304 CVE-2016-6306 cpe:/a:oracle:linux:6::userspace_ksplice cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.13.2] - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798695] {CVE-2016-5829} [3.8.13-118.13.1] - Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790116] [3.8.13-118.12.1] - scsi_sysfs: protect against double execution of __scsi_remove_device() (Vitaly Kuznetsov) [Orabug: 23720563] - ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24691666] - netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690304] {CVE-2016-3134} - netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - NFSv4: Fail I/O if the state recovery fails irrevocably (Trond Myklebust) [Orabug: 24681407] - rds: skip rx/tx work when destroying connection (Wengang Wang) [Orabug: 24395795] - ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 23747627] - sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23518545] - ocfs2: move dquot_initialize() in ocfs2_delete_inode() somewhat later (Jan Kara) [Orabug: 23097098] - fuse: fix typo while displaying fuse numa mount option (Ashish Samant) - IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570521] - ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218260] - watchdog: update watchdog_thresh properly (Michal Hocko) [Orabug: 21868337] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3134 CVE-2016-5829 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.286.2] - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798694] {CVE-2016-5829} [2.6.39-400.286.1] - Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790158] [2.6.39-400.285.1] - netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690302] {CVE-2016-3134} - netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24587406] - TTY: do not reset master's packet mode (Jiri Slaby) [Orabug: 24569399] - ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 24500401] - rds: skip rx/tx work when destroying connection (Wengang Wang) [Orabug: 24314773] - Revert 'IPoIB: serialize changing on tx_outstanding' (Wengang Wang) [Orabug: 23745787] - xen/events: document behaviour when scanning the start word for events (Dongli Zhang) [Orabug: 23083945] - xen/events: mask events when changing their VCPU binding (Dongli Zhang) [Orabug: 23083945] - xen/events: initialize local per-cpu mask for all possible events (Dongli Zhang) [Orabug: 23083945] - IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570922] - NFS: Remove BUG_ON() calls from the generic writeback code (Trond Myklebust) [Orabug: 22386565] - ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218262] - oracleasm: Classify device connectivity issues as global errors (Martin K. Petersen) [Orabug: 21760143] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3134 CVE-2016-5829 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.13] - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24803597] {CVE-2016-5829} [4.1.12-61.1.12] - ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 24790230] [4.1.12-61.1.11] - ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24691860] - megaraid_sas: Don't issue kill adapter for MFI controllers in case of PD list DCMD failure (Sumit Saxena) [Orabug: 24506797] - netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24691226] {CVE-2016-3134} - netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5829 CVE-2016-3134 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.14] - net: add recursion limit to GRO (Sabrina Dubroca) [Orabug: 24829133] {CVE-2016-7039} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7039 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.16] - mm: remove gup_flags FOLL_WRITE games from __get_user_pages() (Linus Torvalds) [Orabug: 24927306] {CVE-2016-5195} [4.1.12-61.1.15] - drivers/nvme: provide a module parameter for setting number of I/O queues (Shan Hai) [Orabug: 24914956] - blk-mq: improve warning for running a queue on the wrong CPU (Jens Axboe) [Orabug: 24914956] - blk-mq: fix freeze queue race (Shan Hai) [Orabug: 24914956] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.13.3] - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928591] {CVE-2016-5195} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.286.3] - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] {CVE-2016-5195} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.17] - sched: panic on corrupted stack end (Jann Horn) [Orabug: 24971921] {CVE-2016-1583} - ecryptfs: forbid opening files without mmap handler (Jann Horn) [Orabug: 24971921] {CVE-2016-1583} - proc: prevent stacking filesystems on top (Jann Horn) [Orabug: 24971921] {CVE-2016-1583} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.14.1] - ecryptfs: forbid opening files without mmap handler (Jann Horn) [Orabug: 24971919] {CVE-2016-1583} - RDS: IB: fix panic with handlers running post teardown (Santosh Shilimkar) [Orabug: 24395795] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.19] - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058966] {CVE-2016-3699} - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060060] {CVE-2016-6480} {CVE-2016-6480} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059969] {CVE-2016-6136} - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 25023269] {CVE-2016-1583} {CVE-2016-1583} - Revert 'ecryptfs: forbid opening files without mmap handler' (Chuck Anderson) [Orabug: 24971921] {CVE-2016-1583} - percpu: fix synchronization between synchronous map extension and chunk destruction (Tejun Heo) [Orabug: 25060084] {CVE-2016-4794} - percpu: fix synchronization between chunk->map_extend_work and chunk destruction (Tejun Heo) [Orabug: 25060084] {CVE-2016-4794} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059898] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059898] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059752] {CVE-2016-4569} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058894] {CVE-2015-8956} - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059037] {CVE-2016-2053} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059188] {CVE-2016-3070} [4.1.12-61.1.18] - uek-rpm ol7: change uek-rpm/ol7/update-el release value from 7.1 to 7.3 (Chuck Anderson) [Orabug: 25050614] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3699 CVE-2016-4578 CVE-2016-2053 CVE-2016-6136 CVE-2016-4569 CVE-2016-3070 CVE-2016-4794 CVE-2016-6480 CVE-2016-1583 CVE-2015-8956 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.14.2] - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060050] {CVE-2016-6480} {CVE-2016-6480} - IB/srpt: Simplify srpt_handle_tsk_mgmt() (Bart Van Assche) [Orabug: 25060011] {CVE-2016-6327} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059945] {CVE-2016-6136} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059753] {CVE-2016-4569} - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058991] {CVE-2016-3699} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058903] {CVE-2015-8956} - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059046] {CVE-2016-2053} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059194] {CVE-2016-3070} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3070 CVE-2016-6327 CVE-2016-6136 CVE-2015-8956 CVE-2016-6480 CVE-2016-4578 CVE-2016-3699 CVE-2016-4569 CVE-2016-2053 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.290.2] - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060055] {CVE-2016-6480} {CVE-2016-6480} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059962] {CVE-2016-6136} - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 24971918] {CVE-2016-1583} {CVE-2016-1583} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059755] {CVE-2016-4569} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058905] {CVE-2015-8956} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059195] {CVE-2016-3070} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-6136 CVE-2016-4569 CVE-2016-6480 CVE-2016-1583 CVE-2016-3070 CVE-2016-4578 CVE-2015-8956 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.22] - ocfs2: fix trans extend while free cached blocks (Junxiao Bi) [Orabug: 25136991] - ocfs2: fix trans extend while flush truncate log (Junxiao Bi) [Orabug: 25136991] - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (Xue jiufei) [Orabug: 25136991] - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154096] {CVE-2016-8650} {CVE-2016-8650} - mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25159035] [4.1.12-61.1.21] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25144380] - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142868] {CVE-2016-9555} [4.1.12-61.1.20] - rebuild bumping release IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8650 CVE-2016-9555 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.15.1] - Revert 'i40e: Set defport behavior for the Main VSI when in promiscuous mode' (Jack Vogel) [Orabug: 22683573] - mlx4: avoid multiple free on id_map_ent (Wengang Wang) - xen-netfront: cast grant table reference first to type int (Dongli Zhang) - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) - RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 25045360] - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142879] {CVE-2016-9555} - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154098] {CVE-2016-8650} {CVE-2016-8650} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8650 CVE-2016-9555 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.293.1] - logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 21962821] - sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23518650] - bio allocation failure due to bio_get_nr_vecs() (Darrick J. Wong) [Orabug: 23852442] - mlx4: avoid ABBA deadlock (Wengang Wang) [Orabug: 23538548] - mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25022815] - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142906] {CVE-2016-9555} [2.6.39-400.292.1] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138146] [2.6.39-400.291.1] - RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 24951873] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9555 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.23] - net: Fix use after free in the recvmmsg exit path (Arnaldo Carvalho de Melo) [Orabug: 25298601] {CVE-2016-7117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7117 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.15.2] - x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) [Orabug: 25269176] {CVE-2016-3157} {CVE-2016-3157} - net: Fix use after free in the recvmmsg exit path (Arnaldo Carvalho de Melo) [Orabug: 25298611] {CVE-2016-7117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7117 CVE-2016-3157 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.293.2] - x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) [Orabug: 25269184] {CVE-2016-3157} - net: Fix use after free in the recvmmsg exit path (Arnaldo Carvalho de Melo) [Orabug: 25298618] {CVE-2016-7117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3157 CVE-2016-7117 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 [8.70-21_1] - Added security fixes for: - CVE-2013-5653 (bug #1380327) - CVE-2016-7977 (bug #1380415) - CVE-2016-7979 (bug #1382305) - CVE-2016-8602 (bug #1383940) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7977 CVE-2016-8602 CVE-2013-5653 CVE-2016-7979 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.6.32-642.13.1] - [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390805 1390046] {CVE-2016-7117} - [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1396479 1381585] - [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379527 1379529] {CVE-2016-6828} - [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998} - [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998} - [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998} - [net] ipv6: Don't change dst->flags using assignments (Marcelo Leitner) [1391974 1389478] - [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1392818 1383078] - [netdrv] sfc: report supported link speeds on SFP connections (Jarod Wilson) [1388168 1384621] - [drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1392875 1342114] - [hv] avoid vfree() on crash (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: handle various crash scenarios (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: Support kexec on ws2012 r2 and above (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: Support handling messages on multiple CPUs (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: avoid wait_for_completion() on crash (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: don't loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1385482 1333167] - [hv] vmbus: Force all channel messages to be delivered on CPU 0 (Vitaly Kuznetsov) [1385482 1333167] - [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1396272 1374743] - [fs] nfs4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done (Steve Dickson) [1385480 1376467] - [firmware] dmi_scan: DMI information in sysfs is missing on SMBIOS 3.0 based systems (Steve Best) [1393464 1353807] [2.6.32-642.12.1] - [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1392799 1384212] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6828 CVE-2016-7117 CVE-2016-4998 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.41-1.13.13.1.0.1] - Add oracle-enterprise.patch [1:1.6.0.41-1.13.13.1] - Update to new 1.13.13 and b41 tarballs to correct TCK failure. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Remove --htmldir option which is not supported by older autotools. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Remove --docdir option which is not supported by older autotools. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Update to new 1.13.13 tarball with PR3275 and PR3276 fixes. - Ignore any xz tarballs as RHEL 5.11 does not support them. - Resolves: rhbz#1381990 [1:1.6.0.41-1.13.13.0] - Update to IcedTea 1.13.13 & OpenJDK 6 b41. - Fix context for rpath patch following PR3213. - Resolves: rhbz#1381990 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-5597 CVE-2016-5573 CVE-2016-5554 CVE-2016-5582 CVE-2016-5542 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 [30:9.3.6-25.P1.12] - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9147 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1:1.8.0.121-0.b13] - Update to aarch64-jdk8u121-b13. - Update PR1834/RH1022017 fix to reduce curves reported by SSL to apply against u121. - Re-generate RH1393047 ObjectInputStream patch against u121. - Resolves: rhbz#1410612 [1:1.8.0.112-0.b16] - Update to aarch64-jdk8u112-b16. - Drop upstreamed patches for 8044762, 8049226, 8154210, 8158260 and 8160122. - Re-generate size_t and key size (RH1163501) patches against u112. - Resolves: rhbz#1410612 [1:1.8.0.111-3.b14] - Enable a full bootstrap on JIT archs to ensure stability. - Resolves: rhbz#1410612 [1:1.8.0.111-2.b18] - Use java-1.7.0-openjdk to bootstrap on RHEL to allow us to use main build target - Resolves: rhbz#1410612 [1:1.8.0.111-2.b18] - Update to aarch64-jdk8u111-b18, synced with upstream u111, S8170873 and new AArch64 fixes - Replace our correct version of 8159244 with the amendment to the 8u version from 8160122. - Resolves: rhbz#1410612 CRITICAL Copyright 2017 Oracle, Inc. CVE-2016-5547 CVE-2017-3261 CVE-2016-5548 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3272 CVE-2017-3289 CVE-2016-5546 CVE-2017-3231 CVE-2016-5552 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [7:3.4.14-9.4] - Resolves: #1412733 - CVE-2016-10002 squid34: squid: Information disclosure in HTTP request processing MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10002 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [5.1.73-8.0.1] - fix date in the test [5.1.73-8] - Fix CVE-2016-6662 and CVE-2016-6663 Resolves: #1397309 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6663 CVE-2016-5616 CVE-2016-6662 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.7.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.7.0-1] - Updated to 45.7.0 (B1) [45.6.0-2] - Enabled ffmpeg > 54.35.1 (rhbz#1330898, mozbz#1263665) CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5390 CVE-2017-5376 CVE-2017-5396 CVE-2017-5383 CVE-2017-5375 CVE-2017-5373 CVE-2017-5378 CVE-2017-5380 CVE-2017-5386 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [3.9.4-21] - Fix patch for CVE-2016-5652 - Related: #1412078 [3.9.4-20] - Fix CWE-476 defect found by covscan - Related: #1412078 [3.9.4-19] - Add patches for CVEs: - CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 - CVE-2016-9536 CVE-2016-9537 CVE-2016-9540 - CVE-2016-5652 - Resolves: #1412078 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-5652 CVE-2016-9534 CVE-2016-9533 CVE-2016-9535 CVE-2016-9536 CVE-2015-8870 CVE-2016-9540 CVE-2016-9537 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.7.0-1] - Update to 45.7.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5375 CVE-2017-5376 CVE-2017-5380 CVE-2017-5373 CVE-2017-5383 CVE-2017-5396 CVE-2017-5390 CVE-2017-5378 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch Oracle Linux 6 Oracle Linux 7 [4.2.6p5-25.0.1.el7_3.1] - Bump release to avoid ULN conflict with Oracle modified errata. [4.2.6p5-25.el7_3.1] - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7433 CVE-2016-9310 CVE-2016-7426 CVE-2016-7429 CVE-2016-9311 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0.12.4-13.2] - Fix buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages. Resolves: CVE-2016-9577 - Fix remote DoS via crafted message. Resolves: CVE-2016-9578 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9577 CVE-2016-9578 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.131-2.6.9.0.0.1] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Oracle Linux' [1:1.7.0.131-2.6.9.0] - Add blacklisted.certs to installation file list. - Resolves: rhbz#1410612 [1:1.7.0.131-2.6.9.0] - Bump to 2.6.9 and u131b00. - Remove patch application debris in fsg.sh. - Re-generate RH1022017 against 2.6.9. - Resolves: rhbz#14106122 CRITICAL Copyright 2017 Oracle, Inc. CVE-2016-5547 CVE-2016-5546 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3252 CVE-2017-3241 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1.0.1e-48.4] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts MODERATE Copyright 2017 Oracle, Inc. CVE-2016-8610 CVE-2017-3731 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [2.6.32-642.13.2] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [2.6.32-642.15.1] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074} [2.6.32-642.14.1] - [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399456 1399457] {CVE-2016-9555} - [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1403143 1342659] - [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359302 1359304] {CVE-2016-6136} - [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1399172 1353844] - [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1399172 1353844] - [fs] nfs: Don't pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1399172 1353844] - [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1399174 1397552] - [scsi] hpsa: correct logical resets (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1399175 1083110] - [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1399175 1083110] - [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1397808 1351798] - [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1397739 1378614] - [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1398185 1387243] MODERATE Copyright 2017 Oracle, Inc. CVE-2016-9555 CVE-2016-6136 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [0.12.1.2-2.491.el6_8.6] - kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1418230 bz#1419416] - kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418230 bz#1419416] - kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418230 bz#1419416] - kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418230 bz#1419416] - kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418230 bz#1419416] - kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418230 bz#1419416] - kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418230 bz#1419416] - kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418230 bz#1419416] - Resolves: bz#1418230 (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.8.z]) - Resolves: bz#1419416 (CVE-2017-2615 qemu-kvm-rhev: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.8.z]) [0.12.1.2-2.491.el6_8.5] - kvm-net-check-packet-payload-length.patch [bz#1398213] - Resolves: bz#1398213 (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-6.8.z]) [0.12.1.2-2.491.el6.4] - kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1408389] - kvm-virtio-introduce-virtqueue_discard.patch [bz#1408389] - kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1408389] - kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1408389] - kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1408389] - kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1408389] - Resolves: bz#1408389 ([RHEL6.8.z] KVM guest shuts itself down after 128th reboot) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2615 CVE-2016-2857 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [0.12.1.2-2.491.el6_8.7] - kvm-cirrus-fix-patterncopy-checks.patch [bz#1420486 bz#1420488] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420486 bz#1420488] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420486 bz#1420488] - Resolves: bz#1420486 (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.8.z]) - Resolves: bz#1420488 (EMBARGOED CVE-2017-2620 qemu-kvm-rhev: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.8.z]) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2620 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 5 Oracle Linux 6 [45.8.0-2.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.8.0-2] - Update to 45.8.0 ESR (B2) [45.8.0-1] - Update to 45.8.0 ESR [45.7.0-2] - Enabled ppc/s390 arches (rhbz#1418765) CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5404 CVE-2017-5405 CVE-2017-5410 CVE-2017-5402 CVE-2017-5408 CVE-2017-5400 CVE-2017-5401 CVE-2017-5407 CVE-2017-5398 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.8.0-1] - Update to 45.8.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5407 CVE-2017-5405 CVE-2017-5410 CVE-2017-5401 CVE-2017-5404 CVE-2017-5408 CVE-2017-5398 CVE-2017-5400 CVE-2017-5402 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0:6.0.24-105] - Related: rhbz#1402664 CVE-2016-6816 Adding system property from asfbz-60594 to allow use of some un-encoded characters - Related: rhbz#1402664 CVE-2016-6816 Resolving a security regression (2017-6056) caused by CVE-2016-6816 [0:6.0.24-104] - Related: rhbz#1402664 build. reverting ExcludeArch to fix composes [0:6.0.24-102] - Resolves: rhbz#1413589 CVE-2016-8745 tomcat6: tomcat: information disclosure due to incorrect Processor sharing - Resolves: rhbz#1402664 CVE-2016-6816 tomcat6: tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests MODERATE Copyright 2017 Oracle, Inc. CVE-2016-8745 CVE-2016-6816 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.3-16] - Revert previous changes in patch for CVE-2016-5159 - Fix double free in patch for CVE-2016-5139 - Fix memory leaks and invalid read in cio_bytein Related: #1419775 [1.3-15] - Add two more allocation checks to patch for CVE-2016-5159 Related: #1419775 [1.3-14] - Add patches for CVE-2016-5139, CVE-2016-5158, CVE-2016-5159 Related: #1419775 [1.3-13] - Fix patch name: CVE-2016-9675 => CVE-2016-7163 Related: #1419775 [1.3-12] - Add patch for CVE-2016-9675 - Fix Coverity issues Resolves: #1419775 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-5159 CVE-2016-7163 CVE-2016-9675 CVE-2016-5139 CVE-2016-5158 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1:1.20.11-20] - inspection: fix detection of /usr in separate partition resolves: rhbz#1388407 [1:1.20.11-19] - libguestfs-java: bump the java Require to >= 1.7.0, matching the Build-Require, and the generated bytecode resolves: rhbz#1319086 [1:1.20.11-18] - Fix buffer overflow and information leak CVE-2015-8869 resolves: rhbz#1343103 MODERATE Copyright 2017 Oracle, Inc. CVE-2015-8869 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [3.11.2-5] - Enable execshield stack protection on ppc/ppc64 (572826) related: rhbz#1343082 - Fix strict-aliasing warnings in build (990540). [3.11.2-3] - Fix buffer overflow and information leak CVE-2015-8869 resolves: rhbz#1343082 MODERATE Copyright 2017 Oracle, Inc. CVE-2015-8869 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [2.12.23-21] - Upgraded to 2.12.23 to incorporate multiple TLS 1.2 fixes (#1326389, #1326073, #1323215, #1320982, #1328205, #1321112) - Modified gnutls-serv to accept --sni-hostname (#1333521) - Modified gnutls-serv to always reply with an alert message (#1327656) - Removed support for DSA2 as it causes interoperability issues (#1321112) - Allow sending and receiving certificates which were not in the signature algorithms extension (#1328205) - Removed support for EXPORT ciphersuites (#1337460) - Raised the minimum acceptable DH size to 1024 (#1335924) - Restricted the number of alert that can be received during handshake (#1388730) - Added fixes for OpenPGP parsing issues (CVE-2017-5337, CVE-2017-5336, CVE-2017-5335) - The exposed (but internal) crypto back-end registration API is deprecated and no longer functional. The ABI is kept compatible (#1415682) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-5337 CVE-2017-5336 CVE-2016-8610 CVE-2017-5335 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 Oracle Linux 6 [0.12.1.2-2.503.el6] - kvm-cirrus-fix-patterncopy-checks.patch [bz#1420487 bz#1420489] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420487 bz#1420489] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420487 bz#1420489] - Resolves: bz#1420487 (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.9]) - Resolves: bz#1420489 (EMBARGOED CVE-2017-2620 qemu-kvm-rhev: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-6.9]) [0.12.1.2-2.502.el6] - kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1418231 bz#1419417] - kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1418231 bz#1419417] - kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1418231 bz#1419417] - kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1418231 bz#1419417] - kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1418231 bz#1419417] - kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1418231 bz#1419417] - kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418231 bz#1419417] - kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418231 bz#1419417] - Resolves: bz#1418231 (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.9]) - Resolves: bz#1419417 (CVE-2017-2615 qemu-kvm-rhev: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-6.9]) [0.12.1.2-2.501.el6] - kvm-Revert-iotests-Use-_img_info.patch [bz#1405882] - kvm-Revert-block-commit-speed-is-an-optional-parameter.patch [bz#1405882] - kvm-Revert-iotests-Disable-086.patch [bz#1405882] - kvm-Revert-iotests-Fix-049-s-reference-output.patch [bz#1405882] - kvm-Revert-iotests-Fix-026-s-reference-output.patch [bz#1405882] - kvm-Revert-qcow2-Support-exact-L1-table-growth.patch [bz#1405882] - kvm-Revert-qcow2-Free-allocated-L2-cluster-on-error.patch [bz#1405882] - kvm-net-check-packet-payload-length.patch [bz#1398214] - Resolves: bz#1398214 (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-6.9]) - Reverts: bz#1405882 (test cases 026 030 049 086 and 095 of qemu-iotests fail for qcow2 with qemu-kvm-rhev-0.12.1.2-2.498.el6) [0.12.1.2-2.500.el6] - kvm-qcow2-Free-allocated-L2-cluster-on-error.patch [bz#1405882] - kvm-qcow2-Support-exact-L1-table-growth.patch [bz#1405882] - kvm-iotests-Fix-026-s-reference-output.patch [bz#1405882] - kvm-iotests-Fix-049-s-reference-output.patch [bz#1405882] - kvm-iotests-Disable-086.patch [bz#1405882] - kvm-block-commit-speed-is-an-optional-parameter.patch [bz#1405882] - kvm-iotests-Use-_img_info.patch [bz#1405882] - Resolves: bz#1405882 (test cases 026 030 049 086 and 095 of qemu-iotests fail for qcow2 with qemu-kvm-rhev-0.12.1.2-2.498.el6) [0.12.1.2-2.499.el6] - kvm-rename-qemu_aio_context-to-match-upstream.patch [bz#876993] - kvm-block-stop-relying-on-io_flush-in-bdrv_drain_all.patch [bz#876993] - kvm-block-add-bdrv_drain.patch [bz#876993] - kvm-block-avoid-very-long-pauses-at-the-end-of-mirroring.patch [bz#876993] - Resolves: bz#876993 (qemu-kvm: vms become non-responsive during migrate disk load from 2 domains to a 3ed) [0.12.1.2-2.498.el6] - kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1392520] - kvm-virtio-introduce-virtqueue_discard.patch [bz#1392520] - kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1392520] - kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1392520] - kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1392520] - kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1392520] - kvm-PATCH-1-4-e1000-pre-initialize-RAH-RAL-registers.patch [bz#1300626] - kvm-net-update-nic-info-during-device-reset.patch [bz#1300626] - kvm-net-e1000-update-network-information-when-macaddr-is.patch [bz#1300626] - kvm-net-rtl8139-update-network-information-when-macaddr-.patch [bz#1300626] - Resolves: bz#1300626 (e1000/rtl8139: qemu mac address can not be changed via set the hardware address in guest) - Resolves: bz#1392520 ([RHEL6.9] KVM guest shuts itself down after 128th reboot) [0.12.1.2-2.497.el6] - kvm-vmstate-fix-breakage-by-7e72abc382b700a72549e8147bde.patch [bz#1294941] - Resolves: bz#1294941 (QEMU crash on snapshot revert when using Cirrus) [0.12.1.2-2.496.el6] - kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch [bz#1361490] - kvm-virtio-scsi-Prevent-assertion-on-missed-events.patch [bz#1333697] - Resolves: bz#1333697 (qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/virtio-scsi.c:724: virtio_scsi_push_event: Assertion event == 0 failed) - Resolves: bz#1361490 (system_reset should clear pending request for error (virtio-blk)) [0.12.1.2-2.495.el6] - kvm-qemu-img-add-support-for-fully-allocated-images.patch [bz#1297653] - kvm-qemu-img-fix-usage-instruction-for-qemu-img-convert.patch [bz#1297653] - kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I.patch [bz#1292678 bz#1320066] - Resolves: bz#1292678 (Qemu should report error when cmdline set threads=2 in amd host) - Resolves: bz#1297653 (qemu-img convert cant create a fully allocated image passed a -S 0 option) - Resolves: bz#1320066 (Qemu should not report error when cmdline set threads=2 in Intel host) [0.12.1.2-2.494.el6] - kvm-rtl8139-flush-queued-packets-when-RxBufPtr-is-writte.patch [bz#1356924] - kvm-block-Detect-unaligned-length-in-bdrv_qiov_is_aligne.patch [bz#1321862] - kvm-ide-fix-halted-IO-segfault-at-reset.patch [bz#1281713] - kvm-atapi-fix-halted-DMA-reset.patch [bz#1281713] - Resolves: bz#1281713 (system_reset should clear pending request for error (IDE)) - Resolves: bz#1321862 (Backport 'block: Detect unaligned length in bdrv_qiov_is_aligned()') - Resolves: bz#1356924 (rtl8139 driver hangs in widows guests) [0.12.1.2-2.493.el6] - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359725] - Resolves: bz#1359725 (CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-6.9]) [0.12.1.2-2.492.el6] - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331408] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331408] - kvm-vga-use-constants-from-vga.h.patch [bz#1331408] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331408] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331408] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331408] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331408] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331408] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331408] - kvm-vga-add-sr_vbe-register-set.patch [bz#1331408 bz#1346981] - Resolves: bz#1331408 (CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.9]) - Resolves: bz#1346981 (Regression from CVE-2016-3712: windows installer fails to start) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-3712 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.1.0-24] - Proper global init/deinit of GnuTLS Resolves: bz#1418946 [1.1.0-23] - Fix buffer overflow in FullFramePixelBuffer::fillRect Resolves: bz#1416289 [1.1.0-22] - Fix buffer overflow in FullFramePixelBuffer::fillRect Resolves: bz#1416289 [1.1.0-21] - Enable DRI2 and DRI3 Resolves: bz#1323065 [1.1.0-20] - Rebuild against fixed xorg-x11-server to avoid automatical disconnects when initiazed from xinetd Resolves: bz#1390458 [1.1.0-19] - Restore default behaviour to listen on TCP Resolves: bz#1378922 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-10207 CVE-2017-5581 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [1.8.10-25.0.1] - Fix ocfs2 dissector (John Haxby) [orabug 21505640] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.8.10-25] - rebuilt [1.8.10-24] - Related: #1245887 - segfault with CVE-2013-4075 capture - valgrind error with CVE-2015-3812 capture [1.8.10-23] - Resolves: #1238166 - tshark -F option fails to create capture files in .pcap format [1.8.10-22] - Resolves: #1240675 - No dissection of the TLS Certificate Verify message [1.8.10-21] - Resolves: #1222902 - Encrypt-then-MAC TLS extension unrecognised - Patch also include master secret extension decoding in TLS [1.8.10-20] - Resolves: #1222895 - Problems decoding TLS Server Key Exchange messages [1.8.10-19] - Security patches - Resolves: CVE-2013-4075 [1.8.10-18] - Security patches - Resolves: CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 MODERATE Copyright 2017 Oracle, Inc. CVE-2013-4075 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [5.3p1-122] - Allow to use ibmca crypto hardware (#1397547) - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes (1405374) [5.3p1-121] - Fix missing hmac-md5-96 from server offer (#1373836) [5.3p1-120] - Prevent infinite loop when Ctrl+Z pressed at password prompt (#1218424) - Remove RC4 cipher and MD5 based MAC from the default client proposal (#1373836) [5.3p1-119] - Resolve sftp force permission colision with umask (#1341747) - Relax bits needed check to allow hmac-sha2-512 with gss-group1-sha1- (#1353359) - close ControlPersist background process stderr when not in debug mode (#1335539) - Do not add a message 'The agent has no identities.' in ~/.ssh/authorized_keys (#1353410) MODERATE Copyright 2017 Oracle, Inc. CVE-2015-8325 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6::security_validation cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 Oracle Linux 6 [8.4-46.0.1] - clean up empty file if cp is failed [Orabug 15973168] [8.4-46] - pure rebuild to bring back support for acl_extended_file_nofollow() on x86_64 [8.4-45] - su: deny killing other processes with root privileges (CVE-2017-2616) [8.4-44] - fix the functionality of 'sort -h -k ...' in multi-byte locales (#1357979) - use correct path to grep(1) in colorls.sh (#1376892) - make colorls.sh compatible with ksh (#1321643) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2616 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 [3.6.23-41.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-41] - resolves: #1413672 - Auth regression after secret changed [3.6.23-40] - resolves: #1405356 - CVE-2016-2125 CVE-2016-2126 [3.6.23-39] - resolves: #1297805 - Fix issues with printer unpublishing from AD [3.6.23-38] - resolves: #1347843 - Fix RPC queryUserList returning NO_MEMORY for empty list [3.6.23-37] - resolves: #1380151 - Fix memory leak in idmap_ad module - resolves: #1333561 - Fix smbclient connection issues to DFS shares - resolves: #1372611 - Allow ntlmsssp session key setup without signing (Workaround for broken NetApp and EMC NAS) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-2126 CVE-2016-2125 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.12-1.209.0.1] - Update newmode size to fix a possible corruption [2.12-1.209] - Fix AF_INET6 getaddrinfo with nscd (#1416496) [2.12-1.208] - Update tests for struct sockaddr_storage changes (#1338673) [2.12-1.207] - Use FL_CLOEXEC in internal calls to fopen (#1012343). [2.12-1.206] - Fix CVE-2015-8779 glibc: Unbounded stack allocation in catopen function (#1358015). [2.12-1.205] - Make padding in struct sockaddr_storage explicit (#1338673) [2.12-1.204] - Fix detection of Intel FMA hardware (#1384281). [2.12-1.203] - Add support for el_GR@euro, ur_IN, and wal_ET locales (#1101858). [2.12-1.202] - Change malloc/tst-malloc-thread-exit.c to use fewer threads and avoid timeout (#1318380). [2.12-1.201] - df can fail on some systems (#1307029). [2.12-1.200] - Log uname, cpuinfo, meminfo during build (#1307029). [2.12-1.199] - Draw graphs for heap and stack only if MAXSIZE_HEAP and MAXSIZE_STACK are non-zero (#1331304). [2.12-1.198] - Avoid unneeded calls to __check_pf in getadddrinfo (#1270950) [2.12-1.197] - Fix CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r (#1358013). [2.12-1.196] - Fix CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() (#1358011). [2.12-1.195] - tzdata-update: Ignore umask setting (#1373646) [2.12-1.194] - CVE-2014-9761: Fix unbounded stack allocation in nan* (#1358014) [2.12-1.193] - Avoid using uninitialized data in getaddrinfo (#1223095) MODERATE Copyright 2017 Oracle, Inc. CVE-2015-8778 CVE-2015-8779 CVE-2015-8776 CVE-2014-9761 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [4.1.2-48] - Fix signal handling in read builtin Resolves: #1421926 [4.1.2-47] - CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd Resolves: #1396383 [4.1.2-46] - CVE-2016-7543 - Fix for arbitrary code execution via SHELLOPTS+PS4 variables Resolves: #1379630 [4.1.2-45] - CVE-2016-0634 - Fix for arbitrary code execution via malicious hostname Resolves: #1377613 [4.1.2-44] - Avoid crash in parameter expansion while expanding long strings Resolves: #1359142 [4.1.2-43] - Stop reading input when SIGHUP is received Resolves: #1325753 [4.1.2-42] - Bash leaks memory while doing pattern removal in parameter expansion Resolves: #1283829 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-7543 CVE-2016-9401 CVE-2016-0634 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [4.2.10-9] - resolves: #1405358 - CVE-2016-2125 CVE-2016-2126 [4.2.10-8] - Synchronize patches for Samba 4.2.10 with RHEL 7.2.z - Resolves: #1383685 - Update samba4 to be on par with RHEL 7.2.z MODERATE Copyright 2017 Oracle, Inc. CVE-2016-2126 CVE-2016-2125 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 Oracle Linux 6 [0.99.15-14] - Resolves: #1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory [0.99.15-13] - fix path of ripd pid file (#842308) [0.99.15-12] - fix start() function in watchqugga initscript (#862826, #1208617) [0.99.15-11] - fix for CVE-2013-2236 (#1391918) - fix for CVE-2016-1245 (#1391914) - fix for CVE-2016-2342 (#1391916) - fix for CVE-2016-4049 (#1391919) [0.99.15-11] - ospf6d: Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in startup-config (#770731) [0.99.15-10] - add watchquagga initscript (#862826, #1208617) - remove pidfile when service is stopped (#842308) - use QCONFDIR correctly in initscripts (#839620) - include watchquagga and ospfclient manpages (#674862) [0.99.15-9] - improve fix for CVE-2011-3325 [0.99.15-8] - fix CVE-2011-3323 - fix CVE-2011-3324 - fix CVE-2011-3325 - fix CVE-2011-3326 - fix CVE-2011-3327 - fix CVE-2012-0255 - fix CVE-2012-0249 and CVE-2012-0250 - fix CVE-2012-1820 MODERATE Copyright 2017 Oracle, Inc. CVE-2016-1245 CVE-2017-5495 CVE-2016-4049 CVE-2013-2236 CVE-2016-2342 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [2.6.32-696.OL6] - Update genkey [bug 25599697] [2.6.32-696] - [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074} [2.6.32-695] - [block] nvme: Dont poll device being removed (David Milburn) [1422521] [2.6.32-694] - [fs] posix_acl: Clear SGID bit when setting file permissions (Andreas Grunbacher) [1371252] {CVE-2016-7097} - [fs] switch posix_acl_equiv_mode() to umode_t * (Andreas Grunbacher) [1371252] {CVE-2016-7097} - [perf] sched latency: Fix thread pid reuse issue (Jiri Olsa) [1400743] - [fs] ext4: fix races of writeback with punch hole and zero range (Lukas Czerner) [1394786] - [fs] ext4: validate s_reserved_gdt_blocks on mount (Lukas Czerner) [1394786] - [fs] ext4: release bh in make_indexed_dir (Lukas Czerner) [1394786] - [fs] ext4: reinforce check of i_dtime when clearing high fields of uid and gid (Lukas Czerner) [1394786] - [fs] ext4: validate that metadata blocks do not overlap superblock (Lukas Czerner) [1394786] - [fs] ext4: short-cut orphan cleanup on error (Lukas Czerner) [1394786] - [fs] ext4: fix reference counting bug on block allocation error (Lukas Czerner) [1394786] - [fs] ext4: check for extents that wrap around (Lukas Czerner) [1394786] - [fs] ext4: silence UBSAN in ext4_mb_init() (Lukas Czerner) [1394786] - [fs] ext4: address UBSAN warning in mb_find_order_for_block() (Lukas Czerner) [1394786] - [fs] ext4: clean up error handling when orphan list is corrupted (Lukas Czerner) [1394786] - [fs] ext4: fix hang when processing corrupted orphaned inode list (Lukas Czerner) [1394786] - [fs] jbd2: Fix unreclaimed pages after truncate in data=journal mode (Lukas Czerner) [1394786] - [fs] ext4: Fix handling of extended tv_sec (Lukas Czerner) [1394786] - [fs] create and use seq_show_option for escaping (Lukas Czerner) [1394786] - [fs] ext4: replace open coded nofail allocation in ext4_free_blocks() (Lukas Czerner) [1394786] - [fs] ext4: Introduce EFSBADCRC and EFSCORRUPTED error codes (Lukas Czerner) [1394786] - [block] ensure request->part is valid (Jeff Moyer) [1416341] - [sound] alsa: hda - fix Lewisburg audio issue (Jaroslav Kysela) [1413134] [2.6.32-693] - [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1419396] - [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1419396] - [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1419396] - [netdrv] sfc: clean fallbacks between promisc/normal in efx_ef10_filter_sync_rx_mode (Jarod Wilson) [1419396] - [netdrv] sfc: support cascaded multicast filters (Jarod Wilson) [1419396] - [netdrv] sfc: Make failed filter removal less noisy (Jarod Wilson) [1410750] - [netdrv] sfc: re-factor efx_ef10_filter_sync_rx_mode() (Jarod Wilson) [1410750] - [netdrv] sfc: refactor debug-or-warnings printks (Jarod Wilson) [1410750] - [net] implement netif_cond_dbg macro (Jarod Wilson) [1410750] [2.6.32-692] - [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1401058] - [fs] revert 'sunrpc: make AF_LOCAL connect synchronous' (Benjamin Coddington) [1420044] [2.6.32-691] - [net] tcp: correct memory barrier usage in tcp_check_space() (Oleg Nesterov) [1386136] - [fs] epoll: prevent missed events on EPOLL_CTL_MOD (Oleg Nesterov) [1386136] - [acpi] acpica: Fix regression in FADT revision checks (Lenny Szubowicz) [1418339] - [net] ipv6: stop sending PTB packets for MTU < 1280 (Hannes Frederic Sowa) [1415931] {CVE-2016-10142} - [net] fix dst_ops_extend leaks (Sabrina Dubroca) [1399633] [2.6.32-690] - [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1405267] - [scsi] mpt3sas: Fix for block device of raid exists even after deleting raid disk (Tomas Henzl) [1416552] [2.6.32-689] - [netdrv] be2net: fix initial MAC setting (Ivan Vecera) [1415905] [2.6.32-688] - [netdrv] sfc: fix missing mc_promisc setting (Jarod Wilson) [1410750] [2.6.32-687] - [netdrv] sfc: reduce severity of PIO buffer alloc failures (Jarod Wilson) [1410750] - [netdrv] sfc: avoid division by zero (Jarod Wilson) [1410750] - [netdrv] sfc: Insert multicast filters as well as mismatch filters in promiscuous mode (Jarod Wilson) [1410750] - [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1410750] - [netdrv] sfc: warn if other functions have been reset by MCFW (Jarod Wilson) [1410750] - [netdrv] sfc: add output flag decoding to efx_mcdi_set_workaround (Jarod Wilson) [1410750] - [netdrv] sfc: get PIO buffer size from the NIC (Jarod Wilson) [1410750] - [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1410750] - [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1410750] - [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1410750] - [netdrv] sfc: Downgrade EPERM messages from MCDI to debug (Jarod Wilson) [1410750] - [netdrv] sfc: cope with ENOSYS from efx_mcdi_get_workarounds() (Jarod Wilson) [1410750] - [netdrv] sfc: enable cascaded multicast filters in MCFW (Jarod Wilson) [1410750] - [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1410750] - [dm] raid: fix transient device failure processing (Mike Snitzer) [1404425] [2.6.32-686] - [scsi] Add intermediate STARGET_REMOVE state to scsi_target_state (Ewan Milne) [1349623] - [scsi] restart list search after unlock in scsi_remove_target (Ewan Milne) [1349623] - [powerpc] pci: Support per-aperture memory offset (Laurent Vivier) [1413448] - [powerpc] pci: Dont add bogus empty resources to PHBs (Laurent Vivier) [1413448] - [mm] mmap.c: fix arithmetic overflow in __vm_enough_memory() (Jerome Marchand) [1413500] - [net] ping: check minimum size on ICMP header length (Mateusz Guzik) [1414202] {CVE-2016-8399} - [scsi] sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Ewan Milne) [1414823] {CVE-2016-10088 CVE-2016-9576} [2.6.32-685] - [kernel] ftrace: Do not function trace inlined functions (Pratyush Anand) [1413456] - [x86] paravirt: Do not trace _paravirt_ident_*() functions (Pratyush Anand) [1413456] - [netdrv] i40e: Fix for long link down notification time (Stefan Assmann) [1414274] - [scsi] megaraid_sas: fix done in queue_command (Tomas Henzl) [1415192] - [scsi] megaraid: fixes (Tomas Henzl) [1415192] - [netdrv] ixgbe: Add support for new X557 device (Ken Cox) [1408509] - [netdrv] ixgbe: Add KR backplane support for x550em_a (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for SGMII backplane interface (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for SFPs with retimer (Ken Cox) [1408509] - [netdrv] ixgbe: Introduce function to control MDIO speed (Ken Cox) [1408509] - [netdrv] ixgbe: Read and set instance id (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for x550em_a 10G MAC type (Ken Cox) [1408509] - [netdrv] ixgbe: Use method pointer to access IOSF devices (Ken Cox) [1408509] - [netdrv] ixgbe: Add support for single-port X550 device (Ken Cox) [1408509] - [netdrv] ixgbe: Clean up interface for firmware commands (Ken Cox) [1408509] - [netdrv] ixgbe: Change the lan_id and func fields to a u8 to avoid casts (Ken Cox) [1408509] - [netdrv] ixgbe: Fix flow control for Xeon D KR backplane (Ken Cox) [1408509] - [netdrv] ixgbe: Make all unchanging ops structures const (Ken Cox) [1408509] - [netdrv] ixgbe: Update PTP to support X550EM_x devices (Ken Cox) [1408509] - [netdrv] ixgbe: convert to CYCLECOUNTER_MASK macro (Ken Cox) [1408509] - [netdrv] ixgbevf: add VF support for new hardware (Ken Cox) [1408507] - [netdrv] ixgbevf: Support Windows hosts (Hyper-V) (Ken Cox) [1408507] - [netdrv] ixgbevf: Add the device IDs presented while running on Hyper-V (Ken Cox) [1408507] - [netdrv] ixgbevf: Move API negotiation function into mac_ops (Ken Cox) [1408507] - [x86] tsc: Reset cycle_last after resume from S3/S4 (Lenny Szubowicz) [1406468] - [kernel] hung_task: allow hung_task_panic when hung_task_warnings is 0 (Waiman Long) [1410297] [2.6.32-684] - [s390] kernel/ap: Fix hang condition on crypto card config-off (Hendrik Brueckner) [1413552] - [s390] zcrypt: Improved invalid domain response handling (Hendrik Brueckner) [1406389] - [infiniband] ucm: Fix bitmap wrap when devnum > IB_UCM_MAX_DEVICES (Slava Shwartsman) [1413476] - [netdrv] mlx5e: Copy all L2 headers into inline segment (Kamal Heib) [1408937] - [netdrv] be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [1406659] - [netdrv] be2net: dont delete MAC on close on unprivileged BE3 VFs (Ivan Vecera) [1406659] - [netdrv] be2net: fix status check in be_cmd_pmac_add() (Ivan Vecera) [1406659] - [acpi] acpica: Tables: Update FADT handling (Lenny Szubowicz) [1408401] - [acpi] acpica: ACPI 6.0: Add changes for FADT table (Lenny Szubowicz) [1408401] - [acpi] acpica: Basic support for FADT version 5 (Lenny Szubowicz) [1408401] - [acpi] acpica: Remove use of unreliable FADT revision field (Lenny Szubowicz) [1408401] [2.6.32-683] - [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1411279] - [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1411279] - [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1411279] - [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1411279] - [net] mlx4_en: Fix type mismatch for 32-bit systems (Slava Shwartsman) [1399239] - [net] mlx4_en: Resolve dividing by zero in 32-bit system (Slava Shwartsman) [1399239] - [netdrv] e1000e: Initial support for KabeLake (Jarod Wilson) [1406917] - [netdrv] e1000e: Clear ULP configuration register on ULP exit (Jarod Wilson) [1406917] - [netdrv] e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Jarod Wilson) [1406917] - [netdrv] e1000e: Increase PHY PLL clock gate timing (Jarod Wilson) [1406917] - [netdrv] e1000e: Increase ULP timer (Jarod Wilson) [1406917] - [netdrv] e1000e: initial support for i219-LM (3) (Jarod Wilson) [1406917] - [netdrv] be2net: fix unicast list filling (Ivan Vecera) [1408247] - [netdrv] be2net: fix accesses to unicast list (Ivan Vecera) [1408247] - [netdrv] sfc: Downgrade or remove some error messages (Jarod Wilson) [1410750] - [netdrv] be2net: call be_set_uc_list() unconditionally (Ivan Vecera) [1402679] - [netdrv] mlx5e: Use hw_features through netdev_extended macro (Kamal Heib) [1385318] - [block] nvme: Dont stop kthread while clearing queues (David Milburn) [1399431] - [fs] dlm: Fix saving of NULL callbacks (Robert S Peterson) [1264492] [2.6.32-682] - [x86] kdump: Fix several bound checking error of crashkernel reserving (Baoquan He) [1349069] - [x86] kdump: Crashkernel auto reservation failed on large system (Baoquan He) [1349069] - [kdump] Fix wrong dmi_present argument in case efi_smbios_addr being used (Dave Young) [1404984] - [kdump] Add error check in case dmi_get_system_info return null (Dave Young) [1404984] - [netdrv] bnxt_en: Improve the delay logic for firmware response (John Linville) [1406129] - [netdrv] bnxt_en: Implement proper firmware message padding (John Linville) [1406129] - [netdrv] bnxt_en: Refactor _hwrm_send_message() (John Linville) [1406129] - [netdrv] bnxt_en: Fix dmesg log firmware error messages (John Linville) [1406129] - [netdrv] bnxt_en: Use firmware provided message timeout value (John Linville) [1406129] - [fs] nfs: Allow getattr to also report readdirplus cache hits (Scott Mayhew) [1325766] - [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Scott Mayhew) [1325766] - [fs] nfs: Fix a performance regression in readdir (Scott Mayhew) [1325766] [2.6.32-681] - [net] udplite: fast-path computation of checksum coverage (Hangbin Liu) [1404127] - [ata] libata: fix sff host state machine locking while polling (Cathy Avery) [1390972] - [ata] libata-sff: use WARN instead of BUG on illegal host state machine state (Cathy Avery) [1390972] - [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic (Vitaly Kuznetsov) [1400428] - [fs] nfsd4: zero op arguments beyond the 8th compound op (J. Bruce Fields) [1409002] - [fs] nfsd: fix deadlock secinfo+readdir compound (J. Bruce Fields) [1314505] - [fs] nfsd4: fix recovery-dir leak on nfsd startup failure (J. Bruce Fields) [1266405] - [x86] Mark Skylake processors with Kaby Lake PCH as unsupported (David Arcari) [1405459] - [infiniband] ipoib: Remove cant use GFP_NOIO warning (Slava Shwartsman) [1321529] - [netdrv] veth: allow changing the mac address while interface is up (David Arcari) [1402696] - [kernel] tracing: Protect tracer flags with trace_types_lock (Steven Rostedt) [1397661] - [acpi] acpica: Prevent circular object list in acpi_ns_exec_module_code (Lenny Szubowicz) [1401776] - [acpi] acpica: Fix possible memory leak for module-level code execution (Lenny Szubowicz) [1401776] - [acpi] acpica: Add additional module-level code support (Lenny Szubowicz) [1401776] - [fs] xfs: growfs: use uncached buffers for new headers (Bill ODonnell) [1134314] - [fs] xfs: catch invalid negative blknos in _xfs_buf_find() (Bill ODonnell) [1134314] - [fs] xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (Bill ODonnell) [1134314] [2.6.32-680] - [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1397807] [2.6.32-679] - [mm] Revert 'mm: Fix slab growing out of bound within a cpuset' (Larry Woodman) [1402713] - [netdrv] cxgb4: update latest firmware version supported (Sai Vemuri) [1381382] - [kernel] audit: correctly record file names with different path name types (Paul Moore) [1305103] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] - [scsi] megaraid_sas: ldio_outstanding variable is not decremented in completion path (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] - [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Tomas Henzl) [1306457] - [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Tomas Henzl) [1306457] - [scsi] megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] - [scsi] megaraid_sas: 128 MSIX Support (Tomas Henzl) [1306457] - [scsi] megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457] [2.6.32-678] - [netdrv] RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips (Sai Vemuri) [1381382] - [netdrv] cxgb4: Stop Rx Queues before freeing it up (Sai Vemuri) [1381382] - [netdrv] iw_cxgb4 : Added 'Fail' column in debug iw_cxgb4 stats (Sai Vemuri) [1381382] - [netdrv] cxgb4: Add info print to display number of MSI-X vectors allocated (Sai Vemuri) [1381382] - [netdrv] iwpm: crash fix for large connections test (Sai Vemuri) [1381382] - [netdrv] cxgb4/cxgb4vf : Use vlan_gro_frags_gr() for VLANs (Sai Vemuri) [1381382] - [netdrv] cxgb4vf : Using RHEL6 provided napi_gro_frags_gr() API which returns (enum gro_result) values (Sai Vemuri) [1381382] - [serial] 8250_pci: Detach low-level driver during PCI error recovery (Gustavo Duarte) [1400508] - [drm] reservation: Remove shadowing local variable 'ret' (Rob Clark) [1398084] - [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399457] {CVE-2016-9555} - [net] ipv6: add mtu lock check in __ip6_rt_update_pmtu (Xin Long) [1397295] - [net] Reduce queue allocation to one in kdump kernel (Sai Vemuri) [1321315] - [netdrv] cxgb4: Force cxgb4 driver as MASTER in kdump kernel (Sai Vemuri) [1321315] [2.6.32-677] - [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.15.37.0 (Sai Vemuri) [1349112] - [netdrv] be2net: fix locking (Ivan Vecera) [1397915] - [perf] tools: Initialize reference counts in map__clone() (Jiri Olsa) [1359100] - [perf] tools: Replace map->referenced & maps->removed_maps with map->refcnt (Jiri Olsa) [1359100] - [md] raid10: add rcu protection to rdev access in raid10_sync_request (Xiao Ni) [1395048] - [md] raid10: add rcu protection in raid10_status (Xiao Ni) [1395048] - [md] raid10: fix refounct imbalance when resyncing an array with a replacement device (Xiao Ni) [1395048] - [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1342659] - [x86] ACPI: add dynamic_debug support (Prarit Bhargava) [1252674] - [mm] hugetlb: fix huge_pte_alloc BUG_ON (Dave Anderson) [1397250] [2.6.32-676] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567] - [scsi] megaraid_sas: add in missing white spaces in error messages text (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1397873] - [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1392499] - [scsi] megaraid_sas: Do not fire DCMDs during PCI shutdown/detach (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Send correct PhysArm to FW for R1 VD downgrade (Tomas Henzl) [1396567] - [scsi] megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1392499] - [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1392499] - [scsi] megaraid_sas: clean function declarations in megaraid_sas_base.c up (Tomas Henzl) [1396567] - [scsi] megaraid_sas: add in missing white space in error message text (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Fix the search of first memory bar (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Use memdup_user() rather than duplicating its implementation (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Fix probing cards without io port (Tomas Henzl) [1396567] - [scsi] megaraid_sas: Downgrade two success messages to info (Tomas Henzl) [1396567] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567] - [scsi] megaraid_sas: task management code optimizations (Tomas Henzl) [1396567] - [scsi] megaraid_sas: call ISR function to clean up pending replies in OCR path (Tomas Henzl) [1396567] - [scsi] megaraid_sas: reduce memory footprints in kdump mode (Tomas Henzl) [1396567] - [scsi] megaraid_sas: add missing curly braces in ioctl handler (Tomas Henzl) [1396567] - [scsi] mpt3sas: Bump driver version as '14.101.00.00' (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix for Endianness issue (Tomas Henzl) [1306469] - [scsi] mpt3sas: Use the new MPI 2.6 32-bit Atomic Request Descriptors for SAS35 devices (Tomas Henzl) [1306469] - [scsi] mpt3sas: set EEDP-escape-flags for SAS35 devices (Tomas Henzl) [1306469] - [scsi] mpt3sas: Increased/Additional MSIX support for SAS35 devices (Tomas Henzl) [1306469] - [scsi] mpt3sas: Added Device IDs for SAS35 devices and updated MPI header (Tomas Henzl) [1306469] - [scsi] mpt3sas: Dont spam logs if logging level is 0 (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix warnings exposed by W=1 (Tomas Henzl) [1306469] - [scsi] mpt3sas: Eliminate dead sleep_flag code (Tomas Henzl) [1306469] - [scsi] mpt3sas: Eliminate conditional locking in mpt3sas_scsih_issue_tm() (Tomas Henzl) [1306469] - [scsi] mpt3sas: Ensure the connector_name string is NUL-terminated (Tomas Henzl) [1306469] - [scsi] mpt3sas: Bump driver version as '14.100.00.00' (Tomas Henzl) [1306469] - [scsi] mpt3sas: Remove unused macro 'MPT_DEVICE_TLR_ON' (Tomas Henzl) [1306469] - [scsi] mpt3sas: Implement device_remove_in_progress check in IOCTL path (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix for incorrect numbers for MSIX vectors enabled when non RDPQ card is enumerated first (Tomas Henzl) [1306469] - [scsi] mpt3sas: Fix for improper info displayed in var log, while blocking or unblocking the device (Tomas Henzl) [1306469] - [net] increase xmit RECURSION_LIMIT to 10 (Sabrina Dubroca) [1392660] - [net] add a recursion limit in xmit path (Sabrina Dubroca) [1392660] - [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1390061] - [net] netfilter: ebtables: Fix extension lookup with identical name (Sabrina Dubroca) [1390061] - [net] ipv6: ipv6_find_hdr restore prev functionality (Paolo Abeni) [1392975] [2.6.32-675] - [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359304] {CVE-2016-6136} - [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1353844] - [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1353844] - [fs] nfs: Dont pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1353844] - [fs] dlm: Dont save callbacks after accept (Robert S Peterson) [1264492] - [fs] dlm: Save and restore socket callbacks properly (Robert S Peterson) [1264492] - [fs] dlm: Replace nodeid_to_addr with kernel_getpeername (Robert S Peterson) [1264492] - [fs] dlm: print kernel message when we get an error from kernel_sendpage (Robert S Peterson) [1264492] - [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1397552] - [hv] storvsc: Payload buffer incorrectly sized for 32 bit kernels (Cathy Avery) [1394756] - [fs] xfs: fix unbalanced inode reclaim flush locking (Brian Foster) [1384564] - [scsi] hpsa: correct logical resets (Joseph Szczypek) [1083110] - [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1083110] - [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1083110] - [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1083110] - [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1083110] - [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1083110] - [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1083110] - [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1372465] [2.6.32-674] - [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1351798] - [x86] Mark Intel Purley supported (Steve Best) [1271866] - [pnp] Prevent attaching to ACPI IPMI device (Charles Rose) [857150] [2.6.32-673] - [netdrv] ehea: fix operation state report (Gustavo Duarte) [1089134] - [block] nvme: Always use MSI/MSI-x interrupts (David Milburn) [1372023] - [fs] aio: aio_nr decrements dont need to be delayed (Jiri Olsa) [1386216] - [fs] aio: dont bother with async freeing on failure in ioctx_alloc() (Jiri Olsa) [1386216] - [fs] epoll: ep_unregister_pollwait() can use the freed pwq->whead (Lauro Ramos Venancio) [1392372] - [fs] epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() (Lauro Ramos Venancio) [1392372] [2.6.32-672] - [sched] Fix rq->nr_uninterruptible update race (Aaron Tomlin) [1377292] - [security] keys: Fix short sprintf buffer in /proc/keys show function (Frantisek Hrbata) [1375208] {CVE-2016-7042} - [net] bridge: fix switched interval for MLD Query types (Hangbin Liu) [1392327] - [net] netfilter: ipv6: move POSTROUTING invocation before fragmentation (Eric Garver) [1391240] - [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390046] {CVE-2016-7117} - [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1381585] - [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379529] {CVE-2016-6828} - [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351422] {CVE-2016-4998} - [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351422] {CVE-2016-4998} - [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351422] {CVE-2016-4998} - [net] tcp: enable per-socket rate limiting of all 'challenge acks' (Florian Westphal) [1388287] - [net] tcp: uninline tcp_oow_rate_limited() (Florian Westphal) [1388287] - [net] tcp: mitigate ACK loops for connections as tcp_timewait_sock (Florian Westphal) [1388287] - [net] tcp: mitigate ACK loops for connections as tcp_sock (Florian Westphal) [1388287] - [net] tcp: mitigate ACK loops for connections as tcp_request_sock (Florian Westphal) [1388287] - [net] tcp: helpers to mitigate ACK loops by rate-limiting out-of-window dupacks (Florian Westphal) [1388287] - [net] ipv6: Dont change dst->flags using assignments (Marcelo Leitner) [1389478] - [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1385088] [2.6.32-671] - [perf] list: Fix rNNNN list output to appear only once (Jiri Olsa) [1291256 1374411] - [perf] symbols: Check kptr_restrict for root (Jiri Olsa) [1291256 1374411] - [fs] SUNRPC: Fix a regression when reconnecting (Benjamin Coddington) [1323801] - [fs] SUNRPC: Clear the request rq_bytes_sent field in xprt_release_write (Benjamin Coddington) [1323801] - [fs] SUNRPC: Lock the transport layer on shutdown (Benjamin Coddington) [1323801] - [virt] kvm: x86 emulator: implement IMUL REG, R/M (opcode 0F AF) (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: implement IMUL REG, R/M, IMM (opcode 69) (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: implement IMUL REG, R/M, imm8 (opcode 6B) (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: Use a register for ____emulate_2op() destination (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: pass destination type to ____emulate_2op() (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: add Src2Imm decoding (Radim Krcmar) [1313468] - [virt] kvm: x86 emulator: consolidate immediate decode into a function (Radim Krcmar) [1313468] - [hv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1388701] - [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1378614] - [hv] vmbus: Fix signaling logic in hv_need_to_signal_on_read() (Vitaly Kuznetsov) [1319054] - [hv] vmbus: Eliminate the spin lock on the read path (Vitaly Kuznetsov) [1319054] - [hv] ring_buffer: eliminate hv_ringbuffer_peek() (Vitaly Kuznetsov) [1319054] - [hv] remove code duplication between vmbus_recvpacket()/vmbus_recvpacket_raw() (Vitaly Kuznetsov) [1319054] - [hv] ring_buffer: remove code duplication from hv_ringbuffer_peek/read() (Vitaly Kuznetsov) [1319054] - [hv] ring_buffer.c: fix comment style (Vitaly Kuznetsov) [1319054] - [hv] netvsc: set nvdev link after populating chn_table (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: synchronize netvsc_change_mtu()/netvsc_set_channels() with netvsc_remove() (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: get rid of struct net_device pointer in struct netvsc_device (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: untangle the pointer mess (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: use start_remove flag to protect netvsc_link_change() (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: move start_remove flag to net_device_context (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Move subchannel waiting to rndis_filter_device_remove() (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Wait for sub-channels to be processed during probe (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Properly size the vrss queues (Vitaly Kuznetsov) [1320094 1335926] - [hv] netvsc: Add close of RNDIS filter into change mtu call (Vitaly Kuznetsov) [1320094 1335926] - [hv] hv_netvsc: Add support to set MTU reservation from guest side (Vitaly Kuznetsov) [1352105] - [perf] probe: Clear probe_trace_event when add_probe_trace_event() fails (Jiri Olsa) [1291510] - [perf] probe: Move ftrace probe-event operations to probe-file.c (Jiri Olsa) [1291510] - [block] loop: fix comment typo in loop_config_discard (Lukas Czerner) [818597] - [block] loop: Limit the number of requests in the bio list (Lukas Czerner) [818597] - [fs] ext4: optimize test_root() (Lukas Czerner) [1236047] - [fs] ext4: verify group number in verify_group_input() before using it (Lukas Czerner) [1236047] - [fs] nfsd: use short read as well as i_size to set eof (Benjamin Coddington) [1302415] - [fs] xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (Carlos Maiolino) [1259493] - [fs] xfs: Fix rounding in xfs_alloc_fix_len() (Carlos Maiolino) [1259493] - [fs] jbd: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015] - [fs] jbd2: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015] [2.6.32-670] - [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1387243] - [misc] hpilo: Changes to support new security states in iLO5 FW (Joseph Szczypek) [1376584] - [misc] hpilo: Change e-mail address from hp.com to hpe.com (Joseph Szczypek) [1376584] - [misc] hpilo: cleanup hpilo (Joseph Szczypek) [1376584] - [mm] memory_hotplug.c: change normal message to use pr_debug (Jeremy McNicoll) [1255272] - [acpi] mem_hotplug: set memory info correctly when problems forcing mem online (Jeremy McNicoll) [1255272] - [fs] bio: Need to free integrity payload if the split bio gets memory by itself (Xiao Ni) [1268434] - [md] add rdev reference for super write (Xiao Ni) [1365718] - [netdrv] rtlwifi: fix memory leak for USB device (Stanislaw Gruszka) [1364597] - [fs] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() (Benjamin Coddington) [1353272] - [drm] nouveau/kms: take mode_config mutex in connector hotplug path (Ben Skeggs) [1349978] - [kernel] clocksource: Defer override invalidation unless clock is unstable (Prarit Bhargava) [1356231] - [kernel] clocksource: Reselect clocksource when watchdog validated high-res capability (Prarit Bhargava) [1356231] - [fs] nfs4: clnt: respect noresvport when establishing connections to DSes (Benjamin Coddington) [1346041] - [fs] nfs: Add nfs_client behavior flags (Benjamin Coddington) [1346041] - [block] fix /proc/diskstats in-flight - kABI workaround (Jerome Marchand) [1273339 1306879] - [block] add internal hd part table references (Jerome Marchand) [1273339 1306879] - [block] fix accounting bug on cross partition merges (Jerome Marchand) [1273339 1306879] - [block] kref: add kref_test_and_get (Jerome Marchand) [1273339 1306879] - [block] Revert 'block: fix accounting bug on cross partition merges' (Jerome Marchand) [1273339 1306879] - [perf] thread: Fix reference count initial state (Jiri Olsa) [1359100] - [perf] tools: Reference count struct map (Jiri Olsa) [1359100] - [perf] tools: Check if a map is still in use when deleting it (Jiri Olsa) [1359100] - [perf] tools: Protect accesses the map rbtrees with a rw lock (Jiri Olsa) [1359100] - [perf] tools: Introduce struct maps (Jiri Olsa) [1359100] - [perf] tools: Assign default value for some pointers (Jiri Olsa) [1359100] - [perf] tools: Use maps__first()/map__next() (Jiri Olsa) [1359100] - [perf] tools: Leave DSO destruction to the map destruction (Jiri Olsa) [1359100] - [perf] machine: Mark removed threads as such (Jiri Olsa) [1359100] - [perf] tools: Import rb_erase_init from block/ in the kernel sources (Jiri Olsa) [1359100] - [perf] tools: Nuke unused map_groups__flush() (Jiri Olsa) [1359100] - [perf] tools: Remove redundant initialization of thread linkage members (Jiri Olsa) [1359100] - [perf] tools: Rename maps__next (Jiri Olsa) [1359100] - [perf] machine: Do not call map_groups__delete(), drop refcnt instead (Jiri Olsa) [1359100] - [perf] hists: Rename add_hist_entry to hists__findnew_entry (Jiri Olsa) [1359100] - [perf] tools: Use atomic.h for the map_groups refcount (Jiri Olsa) [1359100] - [perf] tests: Fix map_groups refcount test (Jiri Olsa) [1359100] - [perf] machine: No need to keep a refcnt for last_match (Jiri Olsa) [1359100] - [perf] tests: Show refcounting broken expectations in thread-mg-share test (Jiri Olsa) [1359100] - [perf] machine: Protect the machine->threads with a rwlock (Jiri Olsa) [1359100] - [video] efifb: prevent null-deref when iterating dmi_list (Rob Clark) [1360982] - [video] configs: updates for fb backport (Rob Clark) [1360982] - [video] fbdev: efifb: bind to efi-framebuffer (Rob Clark) [1360982] - [video] fbdev: vesafb: bind to platform-framebuffer device (Rob Clark) [1360982] - [video] fbdev: simplefb: add common x86 RGB formats (Rob Clark) [1360982] - [video] x86: sysfb: move EFI quirks from efifb to sysfb (Rob Clark) [1360982] - [video] x86: provide platform-devices for boot-framebuffers (Rob Clark) [1360982] - [video] fbdev: simplefb: mark as fw and allocate apertures (Rob Clark) [1360982] - [video] fbdev: simplefb: add init through platform_data (Rob Clark) [1360982] - [video] drivers/video: implement a simple framebuffer driver (Rob Clark) [1360982] - [video] vesafb: fix memory leak (Rob Clark) [1360982] - [video] uvesafb,vesafb: create WC or WB PAT-entries (Rob Clark) [1360982] - [video] vesafb: fix comment a typo (Rob Clark) [1360982] - [video] vesafb: use platform_driver_probe() instead of platform_driver_register() (Rob Clark) [1360982] - [video] efifb: Fix call to wrong unregister function (Rob Clark) [1360982] - [video] efifb: Disallow manual bind and unbind (Rob Clark) [1360982] - [video] efifb: Fix mismatched request/release_mem_region (Rob Clark) [1360982] - [video] efifb: fix int to pointer cast warning (Rob Clark) [1360982] - [video] efifb: Add override for 11 Macbook Air 3,1 (Rob Clark) [1360982] - [video] efifb: Support overriding fields FW tells us with the DMI data (Rob Clark) [1360982] - [video] efifb: support AMD Radeon HD 6490 (Rob Clark) [1360982] - [video] efifb: support the EFI framebuffer on more Apple hardware (Rob Clark) [1360982] - [video] efifb: check that the base address is plausible on pci systems (Rob Clark) [1360982] - [video] drivers/video/efifb.c: support framebuffer for NVIDIA 9400M in MacBook Pro 5, 1 (Rob Clark) [1360982] [2.6.32-669] - [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1374067] - [netdrv] cxgb4: Enable SR-IOV configuration via PCI sysfs interface (Sai Vemuri) [1222751] - [netdrv] bnx2x: dont wait for Tx completion on recovery (Michal Schmidt) [1300681] - [pm] hibernate: Only crash if necessary in create/free_basic_memory_bitmaps() (Jerry Snitselaar) [1374378] - [netdrv] ixgbe: add WoL support for some 82599 subdevice IDs (Ken Cox) [1316845] - [kernel] cgroup: improve old cgroup handling in cgroup_attach_proc() (Lauro Ramos Venancio) [1372085] - [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1382496] - [watchdog] hpwdt: HP rebranding (Linda Knippers) [1388170] - [documentation] Fix hpwdt documentation to match RHEL6 (Linda Knippers) [1388170] - [acpi] acpica: Fix for a Store->ArgX when ArgX contains a reference to a field (Lenny Szubowicz) [1324697] - [acpi] acpica: Standardize all switch() blocks (Lenny Szubowicz) [1324697] - [acpi] acpica: Interpreter: Fix Store() when implicit conversion is not possible (Lenny Szubowicz) [1324697] - [fs] backing-dev: fix wakeup timer races with bdi_unregister() (Jeff Moyer) [1111683] - [fs] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1111683] - [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683] - [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683] - [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683] - [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683] - [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683] - [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683] - [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683] - [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683] - [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683] - [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683] - [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683] - [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683] - [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683] - [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683] - [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683] - [fs] writeback: bdi_writeback_task() must set task state before calling schedule() (Jeff Moyer) [1111683] - [fs] writeback: remove wb_list (Jeff Moyer) [1111683] - [s390] zfcp: close window with unblocked rport during rport gone (Hendrik Brueckner) [1383980] - [s390] zfcp: fix ELS/GS request&response length for hardware data router (Hendrik Brueckner) [1383981] - [s390] zfcp: fix fc_host port_type with NPIV (Hendrik Brueckner) [1383982] - [s390] zcrypt: toleration of new crypto adapter hardware with type 12 (Hendrik Brueckner) [1344041] - [s390] time: LPAR offset handling (Hendrik Brueckner) [1381564] - [s390] time: move PTFF definitions (Hendrik Brueckner) [1381564] - [scsi] libfc: Dont have fc_exch_find log errors on a new exchange (Chris Leech) [1368175] - [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1383078] - [scsi] libfc: dont advance state machine for incoming FLOGI (Chris Leech) [1368175] - [scsi] libfc: Do not login if the port is already started (Chris Leech) [1368175] - [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1368175] - [scsi] libfc: Do not take rdata->rp_mutex when processing a (Chris Leech) [1368175] - [scsi] libfc: Fixup disc_mutex handling (Chris Leech) [1368175] - [scsi] libfc: Revisit kref handling (Chris Leech) [1368175] - [scsi] fcoe: Stop fc_rport_priv structure leak (Chris Leech) [1368175] - [scsi] libfc: do not send ABTS when resetting exchanges (Chris Leech) [1368175] - [scsi] libfc: reset exchange manager during LOGO handling (Chris Leech) [1368175] - [scsi] libfc: send LOGO for PLOGI failure (Chris Leech) [1368175] - [scsi] libfc: Issue PRLI after a PRLO has been received (Chris Leech) [1368175] - [scsi] libfc: fix seconds_since_last_reset calculation (Chris Leech) [1368175] - [scsi] libfc: Update rport reference counting (Chris Leech) [1368175] - [scsi] libfc: XenServer fails to mount root filesystem (Chris Leech) [1368175] [2.6.32-668] - [netdrv] mlx5e: Fix minimum MTU (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Devices mtu field is u16 and not int (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Fix endianness bug in IPV6 csum calculation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Allow resetting VF admin mac to zero (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Correctly handle RSS indirection table when changing number of channels (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Fix ethtool RX hash func configuration change (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Fix LRO modify (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5e: Remove wrong poll CQ optimization (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Do not BUG_ON during reset when PCI is offline (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Count HW buffer overrun only once (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: fix some error handling in mlx4_multi_func_init() (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Remove unused macro (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Initialize hop_limit when creating address handle (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5: Expose correct maximum number of CQE capacity (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: fix handling return value of mlx4_slave_convert_port (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Use vmalloc for WR buffers when needed (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Use correct order of variables in log message (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Expose correct max_sge_rd limit (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Avoid returning success in case of an error flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Replace VF zero mac with random mac in mlx4_core (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Fix resource tracker error flow in add_res_range (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Copy/set only sizeof struct mlx4_eqe bytes (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: really allow to change RSS key (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Fix incorrect cq flushing in error state (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Use correct SL on AH query under RoCE (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Forbid using sysfs to change RoCE pkeys (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Demote mcg message from warning to debug (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Fix potential deadlock when sending mad to wire (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4, mlx5, mthca: Expose max_sge_rd correctly (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Add extra check for total vfs for SRIOV (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Remove BUG_ON assert when checking if ring is full (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Relieve cpu load average on the port sending flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Fix wrong index in propagating port change event to VFs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Fix memory leak in do_slave_init (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4: Disable HA for SRIOV PF RoCE devices (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_en: Release TX QP when destroying TX ring (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: Disable Granular QoS per VF under IB/Eth VPI configuration (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: fix typo in mlx4_set_vf_mac (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: need to call close fw if alloc icm is called twice (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] mlx4_core: double free of dev_vfs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319] - [netdrv] bnx2x: dont reset chip on cleanup if PCI function is offline (Michal Schmidt) [1386199] - [netdrv] bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [1386199] - [netdrv] bnx2x: avoid leaking memory on bnx2x_init_one() failures (Michal Schmidt) [1386199] - [netdrv] bnx2x: Prevent false warning for lack of FC NPIV (Michal Schmidt) [1386199] - [netdrv] bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [1386199] - [netdrv] bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix 84833 phy command handler (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix led setting for 84858 phy (Michal Schmidt) [1386199] - [netdrv] bnx2x: Correct 84858 PHY fw version (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix 84833 RX CRC (Michal Schmidt) [1386199] - [netdrv] bnx2x: Fix link-forcing for KR2 (Michal Schmidt) [1386199] - [netdrv] bnx2x: Warn about grc timeouts in register dump (Michal Schmidt) [1386199] - [netdrv] be2net: Enable VF link state setting for BE3 (Ivan Vecera) [1347812] - [netdrv] be2net: Fix TX stats for TSO packets (Ivan Vecera) [1347812] - [netdrv] be2net: NCSI FW section should be properly updated with ethtool for BE3 (Ivan Vecera) [1347812] - [netdrv] be2net: Provide an alternate way to read pf_num for BEx chips (Ivan Vecera) [1347812] - [netdrv] be2net: Fix mac address collision in some configurations (Ivan Vecera) [1347812] - [netdrv] be2net: Avoid redundant addition of mac address in HW (Ivan Vecera) [1347812] - [netdrv] be2net: Add privilege level check for OPCODE_COMMON_GET_EXT_FAT_CAPABILITIES SLI cmd (Ivan Vecera) [1347812] - [netdrv] be2net: Issue COMMON_RESET_FUNCTION cmd during driver unload (Ivan Vecera) [1347812] - [netdrv] be2net: Support UE recovery in BEx/Skyhawk adapters (Ivan Vecera) [1347812] - [netdrv] be2net: replace polling with sleeping in the FW completion path (Ivan Vecera) [1347812] - [netdrv] be2net: do not remove vids from driver table if be_vid_config() fails (Ivan Vecera) [1347812] - [netdrv] be2net: clear vlan-promisc setting before programming the vlan list (Ivan Vecera) [1347812] - [netdrv] be2net: perform temperature query in adapter regardless of its interface state (Ivan Vecera) [1347812] - [netdrv] be2net: Fix broadcast echoes from EVB in BE3 (Ivan Vecera) [1347812] - [netdrv] be2net: fix definition of be_max_eqs() (Ivan Vecera) [1347812] - [netdrv] be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Ivan Vecera) [1347812] - [netdrv] be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Ivan Vecera) [1347812] - [netdrv] be2net: use max-TXQs limit too while provisioning VF queue pairs (Ivan Vecera) [1347812] - [netdrv] benet: be_resume needs to protect be_open with rtnl_lock (Ivan Vecera) [1347812] - [netdrv] be2net: Dont leak iomapped memory on removal (Ivan Vecera) [1347812] - [netdrv] be2net: Fix a UE caused by passing large frames to the ASIC (Ivan Vecera) [1347812] - [netdrv] be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Ivan Vecera) [1347812] - [netdrv] be2net: Interpret and log new data thats added to the port misconfigure async event (Ivan Vecera) [1347812] - [netdrv] be2net: Request RSS capability of Rx interface depending on number of Rx rings (Ivan Vecera) [1347812] - [netdrv] be2net: Fix interval calculation in interrupt moderation (Ivan Vecera) [1347812] - [netdrv] be2net: Add retry in case of error recovery failure (Ivan Vecera) [1347812] - [netdrv] be2net: Fix Lancer error recovery (Ivan Vecera) [1347812] - [netdrv] be2net: Dont run ethtool self-tests for VFs (Ivan Vecera) [1347812] - [netdrv] be2net: SRIOV Queue distribution should factor in EQ-count of VFs (Ivan Vecera) [1347812] - [netdrv] be2net: Fix be_vlan_rem_vid() to check vlan id being removed (Ivan Vecera) [1347812] - [netdrv] be2net: check for INSUFFICIENT_PRIVILEGES error (Ivan Vecera) [1347812] - [netdrv] be2net: return error status from be_set_phys_id() (Ivan Vecera) [1347812] - [netdrv] be2net: fix port-res desc query of GET_PROFILE_CONFIG FW cmd (Ivan Vecera) [1347812] - [netdrv] be2net: fix VF link state transition from disabled to auto (Ivan Vecera) [1347812] - [netdrv] bnx2: fix locking when netconsole is used (Ivan Vecera) [1291369] - [netdrv] tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (Ivan Vecera) [1347828] - [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1347828] - [netdrv] tg3: Report the correct number of RSS queues through tg3_get_rxnfc (Ivan Vecera) [1347828] - [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1347828] - [netdrv] net: tg3: avoid uninitialized variable warning (Ivan Vecera) [1347828] - [net] ipv6: restrict hop_limit sysctl setting to range (1; 255) (Paolo Abeni) [1314305] - [net] ipv4: add limits to ip_default_ttl (Paolo Abeni) [1314305] - [net] route: enforce hoplimit max value (Paolo Abeni) [1313899] for userland (Sabrina Dubroca) [1317697] - [net] sctp: use the same clock as if sock source timestamps were on (Xin Long) [1334561] - [net] sctp: update the netstamp_needed counter when copying sockets (Xin Long) [1334561] - [net] sctp: fix the transports round robin issue when init is retransmitted (Xin Long) [1312728] - [net] pppoe: fix memory corruption in padt work structure (Beniamino Galvani) [1317900] - [net] pppoe: drop pppoe device in pppoe_unbind_sock_work (Beniamino Galvani) [1317900] - [net] pppoe: Use workqueue to die properly when a PADT is received (Beniamino Galvani) [1317900] - [net] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [1327680] - [net] ipv6: Consolidate route lookup sequences (Jakub Sitnicki) [1327680] - [net] macvtap: Add support of packet capture on macvtap device (Sabrina Dubroca) [1373100] - [scsi] fnic: pci_dma_mapping_error() doesnt return an error code (Maurizio Lombardi) [1364593] - [scsi] fnic: Using rport->dd_data to check rport online instead of rport_lookup (Maurizio Lombardi) [1364593] - [scsi] fnic: Cleanup the I/O pending with fw and has timed out and is used to issue LUN reset (Maurizio Lombardi) [1364593] - [scsi] fnic: move printk()s outside of the critical code section (Maurizio Lombardi) [1364593] - [scsi] fnic: check pci_map_single() return value (Maurizio Lombardi) [1364593] - [scsi] be2iscsi: Driver version: 11.1.0.0 (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Replace _bh with _irqsave/irqrestore (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Remove redundant iscsi_wrb desc memset (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix async PDU handling path (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Reduce driver load/unload time (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix ExpStatSn in management tasks (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Update the driver version (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix WRB leak in login/logout path (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix async link event processing (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to process 25G link speed info from FW (Maurizio Lombardi) [1347815] - [scsi] scsi_transport_iscsi: Add 25G and 40G speed definition (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix IOPOLL implementation (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix return value for MCC completion (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Add FW config validation (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to handle misconfigured optics events (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix VLAN support for IPv6 network (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to remove shutdown entry point (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Added return value check for mgmt_get_all_if_id (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Set mbox timeout to 30s (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to synchronize tag allocation using spin_lock (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix to use atomic bit operations for tag_state (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix mbox synchronization replacing spinlock with mutex (Maurizio Lombardi) [1347815] - [scsi] be2iscsi: Fix soft lockup in mgmt_get_all_if_id path using bmbx (Maurizio Lombardi) [1347815] - [scsi] scsi_debug: fix logical block provisioning support when unmap_alignment != 0 (Maurizio Lombardi) [1388096] - [scsi] scsi_debug: fix logical block provisioning support (Maurizio Lombardi) [1388096] - [scsi] mpt3sas: Fix resume on WarpDrive flash cards (Tomas Henzl) [1329353] - [scsi] mpt3sas: avoid mpt3sas_transport_port_add NULL parent_dev (Tomas Henzl) [1329353] - [scsi] mpt3sas: set num_phys after allocating phy space (Tomas Henzl) [1329353] - [scsi] mpt3sas: add missing curly braces (Tomas Henzl) [1329353] - [scsi] mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Tomas Henzl) [1329353] - [scsi] mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Tomas Henzl) [1329353] - [scsi] mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Tomas Henzl) [1329353] - [scsi] mpt3sas: Handle active cable exception event (Tomas Henzl) [1329353] - [scsi] mpt3sas: Update MPI header to 2.00.42 (Tomas Henzl) [1329353] - [scsi] mpt3sas: remove unused fw_event_work elements (Tomas Henzl) [1329353] - [scsi] mpt3sas: Remove usage of 'struct timeval' (Tomas Henzl) [1329353] - [scsi] mpt3sas: Dont overreach ioc->reply_post during initialization (Tomas Henzl) [1329353] - [scsi] mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Tomas Henzl) [1329353] - [scsi] mpt3sas: Free memory pools before retrying to allocate with different value (Tomas Henzl) [1329353] - [scsi] mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Tomas Henzl) [1329353] - [scsi] mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Tomas Henzl) [1329353] - [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO (Tomas Henzl) [1329353] - [scsi] mpt3sas: Updated MPI Header to 2.00.42 (Tomas Henzl) [1329353] - [scsi] mpt3sas: Add support for configurable Chain Frame Size (Tomas Henzl) [1329353] - [scsi] mpt3sas: Added smp_affinity_enable module parameter (Tomas Henzl) [1329353] - [scsi] mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Tomas Henzl) [1329353] - [scsi] mpt3sas: Never block the Enclosure device (Tomas Henzl) [1329353] - [scsi] mpt3sas: Fix static analyzer(coverity) tool identified defects (Tomas Henzl) [1329353] - [scsi] mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message (Tomas Henzl) [1329353] - [scsi] mpt3sas: Added support for high port count HBA variants (Tomas Henzl) [1329353] - [scsi] bnx2fc: Update version number to 2.10.3 (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Check sc_cmd device and host pointer before returning the command to the mid-layer (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Print netdev device name when FCoE is successfully initialized (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Print when we send a fip keep alive (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: bnx2fc_eh_abort(): fix wrong return code (Maurizio Lombardi) [1380385] - [scsi] bnx2fc: Show information about log levels in 'modinfo' (Maurizio Lombardi) [1380385] - [scsi] hpsa: update driver revision to 3.4.10-0-RH2 (Joseph Szczypek) [1377892] - [scsi] hpsa: correct scsi 6byte lba calculation (Joseph Szczypek) [1377892] - [scsi] lpfc: remove unknown ELS message warnings for RDP (Maurizio Lombardi) [1347811] - [scsi] smartpqi: add to config-generic (Scott Benesh) [1343743] - [scsi] smartpqi: raid bypass lba calculation fix (Scott Benesh) [1343743] - [scsi] smartpqi: bump driver version (Scott Benesh) [1343743] - [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1343743] - [scsi] smartpqi: update Kconfig (Scott Benesh) [1343743] - [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1343743] - [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1343743] - [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1343743] - [scsi] smartpqi: minor function reformating (Scott Benesh) [1343743] - [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1343743] - [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1343743] - [scsi] smartpqi: add kdump support (Scott Benesh) [1343743] - [scsi] smartpqi: enhance reset logic (Scott Benesh) [1343743] - [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1343743] - [scsi] smartpqi: simplify spanning (Scott Benesh) [1343743] - [scsi] smartpqi: change tmf macro names (Scott Benesh) [1343743] - [scsi] smartpqi: change aio sg processing (Scott Benesh) [1343743] - [scsi] aacraid: remove wildcard for series 9 controllers (Scott Benesh) [1343743] - [scsi] smartpqi: initial commit of Microsemi smartpqi driver (Scott Benesh) [1343743] [2.6.32-667] - [hv] get rid of id in struct vmbus_channel (Vitaly Kuznetsov) [1322802] - [hv] make VMBus bus ids persistent (Vitaly Kuznetsov) [1322802] - [hv] storvsc: Fix potential memory leak (Cathy Avery) [1322928 1352824] - [hv] storvsc: Filter out storvsc messages CD-ROM medium not present (Cathy Avery) [1322928 1352824] - [hv] storvsc: fix SRB_STATUS_ABORTED handling (Cathy Avery) [1322928 1352824] - [hv] storvsc: add logging for error/warning messages (Cathy Avery) [1322928 1352824] - [hv] storvsc: Fix a bug in the handling of SRB status flags (Cathy Avery) [1322928 1352824] - [hv] storvsc: Dont set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag (Cathy Avery) [1322928 1352824] - [hv] storvsc: Set the tablesize based on the information given by the host (Cathy Avery) [1322928 1352824] - [hv] storvsc: Dont assume that the scatterlist is not chained (Cathy Avery) [1322928 1352824] - [hv] storvsc: Retrieve information about the capability of the target (Cathy Avery) [1322928 1352824] - [hv] storvsc: Always send on the selected outgoing channel (Cathy Avery) [1322928 1352824] - [hv] vmbus: Support a vmbus API for efficiently sending page arrays (Cathy Avery) [1322928 1352824] - [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: reset host_specified_ha_region (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: dont crash when memory is added in non-sorted order (Vitaly Kuznetsov) [1326999 1381617] - [hv] balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case (Vitaly Kuznetsov) [1326999 1381617] - [hv] dont leak memory in vmbus_establish_gpadl() (Vitaly Kuznetsov) [1376860] - [hv] get rid of redundant messagecount in create_gpadl_header() (Vitaly Kuznetsov) [1376860] - [hv] vmbus: dont manipulate with clocksources on crash (Cathy Avery) [1365049] - [hv] correct tsc page sequence invalid value (Cathy Avery) [1365049] - [hv] vmbus: fix build warning (Cathy Avery) [1365049] - [hv] vmbus: Implement a clocksource based on the TSC page (Cathy Avery) [1365049] - [hv] kvp: cancel kvp_host_handshake_work on module unload (Vitaly Kuznetsov) [1321259] - [x86] mm/xen: Suppress hugetlbfs in PV guests (Vitaly Kuznetsov) [1312331] - [mm] hugetlb: allow hugepages_supported to be architecture specific (Vitaly Kuznetsov) [1312331] [2.6.32-666] - [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1360179] - [netdrv] i40evf: RSS Hash Option parameters (Stefan Assmann) [1360179] - [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1360179] - [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1360179] - [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1360179] - [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1360179] - [netdrv] i40evf: Allow PF driver to configure RSS (Stefan Assmann) [1360179] - [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1360179] - [netdrv] i40evf: Dont Panic (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1360179] - [netdrv] i40evf: properly handle VLAN features (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1360179] - [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1360179] - [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1360179] - [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1360179] - [netdrv] i40evf: Fix get_rss_aq (Stefan Assmann) [1360179] - [netdrv] i40evf: Add longer wait after remove module (Stefan Assmann) [1360179] - [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1360179] - [netdrv] i40evf: Fix VLAN features (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1360179] - [netdrv] i40evf: Add additional check for reset (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1360179] - [netdrv] i40evf: remove dead code (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1360179] - [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1360179] - [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1360179] - [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1360179] - [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1360179] - [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1360179] - [netdrv] i40evf: set adapter state on reset failure (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1360179] - [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1360179] - [netdrv] i40evf: support packet split receive (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1360179] - [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1360179] - [netdrv] i40evf: Change vf driver string to reflect all products i40evf supports (Stefan Assmann) [1360179] - [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1360179] - [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1360179] - [netdrv] i40evf: enable bus master after reset (Stefan Assmann) [1360179] - [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1360179] - [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1360179] - [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add external power class to get link status (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Geneve cloud tunnel type (Stefan Assmann) [1360179] - [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1360179] - [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1360179] - [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1360179] - [netdrv] i40evf: null out ring pointers on free (Stefan Assmann) [1360179] - [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1360179] - [netdrv] i40evf: allow channel bonding of VFs (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1360179] - [netdrv] treewide: Fix typos in printk (Stefan Assmann) [1360179] - [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1360179] - [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1360179] - [netdrv] i40evf: change version string generation (Stefan Assmann) [1360179] - [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1360179] - [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1360179] - [netdrv] i40evf: check rings before freeing resources (Stefan Assmann) [1360179] - [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: check for and deal with non-contiguous TCs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Update device ids for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Drop extra copy of function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Use consistent type for vf_id (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: PTP - avoid aggregate return warnings (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix uninitialized variable (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add VF promiscuous mode driver support (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add promiscuous on VLAN support (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove zero check (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Code cleanup in i40e_add_fdir_ethtool (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix errant PCIe bandwidth message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Move NVM event wait check to NVM code (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Restrict VF poll mode to only single function mode devices (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Move HW flush (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Leave debug_mask cleared at init (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Inserting a HW capability display info (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Request PHY media event at reset time (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Lower some message levels (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix for supported link modes in 10GBaseT PHYs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Disable link polling (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Make VF resets more reliable (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove unused variable (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: remove redundant check on vsi->active_vlans (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Change comment to reflect correct function name (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Change unknown event error msg to ignore message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Added code to prevent double resets (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Notify VFs of all resets (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove timer and task only if created (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Assure that adminq is alive in debug mode (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Remove MSIx only if created (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix up return code (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Save off VSI resource count when updating VSI (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: queue-specific settings for interrupt moderation (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: let go of the past (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: suspend scheduling during driver unload (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Use the new rx ctl register helpers. Dont use AQ calls from clear_hw (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add check for null VSI (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Expose some registers to program parser, FD and RSS logic (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix for unexpected messaging (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Do not wait for Rx queue disable in DCB reconfig (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Increase timeout when checking GLGEN_RSTAT_DEVSTATE bit (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix led blink capability for 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Clean-up Rx packet checksum handling (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Set skb->csum_level for encapsulated checksum (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Add exception handling for Tx checksum (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: better error reporting for nvmupdate (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: expand comment (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Do not disable queues in the Legacy/MSI Interrupt handler (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Removal of code which relies on BASE VEB SEID (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix PROMISC mode for Multi-function per port (MFP) devices (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: cleanup use of pf->hw (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: drop unused debugfs file 'dump' (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: get rid of magic number (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: dump descriptor indexes in hex (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: use new add_veb calling with VEB stats control (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add VEB stat control and remove L2 cloud filter (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: set shared bit for multicast filters (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Make the DCB firmware checks for X710/XL710 only (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: move sync_vsi_filters up in service_task (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add priv flag for automatic rule eviction (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: avoid large memcpy by assigning struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: count allocation errors (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: drop unused function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: negate PHY int mask bits (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: APIs to Add/remove port mirroring rules (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix: do not sleep in netdev_ops (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: allocate memory safer (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: fix missing space (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: drop duplicate definition (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: trivial: remove unnecessary local var (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: remove VF device IDs from PF (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add netdev info to VSI dump (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add a little more to an NVM update debug message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: refactor DCB function (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add 20G speed for Tx bandwidth calculations (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add counter for arq overflows (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Store lan_vsi_idx and lan_vsi_id in the right size (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add 100Mb ethtool reporting (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Limit DCB FW version checks to X710/XL710 devices (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Extend ethtool RSS hooks for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: add new device IDs for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: bump version to 1.4.10 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Cleanup the code with respect to restarting autoneg (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Replace X722 mac check in ethtool get_settings (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Add mac_filter_element at the end of the list instead of HEAD (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: allow zero MAC address for VFs (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: change log messages and error returns (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: clean whole mac filter list (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: hush little warnings (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: use explicit cast from u16 to u8 (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: dont add zero MAC filter (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: properly delete VF MAC filters (Stefan Assmann) [1249250 1310402 1346978] - [netdrv] i40e: chomp the BIT(_ULL) (Stefan Assmann) [1249250 1310402 1346978] MODERATE Copyright 2017 Oracle, Inc. CVE-2016-2384 CVE-2016-10142 CVE-2016-2069 CVE-2016-8399 CVE-2016-7097 CVE-2016-7042 CVE-2016-9576 CVE-2016-6480 CVE-2016-10088 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 Oracle Linux 6 [7.19.7-53] - treat Negotiate authentication as connection-oriented (CVE-2017-2628) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-2628 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 Oracle Linux 6 [2.6.32-696.1.1.0.1.el6.OL6] - [kernel] sched/fair: Initialize throttle_count for new task-groups lazily [orabug 25071015] - [kernel] sched/fair: Do not announce throttled next buddy in dequeue_task_fair() [orabug 25071015] - [kernel] sched/fair: Reorder cgroup creation code [orabug 25071015] - [kernel] sched/fair: Rework throttle_count sync [orabug 25071015] - Update genkey [bug 25599697] IMPORTANT Copyright 2017 Oracle, Inc. cpe:/a:oracle:linux:6::MODRHCK Oracle Linux 6 [2.6.32-696.1.1] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1428106 1360930] - [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429917 1429918] {CVE-2017-2636} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7910 CVE-2017-2636 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.2.1.11.15-91] - Release 1.2.11.15-91 - Resolves: bug 1437777 - EMBARGOED CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages [1.2.11.15-90] - Release 1.2.11.15-90 - Resovles: #1435365 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2668 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:4.3.7.2-2.0.1.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile (jingdong.lu@oracle.com) - Build with --with-vendor='Oracle America, Inc.' (jingdong.lu@oracle.com) [1:4.3.7.2-2.1] - Resolves: rhbz#1435532 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3157 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 7 Oracle Linux 6 nss [3.28.4-1.0.1] - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed [3.28.4-1] - Rebase to 3.28.4 nss-util [3.28.4-1] - Rebase to NSS 3.28.4 to accommodate base64 encoding fix CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5461 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [52.1.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.1.0-2] - Update to 52.1.0 ESR (Build3) [52.1.0-1] - Update to 52.1.0 ESR [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build [45.5.0-1] - Update to 45.5.0 ESR [45.4.0-3] - Added upcoming upstream patches mozbz#1018486 [45.4.0-2] - Added Laszlo Ersek patch for aarch64 crashes [45.4.0-1] - Update to 45.4.0 ESR [45.3.0-1] - Update to 45.3.0 ESR [45.2.0-3] - Added fix for mozbz#256180 [45.2.0-2] - Added fix for mozbz#975832, rhbz#1343202 [45.2.0-1] - Update to 45.2.0 ESR [45.1.1-2] - Added fix for mozbz#1270046 - new Samba auth response [45.1.1-1] - Update to 45.1.1 ESR [45.1.0-3] - Disabled ffmpeg (rhbz#1330898) [45.1.0-1] - Fixed some regressions introduced by rebase [45.1.0-1] - Update to 45.1.0 ESR [45.0.2-1] - Update to 45.0.2 ESR [45.0.1-1] - Update to 45.0.1 ESR [45.0-5] - Fixed crashed after start (rhbz#1323744, rhbz#1323738) [45.0-4] - Added system-level location for configuring Firefox (rhbz#1206239) [45.0-3] - Update to 45.0 ESR [38.5.0-3] - Update to 38.5.0 ESR [38.4.0-1] - Update to 38.4.0 ESR [38.3.0-2] - Update to 38.3.0 ESR [38.2.1-1] - Update to 38.2.1 ESR [38.2.0-4] - Update to 38.2.0 ESR [38.1.1-1] - Update to 38.1.1 ESR [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section [38.0.1-1] - Update to 38.0.1 ESR [38.0-4] - Fixed rhbz#1221286 - After update to Firefox 38 ESR all RH preferences are gone [38.0-3] - Enabled system nss - Removed unused patches * Mon May 04 2015 Jan Horak - 38.0-2 - Update to 38.0 ESR [38.0b8-0.11] - Update to 38.0 Beta 8 [38.0b6-0.10] - Added patch for mozbz#1152515 [38.0b6-0.9] - Update to 38.0 Beta 6 [38.0b5-0.8] - Update to 38.0 Beta 5 [38.0b3-0.7] - Update to 38.0 Beta 3 [38.0b1-0.6] - Added patch for mozbz#1152391 [38.0b1-0.5] - Fix build on AArch64 (based on upstream skia changes) [38.0b1-0.4] - Enabled debug build [38.0b1-1] - Update to 38.0b1 [31.5.0-2] - Update to 31.5.0 ESR Build 2 [31.4.0-1] - Update to 31.4.0 ESR [31.3.0-6] - Fixed Bug 1140385 - [HP HPS 7.1 bug] assertion 'sys_page_size == 0' when starting firefox [31.3.0-5] - Fixed problems with dictionary (mozbz#1097550) - JS JIT fixes for ppc64le [31.3.0-3] - Fixed geolocation key location [31.3.0-2] - Disable exact rooting for JS [31.3.0-1] - Update to 31.3.0 ESR Build 2 - Fix for geolocation API (rhbz#1063739) [31.2.0-5] - Enabled gstreamer-1 support (rhbz#1161077) [31.2.0-4] - Fix webRTC for aarch64, ppc64le (rhbz#1148622) [31.2.0-3] - Update to 31.2.0 ESR - Fix for mozbz#1042889 [31.1.0-7] - Enable WebM on all arches [31.1.0-6] - Enable all NPAPI plugins by default to keep compatibility with the FF24 line [31.1.0-5] - Added workaround for rhbz#1134876 [31.1.0-3] - Disable mozilla::pkix (mozbz#1063315) - Enable image cache [31.1.0-2] - A workaround for rhbz#1110291 [31.1.0-1] - Update to 31.1.0 ESR [31.0-3] - Built with system libvpx/WebM [31.0-2] - Built with system nss/nspr [31.0-1] - Update to 31.0 ESR [24.6.0-1] - Update to 24.6.0 ESR [24.5.0-2] - Removed unused patches [24.5.0-1] - Update to 24.5.0 ESR [24.4.0-3] - Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5 [24.4.0-2] - fixed rhbz#1067343 - Broken languagepack configuration after firefox update [24.4.0-1] - Update to 24.4.0 ESR [24.3.0-3] - fixed rhbz#1054832 - Firefox does not support Camellia cipher [24.3.0-1] - Update to 24.3.0 ESR [24.2.0-3] - Mass rebuild 2014-01-24 [24.2.0-2] - Mass rebuild 2013-12-27 [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-5] - Fixed mozbz#938730 - avoid mix of memory allocators (crashes) when using system sqlite [24.1.0-4] - Fixed rhbz#1034541 - No translation being picked up from langpacks for firefox [24.1.0-3] - Conflicts with old, xulrunner based firefox [24.1.0-2] - Ship dependentlibs.list (rhbz#1027782) - Nss/nspr dependency update [24.1.0-1] - Update to 24.1.0 ESR [24.0-2] - Build as stand alone browser, without xulrunner [24.0-1] - Update to 24.0 ESR [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-2] - Desktop file update - Spec file tweaks [17.0.8-1] - Update to 17.0.8 ESR [17.0.7-2] - Updated manual page [17.0.7-1] - Update to 17.0.7 ESR [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-3] - Removed mozilla prefix from desktop file (rhbz#826960) [17.0.5-2] - Updated XulRunner SDK check [17.0.5-1] - Update to 17.0.5 ESR [17.0.4-2] - Fixed rhbz#837606 - firefox has no x-scheme-handler/http mime [17.0.4-1] - Update to 17.0.4 ESR - Added fix for mozbz#239254 - [Linux] Support disk cache on a local path [17.0.2-3] - Added NM preferences [17.0.2-2] - Updated preferences (NFS, nspluginwrapper) [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-1] - Update to 17.0.1 ESR [10.0.8-2] - Update to 10.0.8 ESR [10.0.7-1] - Update to 10.0.7 ESR [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-4] - Enabled WebM [10.0.5-2] - Added fix for mozbz#703633, rhbz#818341 [10.0.5-1] - Update to 10.0.5 ESR [10.0.4-1] - Update to 10.0.4 ESR [10.0.3-1] - Update to 10.0.3 ESR [10.0.1-1] - Update to 10.0.1 ESR [10.0-3] - Update to 10.0 ESR [10.0-1] - Update to 10.0 [7.0-5] - Update to 7.0 [7.0-4] - Update to 7.0 Beta 6 [7.0-2] - Update to 7.0 Beta 4 [5.0-1] - Update to 5.0 [3.6.18-1] - Fixed #698313 - 'background-repeat' css property isn't rendered well - Update to 3.6.18 [3.6.17-1] - Update to 3.6.17 [3.6.15-1] - Update to 3.6.15 [3.6.14-4] - Update to build3 [3.6.14-3] - Update to build2 [3.6.14-2] - Update to 3.6.14 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-5439 CVE-2017-5437 CVE-2017-5446 CVE-2017-5447 CVE-2017-5460 CVE-2017-5432 CVE-2017-5442 CVE-2017-5429 CVE-2017-5433 CVE-2017-5434 CVE-2017-5438 CVE-2017-5444 CVE-2017-5449 CVE-2017-5464 CVE-2017-5435 CVE-2017-5445 CVE-2017-5440 CVE-2017-5443 CVE-2017-5459 CVE-2017-5441 CVE-2017-5469 CVE-2017-5436 CVE-2017-5448 CVE-2017-5465 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [32:9.8.2-0.62.rc1.1] - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3136 CVE-2017-3137 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.8.0.131-0.b11] - Update to aarch64-jdk8u131-b11. - Drop upstreamed patches for 8147910, 8161993, 8170888 and 8173783. - Update generate_source_tarball.sh to remove patch remnants. - Cleanup tarball creation documentation to avoid duplication. - Resolves: rhbz#1438751 [1:1.8.0.121-2.b13] - Add backports from 8u131 and 8u152 ahead of April CPU. - Apply backports before local RPM fixes so they will be the same as when applied upstream - Adjust RH1022017 following application of 8173783 - Resolves: rhbz#1438751 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3544 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3526 CVE-2017-3539 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [52.1.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.1.0-1] - Update to 52.1.0 [52.0.1-1] - Update to 52.0.1 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10196 CVE-2017-5432 CVE-2017-5438 CVE-2017-5445 CVE-2017-5442 CVE-2017-5454 CVE-2017-5469 CVE-2016-10195 CVE-2017-5451 CVE-2017-5434 CVE-2017-5439 CVE-2017-5446 CVE-2017-5464 CVE-2017-5447 CVE-2017-5429 CVE-2017-5440 CVE-2017-5443 CVE-2017-5444 CVE-2017-5459 CVE-2016-10197 CVE-2017-5435 CVE-2017-5441 CVE-2017-5449 CVE-2017-5433 CVE-2017-5436 CVE-2017-5460 CVE-2017-5467 CVE-2017-5465 CVE-2017-5466 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [32:9.8.2-0.62.rc1.2] - Fix DNSKEY that encountered a CNAME (#1447869, ISC change 3391) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3139 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.141-2.6.10.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.141-2.6.10.1] - Bump to u141b02 to include S8011123 fix for TCK failure. - Resolves: rhbz#1438751 [1:1.7.0.141-2.6.10.0] - Bump to 2.6.10 and u141b00. - Adjust RH1022017 following application of 8173783 - Add more detailed output to fsg.sh and generate_source_tarball.sh. - Bump to u141b01 to include S8043723 fix for s390. - Resolves: rhbz#1438751 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-3526 CVE-2017-3511 CVE-2017-3544 CVE-2017-3533 CVE-2017-3509 CVE-2017-3539 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0.12.1.2-2.503.el6_9.3] - kvm-cirrus-avoid-write-only-variables.patch [bz#1444377 bz#1444379] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1444377 bz#1444379] - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1444377 bz#1444379] - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1444377 bz#1444379] - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444377 bz#1444379] - Resolves: bz#1444377 (CVE-2017-7980 qemu-kvm: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.9.z]) - Resolves: bz#1444379 (CVE-2017-7980 qemu-kvm-rhev: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.9.z]) [0.12.1.2-2.503.el6_9.2] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1443447 bz#1443449] - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1443447 bz#1443449] - Resolves: bz#1443447 (CVE-2017-7718 qemu-kvm: Qemu: display: cirrus: OOB read access issue [rhel-6.9.z]) - Resolves: bz#1443449 (CVE-2017-7718 qemu-kvm-rhev: Qemu: display: cirrus: OOB read access issue [rhel-6.9.z]) - Resolves: bz#1447544 (CVE-2016-9603 qemu-kvm-rhev: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.9.z] ) - Resolves: bz#1447540 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.9.z]) [0.12.1.2-2.503.el6_9.1] - kvm-vns-tls-don-t-use-depricated-gnutls-functions.patch [bz#1428750] - kvm-vnc-apply-display-size-limits.patch [bz#1400438 bz#1425943] - Resolves: bz#1400438 (qemu-kvm coredump in vnc_refresh_server_surface [rhel-6.9.z]) - Resolves: bz#1425943 (CVE-2017-2633 qemu-kvm-rhev: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.9.z]) - Resolves: bz#1428750 (Fails to build in brew) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 Oracle Linux 6 Oracle Linux 7 [1.900.1-21] - Bump release [1.900.1-20] - Multiple security fixes (fixed by thoger): CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2016-10248 CVE-2016-10249 CVE-2016-10251 - Fix implicit declaration warning caused by security fixes above [1.900.1-19] - CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1183672) - CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1183680) [1.900.1-18] - CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173567) - CVE-2014-8138 - heap overflow in jp2_decode (#1173567) [1.900.1-17] - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1171209) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-1867 CVE-2016-8693 CVE-2016-9388 CVE-2015-5203 CVE-2016-2089 CVE-2016-8885 CVE-2016-10251 CVE-2016-2116 CVE-2016-8654 CVE-2016-8691 CVE-2016-8883 CVE-2016-9387 CVE-2016-9389 CVE-2016-9390 CVE-2016-9600 CVE-2016-1577 CVE-2016-9262 CVE-2015-5221 CVE-2016-9391 CVE-2016-9392 CVE-2016-10248 CVE-2016-10249 CVE-2016-8690 CVE-2016-9560 CVE-2016-9583 CVE-2016-8884 CVE-2016-9591 CVE-2016-9394 CVE-2016-9393 CVE-2016-8692 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [8.70-23.el6_9.2] - Security fix for CVE-2017-8291 updated to address SIGSEGV [8.70-23.el6_9.1] - Added security fix for CVE-2017-8291 (bug #1446063) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8291 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [0.2.0-13_9] - Fix for CVE-2017-8779 (bz 1449461) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8779 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.2.1-13_9] - Fix for CVE-2017-8779 (bz 1449458) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8779 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 7 Oracle Linux 6 [3.6.23-43.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.24-43] - resolves: #1450782 - Fix CVE-2017-7494 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7494 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.2.10-10] - resolves: #1450779 - Security fix for CVE-2017-7494 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7494 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 Oracle Linux 6 [3.28.4-3.0.1] - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed [3.28.4-3] - Fix zero-length record treatment for stream ciphers and SSLv2 [3.28.4-2] - Include CKBI 2.14 and updated CA constraints from NSS 3.28.5 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7502 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 Oracle Linux 6 [2.6.32-696.3.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.3.1] - [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1442979 1436527] - [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1439636 1429881] - [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1439636 1429881] - [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1443499 1146727] - [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1443234 1434560] - [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430577 1430578] {CVE-2017-6214} [2.6.32-696.2.1] - [sched] fair: Rework throttle_count sync (Jiri Olsa) [1436241 1250762] - [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1436241 1250762] - [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1436241 1250762] - [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1436241 1250762] MODERATE Copyright 2017 Oracle, Inc. CVE-2017-6214 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [1.8.6p3-28] - Fixes CVE-2017-1000367 Resolves: rhbz#1455399 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000367 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [52.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.2.0-1] - Update to 52.2.0 ESR [52.1.1-1] - Update to 52.1.1 ESR CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-7757 CVE-2017-7750 CVE-2017-7772 CVE-2017-7776 CVE-2017-5472 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7771 CVE-2017-7749 CVE-2017-7773 CVE-2017-7778 CVE-2017-7758 CVE-2017-7764 CVE-2017-7751 CVE-2017-7774 CVE-2017-5470 CVE-2017-7775 CVE-2017-7777 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.12-1.209.0.3.2] - backport rh patch 1047983 from OL7, Orabug 25407655 [2.12-1.209.2] - Avoid large allocas in the dynamic linker (#1452711) [2.12-1.209.1] - Fix thread cancellation issues for setmntent() and others (#1437618). IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000366 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 Oracle Linux 6 [2.6.32-696.3.2.OL6] - Update genkey [bug 25599697] [2.6.32-696.3.2] - [mm] enlarge stack guard gap (Larry Woodman) [1452729 1452730] {CVE-2017-1000364 CVE-2017-1000366} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [52.2.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.2.0-1] - Update to 52.2.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7772 CVE-2017-5472 CVE-2017-7773 CVE-2017-7750 CVE-2017-7756 CVE-2017-7777 CVE-2017-7778 CVE-2017-7749 CVE-2017-5470 CVE-2017-7751 CVE-2017-7771 CVE-2017-7775 CVE-2017-7752 CVE-2017-7754 CVE-2017-7764 CVE-2017-7758 CVE-2017-7776 CVE-2017-7757 CVE-2017-7774 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1.7.2p1-29.0.2] - Fix CVE-2017-1000368 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-1000368 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [1.4-5] - Fixes CVE-2017-9462 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-9462 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [32:9.8.2-0.62.rc1.4] - Fix CVE-2017-3142 and CVE-2017-3143 [32:9.8.2-0.62.rc1.3] - Update root servers and trust anchors (#1458234) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3143 CVE-2017-3142 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 Oracle Linux 6 [2.2.15-60.0.1.4] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-60.4] - Related: #1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects [2.2.15-60.3] - Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread [2.2.15-60.2] - Resolves: #1463354 - segfault in ap_proxy_set_scoreboard_lb [2.2.15-60.1] - Resolves: #1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects MODERATE Copyright 2017 Oracle, Inc. CVE-2016-8743 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-696.6.3.OL6] - Update genkey [bug 25599697] [2.6.32-696.6.3] - [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1466667 1464237] - [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237] - Revert: [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237] [2.6.32-696.6.2] - [mm] enlarge stack guard gap (Larry Woodman) [1452729 1452730] {CVE-2017-1000364 CVE-2017-1000366} [2.6.32-696.6.1] - [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1457347 1442030] - [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1449274 1446755] {CVE-2017-7895} - [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1449274 1446755] {CVE-2017-7895} - [scsi] libfc: quarantine timed out xids (Chris Leech) [1455550 1431440] - [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [1449096 869942] - [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [1449096 869942] - [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1444351 1431508] [2.6.32-696.5.1] - [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1450850 1448170] - [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1450870 1441909] [2.6.32-696.4.1] - [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1445179 1440361] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 Oracle Linux 6 [2.2.6-7] - Resolves: Bug#1469115 CVE-2017-10979 freeradius: Out-of-bounds write in rad_coalesce() - Resolves: Bug#1469118 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1469120 CVE-2017-10980 freeradius: Memory leak in decode_tlv() - Resolves: Bug#1469122 CVE-2017-10981 freeradius: Memory leak in fr_dhcp_decode() - Resolves: Bug#1469124 CVE-2017-10982 freeradius: Out-of-bounds read in fr_dhcp_decode_options() - Resolves: Bug#1469126 CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-10980 CVE-2017-10982 CVE-2017-10979 CVE-2017-10983 CVE-2017-10981 CVE-2017-10978 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 7 Oracle Linux 6 [1:1.8.0.141-2.b16] - Update to aarch64-jdk8u141-b16. - Revert change to remove-intree-libraries.sh following backout of 8173207 - Resolves: rhbz#1466509 [1:1.8.0.141-2.b15] - Revert previous commit so we can revise the security update. - Resolves: rhbz#1468473 [1:1.8.0.141-1.b15] - Backport '8180048: Interned string and symbol table leak memory during parallel unlinking' - Resolves: rhbz#1468473 [1:1.8.0.141-0.b15] - Update to aarch64-jdk8u141-b15. - Update location of OpenJDK system library source code in remove-intree-libraries.sh - Drop upstreamed patches for 6515172, 8144566, 8155049, 8165231, 8174164, 8174729 and 8175097. - Update PR1983, PR2899 and PR2934 (SunEC + system NSS) to accomodate 8175110. - Resolves: rhbz#1466509 [1:1.8.0.131-1.b12] - Add backports from 8u152 (8179084/RH1455694, 8175887) ahead of July CPU. - Resolves: rhbz#1466509 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-10090 CVE-2017-10089 CVE-2017-10135 CVE-2017-10096 CVE-2017-10101 CVE-2017-10107 CVE-2017-10193 CVE-2017-10067 CVE-2017-10109 CVE-2017-10110 CVE-2017-10053 CVE-2017-10078 CVE-2017-10111 CVE-2017-10116 CVE-2017-10198 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10102 CVE-2017-10108 CVE-2017-10115 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1:1.7.0.151-2.6.11.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.151-2.6.11.0] - Bump to 2.6.11 and u151b00. - Update java-access-bridge-security.patch to apply against 2.6.11. - Apply fix for 8185716 so ppc uses correct ins_encode format - Resolves: rhbz#1466509 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-10074 CVE-2017-10115 CVE-2017-10087 CVE-2017-10101 CVE-2017-10108 CVE-2017-10135 CVE-2017-10089 CVE-2017-10107 CVE-2017-10109 CVE-2017-10116 CVE-2017-10067 CVE-2017-10090 CVE-2017-10081 CVE-2017-10110 CVE-2017-10243 CVE-2017-10096 CVE-2017-10102 CVE-2017-10053 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 Oracle Linux 6 [52.3.0-3.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.3.0-3] - Fix for rhbz#1470294 - bundling newer libffi for ppc* platforms [52.3.0-2] - Update to 52.3.0 ESR (b2) CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-7785 CVE-2017-7787 CVE-2017-7792 CVE-2017-7800 CVE-2017-7803 CVE-2017-7807 CVE-2017-7786 CVE-2017-7801 CVE-2017-7802 CVE-2017-7809 CVE-2017-7784 CVE-2017-7791 CVE-2017-7798 CVE-2017-7753 CVE-2017-7779 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.2.15-60.0.1.5] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-60.5] - Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass - Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference - Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread - Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-3169 CVE-2017-3167 CVE-2017-9788 CVE-2017-7679 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.7.1-9] - prevent command injection via malicious ssh URLs Resolves: CVE-2017-1000117 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000117 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 Oracle Linux 7 [52.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.3.0-1] - Update to 52.3.0 [52.2.1-1] - Update to 52.2.1 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7802 CVE-2017-7791 CVE-2017-7800 CVE-2017-7809 CVE-2017-7779 CVE-2017-7784 CVE-2017-7753 CVE-2017-7787 CVE-2017-7801 CVE-2017-7786 CVE-2017-7792 CVE-2017-7807 CVE-2017-7785 CVE-2017-7803 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0.12.4-12] - Resolves: rhbz#1479815 CVE-2017-9776 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-9776 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [5.3p1-123] - Fix for CVE-2016-6210: User enumeration via covert timing channel (#1357442) MODERATE Copyright 2017 Oracle, Inc. CVE-2016-6210 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 Oracle Linux 6 [2.6.32-696.10.2.OL6] - Update genkey [bug 25599697] [2.6.32-696.10.2] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000251 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [4.66-2] - sdpd heap fixes Resolves: #1490008 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-1000250 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 [3.6.23-45.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.24-45] - resolves: #1491210 - CVE-2017-2619 CVE-2017-12150 CVE-2017-12163 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-12150 CVE-2017-2619 CVE-2017-12163 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [4.2.10-11] - resolves: #1491212 - CVE-2017-12150 CVE-2017-12163 MODERATE Copyright 2017 Oracle, Inc. CVE-2017-12150 CVE-2017-12163 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 Oracle Linux 6 [2.6.32-696.10.3.OL6] - Update genkey [bug 25599697] [2.6.32-696.10.3] - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000253 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [52.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7793 CVE-2017-7824 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 Oracle Linux 6 [3.28.4-12] - Backport patch to simplify transcript calculation for CertificateVerify IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7805 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [2.48-18] - Fix CVE-2017-14491 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-14491 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [8.4.20-8] - backport fix for CVE-2017-7546 (rhbz#1484677) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7546 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [2.6.32-696.13.2.OL6] - Update genkey [bug 25599697] [2.6.32-696.13.2] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251} - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} [2.6.32-696.13.1] - [netdv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474783 1474782] {CVE-2017-7541} - [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1482855 1466530] [2.6.32-696.12.1] - [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1479397 1464541] - [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1479397 1464541] - [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1479397 1464541] - [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1479397 1464541] [2.6.32-696.11.1] - [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1472127 1452358] MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7541 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 Oracle Linux 6 Oracle Linux 7 [52.4.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.4.0-2] - Update to 52.4.0 (b2) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7823 CVE-2017-7810 CVE-2017-7814 CVE-2017-7819 CVE-2017-7793 CVE-2017-7818 CVE-2017-7824 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1:0.7.3-9.2] - Fix backport errors (CVE-2017-13077, CVE-2017-13080) [1:0.7.3-9.1] - avoid key reinstallation (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-13078 CVE-2017-13080 CVE-2017-13087 CVE-2017-13077 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [2.2.15-60.0.1.6] - replace index.html with Oracle's index page oracle_index.html - update vstring in specfile [2.2.15-60.6] - Resolves: #1493061 - CVE-2017-9798 httpd: various flaws MODERATE Copyright 2017 Oracle, Inc. CVE-2017-9798 CVE-2017-12171 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [1:1.8.0.151-1.b12] - repack policies adapted to new counts and paths - note that also c-j-c is needed to make this apply in next update - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Correct fix to RH1191652 root patch so existing COMMON_CCXXFLAGS_JDK is not lost. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Update location of policy JAR files following 8157561. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Update SystemTap tapsets to version in IcedTea 3.6.0pre02 to fix RH1492139. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Fix premature shutdown of NSS in SunEC provider. - Move -ffp-no-contract fix to local fixes section. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Add 8075484/PR3473/RH1490713 which is listed as being in 8u151 but not supplied by Oracle. - Resolves: rhbz#1499207 [1:1.8.0.151-0.b12] - Update to aarch64-jdk8u151-b12. - Update location of OpenJDK zlib system library source code in remove-intree-libraries.sh - Drop upstreamed patches for 8179084 and RH1367357 (part of 8183028). - Update RH1191652 (root) to accomodate 8151841 (GCC 6 support). - Update RH1163501 to accomodate 8181048 (crypto refactoring) - Resolves: rhbz#1499207 CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10388 CVE-2017-10346 CVE-2017-10347 CVE-2017-10350 CVE-2017-10357 CVE-2017-10349 CVE-2017-10355 CVE-2017-10345 CVE-2017-10356 CVE-2017-10348 CVE-2017-10295 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.2.6p5-12.0.1.el6_9.1] - add disable monitor to default ntp.conf [CVE-2013-5211] [4.2.6p5-12.el6_9.1] - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) [4.2.6p5-12] - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311) [4.2.6p5-11] - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547) - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548) - check mode of new source in config command (CVE-2016-2518) - make MAC check resilient against timing attack (CVE-2016-1550) MODERATE Copyright 2017 Oracle, Inc. CVE-2017-6463 CVE-2017-6462 CVE-2017-6464 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 Oracle Linux 6 [0:6.0.24-111] - Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various flaws [0:6.0.24-110] - Resolves: rhbz#1461292 CVE-2017-5664 tomcat6: tomcat: Security constrained bypass in error page mechanism [0:6.0.24-109] - Resolves: rhbz#1461851 The tomcat6 build is incompatible with the ECJ update [0:6.0.24-106] - Resolves: rhbz#1441478 CVE-2017-5647 tomcat6: tomcat: Incorrect handling of pipelined requests when send file was used IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-5647 CVE-2017-5664 CVE-2017-12615 CVE-2017-12617 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [2.6.32-696.16.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.16.1] - [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1498019 1441773] - [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1497976 1477288] - [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1497976 1477288] - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488344 1488340] {CVE-2017-14106} - [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488344 1488340] {CVE-2017-14106} - [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1487220 1441169] - [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} - [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} - [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} [2.6.32-696.15.1] - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} [2.6.32-696.14.1] - [fs] nfs: don't disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1491123 1459636] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14106 CVE-2017-1000111 CVE-2017-1000112 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [52.5.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.5.0-1] - Update to 52.5.0 ESR CRITICAL Copyright 2017 Oracle, Inc. CVE-2017-7830 CVE-2017-7828 CVE-2017-7826 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.3.9-5.1] - Resolves: #1507346 - CVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12613 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 [4.2.10-12] - resolves: #1514315 - Fix CVE-2017-14746 and CVE-2017-15275 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-14746 CVE-2017-15275 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [52.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.5.0-1] - Update to 52.5.0 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [52.5.1-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.5.1-1] - Update to 52.5.1 ESR IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7843 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1:1.7.0.161-2.6.12.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.161-2.6.12.0] - Remove superfluous %1 from policy JAR file path. - Resolves: rhbz#1499207 [1:1.7.0.161-2.6.12.0] - Update location of policy JAR files following 8157561. - Resolves: rhbz#1499207 [1:1.7.0.161-2.6.12.0] - Bump to 2.6.12 and u161b00. - Update SystemTap tapsets to version in IcedTea 2.6.12pre01 to fix RH1492139. - Drop 8185716 patch, now applied upstream. - Update location of OpenJDK zlib system library source code in remove-intree-libraries.sh - Fix name of SystemTap tarball, following update. - Resolves: rhbz#1499207 IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-10357 CVE-2017-10348 CVE-2017-10347 CVE-2017-10355 CVE-2017-10198 CVE-2017-10285 CVE-2017-10349 CVE-2017-10356 CVE-2017-10274 CVE-2017-10350 CVE-2017-10281 CVE-2017-10346 CVE-2017-10295 CVE-2017-10193 CVE-2017-10345 CVE-2017-10388 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.25] - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042} - nvme: Limit command retries (Keith Busch) [Orabug: 25374751] - fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828} - tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666} - i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655} - netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806} - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794} - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793} [4.1.12-61.1.24] - rebuild bumping release IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-6828 CVE-2016-7042 CVE-2016-8666 CVE-2016-9806 CVE-2016-9793 CVE-2016-9794 CVE-2016-8655 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.16.2] - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793} [3.8.13-118.16.1] - nvme: Limit command retries (Ashok Vairavan) [Orabug: 25374794] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374371] {CVE-2016-6828} - logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 22505535] - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25203963] {CVE-2016-9794} - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25217756] {CVE-2016-8655} - x86: kvmclock: zero initialize pvclock shared memory area (Igor Mammedov) [Orabug: 25218431] - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306373] {CVE-2016-7042} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9793 CVE-2016-8655 CVE-2016-9794 CVE-2016-6828 CVE-2016-7042 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.1] - nvme: Limit command retries (Ashok Vairavan) [Orabug: 25342947] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374376] {CVE-2016-6828} - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231728] {CVE-2016-9794} - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231758] {CVE-2016-9793} - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306377] {CVE-2016-7042} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7042 CVE-2016-9794 CVE-2016-9793 CVE-2016-6828 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 [1.12.6-1.0.1] - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] [1.12.6] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix runC privilege escalation (CVE-2016-9962) [1.12.5] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix race on sending stdin close event [#29424](https://github.com/docker/docker/pull/29424) - Fix panic in docker network ls when a network was created with --ipv6 and no ipv6 --subnet in older docker versions [#29416](https://github.com/docker/docker/pull/29416) - Fix compilation on Darwin [#29370](https://github.com/docker/docker/pull/29370) [1.12.4] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix issue where volume metadata was not removed [#29083](https://github.com/docker/docker/pull/29083) - Asynchronously close streams to prevent holding container lock [#29050](https://github.com/docker/docker/pull/29050) - Fix selinux labels for newly created container volumes [#29050](https://github.com/docker/docker/pull/29050) - Remove hostname validation [#28990](https://github.com/docker/docker/pull/28990) - Fix deadlocks caused by IO races [#29095](https://github.com/docker/docker/pull/29095) [#29141](https://github.com/docker/docker/pull/29141) - Return an empty stats if the container is restarting [#29150](https://github.com/docker/docker/pull/29150) - Fix volume store locking [#29151](https://github.com/docker/docker/pull/29151) - Ensure consistent status code in API [#29150](https://github.com/docker/docker/pull/29150) - Fix incorrect opaque directory permission in overlay2 [#29093](https://github.com/docker/docker/pull/29093) - Detect plugin content and error out on docker pull [#29297](https://github.com/docker/docker/pull/29297) - Update Swarmkit [#29047](https://github.com/docker/docker/pull/29047) - orchestrator/global: Fix deadlock on updates [docker/swarmkit#1760](https://github.com/docker/swarmkit/pull/1760) - on leader switchover preserve the vxlan id for existing networks [docker/swarmkit#1773](https://github.com/docker/swarmkit/pull/1773) - Refuse swarm spec not named 'default' [#29152](https://github.com/docker/docker/pull/29152) - Update libnetwork [#29004](https://github.com/docker/docker/pull/29004) [#29146](https://github.com/docker/docker/pull/29146) - Fix panic in embedded DNS [docker/libnetwork#1561](https://github.com/docker/libnetwork/pull/1561) - Fix unmarhalling panic when passing --link-local-ip on global scope network [docker/libnetwork#1564](https://github.com/docker/libnetwork/pull/1564) - Fix panic when network plugin returns nil StaticRoutes [docker/libnetwork#1563](https://github.com/docker/libnetwork/pull/1563) - Fix panic in osl.(*networkNamespace).DeleteNeighbor [docker/libnetwork#1555](https://github.com/docker/libnetwork/pull/1555) - Fix panic in swarm networking concurrent map read/write [docker/libnetwork#1570](https://github.com/docker/libnetwork/pull/1570) - Allow encrypted networks when running docker inside a container [docker/libnetwork#1502](https://github.com/docker/libnetwork/pull/1502) - Do not block autoallocation of IPv6 pool [docker/libnetwork#1538](https://github.com/docker/libnetwork/pull/1538) - Set timeout for netlink calls [docker/libnetwork#1557](https://github.com/docker/libnetwork/pull/1557) - Increase networking local store timeout to one minute [docker/libkv#140](https://github.com/docker/libkv/pull/140) - Fix a panic in libnetwork.(*sandbox).execFunc [docker/libnetwork#1556](https://github.com/docker/libnetwork/pull/1556) - Honor icc=false for internal networks [docker/libnetwork#1525](https://github.com/docker/libnetwork/pull/1525) - Update syslog log driver [#29150](https://github.com/docker/docker/pull/29150) - Run 'dnf upgrade' before installing in fedora [#29150](https://github.com/docker/docker/pull/29150) - Add build-date back to RPM packages [#29150](https://github.com/docker/docker/pull/29150) - deb package filename changed to include distro to distinguish between distro code names [#27829](https://github.com/docker/docker/pull/27829) [1.12.3] - the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or - a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive - Backup the current version of the unit file, and replace the file with the - Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present - Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present). - Fix ambient capability usage in containers (CVE-2016-8867) [#27610](https://github.com/docker/docker/pull/27610) - Prevent a deadlock in libcontainerd for Windows [#27136](https://github.com/docker/docker/pull/27136) - Fix error reporting in CopyFileWithTar [#27075](https://github.com/docker/docker/pull/27075) - Reset health status to starting when a container is restarted [#27387](https://github.com/docker/docker/pull/27387) - Properly handle shared mount propagation in storage directory [#27609](https://github.com/docker/docker/pull/27609) - Fix docker exec [#27610](https://github.com/docker/docker/pull/27610) - Fix backward compatibility with containerds events log [#27693](https://github.com/docker/docker/pull/27693) - Fix conversion of restart-policy [#27062](https://github.com/docker/docker/pull/27062) - Update Swarmkit [#27554](https://github.com/docker/docker/pull/27554) - Avoid restarting a task that has already been restarted [docker/swarmkit#1305](https://github.com/docker/swarmkit/pull/1305) - Allow duplicate published ports when they use different protocols [docker/swarmkit#1632](https://github.com/docker/swarmkit/pull/1632) - Allow multiple randomly assigned published ports on service [docker/swarmkit#1657](https://github.com/docker/swarmkit/pull/1657) - Fix panic when allocations happen at init time [docker/swarmkit#1651](https://github.com/docker/swarmkit/pull/1651) - Update libnetwork [#27559](https://github.com/docker/docker/pull/27559) - Fix race in serializing sandbox to string [docker/libnetwork#1495](https://github.com/docker/libnetwork/pull/1495) - Fix race during deletion [docker/libnetwork#1503](https://github.com/docker/libnetwork/pull/1503) - Reset endpoint port info on connectivity revoke in bridge driver [docker/libnetwork#1504](https://github.com/docker/libnetwork/pull/1504) - Fix a deadlock in networking code [docker/libnetwork#1507](https://github.com/docker/libnetwork/pull/1507) - Fix a race in load balancer state [docker/libnetwork#1512](https://github.com/docker/libnetwork/pull/1512) - Update fluent-logger-golang to v1.2.1 [#27474](https://github.com/docker/docker/pull/27474) - Update buildtags for armhf ubuntu-trusty [#27327](https://github.com/docker/docker/pull/27327) - Add AppArmor to runc buildtags for armhf [#27421](https://github.com/docker/docker/pull/27421) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9962 cpe:/a:oracle:linux:6::addons cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.27] - vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] {CVE-2016-9083} {CVE-2016-9084} - Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] {CVE-2016-9576} - kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] {CVE-2016-8630} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] {CVE-2016-8646} - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] {CVE-2016-4485} [4.1.12-61.1.26] - xen-netback: fix extra_info handling in xenvif_tx_err() (Paul Durrant) [Orabug: 25445336] - net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug: 25458076] - tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076] - xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel) [Orabug: 25430143] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9083 CVE-2016-8646 CVE-2016-4482 CVE-2016-8630 CVE-2016-9576 CVE-2016-4485 CVE-2016-9084 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.16.3] - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646} - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-8646 CVE-2016-4482 CVE-2016-4485 CVE-2013-7446 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.2] - vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2013-7446 CVE-2016-8646 CVE-2016-4482 CVE-2015-1420 CVE-2016-4485 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 [1.0.1e-48.4] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts MODERATE Copyright 2017 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.28] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598257] {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.16.4] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.3] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-6074 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 [2.12-1.209.0.1] - Update newmode size to fix a possible corruption [2.12-1.209] - Fix AF_INET6 getaddrinfo with nscd (#1416496) [2.12-1.208] - Update tests for struct sockaddr_storage changes (#1338673) [2.12-1.207] - Use FL_CLOEXEC in internal calls to fopen (#1012343). [2.12-1.206] - Fix CVE-2015-8779 glibc: Unbounded stack allocation in catopen function (#1358015). [2.12-1.205] - Make padding in struct sockaddr_storage explicit (#1338673) [2.12-1.204] - Fix detection of Intel FMA hardware (#1384281). [2.12-1.203] - Add support for el_GR@euro, ur_IN, and wal_ET locales (#1101858). [2.12-1.202] - Change malloc/tst-malloc-thread-exit.c to use fewer threads and avoid timeout (#1318380). [2.12-1.201] - df can fail on some systems (#1307029). [2.12-1.200] - Log uname, cpuinfo, meminfo during build (#1307029). [2.12-1.199] - Draw graphs for heap and stack only if MAXSIZE_HEAP and MAXSIZE_STACK are non-zero (#1331304). [2.12-1.198] - Avoid unneeded calls to __check_pf in getadddrinfo (#1270950) [2.12-1.197] - Fix CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r (#1358013). [2.12-1.196] - Fix CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() (#1358011). [2.12-1.195] - tzdata-update: Ignore umask setting (#1373646) [2.12-1.194] - CVE-2014-9761: Fix unbounded stack allocation in nan* (#1358014) [2.12-1.193] - Avoid using uninitialized data in getaddrinfo (#1223095) IMPORTANT Copyright 2017 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.33] - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} [4.1.12-61.1.32] - x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644} [4.1.12-61.1.31] - rebuild bumping release [4.1.12-61.1.30] - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187} [4.1.12-61.1.29] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636} - If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783] - PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783] - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633} - usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951} - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951} - cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672} - kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596} - crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147} - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588} - KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645} - tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632} - fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178} - scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425} - tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097} - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097} - ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952} - ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952} - mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345} - net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847] - ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970} - perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001} - ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897} - mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7187 CVE-2016-8632 CVE-2016-7097 CVE-2016-3140 CVE-2016-8645 CVE-2016-10088 CVE-2017-2636 CVE-2016-8633 CVE-2016-7425 CVE-2015-8952 CVE-2017-5897 CVE-2017-6001 CVE-2016-3951 CVE-2016-3672 CVE-2017-6345 CVE-2017-5970 CVE-2016-9756 CVE-2016-9178 CVE-2016-8399 CVE-2016-10147 CVE-2017-2596 CVE-2016-9588 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.17.4] - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644} [3.8.13-118.17.3] - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399} [3.8.13-118.17.2] - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187} [3.8.13-118.17.1] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696686] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696686] {CVE-2017-2636} - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696686] {CVE-2017-2636} - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 21305080] {CVE-2015-4700} - net: filter: return -EINVAL if BPF_S_ANC* operation is not supported (Daniel Borkmann) [Orabug: 22187148] - KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) - KEYS: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451530] {CVE-2016-8633} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463927] {CVE-2016-3672} - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463927] {CVE-2016-3672} - pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (WANG Cong) [Orabug: 25490335] {CVE-2015-8569} - sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490372] {CVE-2015-5707} - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507195] {CVE-2016-9588} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507230] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507230] {CVE-2016-8645} - fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507281] {CVE-2016-9178} - scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507328] {CVE-2016-7425} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507328] {CVE-2016-7425} - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512413] {CVE-2016-4580} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512471] {CVE-2016-3140} - ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25543892] {CVE-2017-5970} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682430] {CVE-2017-6345} - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646} - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446} - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2015-8569 CVE-2016-9588 CVE-2017-7187 CVE-2016-10088 CVE-2015-4700 CVE-2016-8399 CVE-2016-4580 CVE-2016-3140 CVE-2017-5970 CVE-2016-10142 CVE-2017-2636 CVE-2016-3672 CVE-2017-6345 CVE-2016-8645 CVE-2016-9178 CVE-2016-7425 CVE-2016-8633 CVE-2015-5707 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.6] - RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142} [2.6.39-400.294.5] - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399} - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187} [2.6.39-400.294.4] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636} - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636} - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636} - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672} - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672} - sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425} - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700} - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-8633 CVE-2017-2636 CVE-2016-3672 CVE-2015-4700 CVE-2015-5707 CVE-2016-7425 CVE-2016-3140 CVE-2016-4580 CVE-2016-8399 CVE-2016-10088 CVE-2016-8645 CVE-2017-7187 CVE-2016-10142 CVE-2017-6345 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.17.5] - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7910 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.294.7] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10229 CVE-2016-7910 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.34] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719659] {CVE-2017-2583} {CVE-2017-2583} - ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208} - ext4: reserve code points for the project quota feature (Theodore Ts'o) [Orabug: 25719728] {CVE-2016-10208} - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719728] {CVE-2016-10208} - ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719793] {CVE-2017-5986} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720805] {CVE-2017-6214} - ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25720839] {CVE-2017-6347} - udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25720839] {CVE-2017-6347} - udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839] {CVE-2017-6347} - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877509] {CVE-2016-7910} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10208 CVE-2017-6347 CVE-2017-7184 CVE-2017-6214 CVE-2016-7910 CVE-2017-2583 CVE-2017-5986 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.4] - ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 26075879] - sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 26038830] [4.1.12-94.3.3] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986971] {CVE-2017-7895} [4.1.12-94.3.2] - sparc64: Detect DAX ra+pgsz when hvapi minor doesn't indicate it (Rob Gardner) [Orabug: 25997533] - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25997533] [Orabug: 25931417] - sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997226] - sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137] - sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790] - sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747] - sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25996655] - sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628] - sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546] - sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522] - sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475] - sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] - megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] [4.1.12-94.3.1] - Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25968572] - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25946533] - NVMe: Set affinity after allocating request queues (Keith Busch) [Orabug: 25945973] - nvme: use an integer value to Linux errno values (Christoph Hellwig) [Orabug: 25945973] - blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25945973] - x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 24819170] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 24819170] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25525433] - Btrfs: don't BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25534945] - Btrfs: clarify do_chunk_alloc()'s return value (Liu Bo) [Orabug: 25534945] - btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25534945] - Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25721518] - qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 25862953] - Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25866691] - Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25866691] - Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25866691] - Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25866691] - Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25866691] - Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) - Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25866691] - xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876652] {CVE-2016-10229} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.18.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895} [3.8.13-118.18.1] - fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] - xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703] - xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549809] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549809] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809] - VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug: 25559937] - VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469] - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] {CVE-2017-2583} {CVE-2017-2583} - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] {CVE-2016-10208} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] {CVE-2017-5986} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720813] {CVE-2017-6214} - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083] - USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] {CVE-2016-2782} - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] {CVE-2017-5669} - vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797052] {CVE-2015-6252} - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184} - KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug: 25823962] {CVE-2017-2647} {CVE-2017-2647} - USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] {CVE-2015-5257} {CVE-2015-5257} - udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] {CVE-2015-9731} - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910} - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644} - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399} - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10208 CVE-2016-2782 CVE-2015-6252 CVE-2017-2647 CVE-2017-7184 CVE-2017-2583 CVE-2017-6214 CVE-2015-5257 CVE-2015-9731 CVE-2017-7895 CVE-2017-5986 CVE-2017-5669 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.295.2] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} [2.6.39-400.295.1] - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] {CVE-2017-2583} {CVE-2017-2583} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] {CVE-2017-5986} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720815] {CVE-2017-6214} - USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] {CVE-2016-2782} - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] {CVE-2017-5669} - vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797056] {CVE-2015-6252} - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184} - KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug: 25823965] {CVE-2017-2647} {CVE-2017-2647} - USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] {CVE-2015-5257} - RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] {CVE-2015-6937} {CVE-2015-6937} - udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] {CVE-2015-9731} - udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] {CVE-2015-9731} - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229} - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910} - RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142} - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399} - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187} - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636} - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636} - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636} - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672} - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672} - sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707} - tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645} - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645} - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425} - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700} - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580} - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345} - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074} - vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420} - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482} - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485} - af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} - unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 CVE-2016-2782 CVE-2015-6252 CVE-2017-2647 CVE-2015-5257 CVE-2015-9731 CVE-2017-5986 CVE-2017-2583 CVE-2017-6214 CVE-2017-7184 CVE-2017-5669 CVE-2015-6937 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.5] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26132091] {CVE-2017-8890} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8890 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.18.3] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108571] {CVE-2017-8890} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-8890 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.296.2] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108573] {CVE-2017-8890} [2.6.39-400.296.1] - cifs: adjust sequence number downward after signing NT_CANCEL request (Albert Barbe) - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7895 CVE-2017-8890 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.6] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143545] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143545] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143545] {CVE-2017-7308} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7308 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.18.4] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7308 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 [2.12-1.209.0.3.2] - backport rh patch 1047983 from OL7, Orabug 25407655 [2.12-1.209.2] - Avoid large allocas in the dynamic linker (#1452711) IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.7] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326143] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326143] {CVE-2017-1000364} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.3.8] - macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26368162] {CVE-2017-7477} - macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26368162] {CVE-2017-7477} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366988] {CVE-2017-7645} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7477 CVE-2017-7645 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.2] - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366022] {CVE-2017-7645} [3.8.13-118.19.1] - selinux: quiet the filesystem labeling behavior message (Paul Moore) [Orabug: 25290650] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891907] {CVE-2017-7273} - udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905721] {CVE-2015-4167} - udf: Check length of extended attributes and allocation descriptors (Jan Kara) [Orabug: 25905721] {CVE-2015-4167} - udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905721] {CVE-2015-4167} - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu Itoh) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948098] {CVE-2014-9710} - Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: 25948098] {CVE-2014-9710} - net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948145] {CVE-2015-2686} - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975506] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975506] - xsigo: [backport](UEK3)-Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 26007560] - ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [Orabug: 26032372] {CVE-2015-1465} - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26139385] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26143552] {CVE-2017-7308} - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108571] {CVE-2017-8890} - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7645 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.3] - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366024] {CVE-2017-7645} [2.6.39-400.297.2] - dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug: 25645229] - xen/manage: Always freeze/thaw processes when suspend/resuming (Ross Lagerwall) [Orabug: 25795530] - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25955028] [2.6.39-400.297.1] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277602] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108573] {CVE-2017-8890} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7645 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.4] - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326145] {CVE-2017-1000364} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000364 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.5.7] - Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26444722] - Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26444722] - Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26444722] - Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26444722] - blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26385993] - blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26385993] - nvme: Complete all stuck requests (Keith Busch) [Orabug: 26385993] - nvme: Don't suspend admin queue that wasn't created (Gabriel Krisman Bertazi) [Orabug: 26385993] - nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26385993] - nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26385993] - nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26385993] - sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26408570] - SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26221921] - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403952] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403952] {CVE-2017-1000380} - xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452561] - xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452561] - Revert 'SUNRPC: Refactor svc_set_num_threads()' (Kirtikar Kashyap) [Orabug: 26476721] - Revert 'NFSv4: Fix callback server shutdown' (Kirtikar Kashyap) [Orabug: 26476721] [4.1.12-94.5.6] - net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26367820] - net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26354016] - NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26361950] - btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362382] - btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362382] - btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362382] - btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362382] - btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362382] - btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362382] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403937] {CVE-2017-1000363} - NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403977] {CVE-2017-9059} - SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403977] {CVE-2017-9059} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404000] {CVE-2017-9077} [4.1.12-94.5.5] - Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26426837] - IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 26245885] - aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291288] - IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26308324] - aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26308827] - RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351414] - bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] - bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] - bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] - bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] - dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26402533] - bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] - bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] - bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] - bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] - x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 26387040] - x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 26387040] - x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 26387040] - perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 26387040] - perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 26387040] - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397292] - net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26406403] [4.1.12-94.5.4] - block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 25654233] - mlx4: add diagnostic counters via sysfs (Chris Gray) [Orabug: 25743434] - x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26355098] - net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350965] - macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26051882] {CVE-2017-7477} - macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26051882] {CVE-2017-7477} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366009] {CVE-2017-7645} [4.1.12-94.5.3] - xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354399] - xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354399] - xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354399] - xfs: don't reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354399] - xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354399] - xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354399] - xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354399] - xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354399] - xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354399] - xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354399] - xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354399] - xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354399] [4.1.12-94.5.2] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26337733] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26337733] {CVE-2017-1000364} - Fix Express lane queue creation. (James Smart) [Orabug: 26241742] - rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26298950] - IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304710] - vfio/pci: Fix unsigned comparison overflow (Alex Williamson) - blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321947] [4.1.12-94.5.1] - percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26223304] - percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26223304] - percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26223304] - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26223304] - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26223304] - block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26223304] - nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26247244] - nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26256275] - nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26033880] - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26033880] - nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26033880] - nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26033880] - net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265818] - IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 25993610] - Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 26107170] - Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 26107170] - NVMe: During NVMe probe, get NVMe device information before mapping the device. (Ashok Vairavan) [Orabug: 26227515] - PCI/AER: include header file (Sudip Mukherjee) [Orabug: 26138886] - NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 26138886] - nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 26138886] - nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 26138886] - nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 26138886] - nvme.h: add AER constants (Christoph Hellwig) [Orabug: 26138886] - nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 26138886] - nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 26138886] - nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 26138886] - NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 26138886] - NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 26138886] - NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 26138886] - NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 26138886] - NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 26138886] - nvme: Limit command retries (Keith Busch) [Orabug: 26138886] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 26138886] - NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 26138886] - nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 26138886] - nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 26138886] - nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 26138886] - blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 26138886] - NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 26138886] - NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 26138886] - NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 26138886] - NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 26138886] - NVMe: Unbind driver on failure (Keith Busch) [Orabug: 26138886] - NVMe: Delete only created queues (Keith Busch) [Orabug: 26138886] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 26138886] - nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 26138886] - nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 26138886] - NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 26138886] - nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 26138886] - nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 26138886] - nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 26138886] - nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 26138886] - nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 26138886] - NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 26138886] - NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 26138886] - NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 26138886] - nvme: fix cntlid type (Christoph Hellwig) [Orabug: 26138886] - nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 26138886] - nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 26138886] - NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 26138886] - NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 26138886] - block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 26138886] - nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 26138886] - NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 26138886] - nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 26138886] - block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 26138886] - nvme: rewrite discard support (Ming Lin) [Orabug: 26138886] - nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 26138886] - nvme: add missing lock nesting notation (Ming Lin) [Orabug: 26138886] - NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 26138886] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 26138886] - nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 26138886] - NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 26138886] - NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 26138886] - nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 26138886] - nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 26138886] - NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 26138886] - NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 26138886] - NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 26138886] - NVMe: Simplify device reset failure (Keith Busch) [Orabug: 26138886] - NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 26138886] - NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 26138886] - nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 26138886] - nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 26138886] - nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 26138886] - nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 26138886] - nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 26138886] - nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 26138886] - NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 26138886] - NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 26138886] - NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 26138886] - NVMe: Allow request merges (Keith Busch) [Orabug: 26138886] - NVMe: Fix io incapable return values (Keith Busch) [Orabug: 26138886] - nvme: split pci module out of core module (Ming Lin) [Orabug: 26138886] - nvme: split dev_list_lock (Ming Lin) [Orabug: 26138886] - nvme: move timeout variables to core.c (Ming Lin) [Orabug: 26138886] - nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 26138886] - nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 26138886] - nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 26138886] - NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 26138886] - nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 26138886] - blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 26138886] - NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 26138886] - NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 26138886] - NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 26138886] - NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 26138886] - NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 26138886] - NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 26138886] - nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 26138886] - nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 26138886] - nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 26138886] - nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 26138886] - NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 26138886] - NVMe: Add pci error handlers (Keith Busch) [Orabug: 26138886] - nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 26138886] - nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 26138886] - nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 26138886] - nvme: simplify completion handling (Christoph Hellwig) [Orabug: 26138886] - nvme: special case AEN requests (Christoph Hellwig) [Orabug: 26138886] - nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 26138886] - nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 26138886] - NVMe: Simplify metadata setup (Keith Busch) [Orabug: 26138886] - NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 26138886] - NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 26138886] - nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 26138886] - nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 26138886] - nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 26138886] - nvme: simplify resets (Christoph Hellwig) [Orabug: 26138886] - nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 26138886] - nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 26138886] - nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 26138886] - nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 26138886] - nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 26138886] - nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 26138886] - nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 26138886] - nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 26138886] - nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 26138886] - nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 26138886] - nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 26138886] - nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 26138886] - nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 26138886] - nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 26138886] - nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 26138886] - nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 26138886] - nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 26138886] - nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 26138886] - nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 26138886] - nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 26138886] - nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 26138886] - nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 26138886] - nvme: use offset instead of a struct for registers (Christoph Hellwig) [Orabug: 26138886] - nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 26138886] - nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 26138886] - NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 26138886] - Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 26138886] - nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 26138886] - block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 26138886] - block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 26138886] - NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 26138886] - nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 26138886] - nvme include linux types.h (Christoph Hellwig) [Orabug: 26138886] - nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 26138886] - NVMe: Set affinity after allocating request queues (Keith Busch) [Orabug: 26138886] - NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 26138886] - NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 26138886] - Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) [Orabug: 26138886] - Revert 'nvme: Limit command retries' (Ashok Vairavan) [Orabug: 26138886] - Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) [Orabug: 26138886] - Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) [Orabug: 26138886] - net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26268911] - net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26268911] - net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26268911] - net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26268911] - uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26270004] [Orabug: 25983319] - target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 26270004] - target: simplify backend driver registration (Christoph Hellwig) [Orabug: 26270004] - IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 26214325] - xsigo: UEK4-QU4:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199203] - xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 23585649] - xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 23585649] - xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 23585649] - xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 23585649] - xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 23585649] - xen-netfront: add rx page statistics (Joao Martins) [Orabug: 23585649] - xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 23585649] - xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 23585649] - xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 23585649] - xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 23585649] - xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 23585649] - xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 23585649] - xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 23585649] - include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 23585649] - xen-netback: fix type mismatch warning (Arnd Bergmann) [Orabug: 23585649] - xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) [Orabug: 23585649] - xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) [Orabug: 23585649] - xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) [Orabug: 23585649] - xen-netback: process guest rx packets in batches (David Vrabel) [Orabug: 23585649] - xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) [Orabug: 23585649] - xen-netback: refactor guest rx (David Vrabel) [Orabug: 23585649] - xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) [Orabug: 23585649] - xen-netback: separate guest side rx code into separate module (Paul Durrant) [Orabug: 23585649] - x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 23585649] - mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 26087732] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26095774] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 26170622] {CVE-2017-7308} - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26108560] {CVE-2017-8890} [4.1.12-94.4.1] - I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25877674] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891893] {CVE-2017-7273} - Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) - NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 26046907] - xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26086380] - RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 26079995] - mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 26088056] - ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 26075879] - sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 26038830] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986971] {CVE-2017-7895} - sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25997533] - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25997533] [Orabug: 25931417] - sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997226] - sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137] - sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823] - sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790] - sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747] - sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25996655] - sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628] - sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546] - sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522] - sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475] - sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] - megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-9077 CVE-2017-1000363 CVE-2017-1000380 CVE-2017-7273 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.3] - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-7097 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.5] - selinux: quiet the filesystem labeling behavior message (Paul Moore) [Orabug: 25721485] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 25875426] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891914] {CVE-2017-7273} - udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Check length of extended attributes and allocation descriptors (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: 25948102] {CVE-2014-9710} - net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686} - xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975513] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975513] - ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [Orabug: 26032377] {CVE-2015-1465} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7273 CVE-2015-1465 CVE-2015-2686 CVE-2015-4167 CVE-2014-9710 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.5.9] - dentry name snapshots (Al Viro) [Orabug: 26630936] {CVE-2017-7533} [4.1.12-94.5.8] - scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26621191] - mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26621191] - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26621179] {CVE-2016-9604} {CVE-2016-9604} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26621176] {CVE-2016-10200} - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26621171] {CVE-2016-6213} {CVE-2016-6213} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26621163] {CVE-2017-9242} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7533 CVE-2016-9604 CVE-2016-10200 CVE-2017-9242 CVE-2016-6213 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.4] - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586047] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586022] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578198] {CVE-2017-9242} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9685 CVE-2016-10200 CVE-2016-9604 CVE-2017-9242 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.6] - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586050] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586024] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578202] {CVE-2017-9242} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-9604 CVE-2017-9242 CVE-2016-9685 CVE-2016-10200 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-103.3.8] - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365} [4.1.12-103.3.7] - i40e/i40evf: check for stopped admin queue (Mitch Williams) [Orabug: 26654222] [4.1.12-103.3.6] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645497] [4.1.12-103.3.5] - dentry name snapshots (Al Viro) [Orabug: 26630805] {CVE-2017-7533} [4.1.12-103.3.4] - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585933] {CVE-2016-6213} {CVE-2016-6213} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578179] {CVE-2017-9242} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585981] {CVE-2016-9604} {CVE-2016-9604} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586030] {CVE-2016-10200} - ovl: move super block magic number to magic.h (Stephen Hemminger) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - ovl: use a minimal buffer in ovl_copy_xattr (Vito Caputo) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - ovl: allow zero size xattr (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - ovl: default permissions (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576} - scsi: megaraid_sas: handle dma_addr_t right on 32-bit (Arnd Bergmann) [Orabug: 26560952] - scsi: megaraid_sas: NVME fast path io support (Shivasharan S) [Orabug: 26560952] - scsi: megaraid_sas: NVME interface target prop added (Shivasharan S) [Orabug: 26560952] - scsi: megaraid_sas: NVME Interface detection and prop settings (Shivasharan S) [Orabug: 26560952] - scsi: megaraid_sas: Use synchronize_irq to wait for IRQs to complete (Shivasharan S) [Orabug: 26560952] - fs/fuse: fuse mount can cause panic with no memory numa node (Somasundaram Krishnasamy) [Orabug: 26151828] - Fix regression which breaks DFS mounting (Sachin Prabhu) [Orabug: 26335022] - ol7/spec: sync up linux-firmware version for ol74 (Ethan Zhao) [Orabug: 26567308] [Orabug: 26567283] - nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572867] {CVE-2017-8797} - nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572867] {CVE-2017-8797} - ol6/spec: sync up linux-firmware version for ol6 (Ethan Zhao) [Orabug: 26586911] [Orabug: 26586927] [4.1.12-103.3.2] - rds: tcp: cancel all worker threads before shutting down socket (Yuval Shaia) [Orabug: 26332905] - Revert 'ixgbevf: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] - Revert 'ixgbe: get rid of custom busy polling code' (Jack Vogel) [Orabug: 26560824] - xen: do not re-use pirq number cached in pci device msi msg data (Boris Ostrovsky) [Orabug: 26324865] - xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26520653] - ocfs2: fix deadlock caused by recursive locking in xattr (Eric Ren) [Orabug: 26554428] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26554428] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26554428] - Revert 'add OCFS2_LOCK_RECURSIVE arg_flags to ocfs2_cluster_lock() to prevent hang' (Ashish Samant) [Orabug: 26554428] - MacSec: fix backporting error in patches for CVE-2017-7477 (Alexey Kodanev) [Orabug: 26481629] [Orabug: 26368162] {CVE-2017-7477} {CVE-2017-7477} - sg: Fix double-free when drives detach during SG_IO (Calvin Owens) [Orabug: 26492439] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540266] {CVE-2017-2671} - PCI: Workaround wrong flags completions for IDT switch (James Puthukattukaran) [Orabug: 26362330] - xen-blkback: stop blkback thread of every queue in xen_blkif_disconnect (Annie Li) [4.1.12-103.3.1] - MSI: Dont assign MSI IRQ vector twice (Ashok Vairavan) [Orabug: 25982356] - IB/core: Remove stray semicolon in cma_init (Yuval Shaia) [Orabug: 26188883] - ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403963] {CVE-2017-9074} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403963] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403963] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403963] {CVE-2017-9074} - scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26473220] - mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26473220] - blk-mq: Export blk_mq_freeze_queue_wait (Keith Busch) [Orabug: 26486215] - blk-mq: Provide freeze queue timeout (Keith Busch) [Orabug: 26486215] - nvme: Complete all stuck requests (Keith Busch) [Orabug: 26486215] - nvme: Dont suspend admin queue that wasnt created (Gabriel Krisman Bertazi) [Orabug: 26486215] - nvme: Delete created IO queues on reset (Keith Busch) [Orabug: 26486215] - nvme: Suspend all queues before deletion (Gabriel Krisman Bertazi) [Orabug: 26486215] - nvme/pci: No special case for queue busy on IO (Keith Busch) [Orabug: 26486215] - Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections'' (Ajaykumar Hotchandani) [Orabug: 26497331] - Revert 'net/rds: use different workqueue for base_conn' (Ajaykumar Hotchandani) [Orabug: 26497331] - Revert 'net/rds: determine active/passive connection with IP addresses' (Ajaykumar Hotchandani) [Orabug: 26497331] - Revert 'net/rds: prioritize the base connection establishment' (Ajaykumar Hotchandani) [Orabug: 26497331] - net/sock: add WARN_ON(parent->sk) in sock_graft() (Sowmini Varadhan) [Orabug: 26243229] - rds: tcp: use sock_create_lite() to create the accept socket (Sowmini Varadhan) [Orabug: 26243229] - rds: tcp: set linger to 1 when unloading a rds-tcp (Sowmini Varadhan) [Orabug: 26236194] - rds: tcp: send handshake ping-probe from passive endpoint (Sowmini Varadhan) [Orabug: 26236194] - Revert 'SUNRPC: Refactor svc_set_num_threads()' (Dhaval Giani) [Orabug: 26450033] - Revert 'NFSv4: Fix callback server shutdown' (Dhaval Giani) [Orabug: 26450033] - mm: fix use-after-free if memory allocation failed in vma_adjust() (Kirill A. Shutemov) [Orabug: 25647067] - scsi: smartpqi: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 26191021] - scsi: smartpqi: bump driver version (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: remove writeq/readq function definitions (Corentin Labbe) [Orabug: 26191021] - scsi: smartpqi: add module parameters (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: cleanup list initialization (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add raid level show (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: make ioaccel references consistent (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: enhance device add and remove messages (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update timeout on admin commands (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: map more raid errors to SCSI errors (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: cleanup controller branding (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update rescan worker (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update device offline (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct aio error path (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add lockup action (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: remove qdepth calculations for logical volumes (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: enhance kdump (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: change return value for LUN reset operations (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add ptraid support (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: update copyright (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: cleanup messages (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add new PCI device IDs (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: minor driver cleanup (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct BMIC identify physical drive (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: eliminate redundant error messages (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add pqi_wait_for_completion_io (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct bdma hw bug (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add heartbeat check (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add suspend and resume support (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: enhance resets (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add supporting events (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: ensure controller is in SIS mode at init (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: add in controller checkpoint for controller lockups. (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: set pci completion timeout (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: correct remove scsi devices (Kevin Barnett) [Orabug: 26191021] - scsi: smartpqi: fix time handling (Arnd Bergmann) [Orabug: 26191021] - Btrfs: fix extent_same allowing destination offset beyond i_size (Filipe Manana) [Orabug: 26376770] - NVMe: Retain QUEUE_FLAG_SG_GAPS flag for bio vector alignment. (Ashok Vairavan) [Orabug: 26402457] - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380} - xfs: Timely free truncated dirty pages (Jan Kara) [Orabug: 26452559] - xfs: skip dirty pages in ->releasepage() (Brian Foster) [Orabug: 26452559] - sparc64: Convert non-fatal error print to a debug print (DAX driver) (Sanath Kumar) [Orabug: 26476370] - selftests: sparc64: memory: Add tests for privileged ADI driver (Tom Hromatka) [Orabug: 26359060] - memory: sparc64: Add privileged ADI driver (Tom Hromatka) [Orabug: 26359060] - sparc64: Export the adi_state structure (Tom Hromatka) [Orabug: 26359060] - sparc64: Use cpu_poke to resume idle cpu (Vijay Kumar) [Orabug: 26399224] - sparc64: Add a new hypercall CPU_POKE (Vijay Kumar) [Orabug: 26399224] - cpuset: consider dying css as offline (Tejun Heo) [Orabug: 26475766] - sparc64: Treat ERESTARTSYS as an acceptable error (DAX driver) (Sanath Kumar) [Orabug: 26475734] - sparc64: fix out of order spin_lock_irqsave and spin_unlock_restore (Thomas Tai) [Orabug: 26430325] - SPARC64: vcc: delay device removal until close() (Aaron Young) [Orabug: 26315957] - bnxt_en: Fix SRIOV on big-endian architecture. (Michael Chan) [Orabug: 26443303] - arch/sparc: Enable queued spinlock support for SPARC (Allen Pais) [Orabug: 26373790] - arch/sparc: Introduce xchg16 for SPARC (Babu Moger) [Orabug: 26373790] - arch/sparc: Enable queued rwlocks for SPARC (Allen Pais) [Orabug: 26373790] - arch/sparc: Introduce cmpxchg_u8 SPARC (Babu Moger) [Orabug: 26373790] - arch/sparc: Define config parameter CPU_BIG_ENDIAN (Allen Pais) [Orabug: 26373790] - kernel/locking: Fix compile error with qrwlock.c (Babu Moger) [Orabug: 26373790] - arch/sparc: Remove the check #ifndef __LINUX_SPINLOCK_TYPES_H (Babu Moger) [Orabug: 26373790] - locking/qrwlock: Fix write unlock bug on big endian systems (pan xinhui) [Orabug: 26373790] - locking/qrwlock: Implement queue_write_unlock() using smp_store_release() (Will Deacon) [Orabug: 26373790] - locking/qspinlock: Avoid redundant read of next pointer (Waiman Long) [Orabug: 26373790] - locking/qspinlock: Prefetch the next node cacheline (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Reduce reader/writer to reader lock transfer latency (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Better optimization for interrupt context readers (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Rename functions to queued_*() (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Dont contend with readers when setting _QW_WAITING (Waiman Long) [Orabug: 26373790] - locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS (Babu Moger) [Orabug: 26373790] - locking/qspinlock: Use a simple write to grab the lock (Waiman Long) [Orabug: 26373790] - locking/qspinlock: Optimize for smaller NR_CPUS (Peter Zijlstra (Intel)) [Orabug: 26373790] - locking/qspinlock: Extract out code snippets for the next patch (Waiman Long) [Orabug: 26373790] - locking/qspinlock: Add pending bit (Peter Zijlstra (Intel)) [Orabug: 26373790] - locking/qspinlock: Introduce a simple generic 4-byte queued spinlock (Waiman Long) [Orabug: 26373790] - qede: Add support for ingress headroom (Mintz, Yuval) [Orabug: 25933053] - qede: Update receive statistic once per NAPI (Mintz, Yuval) [Orabug: 25933053] - qed: Make OOO archipelagos into an array (Michal Kalderon) [Orabug: 25933053] - qed: Provide iSCSI statistics to management (Mintz, Yuval) [Orabug: 25933053] - qed: Inform qedi the number of possible CQs (Mintz, Yuval) [Orabug: 25933053] - qed: Add missing stat for new isles (Mintz, Yuval) [Orabug: 25933053] - qed: Dont close the OUT_EN during init (Mintz, Yuval) [Orabug: 25933053] - qed: Configure cacheline size in HW (Tomer Tayar) [Orabug: 25933053] - qed: Dont use main-ptt in unrelated flows (Rahul Verma) [Orabug: 25933053] - qed: Warn PTT usage by wrong hw-function (Mintz, Yuval) [Orabug: 25933053] - qed: Correct MSI-x for storage (Mintz, Yuval) [Orabug: 25933053] - qed: fix missing break in OOO_LB_TC case (Colin Ian King) [Orabug: 25933053] - qed: Add a missing error code (Dan Carpenter) [Orabug: 25933053] - qed: RoCE doesnt need to use SRC (Mintz, Yuval) [Orabug: 25933053] - qed: Correct TM ILT lines in presence of VFs (Mintz, Yuval) [Orabug: 25933053] - qed: Fix TM block ILT allocation (Michal Kalderon) [Orabug: 25933053] - qed: Revise QM cofiguration (Ariel Elior) [Orabug: 25933053] - qed: Use BDQ resource for storage protocols (Mintz, Yuval) [Orabug: 25933053] - qed: Utilize resource-lock based scheme (Tomer Tayar) [Orabug: 25933053] - qed: Support management-based resource locking (Tomer Tayar) [Orabug: 25933053] - qed: Send pf-flr as part of initialization (Mintz, Yuval) [Orabug: 25933053] - qed: Move to new load request scheme (Tomer Tayar) [Orabug: 25933053] - qed: hw_init() to receive parameter-struct (Mintz, Yuval) [Orabug: 25933053] - qed: Correct HW stop flow (Tomer Tayar) [Orabug: 25933053] - qed: Reserve VF feature before PF (Mintz, Yuval) [Orabug: 25933053] - qed: Dont waste SBs unused by RoCE (Mintz, Yuval) [Orabug: 25933053] - qed: Correct endian order of MAC passed to MFW (Mintz, Yuval) [Orabug: 25933053] - qed: Pass src/dst sizes when interacting with MFW (Tomer Tayar) [Orabug: 25933053] - qed: Revise MFW command locking (Tomer Tayar) [Orabug: 25933053] - qed: Always publish VF link from leading hwfn (Mintz, Yuval) [Orabug: 25933053] - qed: Raise verbosity of Malicious VF indications (Mintz, Yuval) [Orabug: 25933053] - qed: Make qed_iov_mark_vf_flr() return bool (Mintz, Yuval) [Orabug: 25933053] - qed: Deprecate VF multiple queue-stop (Mintz, Yuval) [Orabug: 25933053] - qed: Uniform IOV queue validation (Mintz, Yuval) [Orabug: 25933053] - qed: Correct default VF coalescing configuration (Mintz, Yuval) [Orabug: 25933053] - qed: Set HW-channel to ready before ACKing VF (Mintz, Yuval) [Orabug: 25933053] - qed: Clean VF malicious indication when disabling IOV (Mintz, Yuval) [Orabug: 25933053] - qed: Increase verbosity of VF -> PF errors (Mintz, Yuval) [Orabug: 25933053] - qed*: Add support for QL41xxx adapters (Mintz, Yuval) [Orabug: 25933053] - qed: Enable iSCSI Out-of-Order (Mintz, Yuval) [Orabug: 25933053] - qed: Correct out-of-bound access in OOO history (Mintz, Yuval) [Orabug: 25933053] - qed: Fix interrupt flags on Rx LL2 (Ram Amrani) [Orabug: 25933053] - qed: Free previous connections when releasing iSCSI (Mintz, Yuval) [Orabug: 25933053] - qed: Fix mapping leak on LL2 rx flow (Mintz, Yuval) [Orabug: 25933053] - qed: Prevent creation of too-big u32-chains (Tomer Tayar) [Orabug: 25933053] - qed: Align CIDs according to DORQ requirement (Ram Amrani) [Orabug: 25933053] - qed*: Utilize Firmware 8.15.3.0 (Mintz, Yuval) [Orabug: 25933053] - qedi: Add PCI device-ID for QL41xxx adapters. (Manish Rangankar) [Orabug: 25933053] - qed: Fix copy of uninitialized memory (robert.foss@collabora.com) [Orabug: 25933053] - qed: Dont use attention PTT for configuring BW (Mintz, Yuval) [Orabug: 25933053] - qed: Fix race with multiple VFs (Mintz, Yuval) [Orabug: 25933053] - qede: Add driver support for PTP (Sudarsana Reddy Kalluru) [Orabug: 25933053] - qede: Remove unnecessary datapath dereference (Mintz, Yuval) [Orabug: 25933053] - qede - mark SKB as encapsulated (Manish Chopra) [Orabug: 25933053] - qede: Postpone reallocation until NAPI end (Mintz, Yuval) [Orabug: 25933053] - qede: Split filtering logic to its own file (Mintz, Yuval) [Orabug: 25933053] - qede: Break datapath logic into its own file (Mintz, Yuval) [Orabug: 25933053] - SUNRPC: Handle EADDRNOTAVAIL on connection failures (Trond Myklebust) [Orabug: 26276067] - btrfs: introduce device delete by devid (Anand Jain) [Orabug: 26362455] - btrfs: enhance btrfs_find_device_by_user_input() to check device path (Anand Jain) [Orabug: 26362455] - btrfs: make use of btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] - btrfs: create helper btrfs_find_device_by_user_input() (Anand Jain) [Orabug: 26362455] - btrfs: clean up and optimize __check_raid_min_device() (Anand Jain) [Orabug: 26362455] - btrfs: create helper function __check_raid_min_devices() (Anand Jain) [Orabug: 26362455] - Revert 'mm: meminit: only set page reserved in the memblock region' (Dhaval Giani) [Orabug: 25879295] - Revert 'mm: meminit: move page initialization into a separate function' (Dhaval Giani) [Orabug: 25879295] - net/rds: Replace printk in TX path with stat variable (Yuval Shaia) [Orabug: 26402662] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403936] {CVE-2017-1000363} - drm/mgag200: Fix to always set HiPri for G200e4 V2 (Mathieu Larouche) [Orabug: 26408731] - dtrace: FBT module support and SPARCs return probes (Tomas Jedlicka) [Orabug: 26414392] [Orabug: 26414402] - bnx2x: Dont post statistics to malicious VFs (Mintz, Yuval) [Orabug: 26308277] - bnx2x: Allow vfs to disable txvlan offload (Mintz, Yuval) [Orabug: 26308277] - bnx2x: fix pf2vf bulletin DMA mapping leak (Michal Schmidt) [Orabug: 26308277] - bnx2x: Fix Multi-Cos (Mintz, Yuval) [Orabug: 26308277] - bnx2x: add missing configuration of VF VLAN filters (Michal Schmidt) [Orabug: 26308277] - bnx2x: fix incorrect filter count in an error message (Michal Schmidt) [Orabug: 26308277] - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (Michal Schmidt) [Orabug: 26308277] - bnx2x: fix detection of VLAN filtering feature for VF (Michal Schmidt) [Orabug: 26308277] - bnx2x: fix possible overrun of VFPF multicast addresses array (Michal Schmidt) [Orabug: 26308277] - bnx2x: lower verbosity of VF stats debug messages (Michal Schmidt) [Orabug: 26308277] - bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [Orabug: 26308277] - NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059} - SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26403998] {CVE-2017-9077} - lpfc update for uek4 11.4.0.2 (rkennedy) [Orabug: 26283182] - lpfc: Driver responds LS_RJT to Beacon Off (James Smart) [Orabug: 26283182] - lpfc: Fix crash after firmware flash when (James Smart) [Orabug: 26283182] - lpfc: Vport creation is failing with Link (James Smart) [Orabug: 26283182] - lpfc: Null pointer dereference when (James Smart) [Orabug: 26283182] - lpfc: Fix return value of board_mode store (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix Port going offline after (James Smart) [Orabug: 26283182] - scsi: lpfc: fix spelling mistake 'entrys' (Colin Ian King) [Orabug: 26283182] - scsi: lpfc: Add MDS Diagnostic support. (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix used-RPI accounting problem. (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix panic on BFS configuration (James Smart) [Orabug: 26283182] - lpfc: Fix Express lane queue creation. (James Smart) [Orabug: 26283182] - lpfc: Fix driver usage of 128B WQEs when WQ_CREATE is (James Smart) [Orabug: 26283182] - lpfc: Add Fabric assigned WWN support. (James Smart) [Orabug: 26283182] - lpfc: Fix crash after issuing lip reset (James Smart) [Orabug: 26283182] - lpfc: Remove NULL ptr check before kfree. (James Smart) [Orabug: 26283182] - lpfc: Fix spelling in comments. (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix PT2PT PRLI reject (James Smart) [Orabug: 26283182] - scsi: lpfc: correct rdp diag portnames (James Smart) [Orabug: 26283182] - scsi: lpfc: Fix eh_deadline setting for sli3 adapters. (rkennedy) [Orabug: 26283182] - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (James Smart) [Orabug: 26283182] - scsi: lpfc: fix missing spin_unlock on sql_list_lock (Colin Ian King) [Orabug: 26283182] - Signature verification support in kexec_file_load (Alexey Petrenko) [Orabug: 26402281] - blk-mq: dont redistribute hardware queues on a CPU hotplug event (Christoph Hellwig) [Orabug: 26039539] - RDS: Print failed rdma op details if failure is remote access (Rama Nichanamatlu) [Orabug: 26351421] - xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26351649] - be2net: Update the driver version to 11.4.0.0 (Suresh Reddy) [Orabug: 26403544] - be2net: Fix UE detection logic for BE3 (Suresh Reddy) [Orabug: 26403544] - be2net: Fix offload features for Q-in-Q packets (Vlad Yasevich) [Orabug: 26403544] - benet: Use time_before_eq for time comparison (Karim Eshapa) [Orabug: 26403544] - be2net: Fix endian issue in logical link config command (Suresh Reddy) [Orabug: 26403544] - be2net: fix initial MAC setting (Ivan Vecera) [Orabug: 26403544] - drivers: net: generalize napi_complete_done() (Eric Dumazet) [Orabug: 26403544] - be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [Orabug: 26403544] - be2net: fix unicast list filling (Ivan Vecera) [Orabug: 26403544] - be2net: fix accesses to unicast list (Ivan Vecera) [Orabug: 26403544] - be2net: fix non static symbol warnings (Wei Yongjun) [Orabug: 26403544] - be2net: Avoid redundant addition of mac address in HW (Suresh Reddy) [Orabug: 26403544] - be2net: Support UE recovery in BEx/Skyhawk adapters (Sriharsha Basavapatna) [Orabug: 26403544] - be2net: replace polling with sleeping in the FW completion path (Sathya Perla) [Orabug: 26403544] - be2net: support asymmetric rx/tx queue counts (Sathya Perla) [Orabug: 26403544] - net: properly release sk_frag.page (Eric Dumazet) [Orabug: 26409533] - net/rds: Add mutex exclusion for vector_load (Hakon Bugge) [Orabug: 26415107] - dtrace: Add support for manual triggered cyclics (Tomas Jedlicka) [Orabug: 26384803] - dtrace: LOW level cyclics should use workqueues (Tomas Jedlicka) [Orabug: 26384779] - sparc64: add DAX2 support to dax driver (Allen Pais) [Orabug: 26317606] - uek-rpm: change memory allocator from slab to slub (Allen Pais) - arch/sparc: Avoid DCTI Couples (Allen Pais) [Orabug: 26413522] - drivers/usb: Skip auto handoff for TI and RENESAS usb controllers (Babu Moger) [Orabug: 26389756] - sparc-config: Enable timestamp in dmesg output. (Atish Patra) [Orabug: 26389709] - sparc64: rtrap must set PSTATE.mcde before handling outstanding user work (Anthony Yznaga) [Orabug: 26388591] - i40e: Correct the macros for setting the DMA attributes (Jack Vogel) [Orabug: 26386323] - sparc64: Exclude perf user callchain during critical sections (Dave Aldridge) [Orabug: 26386213] - sunvnet: restrict advertized checksum offloads to just IP (Shannon Nelson) [Orabug: 26338709] - sparc64: add ccb kill and info to DAX driver (Jonathan Helman) [Orabug: 26317602] - i40e: fix annoying message (Jesse Brandeburg) [Orabug: 26420290] - watchdog: Move hardlockup detector to separate file (Allen Pais) [Orabug: 26420310] - watchdog: Move shared definitions to nmi.h (Allen Pais) [Orabug: 26420310] - sparc64: Suppress kmalloc (DAX driver) warning due to allocation failure (Sanath Kumar) [Orabug: 26338830] - i40evf: Use le32_to_cpu before evaluating HW desc fields. (Tushar Dave) [Orabug: 26420345] - sparc64: revert pause instruction patch for atomic backoff and cpu_relax() (Babu Moger) [Orabug: 26309070] - SPARC64: Correct ATU IOTSB binding flow (Tushar Dave) [Orabug: 26419957] - SPARC64: Introduce IOMMU BYPASS method (Tushar Dave) [Orabug: 26420209] - i40e: Revert i40e temporary workaround (Tushar Dave) [Orabug: 21149316] - sparc64: Enable 64-bit DMA (Tushar Dave) [Orabug: 21149316] - sparc64: Enable sun4v dma ops to use IOMMU v2 APIs (Allen Pais) [Orabug: 21149316] - sparc64: Bind PCIe devices to use IOMMU v2 service (Allen Pais) [Orabug: 21149316] - sparc64: Initialize iommu_map_table and iommu_pool (Tushar Dave) [Orabug: 21149316] - sparc64: Add ATU (new IOMMU) support (Allen Pais) [Orabug: 21149316] - sparc64: Make FORCE_MAX_ZONEORDER to 13 for ATU (Allen Pais) [Orabug: 21149316] - Revert 'sparc64: bypass iommu to use 64bit address space' (Allen Pais) [Orabug: 21149316] - [PATCH] RDS: When RDS socket is closed, print unreleased MRs (Rama Nichanamatlu) [Orabug: 26261993] - IB/IPoIB: ibX: failed to create mcg debug file (Shamir Rabinovitch) [Orabug: 24711873] [Orabug: 25175533] - scsi: qedi: Fix memory leak in tmf response processing. (Dupuis, Chad) [Orabug: 25667174] - scsi: qedi: fix build error without DEBUG_FS (Arnd Bergmann) [Orabug: 25667174] - scsi: qedi: fix missing return error code check on call to qedi_setup_int (Colin Ian King) [Orabug: 25667174] - scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn() (Wei Yongjun) [Orabug: 25667174] - scsi: qedi: return via va_end to match corresponding va_start (Colin Ian King) [Orabug: 25667174] - scsi: qedi: fix build, depends on UIO (Randy Dunlap) [Orabug: 25667174] - scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. (Manish Rangankar) [Orabug: 25667174] - dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26107472] {CVE-2017-8890} - Initialize fiblink list head during fib initialization (Dave Carroll) [Orabug: 26291272] - aacraid: Update scsi_host_template to use tagged commands (Dave Carroll) [Orabug: 26291272] - IB/mlx4: Suppress warning for not handled portmgmt event subtype (Mukesh Kacker) [Orabug: 26409722] - bnxt_en: Fix netpoll handling. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add missing logic to handle TPA end error conditions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix xmit_more with BQL. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings(). (Michael Chan) [Orabug: 26402533] - bnxt_en: Implement xmit_more. (Michael Chan) [Orabug: 26402533] - bnxt_en: Optimize doorbell write operations for newer chips. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add additional chip ID definitions. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PCI IDs for BCM57454 VF devices. (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Support for Short Firmware Message (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration. (Michael Chan) [Orabug: 26402533] - bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26366387] - bnxt_en: allocate enough space for ->ntp_fltr_bmap (Dan Carpenter) [Orabug: 26402533] - bnxt_en: Restrict a PF in Multi-Host mode from changing port PHY configuration (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Check the FW_LLDP_AGENT flag before allowing DCBX host agent. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add 100G link speed reporting for BCM57454 ASIC in ethtool (Deepak Khungar) [Orabug: 26402533] - bnxt_en: Fix VF attributes reporting. (Michael Chan) [Orabug: 26402533] - bnxt_en: Pass DCB RoCE app priority to firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Cap the msix vector with the max completion rings. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add interrupt test to ethtool -t selftest. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add PHY loopback to ethtool self-test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool mac loopback self test. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic ethtool -t selftest support. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add suspend/resume callbacks. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool set_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add ethtool get_wol method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add pci shutdown method. (Michael Chan) [Orabug: 26402533] - bnxt_en: Add basic WoL infrastructure. (Michael Chan) [Orabug: 26402533] - bnxt_en: Update firmware interface spec to 1.7.6.2. (Michael Chan) [Orabug: 26402533] - bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. (Michael Chan) [Orabug: 26402533] - bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Fix NULL pointer dereference in reopen failure path (Sankar Patchineelam) [Orabug: 26402533] - bnxt_en: Ignore 0 value in autoneg supported speed from firmware. (Michael Chan) [Orabug: 26402533] - bnxt_en: Check if firmware LLDP agent is running. (Michael Chan) [Orabug: 26402533] - bnxt_en: Call bnxt_ulp_stop() during tx timeout. (Michael Chan) [Orabug: 26402533] - bnxt_en: Perform function reset earlier during probe. (Michael Chan) [Orabug: 26402533] - IB/cm: remove unnecessary ib_query_device in PSIF RNR WA (Wei Lin Guay) [Orabug: 25908234] - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (Paolo Abeni) [Orabug: 26397428] - i40e: remove FDIR_REQUIRES_REINIT driver flag (Jacob Keller) [Orabug: 26403617] - i40e: remove a useless goto statement (Jacob Keller) [Orabug: 26403617] - i40e: Check for new arq elements before leaving the adminq subtask loop (Christopher N Bednarz) [Orabug: 26403617] - i40e: use register for XL722 control register read/write (Paul M Stillwell Jr) [Orabug: 26403617] - i40e: Clean up handling of private flags (Alexander Duyck) [Orabug: 26403617] - i40evf: enforce descriptor write-back mechanism for VF (Preethi Banala) [Orabug: 26403617] - i40e: initialize params before notifying of l2_param_changes (Jacob Keller) [Orabug: 26403617] - i40e/i40evf: Clean-up process_skb_fields (Alexander Duyck) [Orabug: 26403617] - i40e: removed no longer needed delays (Bimmy Pujari) [Orabug: 26403617] - i40e: Fixed race conditions in VF reset (Robert Konklewski) [Orabug: 26403617] - i40e/i40evf: Fix use after free in Rx cleanup path (Alexander Duyck) [Orabug: 26403617] - i40e: fix configuration of RSS table with DCB (Harshitha Ramamurthy) [Orabug: 26403617] - i40e: Do not enable NAPI on q_vectors that have no rings (Alexander Duyck) [Orabug: 26403617] - i40e: make use of hlist_for_each_entry_continue (Jacob Keller) [Orabug: 26403617] - i40e: document drivers use of ntuple filters (Jacob Keller) [Orabug: 26403617] - i40e: add support for SCTPv4 FDir filters (Jacob Keller) [Orabug: 26403617] - i40e: implement support for flexible word payload (Jacob Keller) [Orabug: 26403617] - i40e: add parsing of flexible filter fields from userdef (Jacob Keller) [Orabug: 26403617] - i40e: partition the ring_cookie to get VF index (Jacob Keller) [Orabug: 26403617] - i40e: allow changing input set for ntuple filters (Jacob Keller) [Orabug: 26403617] - i40e: restore default input set for each flow type (Jacob Keller) [Orabug: 26403617] - i40e: check current configured input set when adding ntuple filters (Jacob Keller) [Orabug: 26403617] - i40e: correctly honor the mask fields for ETHTOOL_SRXCLSRLINS (Jacob Keller) [Orabug: 26403617] - i40e: always remove old filter when adding new FDir filter (Jacob Keller) [Orabug: 26403617] - i40e: explicitly fail on extended MAC field for ethtool_rx_flow_spec (Jacob Keller) [Orabug: 26403617] - i40e: add counters for UDP/IPv4 and IPv4 filters (Jacob Keller) [Orabug: 26403617] - i40e: dont re-enable ATR when flushing filters if SB has TCP4/IPv4 rules (Jacob Keller) [Orabug: 26403617] - i40e: reset fd_tcp_rule count when restoring filters (Jacob Keller) [Orabug: 26403617] - i40e: remove redundant check for fd_tcp_rule when restoring filters (Jacob Keller) [Orabug: 26403617] - i40e: exit ATR mode only when adding TCP/IPv4 filter succeeds (Jacob Keller) [Orabug: 26403617] - i40e: return immediately when failing to add fdir filter (Jacob Keller) [Orabug: 26403617] - i40e: rework exit flow of i40e_add_fdir_ethtool (Jacob Keller) [Orabug: 26403617] - i40e: dont use arrays for (src|dst)_ip (Jacob Keller) [Orabug: 26403617] - i40e: send correct port number to AdminQ when enabling UDP tunnels (Jacob Keller) [Orabug: 26403617] - i40e: rename auto_disable_flags to hw_disabled_flags (Harshitha Ramamurthy) [Orabug: 26403617] - i40e/i40evf: Change version from 1.6.27 to 2.1.7 (Bimmy Pujari) [Orabug: 26403617] - i40e: Allow untrusted VFs to have more filters (Mitch Williams) [Orabug: 26403617] - i40e: Clarify steps in MAC/VLAN filters initialization routine (Filip Sadowski) [Orabug: 26403617] - i40e: fix RSS queues only operating on PF0 (Lihong Yang) [Orabug: 26403617] - i40e: fix ethtool to get EEPROM data from X722 interface (Lihong Yang) [Orabug: 26403617] - i40e: dont add more vectors to num_lan_msix than number of CPUs (Jacob Keller) [Orabug: 26403617] - i40e: KISS the client interface (Mitch Williams) [Orabug: 26403617] - i40e: fix up recent proxy and wol bits for X722_SUPPORT (Shannon Nelson) [Orabug: 26403617] - i40e: Acquire NVM lock before reads on all devices (Aaron Salter) [Orabug: 26403617] - scripts/spelling.txt: add 'varible' pattern and fix typo instances (Masahiro Yamada) [Orabug: 26403617] - i40e: Invoke softirqs after napi_reschedule (Benjamin Poirier) [Orabug: 26403617] - i40e: remove duplicate device id from PCI table (Carolyn Wyborny) [Orabug: 26403617] - i40e: mark the value passed to csum_replace_by_diff as __wsum (Jacob Keller) [Orabug: 26403617] - i40e: Error handling for link event (Harshitha Ramamurthy) [Orabug: 26403617] - i40e: properly convert le16 value to CPU format (Jacob Keller) [Orabug: 26403617] - i40e: convert to cpu from le16 to generate switch_id correctly (Jacob Keller) [Orabug: 26403617] - i40e: refactor AQ CMD buffer debug printing (Alan Brady) [Orabug: 26403617] - i40e: Fix Adaptive ITR enabling (Carolyn Wyborny) [Orabug: 26403617] - i40evf: add comment (Mitch Williams) [Orabug: 26403617] - i40evf: free rings in remove function (Mitch Williams) [Orabug: 26403617] - i40e: remove unnecessary call to i40e_update_link_info (Jacob Keller) [Orabug: 26403617] - i40e: enable mc magic pkt wakeup during power down (Joshua Hay) [Orabug: 26403617] - i40e: fix disable overflow promiscuous mode (Alan Brady) [Orabug: 26403617] - i40e: Save more link abilities when using ethtool (Henry Tieman) [Orabug: 26403617] - i40e: avoid race condition when sending filters to firmware for addition (Jacob Keller) [Orabug: 26403617] - i40e: allow i40e_update_filter_state to skip broadcast filters (Jacob Keller) [Orabug: 26403617] - i40e: dont warn every time we clear an Rx timestamp register (Jacob Keller) [Orabug: 26403617] - i40e: Save link FEC info from link up event (Henry Tieman) [Orabug: 26403617] - i40e: Add bus number info to i40e_bus_info struct (Sudheer Mogilappagari) [Orabug: 26403617] - i40e: Clean up dead code (Mitch Williams) [Orabug: 26403617] - i40e/i40evf : Changed version from 1.6.25 to 1.6.27 (Bimmy Pujari) [Orabug: 26403617] - i40e: update comment explaining where FDIR buffers are freed (Jacob Keller) [Orabug: 26403617] - i40e/i40evf: eliminate i40e_pull_tail() (Scott Peterson) [Orabug: 26403617] - i40e/i40evf: Moves skb from i40e_rx_buffer to i40e_ring (Scott Peterson) [Orabug: 26403617] - i40e/i40evf: Limit DMA sync of RX buffers to actual packet size (Scott Peterson) [Orabug: 26403617] - i40evf: track outstanding client request (Mitch Williams) - i40e: dont check params until after checking for client instance (Jacob Keller) [Orabug: 26403617] - i40e: add interrupt rate limit verbosity (Alan Brady) [Orabug: 26403617] - i40e: refactor macro INTRL_USEC_TO_REG (Alan Brady) [Orabug: 26403617] - i40e: remove unused function (Mitch Williams) [Orabug: 26403617] - i40e: Remove FPK HyperV VF device ID (Jayaprakash Shanmugam) - i40e: Quick refactor to start moving data off stack and into Tx buffer info (Alexander Duyck) [Orabug: 26403617] - i40e: remove unnecessary __packed (Tushar Dave) [Orabug: 26403617] - i40evf: remove unused device ID (Mitch Williams) - i40e: Deprecating unused macro (Bimmy Pujari) [Orabug: 26403617] - i40e: when adding or removing MAC filters, correctly handle VLANs (Jacob Keller) [Orabug: 26403617] - i40e: avoid O(n^2) loop when deleting all filters (Jacob Keller) [Orabug: 26403617] - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (Jacob Keller) [Orabug: 26403617] - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (Jacob Keller) [Orabug: 26403617] - i40e: dont allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (Jacob Keller) [Orabug: 26403617] - i40e: Changed version from 1.6.21 to 1.6.25 (Bimmy Pujari) [Orabug: 26403617] - i40e/i40evf: Add support for mapping pages with DMA attributes (Alexander Duyck) [Orabug: 26396552] - aacraid: initialize scsi shared tag map (Joe Jin) [Orabug: 26367703] - bnxt: add dma mapping attributes (Shannon Nelson) [Orabug: 26388629] - dma-mapping: add interfaces for mapping pages with attributes (Shannon Nelson) [Orabug: 26388629] - sparc64: Set valid bytes of misaligned no-fault loads (Rob Gardner) [Orabug: 26316944] - fs/fuse: Fix for correct number of numa nodes (Babu Moger) [Orabug: 26369428] - sparc64: delete old wrap code (Pavel Tatashin) [Orabug: 26372254] - sparc64: new context wrap (Pavel Tatashin) [Orabug: 26372254] - sparc64: add per-cpu mm of secondary contexts (Pavel Tatashin) [Orabug: 26372254] - sparc64: redefine first version (Pavel Tatashin) [Orabug: 26372254] - sparc64: combine activate_mm and switch_mm (Pavel Tatashin) [Orabug: 26372254] - sparc64: reset mm cpumask after wrap (Pavel Tatashin) [Orabug: 26372254] - Revert 'sparc64: Restrict number of processes' (Pavel Tatashin) [Orabug: 26372230] - net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26350974] - x86/ras/therm_throt: Do not log a fake MCE for thermal events (Borislav Petkov) [Orabug: 26361327] - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366002] {CVE-2017-7645} - sparc64: broken %tick frequency on spitfire cpus (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: use prom interface to get %stick frequency (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: optimize functions that access tick (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: add hot-patched and inlined get_tick() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: initialize time early (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: improve modularity tick options (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: optimize loads in clock_sched() (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: show time stamps from zero (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: access tick function from variable (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - sparc64: remove trailing white spaces (Pavel Tatashin) [Orabug: 24401250] [Orabug: 26369510] - block: defer timeouts to a workqueue (Christoph Hellwig) [Orabug: 26372235] - macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477} - macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477} - sparc64: Add 16GB hugepage support (Nitin Gupta) [Orabug: 26319885] - xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t (Hou Tao) [Orabug: 26354404] - xfs: fix max_retries _show and _store functions (Carlos Maiolino) [Orabug: 26354404] - xfs: normalize 'infinite' retries in error configs (Eric Sandeen) [Orabug: 26354404] - xfs: dont reset b_retries to 0 on every failure (Eric Sandeen) [Orabug: 26354404] - xfs: fix xfs_error_get_cfg for negative errnos (Eric Sandeen) [Orabug: 26354404] - xfs: add 'fail at unmount' error handling configuration (Carlos Maiolino) [Orabug: 26354404] - xfs: add configuration handlers for specific errors (Carlos Maiolino) [Orabug: 26354404] - xfs: add configuration of error failure speed (Carlos Maiolino) [Orabug: 26354404] - xfs: introduce table-based init for error behaviors (Carlos Maiolino) [Orabug: 26354404] - xfs: add configurable error support to metadata buffers (Carlos Maiolino) [Orabug: 26354404] - xfs: introduce metadata IO error class (Carlos Maiolino) [Orabug: 26354404] - xfs: configurable error behavior via sysfs (Carlos Maiolino) [Orabug: 26354404] - rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: various endian-ness fixes (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: remove cp_outgoing (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: Reorder initialization sequence in rds_tcp_init to avoid races (Sowmini Varadhan) [Orabug: 26235715] - rds: tcp: Take explicit refcounts on struct net (Sowmini Varadhan) [Orabug: 26235715] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364} - dtrace: add kprobe-unsafe addresses to FBT blacklist (Kris Van Hees) [Orabug: 26324039] - dtrace: convert FBT blacklist to RB-tree (Kris Van Hees) [Orabug: 26324039] - e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (Konstantin Khlebnikov) [Orabug: 26338952] - e1000e: Dont return uninitialized stats (Benjamin Poirier) [Orabug: 26338952] - e1000e: fix race condition around skb_tstamp_tx() (Jacob Keller) [Orabug: 26338952] - e1000e: Add Support for 38.4MHZ frequency (Sasha Neftin) [Orabug: 26338952] - e1000e: Add Support for CannonLake (Sasha Neftin) [Orabug: 26338952] - e1000e: Initial Support for CannonLake (Sasha Neftin) [Orabug: 26338952] - e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] - e1000e: fix timing for 82579 Gigabit Ethernet controller (Bernd Faust) [Orabug: 26338952] - e1000: Omit private ndo_get_stats function (Tobias Klauser) [Orabug: 26338952] - Revert 'e1000e: driver trying to free already-free irq' (Jeff Kirsher) [Orabug: 26338952] - e1000e: driver trying to free already-free irq (khalidm) [Orabug: 26338952] - e1000: use disable_hardirq() for e1000_netpoll() (WANG Cong) [Orabug: 26338952] - e1000e: fix PTP on e1000_pch_lpt variants (Jarod Wilson) [Orabug: 26338952] - e1000e: factor out systim sanitization (Jarod Wilson) [Orabug: 26338952] - e1000e: prevent division by zero if TIMINCA is zero (Denys Vlasenko) [Orabug: 26338952] - e1000e: keep Rx/Tx HW_VLAN_CTAG in sync (Jarod Wilson) [Orabug: 26338952] - e1000e: keep VLAN interfaces functional after rxvlan off (Jarod Wilson) [Orabug: 26338952] - e1000e: dont modify SYSTIM registers during SIOCSHWTSTAMP ioctl (Jacob Keller) [Orabug: 26338952] - e1000e: mark shifted values as unsigned (Jacob Keller) [Orabug: 26338952] - e1000e: use BIT() macro for bit defines (Jacob Keller) [Orabug: 26338952] - e1000e: e1000e_cyclecounter_read(): do overflow check only if needed (Denys Vlasenko) [Orabug: 26338952] - e1000e: e1000e_cyclecounter_read(): fix er32(SYSTIML) overflow check (Denys Vlasenko) [Orabug: 26338952] - e1000e: e1000e_cyclecounter_read(): incvalue is 32 bits, not 64 (Denys Vlasenko) [Orabug: 26338952] - e1000e: Cleanup consistency in ret_val variable usage (Brian Walsh) [Orabug: 26338952] - e1000e: fix ethtool autoneg off for non-copper (Steve Shih) [Orabug: 26338952] - e1000: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] - e1000e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26338952] - e1000: Double Tx descriptors needed check for 82544 (Alexander Duyck) [Orabug: 26338952] - e1000: Do not overestimate descriptor counts in Tx pre-check (Alexander Duyck) [Orabug: 26338952] - e1000e: Initial support for KabeLake (Raanan Avargil) [Orabug: 26338952] - e1000e: Clear ULP configuration register on ULP exit (Raanan Avargil) [Orabug: 26338952] - e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Raanan Avargil) [Orabug: 26338952] - e1000e: Increase PHY PLL clock gate timing (Raanan Avargil) [Orabug: 26338952] - e1000e: Increase ULP timer (Raanan Avargil) [Orabug: 26338952] - e1000e: Fix msi-x interrupt automask (Benjamin Poirier) [Orabug: 26338952] - e1000e: Do not write lsc to ics in msi-x mode (Benjamin Poirier) [Orabug: 26338952] - e1000e: Do not read ICR in Other interrupt (Benjamin Poirier) [Orabug: 26338952] - e1000e: Remove unreachable code (Benjamin Poirier) [Orabug: 26338952] - e1000e: Switch e1000e_up to void, drop code checking for error result (Alexander Duyck) [Orabug: 26338952] - e1000e: initial support for i219-LM (3) (Raanan Avargil) [Orabug: 26338952] - e1000e: Increase timeout of polling bit RSPCIPHY (Raanan Avargil) [Orabug: 26338952] - e1000e: fix division by zero on jumbo MTUs (Dmitry Fleytman) [Orabug: 26338952] - e1000: Elementary checkpatch warnings and checks removed (Janusz Wolak) [Orabug: 26338952] - e1000: get rid of duplicate exit path (Jean Sacren) [Orabug: 26338952] - e1000: fix kernel-doc argument being missing (Jean Sacren) [Orabug: 26338952] - e1000e: clean up the local variable (Jean Sacren) [Orabug: 26338952] - e1000: fix a typo in the comment (Jean Sacren) [Orabug: 26338952] - e1000: clean up the checking logic (Jean Sacren) [Orabug: 26338952] - e1000: Remove checkpatch coding style errors (Janusz Wolak) [Orabug: 26338952] - e1000: fix data race between tx_ring->next_to_clean (Dmitriy Vyukov) [Orabug: 26338952] - e1000: make eeprom read/write scheduler friendly (Joern Engel) [Orabug: 26338952] - e1000e: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26338952] - e1000: remove dead e1000_init_eeprom_params calls (Francois Romieu) [Orabug: 26338952] - e1000e: Modify Tx/Rx configurations to avoid null pointer dereferences in e1000_open (Jia-Ju Bai) [Orabug: 26338952] - ixgbe: fix incorrect status check (Emil Tantilov) [Orabug: 26339150] - ixgbe: add missing configuration for rate select 1 (Emil Tantilov) [Orabug: 26339150] - ixgbe: always call setup_mac_link for multispeed fiber (Emil Tantilov) [Orabug: 26339150] - ixgbe: add write flush when configuring CS4223/7 (Emil Tantilov) [Orabug: 26339150] - ixgbe: correct CS4223/7 PHY identification (Emil Tantilov) [Orabug: 26339150] - ixgbevf: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] - ixgbevf: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] - ixgbe: Resolve warnings for -Wimplicit-fallthrough (Tony Nguyen) [Orabug: 26339150] - ixgbe: Resolve truncation warning for q_vector->name (Tony Nguyen) [Orabug: 26339150] - ixgbe: Add error checking to setting VF MAC (Tony Nguyen) [Orabug: 26339150] - ixgbe: Correct thermal sensor event check (Mark Rustad) [Orabug: 26339150] - ixgbe: enable L3/L4 filtering for Tx switched packets (Emil Tantilov) [Orabug: 26339150] - ixgbe: Remove MAC X550EM_X 1Gbase-t led_[on|off] support (Paul Greenwalt) [Orabug: 26339150] - ixgbevf: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] - ixgbevf: Fix errors in retrieving RETA and RSS from PF (Tony Nguyen) [Orabug: 26339150] - ixgbe: Check for RSS key before setting value (Tony Nguyen) [Orabug: 26339150] - ixgbe: Add 1000Base-T device based on X550EM_X MAC (Paul Greenwalt) [Orabug: 26339150] - ixgbe: Allow setting zero MAC address for VF (Tony Nguyen) [Orabug: 26339150] - ixgbevf: fix size of queue stats length (Emil Tantilov) [Orabug: 26339150] - ixgbe: clean macvlan MAC filter table on VF reset (Emil Tantilov) [Orabug: 26339150] - ixgbe: Acquire PHY semaphore before device reset (Paul Greenwalt) [Orabug: 26339150] - ixgbe: Fix output from ixgbe_dump (Alexander Duyck) [Orabug: 26339150] - ixgbe: add check for VETO bit when configuring link for KR (Tony Nguyen) [Orabug: 26339150] - ixgbe: Remove unused define (Don Skidmore) [Orabug: 26339150] - ixgbe: do not use adapter->num_vfs when setting VFs via module parameter (Emil Tantilov) [Orabug: 26339150] - ixgbe: return early instead of wrap block in if statement (Emil Tantilov) [Orabug: 26339150] - ixgbe: move num_vfs_macvlans allocation into separate function (Emil Tantilov) [Orabug: 26339150] - ixgbe: add default setup_link for x550em_a MAC type (Emil Tantilov) [Orabug: 26339150] - ixgbe: list X553 backplane speeds correctly (Don Skidmore) [Orabug: 26339150] - ixgbe: Add X552 XFI backplane support (Don Skidmore) [Orabug: 26339150] - ixgbe: Complete support for X553 sgmii (Don Skidmore) [Orabug: 26339150] - ixgbe: Remove driver config for KX4 PHY (Tony Nguyen) [Orabug: 26339150] - ixgbe: Remove pr_cont uses (Joe Perches) [Orabug: 26339150] - ixgbe: Avoid Tx hang by not allowing more than the number of VFs supported. (Usha Ketineni) [Orabug: 26339150] - ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines (Alexander Duyck) [Orabug: 26339150] - ixgbe: update the rss key on h/w, when ethtool ask for it (Paolo Abeni) [Orabug: 26339150] - ixgbe: Dont bother clearing buffer memory for descriptor rings (Alexander Duyck) [Orabug: 26339150] - ixgbe: Add private flag to control buffer mode (Alexander Duyck) [Orabug: 26339150] - ixgbe: Add support for padding packet (Alexander Duyck) [Orabug: 26339150] - ixgbe: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26339150] - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (Alexander Duyck) - ixgbe: Only DMA sync frame length (Alexander Duyck) [Orabug: 26339150] - ixgbe: Update version to reflect added functionality (Mark Rustad) [Orabug: 26339150] - ixgbe: prefix Data Center Bridge ops struct (Stephen Hemminger) [Orabug: 26339150] - ixgbe: Support 2.5Gb and 5Gb speed (Tony Nguyen) [Orabug: 26339150] - ixgbevf: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] - ixgbe: get rid of custom busy polling code (Eric Dumazet) [Orabug: 26339150] - ixgbe: Add PF support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] - ixgbevf: Add support for VF promiscuous mode (Don Skidmore) [Orabug: 26339150] - ixgbe: Implement support for firmware-controlled PHYs (Mark Rustad) [Orabug: 26339150] - ixgbe: Implement firmware interface to access some PHYs (Mark Rustad) [Orabug: 26339150] - ixgbe: Remove unused firmware version functions and method (Mark Rustad) [Orabug: 26339150] - ixgbe: Fix issues with EEPROM access (Mark Rustad) [Orabug: 26339150] - ixgbe: Configure advertised speeds correctly for KR/KX backplane (Don Skidmore) [Orabug: 26339150] - ixgbevf: restore hw_addr on resume or error (Emil Tantilov) [Orabug: 26339150] - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Yusuke Suzuki) [Orabug: 26339150] - ixgbevf: fix AER error handling (Emil Tantilov) [Orabug: 26339150] - ixgbe: fix AER error handling (Emil Tantilov) [Orabug: 26339150] - ixgbe: test for trust in macvlan adjustments for VF (Ken Cox) [Orabug: 26339150] - ixgbevf: handle race between close and suspend on shutdown (Emil Tantilov) [Orabug: 26339150] - ixgbe: handle close/suspend race with netif_device_detach/present (Emil Tantilov) [Orabug: 26339150] - ixgbe: Fix reporting of 100Mb capability (Tony Nguyen) [Orabug: 26339150] - ixgbe: Reduce I2C retry count on X550 devices (Tony Nguyen) [Orabug: 26339150] - ixgbe: Add bounds check for x540 LED functions (Tony Nguyen) [Orabug: 26339150] - ixgbe: add mask for 64 RSS queues (Emil Tantilov) [Orabug: 26339150] - ixgbe: Fix check for ixgbe_phy_x550em_ext_t reset (Tony Nguyen) [Orabug: 26339150] - ixgbe: Report driver version to firmware for x550 devices (Tony Nguyen) [Orabug: 26339150] - ixgbe: do not disable FEC from the driver (Emil Tantilov) [Orabug: 26339150] - net/rds: prioritize the base connection establishment (Wei Lin Guay) [Orabug: 26258518] - net/rds: determine active/passive connection with IP addresses (Wei Lin Guay) [Orabug: 26258518] - net/rds: use different workqueue for base_conn (Wei Lin Guay) [Orabug: 26258518] - net/rds: Revert 'RDS: add reconnect retry scheme for stalled connections' (Wei Lin Guay) [Orabug: 26258518] - IB/mlx4: Fix CM REQ retries in paravirt mode (Hakon Bugge) [Orabug: 26304670] - uek-config: disable CONFIG_MOUSE_PS2_VMMOUSE for ol6 (Ethan Zhao) [Orabug: 26264650] - igb: missing rtnl_unlock in igb_sriov_reinit() (Vasily Averin) [Orabug: 26242904] - igb: bump version to igb-5.4.0 (Todd Fujinaka) [Orabug: 26242904] - igbvf: bump version to igbvf-2.4.0 (Todd Fujinaka) [Orabug: 26242904] - igb: fix non static symbol warning (Wei Yongjun) [Orabug: 26242904] - igb: fix error code in igb_add_ethtool_nfc_entry() (Gangfeng Huang) [Orabug: 26242904] - igb: support RX flow classification by VLAN priority (Gangfeng Huang) [Orabug: 26242904] - igb: support RX flow classification by ethertype (Gangfeng Huang) [Orabug: 26242904] - igb: add support of RX network flow classification (Gangfeng Huang) [Orabug: 26242904] - igb: fix adjusting PTP timestamps for Tx/Rx latency (Kshitiz Gupta) [Orabug: 26242904] - igb: Only DMA sync frame length (Andrew Lunn) [Orabug: 26242904] - igb: call igb_ptp_suspend during suspend/resume cycle (Jacob Keller) [Orabug: 26242904] - igb: implement igb_ptp_suspend (Jacob Keller) [Orabug: 26242904] - igb: re-use igb_ptp_reset in igb_ptp_init (Jacob Keller) [Orabug: 26242904] - igb: introduce IGB_PTP_OVERFLOW_CHECK flag (Jacob Keller) [Orabug: 26242904] - igb: introduce ptp_flags variable and use it to replace IGB_FLAG_PTP (Jacob Keller) [Orabug: 26242904] - igbvf: use BIT() macro instead of shifts (Jacob Keller) [Orabug: 26242904] - igbvf: remove unused variable and dead code (Jacob Keller) [Orabug: 26242904] - igb: adjust PTP timestamps for Tx/Rx latency (Nathan Sullivan) [Orabug: 26242904] - igb: make igb_update_pf_vlvf static (Jacob Keller) [Orabug: 26242904] - igb: use BIT() macro or unsigned prefix (Jacob Keller) [Orabug: 26242904] - Revert 'igb: Fix a deadlock in igb_sriov_reinit' (Arika Chen) [Orabug: 26242904] - igb: Garbled output for 'ethtool -m' (Doron Shikmoni) [Orabug: 26242904] - igb: allow setting MAC address on i211 using a device tree blob (John Holland) [Orabug: 26242904] - igb: Fix sparse warning about passing __beXX into leXX_to_cpup (Alexander Duyck) [Orabug: 26242904] - igb: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 26242904] - igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [Orabug: 26242904] - igbvf: remove 'link is Up' message when registering mcast address (Jon Maxwell) [Orabug: 26242904] - igbvf: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] - igb: Add support for generic Tx checksums (Alexander Duyck) [Orabug: 26242904] - igb: rename igb define to be more generic (Todd Fujinaka) [Orabug: 26242904] - igb: add conditions for I210 to generate periodic clock output (Roland Hii) [Orabug: 26242904] - igb: enable WoL for OEM devices regardless of EEPROM setting (Todd Fujinaka) [Orabug: 26242904] - igb: constify e1000_phy_operations structure (Julia Lawall) [Orabug: 26242904] - igb: When GbE link up, wait for Remote receiver status condition (Takuma Ueba) [Orabug: 26242904] - igb: Add workaround for VLAN tag stripping on 82576 (Alexander Duyck) [Orabug: 26242904] - igb: Enable use of 'bridge fdb add' to set unicast table entries (Alexander Duyck) [Orabug: 26242904] - igb: Drop unnecessary checks in transmit path (Alexander Duyck) [Orabug: 26242904] - igb: Add support for VLAN promiscuous with SR-IOV and NTUPLE (Alexander Duyck) [Orabug: 26242904] - igb: Clean-up configuration of VF port VLANs (Alexander Duyck) [Orabug: 26242904] - igb: Merge VLVF configuration into igb_vfta_set (Alexander Duyck) [Orabug: 26242904] - igb: Always enable VLAN 0 even if 8021q is not loaded (Alexander Duyck) [Orabug: 26242904] - igb: Do not factor VLANs into RLPML calculation (Alexander Duyck) [Orabug: 26242904] - igb: Allow asymmetric configuration of MTU versus Rx frame size (Alexander Duyck) [Orabug: 26242904] - igb: Refactor VFTA configuration (Alexander Duyck) [Orabug: 26242904] - igb: clean up code for setting MAC address (Alexander Duyck) [Orabug: 26242904] - igb/igbvf: dont give up (Mitch Williams) [Orabug: 26242904] - igb: Unpair the queues when changing the number of queues (Shota Suzuki) [Orabug: 26242904] - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (Shota Suzuki) [Orabug: 26242904] - igb: Explicitly label self-test result indices (Joe Schultz) [Orabug: 26242904] - igb: Improve cable length function for I210, etc. (Joe Schultz) [Orabug: 26242904] - igb: Dont add PHY address to PCDL address (Aaron Sierra) [Orabug: 26242904] - igb: Remove GS40G specific defines/functions (Aaron Sierra) [Orabug: 26242904] - igb: improve handling of disconnected adapters (Jarod Wilson) [Orabug: 26242904] - igb: fix NULL derefs due to skipped SR-IOV enabling (Jan Beulich) [Orabug: 26242904] - igb: use the correct i210 register for EEMNGCTL (Todd Fujinaka) [Orabug: 26242904] - igb: dont unmap NULL hw_addr (Jarod Wilson) [Orabug: 26242904] - igb: add 88E1543 initialization code (Todd Fujinaka) [Orabug: 26242904] - net: igb: avoid using timespec (Arnd Bergmann) [Orabug: 26242904] - igb: assume MSI-X interrupts during initialization (Stefan Assmann) [Orabug: 26242904] - igbvf: Enable TSO for stacked VLAN (Toshiaki Makita) [Orabug: 26242904] - igb: make sure SR-IOV init uses the right number of queues (Todd Fujinaka) [Orabug: 26242904] - igbvf: clear buffer_info->dma after dma_unmap_single() (Stefan Assmann) [Orabug: 26242904] - igb: Fix a memory leak in igb_probe (Jia-Ju Bai) [Orabug: 26242904] - igb: Fix a deadlock in igb_sriov_reinit (Jia-Ju Bai) [Orabug: 26242904] - igb: Teardown SR-IOV before unregister_netdev() (Alex Williamson) [Orabug: 26242904] - igb: add support for 1512 PHY (Todd Fujinaka) [Orabug: 26242904] - igb: implement high frequency periodic output signals (Richard Cochran) [Orabug: 26242904] - blkback/blktap: dont leak stack data via response ring (Jan Beulich) [Orabug: 26321954] - Documentation/sparc: Steps for sending break on sunhv console (Vijay Kumar) [Orabug: 26322031] - sparc64: Send break twice from console to return to boot prom (Vijay Kumar) [Orabug: 26322031] - sparc64: Migrate hvcons irq to panicked cpu (Vijay Kumar) [Orabug: 26322031] - sparc64: Set cpu state to offline when stopped (Vijay Kumar) [Orabug: 26322031] - dtrace: io provider probes for nfs (Nicolas Droux) [Orabug: 26145701] - ctf: fix a variety of memory leaks and use-after-free bugs (Nick Alcock) [Orabug: 26323755] - DTrace: IP provider use-after-free for drop-out probe points (Alan Maguire) [Orabug: 25924594] - net/mlx4_core: Use round robin scheme to avoid stale caches (Santosh Shilimkar) [Orabug: 26265801] - nvme: Quirks for PM1725 controllers (Martin K. Petersen) [Orabug: 26284735] - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Guilherme G. Piccoli) [Orabug: 26284735] - nvme/quirk: Add a delay before checking device ready for memblaze device (Wenbo Wang) [Orabug: 26284735] - nvme/quirk: Add a delay before checking for adapter readiness (Guilherme G. Piccoli) [Orabug: 26284735] - percpu_ref: allow operation mode switching operations to be called concurrently (Tejun Heo) [Orabug: 26290757] - percpu_ref: restructure operation mode switching (Tejun Heo) [Orabug: 26290757] - percpu_ref: unify staggered atomic switching wait behavior (Tejun Heo) [Orabug: 26290757] - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (Tejun Heo) [Orabug: 26290757] - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (Tejun Heo) [Orabug: 26290757] - block: Fix mismerge in queue freeze logic (Martin K. Petersen) [Orabug: 26290757] - vfio/pci: Fix unsigned comparison overflow (Alex Williamson) - restore mutex_lock() call to blk_mq_freeze_queue_start() (Dan Duval) [Orabug: 26266917] - sparc64: mm: fix copy_tsb to correctly copy huge page TSBs (Mike Kravetz) [Orabug: 26273004] - nvme: Add a wrapper for getting the admin queue depth (Martin K. Petersen) [Orabug: 26284603] - nvme: Remove timeout when deleting queue (Martin K. Petersen) [Orabug: 26284626] - IP/ipoib: Move initialization of ACL instances table to device init phase (Yuval Shaia) [Orabug: 26290377] - btrfs: fix clone / extent-same deadlocks (Mark Fasheh) [Orabug: 26093112] - btrfs: dont update mtime/ctime on deduped inodes (Mark Fasheh) [Orabug: 26093112] - btrfs: allow dedupe of same inode (Mark Fasheh) [Orabug: 26093112] - btrfs: fix deadlock with extent-same and readpage (Mark Fasheh) [Orabug: 26093112] - btrfs: pass unaligned length to btrfs_cmp_data() (Mark Fasheh) [Orabug: 26093112] - Fix Express lane queue creation. (James Smart) [Orabug: 26102276] - uek-rpm/config: build tcmu kernel module by default (Shan Hai) [Orabug: 26185792] [Orabug: 25983319] - rds: tcp: fix memory leak in TIME_WAIT sockets (Sowmini Varadhan) [Orabug: 26189892] - rds: tcp: canonical connection order for all paths with index > 0 (Sowmini Varadhan) [Orabug: 25436912] - rds: tcp: allow progress of rds_conn_shutdown if the rds_connection is marked ERROR by an intervening FIN (Sowmini Varadhan) [Orabug: 25436912] - Backport multipath RDS from upstream to UEK4 (Sowmini Varadhan) [Orabug: 25436912] [4.1.12-103.2.1] - uek-rpm: enable bnxt driver for sparc (Allen Pais) [Orabug: 26222502] - uek-rpm: set CONFIG_FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 26222494] - sparc: Fix kernel BUG at arch/sparc/kernel/mdesc.c (Thomas Tai) - sparc64: allocate sufficient space for machine description (Thomas Tai) [Orabug: 26222471] - sparc64/mlx4_core: relaxed order for mlx4_core dma mappings (Shamir Rabinovitch) [Orabug: 26222434] - xsigo: UEK4-QU5: poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199200] - NVMe: During NVMe probe, get NVMe device information before mapping the device (Ashok Vairavan) [Orabug: 26194850] - sparc64: Fix an error code returned by a DAX ioctl (Sanath Kumar) [Orabug: 26190999] - sparc64: fix M8 ADI support (Anthony Yznaga) [Orabug: 26190997] [4.1.12-103.1.1] - Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088208] - scsi: megaraid_sas: Driver version upgrade (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: array overflow in megasas_dump_frame() (Dan Carpenter) [Orabug: 26096381] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Change RAID_1_10_RMW_CMDS to RAID_1_PEER_CMDS and set value to 2 (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Indentation and smatch warning fixes (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Cleanup VD_EXT_DEBUG and SPAN_DEBUG related debug prints (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Increase internal command pool (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Bail out the driver load if ld_list_query fails (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Change build_mpt_mfi_pass_thru to return void (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: During OCR, if get_ctrl_info fails do not continue with OCR (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Remove unused pd_index from megasas_build_ld_nonrw_fusion (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: megasas_return_cmd does not memset IO frame to zero (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: max_fw_cmds are decremented twice, remove duplicate (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: update can_queue only if the new value is less (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Change max_cmd from u32 to u16 in all functions (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: set pd_after_lb from MR_BuildRaidContext and initialize pDevHandle to MR_DEVHANDLE_INVALID (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: latest controller OCR capability from FW before sending shutdown DCMD (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: avoid unaligned access in ioctl path (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: big endian support changes (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Big endian RDPQ mode fix (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: MR_TargetIdToLdGet u8 to u16 and avoid invalid raid-map access (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: In validate raid map, raid capability is not converted to cpu format for all lds (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: reduce size of fusion_context and use vmalloc if kmalloc fails (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: add print in device removal path (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: enhance debug logs in OCR context (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: set residual bytes count during IO completion (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: raid 1 write performance for large io (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: change issue_dcmd to return void from int (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: megasas_get_request_descriptor always return valid desc (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Use DID_REQUEUE (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: RAID map is accessed for SYS PDs when use_seqnum_jbod_fp is not set (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: Refactor MEGASAS_IS_LOGICAL macro using sdev (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: 32 bit descriptor fire cmd optimization (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: raid 1 fast path code optimize (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: cpu select rework. (Shivasharan S) [Orabug: 26096381] - Revert 'scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth' (Shivasharan S) [Orabug: 26096381] - scsi: megaraid_sas: driver version upgrade (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: ldio_outstanding variable is not decremented in completion path (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: 128 MSIX Support (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Sasikumar Chandrasekaran) [Orabug: 26096381] - scsi: sd: Check for unaligned partial completion (Damien Le Moal) [Orabug: 26178369] - PCI/AER: include header file (Sudip Mukherjee) [Orabug: 25130845] - NVMe: reverse IO direction for VUC command code F7 (Ashok Vairavan) [Orabug: 25258071] - nvme: factor out a add nvme_is_write helper (Christoph Hellwig) [Orabug: 25130845] - nvme: allow for size limitations from transport drivers (Christoph Hellwig) [Orabug: 25130845] - nvme.h: add constants for PSDT and FUSE values (James Smart) [Orabug: 25130845] - nvme.h: add AER constants (Christoph Hellwig) [Orabug: 25130845] - nvme.h: add NVM command set SQE/CQE size defines (Christoph Hellwig) [Orabug: 25130845] - nvme.h: Add get_log_page command strucure (Armen Baloyan) [Orabug: 25130845] - nvme.h: add RTD3R, RTD3E and OAES fields (Christoph Hellwig) [Orabug: 25130845] - NVMe: Only release requested regions (Johannes Thumshirn) [Orabug: 25130845] - NVMe: Fix removal in case of active namespace list scanning method (Sunad Bhandary) [Orabug: 25130845] - NVMe: Implement namespace list scanning (Keith Busch) [Orabug: 25130845] - NVMe: Dont unmap controller registers on reset (Keith Busch) [Orabug: 25130845] - NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25186219] - nvme: Limit command retries (Keith Busch) [Orabug: 25130845] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138123] - NVMe: Create discard zero quirk white list (Keith Busch) [Orabug: 25130845] - nvme: use UINT_MAX for max discard sectors (Minfei Huang) [Orabug: 25130845] - nvme: move nvme_cancel_request() to common code (Ming Lin) [Orabug: 25130845] - nvme: update and rename nvme_cancel_io to nvme_cancel_request (Ming Lin) [Orabug: 25130845] - blk-mq: Export tagset iter function (Sagi Grimberg) [Orabug: 25130845] - NVMe: Add device IDs with stripe quirk (Keith Busch) [Orabug: 25130845] - NVMe: Short-cut removal on surprise hot-unplug (Keith Busch) [Orabug: 25130845] - NVMe: Allow user initiated rescan (Keith Busch) [Orabug: 25130845] - NVMe: Reduce driver log spamming (Keith Busch) [Orabug: 25130845] - NVMe: Unbind driver on failure (Keith Busch) [Orabug: 25130845] - NVMe: Delete only created queues (Keith Busch) [Orabug: 25130845] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] - nvme: fix nvme_ns_remove() deadlock (Ming Lin) [Orabug: 25130845] - nvme: switch to RCU freeing the namespace (Ming Lin) [Orabug: 25130845] - NVMe: correct comment for offset enum of controller registers in nvme.h (Wang Sheng-Hui) [Orabug: 25130845] - nvme: add helper nvme_cleanup_cmd() (Ming Lin) [Orabug: 25130845] - nvme: move AER handling to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move namespace scanning to core (Christoph Hellwig) [Orabug: 25130845] - nvme: tighten up state check for namespace scanning (Christoph Hellwig) [Orabug: 25130845] - nvme: introduce a controller state machine (Christoph Hellwig) [Orabug: 25130845] - nvme: remove the io_incapable method (Christoph Hellwig) [Orabug: 25130845] - NVMe: nvme_core_exit() should do cleanup in the reverse order as nvme_core_init does (Wang Sheng-Hui) [Orabug: 25130845] - NVMe: Fix check_flush_dependency warning (Keith Busch) [Orabug: 25130845] - NVMe: small typo in section BLK_DEV_NVME_SCSI of host/Kconfig (Wang Sheng-Hui) [Orabug: 25130845] - nvme: fix cntlid type (Christoph Hellwig) [Orabug: 25130845] - nvme: Avoid reset work on watchdog timer function during error recovery (Guilherme G. Piccoli) [Orabug: 25130845] - nvme: remove dead controllers from a work item (Christoph Hellwig) [Orabug: 25130845] - NVMe: silence warning about unused 'dev' (Jens Axboe) [Orabug: 25130845] - NVMe: switch to using blk_queue_write_cache() (Jens Axboe) [Orabug: 25130845] - block: add ability to flag write back caching on a device (Jens Axboe) [Orabug: 25130845] - nvme: Use blk-mq helper for IO termination (Sagi Grimberg) [Orabug: 25130845] - NVMe: Skip async events for degraded controllers (Keith Busch) [Orabug: 25130845] - nvme: add helper nvme_setup_cmd() (Ming Lin) [Orabug: 25130845] - block: add offset in blk_add_request_payload() (Ming Lin) [Orabug: 25130845] - nvme: rewrite discard support (Ming Lin) [Orabug: 25130845] - nvme: add helper nvme_map_len() (Ming Lin) [Orabug: 25130845] - nvme: add missing lock nesting notation (Ming Lin) [Orabug: 25130845] - NVMe: Always use MSI/MSI-x interrupts (Keith Busch) [Orabug: 25130845] - NVMe: Fix reset/remove race (Keith Busch) [Orabug: 25130845] - nvme: avoid cqe corruption when update at the same time as read (Marta Rybczynska) [Orabug: 25130845] - NVMe: Expose ns wwid through single sysfs entry (Keith Busch) [Orabug: 25130845] - NVMe: Remove unused sq_head read in completion path (Jon Derrick) [Orabug: 25130845] - nvme: fix max_segments integer truncation (Christoph Hellwig) [Orabug: 25130845] - nvme: set queue limits for the admin queue (Christoph Hellwig) [Orabug: 25130845] - NVMe: Fix 0-length integrity payload (Keith Busch) [Orabug: 25130845] - NVMe: Dont allow unsupported flags (Keith Busch) [Orabug: 25130845] - NVMe: Move error handling to failed reset handler (Keith Busch) [Orabug: 25130845] - NVMe: Simplify device reset failure (Keith Busch) [Orabug: 25130845] - NVMe: Fix namespace removal deadlock (Keith Busch) [Orabug: 25130845] - NVMe: Use IDA for namespace disk naming (Keith Busch) [Orabug: 25130845] - nvme: expose cntlid in sysfs (Ming Lin) [Orabug: 25130845] - nvme: return the whole CQE through the request passthrough interface (Christoph Hellwig) [Orabug: 25130845] - nvme: fix Kconfig description for BLK_DEV_NVME_SCSI (Christoph Hellwig) [Orabug: 25130845] - nvme: replace the kthread with a per-device watchdog timer (Christoph Hellwig) [Orabug: 25130845] - nvme: dont poll the CQ from the kthread (Christoph Hellwig) [Orabug: 25130845] - nvme: use a work item to submit async event requests (Christoph Hellwig) [Orabug: 25130845] - NVMe: Rate limit nvme IO warnings (Keith Busch) [Orabug: 25130845] - NVMe: Poll device while still active during remove (Keith Busch) [Orabug: 25130845] - NVMe: Requeue requests on suspended queues (Keith Busch) [Orabug: 25130845] - NVMe: Allow request merges (Keith Busch) [Orabug: 25130845] - NVMe: Fix io incapable return values (Keith Busch) [Orabug: 25130845] - nvme: split pci module out of core module (Ming Lin) [Orabug: 25130845] - nvme: split dev_list_lock (Ming Lin) [Orabug: 25130845] - nvme: move timeout variables to core.c (Ming Lin) [Orabug: 25130845] - nvme/host: reference the fabric module for each bdev open callout (Sagi Grimberg) [Orabug: 25130845] - nvme: Log the ctrl device name instead of the underlying pci device name (Sagi Grimberg) [Orabug: 25130845] - nvme: fix drvdata setup for the nvme device (Christoph Hellwig) [Orabug: 25130845] - NVMe: Fix possible queue use after freed (Keith Busch) [Orabug: 25130845] - nvme: switch abort to blk_execute_rq_nowait (Christoph Hellwig) [Orabug: 25130845] - blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25130845] - NVMe: Export NVMe attributes to sysfs group (Keith Busch) [Orabug: 25130845] - NVMe: Shutdown controller only for power-off (Keith Busch) [Orabug: 25130845] - NVMe: IO queue deletion re-write (Keith Busch) [Orabug: 25130845] - NVMe: Remove queue freezing on resets (Keith Busch) [Orabug: 25130845] - NVMe: Use a retryable error code on reset (Keith Busch) [Orabug: 25130845] - NVMe: Fix admin queue ring wrap (Keith Busch) [Orabug: 25130845] - nvme: make SG_IO support optional (Christoph Hellwig) [Orabug: 25130845] - nvme: fixes for NVME_IOCTL_IO_CMD on the char device (Christoph Hellwig) [Orabug: 25130845] - nvme: synchronize access to ctrl->namespaces (Christoph Hellwig) [Orabug: 25130845] - nvme: Move nvme_freeze/unfreeze_queues to nvme core (Sagi Grimberg) [Orabug: 25130845] - NVMe: Export namespace attributes to sysfs (Keith Busch) [Orabug: 25130845] - NVMe: Add pci error handlers (Keith Busch) [Orabug: 25130845] - nvme: merge iod and cmd_info (Christoph Hellwig) [Orabug: 25130845] - nvme: meta_sg doesnt have to be an array (Christoph Hellwig) [Orabug: 25130845] - nvme: properly free resources for cancelled command (Christoph Hellwig) [Orabug: 25130845] - nvme: simplify completion handling (Christoph Hellwig) [Orabug: 25130845] - nvme: special case AEN requests (Christoph Hellwig) [Orabug: 25130845] - nvme: factor out a few helpers from req_completion (Christoph Hellwig) [Orabug: 25130845] - nvme: fix admin queue depth (Christoph Hellwig) [Orabug: 25130845] - NVMe: Simplify metadata setup (Keith Busch) [Orabug: 25130845] - NVMe: Remove device management handles on remove (Keith Busch) [Orabug: 25130845] - NVMe: Use unbounded work queue for all work (Keith Busch) [Orabug: 25130845] - nvme: switch abort_limit to an atomic_t (Christoph Hellwig) [Orabug: 25130845] - nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 25130845] - nvme: do not restart the request timeout if were resetting the controller (Keith Busch) [Orabug: 25130845] - nvme: simplify resets (Christoph Hellwig) [Orabug: 25130845] - nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 25130845] - nvme: merge nvme_abort_req and nvme_timeout (Christoph Hellwig) [Orabug: 25130845] - nvme: dont take the I/O queue q_lock in nvme_timeout (Christoph Hellwig) [Orabug: 25130845] - nvme: protect against simultaneous shutdown invocations (Keith Busch) [Orabug: 25130845] - nvme: only add a controller to dev_list after its been fully initialized (Christoph Hellwig) [Orabug: 25130845] - nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 25130845] - nvme: precedence bug in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] - nvme: fix another 32-bit build warning (Arnd Bergmann) [Orabug: 25130845] - nvme: refactor set_queue_count (Christoph Hellwig) [Orabug: 25130845] - nvme: move chardev and sysfs interface to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move namespace scanning to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move the call to nvme_init_identify earlier (Christoph Hellwig) [Orabug: 25130845] - nvme: add a common helper to read Identify Controller data (Christoph Hellwig) [Orabug: 25130845] - nvme: move nvme_{enable,disable,shutdown}_ctrl to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move remaining CC setup into nvme_enable_ctrl (Christoph Hellwig) [Orabug: 25130845] - nvme: add explicit quirk handling (Christoph Hellwig) [Orabug: 25130845] - nvme: move block_device_operations and ns/ctrl freeing to common code (Ashok Vairavan) [Orabug: 25130845] - nvme: use the block layer for userspace passthrough metadata (Keith Busch) [Orabug: 25130845] - nvme: split __nvme_submit_sync_cmd (Christoph Hellwig) [Orabug: 25130845] - nvme: move nvme_setup_flush and nvme_setup_rw to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: move nvme_error_status to common code (Christoph Hellwig) [Orabug: 25130845] - nvme: factor out a nvme_unmap_data helper (Christoph Hellwig) [Orabug: 25130845] - nvme: simplify nvme_setup_prps calling convention (Christoph Hellwig) [Orabug: 25130845] - nvme: split a new struct nvme_ctrl out of struct nvme_dev (Christoph Hellwig) [Orabug: 25130845] - nvme: use vendor it from identify (Christoph Hellwig) [Orabug: 25130845] - nvme: split nvme_trans_device_id_page (Christoph Hellwig) [Orabug: 25130845] - nvme: use offset instead of a struct for registers (Christoph Hellwig) - nvme: split command submission helpers out of pci.c (Christoph Hellwig) [Orabug: 25130845] - nvme: move struct nvme_iod to pci.c (Christoph Hellwig) [Orabug: 25130845] - NVMe: Precedence error in nvme_pr_clear() (Dan Carpenter) [Orabug: 25130845] - Update target repo for nvme patch contributions (Jay Freyensee) [Orabug: 25130845] - nvme: add missing endianess annotations in nvme_pr_command (Christoph Hellwig) [Orabug: 25130845] - block: rename REQ_TYPE_SPECIAL to REQ_TYPE_DRV_PRIV (Christoph Hellwig) [Orabug: 25130845] - block: add an API for Persistent Reservations (Christoph Hellwig) [Orabug: 25130845] - NVMe: Add persistent reservation ops (Keith Busch) [Orabug: 25130845] - nvme: suspend i/o during runtime blk_integrity_unregister (Dan Williams) [Orabug: 25130845] - nvme include linux types.h (Christoph Hellwig) [Orabug: 25130845] - nvme: move to a new drivers/nvme/host directory (Jay Sternberg) [Orabug: 25130845] - NVMe: Set affinity after allocating request queues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (Keith Busch) [Orabug: 25130845] - NVMe: Fix IO for extended metadata formats (Keith Busch) [Orabug: 25130845] - NVMe: Remove hctx reliance for multi-namespace (Keith Busch) [Orabug: 25130845] - NVMe: Use requested sync command timeout (Keith Busch) [Orabug: 25130845] - Revert 'nvme: move to a new drivers/nvme/host directory' (Ashok Vairavan) [Orabug: 25130845] - Revert 'NVMe: reduce admin queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) - Revert 'nvme: Limit command retries' (Ashok Vairavan) - Revert 'nvme: avoid cqe corruption when update at the same time as read' (Ashok Vairavan) - Revert 'NVMe: Dont unmap controller registers on reset' (Ashok Vairavan) - Revert 'NVMe: reverse IO direction for VUC command code F7' (Ashok Vairavan) - Revert 'NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata' (Ashok Vairavan) - forcedeth: enable forcedeth kernel option (Zhu Yanjun) [Orabug: 25571921] - ipmi: Edit ambiguous error message for unknown command (Atish Patra) [Orabug: 25461958] - kabi whitelist: Remove all ib_ symbols from the list. (Knut Omang) [Orabug: 25955825] - ext4: print ext4 mount option data_err=abort correctly (Ales Novak) [Orabug: 25691020] - IB/sa: Allocate SA query with kzalloc (Kaike Wan) [Orabug: 26124118] - IB/sa: Fix netlink local service GFP crash (Kaike Wan) [Orabug: 26124118] - IB/sa: Fix rdma netlink message flags (Kaike Wan) [Orabug: 26124118] - IB/sa: Put netlink request into the request list before sending (Kaike Wan) [Orabug: 26124118] - IB/core: Fix a potential array overrun in CMA and SA agent (Yuval Shaia) [Orabug: 26124118] - IB/SA: Use correct free function (Mark Bloch) [Orabug: 26124118] - IB/sa: Route SA pathrecord query through netlink (Kaike Wan) [Orabug: 26124118] - IB/core: Add rdma netlink helper functions (Kaike Wan) [Orabug: 26124118] - IB/netlink: Add defines for local service requests through netlink (Kaike Wan) [Orabug: 26124118] - scsi: mpt3sas: remove redundant wmb (Sinan Kaya) [Orabug: 26096353] - scsi: mpt3sas: Updating driver version to v15.100.00.00 (Chaitra P B) [Orabug: 26096353] - scsi: mpt3sas: Fix for Crusader to achieve product targets with SAS devices. (Chaitra P B) [Orabug: 26096353] - scsi: mpt3sas: Fix Firmware fault state 0x2100 during heavy 4K RR FIO stress test. (Chaitra P B) [Orabug: 26096353] - scsi: mpt3sas: Added print to notify cable running at a degraded speed. (Chaitra P B) [Orabug: 26096353] - xen-blkback: report hotplug-status busy when detach is initiated but frontend device is busy. (Niranjan Patil) [Orabug: 26072430] - qla2xxx: Allow vref count to timeout on vport delete. (Joe Carnuccio) [Orabug: 26021151] - Btrfs: dont BUG_ON() in btrfs_orphan_add (Josef Bacik) [Orabug: 25975316] - Btrfs: clarify do_chunk_alloc()s return value (Liu Bo) [Orabug: 25975316] - btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25975316] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25955089] - xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416] - uek-rpm: configs: enable CONFIG_ACPI_NFIT (Todd Vierling) [Orabug: 25719149] - ipv6: Dont use ufo handling on later transformed packets (Jakub Sitnicki) [Orabug: 25533743] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308} - net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308} - fs/file.c: __fget() and dup2() atomicity rules (Eric Dumazet) [Orabug: 25408921] - IB/ipoib: add get_settings in ethtool (Zhu Yanjun) [Orabug: 25048521] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 26081079] - Revert 'xen/events: remove unnecessary call to bind_evtchn_to_cpu()' (Zhenzhong Duan) - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] - Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25975223] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25974739] {CVE-2017-7895} - sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (Dave Kleikamp) [Orabug: 25491970] - sparc64: cache_line_size() returns larger value for cache line size. (chris hyser) - sparc64: fix inconsistent printing of handles in debug messages (Menno Lageman) - sparc64: set the ISCNTRLD bit for SP service handles (Menno Lageman) [Orabug: 25983868] - sparc64: DAX recursive lock removed (Rob Gardner) [Orabug: 26103487] - sparc/ftrace: Fix ftrace graph time measurement (Liam R. Howlett) [Orabug: 25995351] - sparc64: Increase max_phys_bits to 51 for M8. (Vijay Kumar) [Orabug: 25808647] - sparc64: 5-Level page table support for sparc (Vijay Kumar) [Orabug: 26076110] [Orabug: 25808647] - mm, gup: fix typo in gup_p4d_range() (Kirill A. Shutemov) [Orabug: 25808647] - mm: introduce __p4d_alloc() (Kirill A. Shutemov) [Orabug: 25808647] - mm: convert generic code to 5-level paging (Vijay Kumar) [Orabug: 25808647] (Vijay Kumar) [Orabug: 25808647] - arch, mm: convert all architectures to use 5level-fixup.h (Vijay Kumar) [Orabug: 25808647] - asm-generic: introduce __ARCH_USE_5LEVEL_HACK (Kirill A. Shutemov) [Orabug: 25808647] - asm-generic: introduce 5level-fixup.h (Kirill A. Shutemov) [Orabug: 25808647] - sparc64: prevent sunvdc from sending duplicate vdisk requests (Jag Raman) [Orabug: 25866770] - ldmvsw: stop the clean timer at beginning of remove (Shannon Nelson) [Orabug: 25748241] - sparc64: set CONFIG_EFI in config (Eric Snowberg) [Orabug: 26037358] - sparc64: /sys/firmware/efi missing during EFI boot (Eric Snowberg) [Orabug: 26037358] - Allow default value of npools used for iommu to be configured from cmdline (Allen Pais) - SPARC64: Add Linux vds driver Device ID support for Solaris guest boot (George Kennedy) [Orabug: 25836231] - sparc64: Remove locking of huge pages in DAX driver (Sanath Kumar) [Orabug: 25968141] - ldmvsw: unregistering netdev before disable hardware (Thomas Tai) - arch/sparc: Measure receiver forward progress to avoid send mondo timeout (Jane Chu) [Orabug: 25476541] - sparc64: update DAX submit to latest HV spec (Jonathan Helman) [Orabug: 25927558] - arch/sparc: increase CONFIG_NODES_SHIFT on SPARC to 5 (Jane Chu) [Orabug: 25577754] - arch/sparc: support NR_CPUS = 4096 (jane Chu) [Orabug: 25505750] - ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson) [Orabug: 25973797] - sparc64: fix fault handling in NGbzero.S and GENbzero.S (Dave Aldridge) [Orabug: 25577560] - sparc64: modify sys_dax.h for new libdax (Jonathan Helman) [Orabug: 25927572] - bnx2x: Align RX buffers (Scott Wood) [Orabug: 25806778] - PCI: Fix unaligned accesses in VC code (David Miller) [Orabug: 25806778] - sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL (Daniel Jordan) [Orabug: 25830041] - lockdep: Limit static allocations if PROVE_LOCKING_SMALL is defined (Babu Moger) - config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc (Babu Moger) - sparc64: fix cdev_put() use-after-free when unbinding an LDom (Thomas Tai) [Orabug: 25911389] - sparc64: change DAX CCB_EXEC ENOBUFS print to debug (Jonathan Helman) [Orabug: 25927528] - xen-netback: copy buffer on xenvif_start_xmit (Joao Martins) [Orabug: 26107942] - xen-netback: slightly rework xenvif_rx_skb (Joao Martins) [Orabug: 26107942] - xen-netfront: introduce rx copy mode (Joao Martins) [Orabug: 26107942] - xen-netfront: use gref mappings for Tx buffers (Joao Martins) [Orabug: 26107942] - xen-netfront: generalize recycling for grants (Joao Martins) [Orabug: 26107942] - xen-netfront: add rx page statistics (Joao Martins) [Orabug: 26107942] - xen-netfront: introduce rx page recyling (Joao Martins) [Orabug: 26107942] - xen-netfront: move rx_gso_checksum_fixup into netfront_stats (Joao Martins) [Orabug: 26107942] - xen-netfront: introduce staging gref pools (Joao Martins) [Orabug: 26107942] - xen-netback: use gref mappings for Tx requests (Joao Martins) [Orabug: 26107942] - xen-netback: use gref mappings for Rx requests (Joao Martins) [Orabug: 26107942] - xen-netback: shorten tx grant copy (Joao Martins) [Orabug: 26107942] - xen-netback: introduce staging grant mappings ops (Joao Martins) [Orabug: 26107942] - include/xen: import vendor extension to netif.h (Joao Martins) [Orabug: 26107942] - xen-netback: fix type mismatch warning (Arnd Bergmann) - xen-netback: fix guest Rx stall detection (after guest Rx refactor) (David Vrabel) - xen/netback: add fraglist support for to-guest rx (Ross Lagerwall) - xen-netback: batch copies for multiple to-guest rx packets (David Vrabel) - xen-netback: process guest rx packets in batches (David Vrabel) - xen-netback: immediately wake tx queue when guest rx queue has space (David Vrabel) - xen-netback: refactor guest rx (David Vrabel) - xen-netback: retire guest rx side prefix GSO feature (Paul Durrant) - xen-netback: separate guest side rx code into separate module (Paul Durrant) - x86/xen/time: setup secondary time info for vdso (Joao Martins) [Orabug: 26107942] - Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25970637] - Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25970637] - Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25970637] - Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25970637] - Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov) [Orabug: 25970637] - Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data() (Vitaly Kuznetsov) [Orabug: 25970637] - Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25970637] - RDS/IB: 4KB receive buffers get posted by mistake on 16KB frag connections. (Venkat Venkatsubra) [Orabug: 25920916] - mlx4: limit max MSIX allocations (Ajaykumar Hotchandani) [Orabug: 25912737] - sched/wait: Fix the signal handling fix (Peter Zijlstra) [Orabug: 25908266] - sparc64: Fix mapping of 64k pages with MAP_FIXED (Nitin Gupta) [Orabug: 25885991] - udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876402] {CVE-2016-10229} - net/mlx4_core: panic the system on unrecoverable errors (Santosh Shilimkar) [Orabug: 25873690] - Revert 'restrict /dev/mem to idle io memory ranges' (Chuck Anderson) [Orabug: 25832750] - I/O ERROR WHEN A FILE ON ACFS FILESYSTEM IS ATTACHED TO THE GUEST DOMU (Joe Jin) [Orabug: 25831471] - xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] - mlx4_core: Add func name to common error strings to locate uniquely (Mukesh Kacker) [Orabug: 25440329] - xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] - xen: events: Replace BUG() with BUG_ON() (Shyam Saini) - xen: remove stale xs_input_avail() from header (Juergen Gross) - xen: return xenstore command failures via response instead of rc (Juergen Gross) - xen: xenbus driver must not accept invalid transaction ids (Juergen Gross) - xen/evtchn: use rb_entry() (Geliang Tang) - xen/setup: Dont relocate p2m over existing one (Ross Lagerwall) - xen/balloon: Only mark a page as managed when it is released (Ross Lagerwall) - xen/scsifront: dont request a slot on the ring until request is ready (Juergen Gross) - xen/x86: Increase xen_e820_map to E820_X_MAX possible entries (Alex Thorlton) - x86: Make E820_X_MAX unconditionally larger than E820MAX (Alex Thorlton) - xen/pci: Bubble up error and fix description. (Konrad Rzeszutek Wilk) - xen: xenbus: set error code on failure (Pan Bian) - xen: set error code on failures (Pan Bian) - xen/events: use xen_vcpu_id mapping for EVTCHNOP_status (Vitaly Kuznetsov) - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (Boris Ostrovsky) - tpm xen: Remove bogus tpm_chip_unregister (Jason Gunthorpe) - xen-scsifront: Add a missing call to kfree (Quentin Lambert) - xenfs: Use proc_create_mount_point() to create /proc/xen (Seth Forshee) - xen-netback: fix error handling output (Arnd Bergmann) - xen: make use of xenbus_read_unsigned() in xenbus (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-pciback (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-fbfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-scsifront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-pcifront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-netfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-netback (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-kbdfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-tpmfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-blkfront (Juergen Gross) - xen: make use of xenbus_read_unsigned() in xen-blkback (Juergen Gross) - xen: introduce xenbus_read_unsigned() (Juergen Gross) - xen-netfront: cast grant table reference first to type int (Dongli Zhang) - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) - xenbus: check return value of xenbus_scanf() (Jan Beulich) - xenbus: prefer list_for_each() (Jan Beulich) - xenbus: advertise control feature flags (Juergen Gross) - xen/pciback: support driver_override (Juergen Gross) - xen/pciback: avoid multiple entries in slot list (Juergen Gross) - xen/pciback: simplify pcistub device handling (Juergen Gross) - x86/xen: add missing at end of printk warning message (Colin Ian King) - xen-netfront: avoid packet loss when ethernet header crosses page boundary (Vitaly Kuznetsov) - xen: Sync xen header (Juergen Gross) - xen/grant-table: Use kmalloc_array() in arch_gnttab_valloc() (Markus Elfring) - xen: Make VPMU init message look less scary (Juergen Gross) - xen: rename xen_pmu_init() in sys-hypervisor.c (Juergen Gross) - kexec: allow kdump with crash_kexec_post_notifiers (Petr Tesarik) - xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7 (Jan Beulich) - proc: Allow creating permanently empty directories that serve as mount points (Eric W. Biederman) - xen: Resume PMU from non-atomic context (Boris Ostrovsky) [4.1.12-102] - Revert 'mlx4_ib: Memory leak on Dom0 with SRIOV.' (Hakon Bugge) [Orabug: 25829233] - Revert 'mlx4: avoid multiple free on id_map_ent' (Hakon Bugge) [Orabug: 25829233] - Drivers: hv: vss: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] - Drivers: hv: vss: switch to using the hvutil_device_state state machine (Vitaly Kuznetsov) [Orabug: 25819105] - Drivers: hv: vss: process deferred messages when we complete the transaction (Vitaly Kuznetsov) [Orabug: 25819105] - Drivers: hv: kvp: convert to hv_utils_transport (Vitaly Kuznetsov) [Orabug: 25819105] - Revert 'ipv4: use skb coalescing in defragmentation' (Florian Westphal) [Orabug: 25819103] - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184} - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184} - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25802913] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25802678] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25802678] {CVE-2017-2636} - net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25802599] {CVE-2017-6345} - ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25802576] {CVE-2017-6347} - udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25802576] {CVE-2017-6347} - udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25802576] {CVE-2017-6347} - tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25802549] {CVE-2017-6214} - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25802515] {CVE-2017-5986} - ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208} - ext4: reserve code points for the project quota feature (Theodore Tso) [Orabug: 25802481] {CVE-2016-10208} - ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25802481] {CVE-2016-10208} - ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208} - KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25802278] {CVE-2017-2583} {CVE-2017-2583} - gfs2: fix slab corruption during mounting and umounting gfs file system (Thomas Tai) - gfs2: handle NULL rgd in set_rgrp_preferences (Abhi Das) [Orabug: 25791662] - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790370] {CVE-2016-9644} - sched/wait: Fix signal handling in bit wait helpers (Peter Zijlstra) [Orabug: 25416990] - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766884] {CVE-2016-8399} {CVE-2016-8399} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751395] {CVE-2017-7187} - xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25747721] - xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25747721] - ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25717094] {CVE-2017-5669} [4.1.12-101] - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25340071] {CVE-2016-10088} - tcp: fix potential memory corruption (Eric Dumazet) [Orabug: 25140382] - block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25134541] {CVE-2016-7910} - xfs: Correctly lock inode when removing suid and file capabilities (Jan Kara) [Orabug: 24803533] - fs: Call security_ops->inode_killpriv on truncate (Jan Kara) [Orabug: 24803533] - fs: Provide function telling whether file_remove_privs() will do anything (Jan Kara) [Orabug: 24803533] - fs: Rename file_remove_suid() to file_remove_privs() (Jan Kara) [Orabug: 24803533] - IB/uverbs: Fix leak of XRC target QPs (Tariq Toukan) [Orabug: 24761732] - Some unsupported ioctls get logged unnecessarily (Venkat Venkatsubra) [Orabug: 24510137] - IB/ipoib: Expose acl_enable sysfs file as read only (Yuval Shaia) [Orabug: 25993951] - dtrace: improve io provider coverage (Nicolas Droux) [Orabug: 25816537] [4.1.12-100] - ol7/config: enable nf_tables packet duplication support (Ethan Zhao) [Orabug: 24694570] - netfilter: nf_dup: add missing dependencies with NF_CONNTRACK (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: nf_tables: add nft_dup expression (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: factor out packet duplication for IPv4/IPv6 (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: xt_TEE: get rid of WITH_CONNTRACK definition (Pablo Neira Ayuso) [Orabug: 24694570] - netfilter: move tee_active to core (Florian Westphal) [Orabug: 24694570] - ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags (Martin KaFai Lau) [Orabug: 24694570] - ext4: Fix data exposure after failed AIO DIO (Jan Kara) [Orabug: 24393811] - xfs: fold xfs_vm_do_dio into xfs_vm_direct_IO (Christoph Hellwig) [Orabug: 24393811] - xfs: dont use ioends for direct write completions (Christoph Hellwig) [Orabug: 24393811] - direct-io: always call ->end_io if non-NULL (Christoph Hellwig) [Orabug: 24393811] - Btrfs: send, fix failure to rename top level inode due to name collision (Robbie Ko) [Orabug: 25994280] - PCI: Check pref compatible bit for mem64 resource of PCIe device (Yinghai Lu) [Orabug: 22855133] - OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Keep resource idx order with bridge register number (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Reserve legacy mmio after PCI mmio (Yinghai Lu) [Orabug: 22855133] - PCI: Add pci_find_bus_resource() (Yinghai Lu) [Orabug: 22855133] - sparc/PCI: Use correct offset for bus address to resource (Yinghai Lu) [Orabug: 22855133] - PCI: Remove __pci_mmap_make_offset() (Yinghai Lu) [Orabug: 22855133] - PCI: Let pci_mmap_page_range() take resource address (Yinghai Lu) [Orabug: 22855133] - PCI: Fix proc mmap on sparc (Yinghai Lu) [Orabug: 22855133] - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (Bjorn Helgaas) [Orabug: 22855133] - Revert 'sparc/PCI: Use correct bus address to resource offset' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Unify pci_register_region()' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Reserve legacy mmio after PCI mmio' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Add IORESOURCE_MEM_64 for 64-bit resource in OF parsing' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc/PCI: Keep resource idx order with bridge register number' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: kill wrong quirk about M7101' (Khalid Aziz) [Orabug: 22855133] - Revert 'OF/PCI: Add IORESOURCE_MEM_64 for 64-bit resource' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Only treat non-pref mmio64 as pref if all bridges have MEM_64' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Add has_mem64 for struct host_bridge' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Only treat non-pref mmio64 as pref if host bridge has mmio64' (Khalid Aziz) [Orabug: 22855133] - Revert 'PCI: Restore pref MMIO allocation logic for host bridge without mmio64' (Khalid Aziz) [Orabug: 22855133] - Revert 'sparc: Accommodate mem64_offset != mem_offset in pbm configuration' (Khalid Aziz) [Orabug: 22855133] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975482] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975482] - target: consolidate backend attribute implementations (Christoph Hellwig) [Orabug: 25791789] - target: simplify backend driver registration (Christoph Hellwig) [Orabug: 25791789] - x86/tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Len Brown) [Orabug: 25948913] - x86/tsc: Save an indentation level in recalibrate_cpu_khz() (Borislav Petkov) [Orabug: 25948913] - x86/tsc_msr: Remove irqoff around MSR-based TSC enumeration (Len Brown) [Orabug: 25948913] - perf/x86: Fix time_shift in perf_event_mmap_page (Adrian Hunter) [Orabug: 25948913] - perf/x86: Improve accuracy of perf/sched clock (Adrian Hunter) [Orabug: 25948913] - x86/apic: Handle zero vector gracefully in clear_vector_irq() (Keith Busch) [Orabug: 24515998] - dtrace: proc:::exit should trigger only if thread group exits (Tomas Jedlicka) [Orabug: 25904298] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25795985] {CVE-2017-7273} - ctf: prevent modules on the dedup blacklist from sharing any types at all (Nick Alcock) [Orabug: 26137220] - ctf: emit bitfields in in-memory order (Nick Alcock) [Orabug: 25815129] - ctf: bitfield support (Nick Alcock) [Orabug: 25815129] - ctf: emit file-scope static variables (Nick Alcock) [Orabug: 25962387] - ctf: speed up the dwarf2ctf duplicate detector some more (Nick Alcock) [Orabug: 25815306] - ctf: strdup() -> xstrdup() (Nick Alcock) [Orabug: 25815306] - ctf: speed up the dwarf2ctf duplicate detector (Nick Alcock) [Orabug: 25815306] - ctf: add module parameter to simple_dwfl_new() and adjust both callers (Nick Alcock) - ctf: fix the size of int and avoid duplicating it (Nick Alcock) [Orabug: 25815129] - ctf: allow overriding of DIE attributes: use it for parent bias (Nick Alcock) [Orabug: 25815129] - DTrace tcp/udp provider probes (Alan Maguire) [Orabug: 25815197] - dtrace: define DTRACE_PROBE_ENABLED to 0 when !CONFIG_DTRACE (Nick Alcock) [Orabug: 26145788] - dtrace: ensure limit is enforced even when pcs is NULL (Kris Van Hees) [Orabug: 25949692] - dtrace: make x86_64 FBT return probe detection less restrictive (Kris Van Hees) [Orabug: 25949048] - dtrace: support passing offset as arg0 to FBT return probes (Kris Van Hees) [Orabug: 25949086] - dtrace: make FBT entry probe detection less restrictive on x86_64 (Kris Van Hees) [Orabug: 25949030] - dtrace: adjust FBT entry probe dection for OL7 (Kris Van Hees) [Orabug: 25921361] [4.1.12-99] - Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25999937] - qla2xxx: Fix NULL pointer deref in QLA interrupt (Bruno Pramont) [Orabug: 25908317] - Revert 'be2net: fix MAC addr setting on privileged BE3 VFs' (Somasundaram Krishnasamy) [Orabug: 25870303] - Revert 'be2net: fix initial MAC setting' (Somasundaram Krishnasamy) [Orabug: 25802842] - xfs: track and serialize in-flight async buffers against unmount (Brian Foster) [Orabug: 25550712] - xfs: exclude never-released buffers from buftarg I/O accounting (Brian Foster) [Orabug: 25550712] - dm era: save spacemap metadata root after the pre-commit (Somasundaram Krishnasamy) [Orabug: 25547820] - Btrfs: incremental send, do not issue invalid rmdir operations (Robbie Ko) [Orabug: 26000657] - x86/platform/uv/BAU: Remove __ro_after_init declaration (Somasundaram Krishnasamy) [Orabug: 25920237] - x86/platform: Remove warning message for duplicate NMI handlers (Mike Travis) [Orabug: 25920237] - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add wait_completion to bau_operations (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add status mmr location fields to bau_control (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add payload descriptor qualifier (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Add uv_bau_version enumerated constants (Andrew Banman) [Orabug: 25920237] - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (Andrew Banman) [Orabug: 25920237] - fnic: Fixing sc abts status and flags assignment. (Satish Kharat) [Orabug: 25638880] - fnic: Adding debug IO, Abort latency counter and check condition count to fnic stats (Satish Kharat) [Orabug: 25638880] - fnic: Avoid false out-of-order detection for aborted command (Satish Kharat) [Orabug: 25638880] - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (Satish Kharat) [Orabug: 25638880] - fnic: minor white space changes (Satish Kharat) [Orabug: 25638880] - scsi: fnic: Avoid sending reset to firmware when another reset is in progress (Satish Kharat) [Orabug: 25638880] - ovl: Do d_type check only if work dir creation was successful (Vivek Goyal) [Orabug: 25802620] - ovl: Ensure upper filesystem supports d_type (Vivek Goyal) [Orabug: 25802620] - sparc64: Add hardware capabilities for M8 (Dave Aldridge) [Orabug: 25555746] - sparc64: Stop performance counter before updating (Dave Aldridge) [Orabug: 25441707] - sparc64: Fix a race condition when stopping performance counters (Dave Aldridge) [Orabug: 25441707] - arch/sparc: Use new misaligned load instructions for memcpy and copy_from_user (Allen Pais) [Orabug: 25381567] - arch/sparc: Add a separate kernel memcpy functions for M8 (Allen Pais) [Orabug: 25381567] - sparc64: perf: make sure we do not set the 'picnht' bit in the PCR (Dave Aldridge) [Orabug: 24926097] - sparc64: perf: move M7 pmu event definitions to seperate file (Dave Aldridge) [Orabug: 23333572] - sparc64: perf: add perf support for M8 devices (Dave Aldridge) [Orabug: 23333572] - sparc64: perf: Fix the mapping between perf events and perf counters (Dave Aldridge) [Orabug: 23333572] - SPARC64: Enable IOMMU bypass for IB (Allen Pais) [Orabug: 25573557] - SPARC64: Introduce IOMMU BYPASS method (Allen Pais) [Orabug: 25573557] - PCI: Add PCI IDs for Infiniband (Tushar Dave) [Orabug: 25573557] - sched/fair: Disable the task group load_avg update for the root_task_group (Waiman Long) [Orabug: 25544560] - sched/fair: Move the cache-hot 'load_avg' variable into its own cacheline (Atish Patra) [Orabug: 25544560] - sched/fair: Avoid redundant idle_cpu() call in update_sg_lb_stats() (Waiman Long) [Orabug: 25544560] - sched/fair: Clean up load average references (Atish Patra) [Orabug: 25544560] - sched/fair: Provide runnable_load_avg back to cfs_rq (Yuyang Du) [Orabug: 25544560] - sched/fair: Remove task and group entity load when they are dead (Yuyang Du) [Orabug: 25544560] - sched/fair: Init cfs_rqs sched_entity load average (Yuyang Du) [Orabug: 25544560] - sched/fair: Implement update_blocked_averages() for CONFIG_FAIR_GROUP_SCHED=n (Vincent Guittot) [Orabug: 25544560] - sched/fair: Rewrite runnable load and utilization average tracking (Atish Patra) [Orabug: 25544560] - sched/fair: Remove rqs runnable avg (Yuyang Du) [Orabug: 25544560] - sparc64: Allow enabling ADI on hugepages only (Khalid Aziz) [Orabug: 25969377] - sparc64: Save ADI tags on ADI enabled platforms only (Khalid Aziz) [Orabug: 25961592] - sparc64: increase FORCE_MAX_ZONEORDER to 16 (Allen Pais) [Orabug: 25448108] - sparc64: tsb size expansion (bob picco) [Orabug: 25448108] - sparc64: make tsb pointer computation symbolic (bob picco) [Orabug: 25448108] - sparc64: fix intermittent LDom hang waiting for vdc_port_up (Thomas Tai) - sparc64:block/sunvdc: Renamed bio variable name from req to bio (Vijay Kumar) [Orabug: 25128265] - sparc64:block/sunvdc: Added io stats accounting for bio based vdisk (Vijay Kumar) [Orabug: 25128265] - sparc64: Remove node restriction from PRIQ MSI assignments (chris hyser) [Orabug: 25110748] - blk-mq: Clean up all_q_list on request_queue deletion (chris hyser) [Orabug: 25569331] - sparc64: kern_addr_valid regression (bob picco) [Orabug: 25860542] [4.1.12-98] - sparc64: Detect DAX ra+pgsz when hvapi minor doesnt indicate it (Rob Gardner) [Orabug: 25911008] - sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner) [Orabug: 25911008] [Orabug: 25931417] - sparc64: Disable DAX flow control (Rob Gardner) [Orabug: 25997202] - sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996411] - KVM: VMX: fix vmwrite to invalid VMCS (Radim Krcmar) - Revert 'i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter' (Brian Maly) [Orabug: 25877447] - sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25888596] - sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25835254] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] - Revert 'sparc64: DAX request for non 4MB memory should return with unique errno' (Allen Pais) - sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25852910] - sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25852910] - sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25835133] - sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25827254] - sparc64: dax_overflow_check reports incorrect data (Sanath Kumar) [Orabug: 25820395] - sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25870705] - sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25820812] - sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 23072809] - sparc64: fix an issue when trying to bring hotplug cpus online (Dave Aldridge) [Orabug: 25667277] - sparc64: Fix memory corruption when THP is enabled (Nitin Gupta) [Orabug: 25704426] - sparc64: Fix address range for page table free Orabug: 25704426 (Nitin Gupta) - sparc64: Add support for 2G hugepages (Nitin Gupta) [Orabug: 25704426] - sparc64: Fix size check in huge_pte_alloc (Nitin Gupta) [Orabug: 25704426] - sparc64: Fix build error in flush_tsb_user_page (Nitin Gupta) [Orabug: 25704426] - sparc64: Add 64K page size support (Nitin Gupta) [Orabug: 25704426] - sparc64: Remove xl-hugepages and add multi-page size support (Allen Pais) [Orabug: 25704426] - sparc64: do not dequeue stale VDS IO work entries (Jag Raman) [Orabug: 25455138] - SPARC64: Virtual Disk Device (vdsdev) Read-Only Option (options=ro) not working (George Kennedy) [Orabug: 23623853] - arch/sparc: Fix FPU register corruption with AES crypto test on M7 (Babu Moger) [Orabug: 25265878] - sunvnet: xoff not needed when removing port link (Shannon Nelson) [Orabug: 25190537] - sunvnet: count multicast packets (Shannon Nelson) [Orabug: 25190537] - sunvnet: track port queues correctly (Shannon Nelson) [Orabug: 25190537] - sunvnet: add stats to track ldom to ldom packets and bytes (Shannon Nelson) [Orabug: 25190537] - ldmvsw: better use of link up and down on ldom vswitch (Shannon Nelson) [Orabug: 25525312] - dtrace: fix handling of save_stack_trace sentinel (x86 only) (Kris Van Hees) [Orabug: 25727046] - dtrace: DTrace walltime lock-free implementation (Tomas Jedlicka) [Orabug: 25715256] [4.1.12-97] - megaraid: Fix unaligned warning (Allen Pais) [Orabug: 24817799] - sparc64: Restrict number of processes (Sanath Kumar) [Orabug: 24523680] - SPARC64: vds_blk_rw() does not handle drives with q->limits.chunk_sectors > 0 (George Kennedy) [Orabug: 25373818] - sparc64: Improve boot time by per cpu map update (Atish Patra) [Orabug: 25496463] - arch/sparc: memblock resizes are not handled properly (Pavel Tatashin) [Orabug: 25415396] - SPARC64: LDOM vnet 'Got unexpected MCAST reply' (George Kennedy) [Orabug: 24954702] - ldmvsw: disable tso and gso for bridge operations (Shannon Nelson) [Orabug: 23293104] - ldmvsw: update and simplify version string (Shannon Nelson) [Orabug: 23293104] - sunvnet: remove extra rcu_read_unlocks (Shannon Nelson) [Orabug: 23293104] - sunvnet: straighten up message event handling logic (Shannon Nelson) [Orabug: 23293104] - sunvnet: add memory barrier before check for tx enable (Shannon Nelson) [Orabug: 23293104] - sunvnet: update version and version printing (Shannon Nelson) [Orabug: 23293104] - sunvnet: remove unused variable in maybe_tx_wakeup (Sowmini Varadhan) [Orabug: 23293104] - sunvnet: make sunvnet common code dynamically loadable (Shannon Nelson) [Orabug: 23293104] - hwrng: n2 - update version info (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - support new hardware register layout (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - add device data descriptions (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - limit error spewage when self-test fails (Shannon Nelson) [Orabug: 25127795] - hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Anatoly Pugachev) [Orabug: 25127795] - tcp: fix tcp_fastopen unaligned access complaints on sparc (Shannon Nelson) [Orabug: 25163405] - vds: Add physical block support (Liam R. Howlett) [Orabug: 19420123] - sparc64: Add missing hardware capabilities for M7 (Dave Aldridge) [Orabug: 25555746] - SPARC64: Fix vds_vtoc_set_default debug with large disks (George Kennedy) [Orabug: 25423802] - sparc64: VDC threads in guest domain do not resume after primary domain reboot (Jag Raman) [Orabug: 25519961] - sunvdc: Add support for setting physical sector size (Liam R. Howlett) [Orabug: 19420123] - sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469] - sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug: 25641371] - SPARC64: VIO: Support for virtual-device MD node probing (Aaron Young) [Orabug: 24841906] [4.1.12-96] - net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 257846022] [4.1.12-95] - PCI: hv: Microsoft changes in support of RHEL and UEK4 (Jake Oshins) [Orabug: 25507635] - Add the PCI Host driver into the UEK config files (Jack Vogel) [Orabug: 25507635] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12134 CVE-2017-1000365 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-103.3.8.1] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796363] {CVE-2017-1000251} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000251 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.7] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251} [3.8.13-118.19.6] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134} [3.8.13-118.19.5] - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12134 CVE-2017-1000365 CVE-2017-1000251 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.8] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796428] {CVE-2017-1000251} [2.6.39-400.297.7] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638926] {CVE-2017-1000365} {CVE-2017-1000365} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000365 CVE-2017-12134 CVE-2017-1000251 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.9] - fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) [Orabug: 26870958] {CVE-2017-1000253} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000253 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-103.7.3] - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26943541] {CVE-2017-7541} [4.1.12-103.7.2] - rebuild bumping release MODERATE Copyright 2017 Oracle, Inc. CVE-2017-7541 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-103.7.4] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011255] {CVE-2017-7542} - udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 26921320] {CVE-2017-1000112} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000112 CVE-2017-7542 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.10] - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643556] {CVE-2017-11176} [3.8.13-118.19.9] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] {CVE-2017-1000111} [3.8.13-118.19.8] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-11176 CVE-2017-1000111 CVE-2017-7542 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.11] - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643562] {CVE-2017-11176} - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011278] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002453] {CVE-2017-1000111} [2.6.39-400.297.10] - mlx4_core: calculate log_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867355] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867355] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-11176 CVE-2017-1000111 CVE-2017-7542 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-103.9.2] - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811] [4.1.12-103.9.1] - xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241] - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] {CVE-2017-14489} - nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26999097] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] {CVE-2017-7542} - udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] {CVE-2017-1000112} - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884] [4.1.12-103.8.1] - tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] {CVE-2017-10661} - kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154} - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26880590] {CVE-2017-7541} - crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] {CVE-2017-7618} - ovl: use O_LARGEFILE in ovl_copy_up() (David Howells) [Orabug: 25953280] - rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880508] {CVE-2017-7482} {CVE-2017-7482} - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] {CVE-2017-14106} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7618 CVE-2017-14489 CVE-2017-7482 CVE-2017-14106 CVE-2017-12154 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.19.12] - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] [3.8.13-118.19.11] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-1000380 CVE-2017-11473 CVE-2017-1000363 CVE-2017-9077 CVE-2017-2671 CVE-2017-8831 CVE-2016-10044 CVE-2017-10661 CVE-2017-9075 CVE-2017-14489 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.297.12] - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-7308 CVE-2016-10044 CVE-2017-9075 CVE-2017-8831 CVE-2017-9074 CVE-2017-1000363 CVE-2017-1000380 CVE-2017-9077 CVE-2017-14489 CVE-2017-11473 CVE-2017-10661 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-103.9.4] - thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180] [4.1.12-103.9.3] - selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618} - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192} - IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718] - IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12192 CVE-2017-2618 CVE-2016-9191 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-103.10.1] - mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200879] {CVE-2017-1000405} - NFS: Add static NFS I/O tracepoints (Chuck Lever) - storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044692] - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069038] {CVE-2017-12190} - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069038] {CVE-2017-12190} - packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649} - packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649} - net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069065] {CVE-2017-15649} - packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069065] {CVE-2017-15649} - refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069065] {CVE-2017-15649} - locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069065] {CVE-2017-15649} - net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215225] {CVE-2017-16650} - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148276] {CVE-2017-16527} - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187217] - ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129] - scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119628] - ocfs2: code clean up for direct io (Ryan Ding) - xscore: add dma address check (Zhu Yanjun) [Orabug: 27076919] - KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27062498] - KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062498] - KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498] - KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062498] - uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] - thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180] - selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618} - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192} - IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718] - IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718] - IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718] - IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] - Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681] - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12190 CVE-2017-15649 CVE-2017-16650 CVE-2017-16527 CVE-2017-1000405 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.1] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 25392692] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26649818] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] {CVE-2017-7889} - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] {CVE-2017-12190} - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489} - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643556] {CVE-2017-11176} - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] {CVE-2017-1000111} - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251} - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586047] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586022] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578198] {CVE-2017-9242} - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366022] {CVE-2017-7645} IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-12190 CVE-2017-7889 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.1] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 23320090] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 24337879] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) [Orabug: 25102637] - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) [Orabug: 25102637] - RDS: Print failed rdma op details if failure is remote access error (Rama Nichanamatlu) [Orabug: 25440316] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] {CVE-2017-2671} - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592013] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26650039] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675934] {CVE-2017-7889} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797307] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069045] {CVE-2017-12190} - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489} - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643562] {CVE-2017-11176} - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011278] {CVE-2017-7542} - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002453] {CVE-2017-1000111} - mlx4_core: calculate log_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867355] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867355] - fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) [Orabug: 26870958] {CVE-2017-1000253} - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796428] {CVE-2017-1000251} - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638926] {CVE-2017-1000365} {CVE-2017-1000365} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586050] {CVE-2016-10200} - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586024] {CVE-2016-9685} - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578202] {CVE-2017-9242} - selinux: quiet the filesystem labeling behavior message (Paul Moore) [Orabug: 25721485] - RDS/IB: active bonding port state fix for intfs added late (Mukesh Kacker) [Orabug: 25875426] - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25891914] {CVE-2017-7273} - udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Check length of extended attributes and allocation descriptors (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722] {CVE-2015-4167} - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102] {CVE-2014-9710} - Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug: 25948102] {CVE-2014-9710} - net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686} - xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445] - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 25975513] - PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 25975513] - ipv4: try to cache dst_entries which would cause a redirect (Hannes Frederic Sowa) [Orabug: 26032377] {CVE-2015-1465} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326145] {CVE-2017-1000364} - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366024] {CVE-2017-7645} - dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug: 25645229] - xen/manage: Always freeze/thaw processes when suspend/resuming (Ross Lagerwall) [Orabug: 25795530] - lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25955028] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2017-2671 CVE-2017-7889 CVE-2017-12190 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.1] - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (Eryu Guan) [Orabug: 27233471] [4.1.12-112.13.1] - cgroup: make sure a parent css isnt offlined before its children (Tejun Heo) [Orabug: 27179269] [4.1.12-112.12.1] - ctf: allow dwarf2ctf to run as root but produce no output (Nick Alcock) [Orabug: 27133094] - net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215221] {CVE-2017-16650} - ctf: fix thinko preventing linking of out-of-tree modules when CTF is off (Nick Alcock) [Orabug: 27215293] - Revert 'firmware: dmi_scan: add SBMIOS entry and DMI tables' (Dan Duval) [Orabug: 27100376] [4.1.12-112.11.1] - mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200880] {CVE-2017-1000405} - uek-rpm: Update linux firmware package for OL7 (Dhaval Giani) [Orabug: 27210206] - uek-rpm: Update firmware for OL6 UEK spec file (Dhaval Giani) [Orabug: 27210204] - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187218] - xen/time: do not decrease steal time after live migration on xen (Dongli Zhang) [Orabug: 26770163] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148272] {CVE-2017-16527} - scsi: qla2xxx: Fix NULL pointer access due to redundant fc_host_port_name call (Quinn Tran) [Orabug: 27149785] - scsi: qla2xxx: Initialize Work element before requesting IRQs (Himanshu Madhani) [Orabug: 27149785] - scsi: qla2xxx: Fix uninitialized work element (Quinn Tran) [Orabug: 27149785] [4.1.12-112.10.1] - Revert 'Improves clear_huge_page() using work queues' (Jack Vogel) [Orabug: 27055693] - packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649} - packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649} - net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069060] {CVE-2017-15649} - packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069060] {CVE-2017-15649} - refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069060] {CVE-2017-15649} - locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069060] {CVE-2017-15649} - scsi: qla2xxx: Fix slow mem alloc behind lock (Quinn Tran) [Orabug: 27100873] [4.1.12-112.9.1] - xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() (Jan Kara) [Orabug: 26862911] - xfs: Fix missed holes in SEEK_HOLE implementation (Jan Kara) [Orabug: 26862911] - ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff() (Jan Kara) [Orabug: 26862911] - ext4: fix SEEK_HOLE (Jan Kara) [Orabug: 26862911] - rtc: cmos: century support (Sylvain Chouleur) [Orabug: 27025943] - ocfs2: code clean up for direct io (Ryan Ding) [Orabug: 27117733] - scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119610] - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 26326914] [4.1.12-112.8.1] - uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] - uek-rpm: Add more missing modules to OL7 ueknano (Somasundaram Krishnasamy) [Orabug: 27028326] - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069034] {CVE-2017-12190} - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069034] {CVE-2017-12190} - usb: Quiet down false peer failure messages (Don Zickus) [Orabug: 26669801] - ovl: during copy up, switch to mounters creds early (Vivek Goyal) [Orabug: 27052885] - ovl: lookup: do getxattr with mounters permission (Miklos Szeredi) [Orabug: 27052885] - ovl: get rid of the dead code left from broken (and disabled) optimizations (Al Viro) [Orabug: 27052885] - selinux: Implement dentry_create_files_as() hook (Vivek Goyal) [Orabug: 27052885] - security, overlayfs: Provide hook to correctly label newly created files (Vivek Goyal) [Orabug: 27052885] - selinux: Pass security pointer to determine_inode_label() (Vivek Goyal) [Orabug: 27052885] - selinux: Implementation for inode_copy_up_xattr() hook (Vivek Goyal) [Orabug: 27052885] - security,overlayfs: Provide security hook for copy up of xattrs for overlay file (Vivek Goyal) [Orabug: 27052885] - selinux: Implementation for inode_copy_up() hook (Vivek Goyal) [Orabug: 27052885] - security, overlayfs: provide copy up security hook for unioned files (Vivek Goyal) [Orabug: 27052885] - selinux: delay inode label lookup as long as possible (Paul Moore) [Orabug: 27052885] - selinux: Add accessor functions for inode->i_security (Andreas Gruenbacher) [Orabug: 27052885] - selinux: Create a common helper to determine an inode label [ver #3] (David Howells) [Orabug: 27052885] - KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27056291] - KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27056291] - KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27056291] - KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27056291] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077793] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077793] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077793] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077793] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077793] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] - uek-rpm: add update-el-x86; fix-up ol6/update-el (Chuck Anderson) [Orabug: 26844981] - xscore: add dma address check (Zhu Yanjun) [Orabug: 26994454] - qla2xxx: Update driver version to 9.00.00.00.40.0-k (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix delayed response to command for loop mode/direct connect. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Use IOCB interface to submit non-critical MBX. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Add async new target notification (Quinn Tran) [Orabug: 26844197] - qla2xxx: Allow relogin to proceed if remote login did not finish (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix sess_lock & hardware_lock lock order problem. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix inadequate lock protection for ABTS. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix request queue corruption. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix memory leak for abts processing (Quinn Tran) [Orabug: 26844197] - scsi: qla2xxx: Fix ql_dump_buffer (Joe Perches) [Orabug: 26844197] - scsi: qla2xxx: Fix response queue count for Target mode. (Michael Hernandez) [Orabug: 26844197] - scsi: qla2xxx: Cleaned up queue configuration code. (Michael Hernandez) [Orabug: 26844197] - qla2xxx: Fix a warning reported by the 'smatch' static checker (Quinn Tran) [Orabug: 26844197] - qla2xxx: Simplify usage of SRB structure in driver (Bart Van Assche) [Orabug: 26844197] - qla2xxx: Simplify usage of SRB structure in driver (Joe Carnuccio) [Orabug: 26844197] - qla2xxx: Improve RSCN handling in driver (Quinn Tran) [Orabug: 26844197] - qla2xxx: Add framework for async fabric discovery (Quinn Tran) [Orabug: 26844197] - qla2xxx: Track I-T nexus as single fc_port struct (Quinn Tran) [Orabug: 26844197] - qla2xxx: introduce a private sess_kref (Christoph Hellwig) [Orabug: 26844197] - qla2xxx: Use d_id instead of s_id for more clarity (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix wrong argument in sp done callback (Quinn Tran) [Orabug: 26844197] - qla2xxx: Remove SRR code (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Cleanup TMF code translation from qla_target (Quinn Tran) [Orabug: 26844197] - qla2xxx: Disable out-of-order processing by default in firmware (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix erroneous invalid handle message (Quinn Tran) [Orabug: 26844197] - qla2xxx: Reduce exess wait during chip reset (Quinn Tran) [Orabug: 26844197] - qla2xxx: Terminate exchange if corrupted (Quinn Tran) [Orabug: 26844197] - qla2xxx: Fix crash due to null pointer access (Quinn Tran) [Orabug: 26844197] - qla2xxx: Collect additional information to debug fw dump (Quinn Tran) [Orabug: 26844197] - qla2xxx: Reset reserved field in firmware options to 0 (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Include ATIO queue in firmware dump when in target mode (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Fix wrong IOCB type assumption (Quinn Tran) [Orabug: 26844197] - qla2xxx: Add DebugFS node for target sess list. (Quinn Tran) [Orabug: 26844197] - tcm_qla2xxx: Convert to target_alloc_session usage (Nicholas Bellinger) [Orabug: 26844197] - qla2xxx: Use ATIO type to send correct tmr response (Swapnil Nagle) [Orabug: 26844197] - qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM (Quinn Tran) [Orabug: 26844197] - qla2xxx: Move atioq to a different lock to reduce lock contention (Quinn Tran) [Orabug: 26844197] - qla2xxx: Remove dependency on hardware_lock to reduce lock contention. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Wait for all conflicts before acking PLOGI (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: Delete session if initiator is gone from FW (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: Added interface to send explicit LOGO. (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: Add FW resource count in DebugFS. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Enable Target counters in DebugFS. (Himanshu Madhani) [Orabug: 26844197] - qla2xxx: terminate exchange when command is aborted by LIO (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: drop cmds/tmrs arrived while session is being deleted (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: disable scsi_transport_fc registration in target mode (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: added sess generations to detect RSCN update races (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: Abort stale cmds on qla_tgt_wq when plogi arrives (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: delay plogi/prli ack until existing sessions are deleted (Alexei Potashnik) [Orabug: 26844197] - qla2xxx: cleanup cmd in qla workqueue before processing TMR (Swapnil Nagle) [Orabug: 26844197] - qla2xxx: Add flush after updating ATIOQ consumer index. (Quinn Tran) [Orabug: 26844197] - qla2xxx: Enable target mode for ISP27XX (Himanshu Madhani) [Orabug: 26844197] [4.1.12-112.7.1] - x86/platform/uv: Fix kdump for UV (Kirtikar Kashyap) [Orabug: 27031280] - firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) [Orabug: 27045425] - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050237] {CVE-2017-12192} - NFS: Add static NFS I/O tracepoints (Chuck Lever) - Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052680] - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Adding support for SAS3616 HBA device (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Display chassis slot information of the drive (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Updated MPI headers to v2.00.48 (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Reduce memory footprint in kdump kernel (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Fixed memory leaks in driver (Sreekanth Reddy) [Orabug: 26894579] - scsi: mpt3sas: Processing of Cable Exception events (Sreekanth Reddy) [Orabug: 26894579] - storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044703] - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036905] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - uek-rpm: Update kernel-ueknanos provides list. (Somasundaram Krishnasamy) [Orabug: 27022769] - uek-rpm: Add more modules to ueknano for OL7 (Somasundaram Krishnasamy) [Orabug: 27015961] - selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001687] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618} - dtrace: Add CTF archive to the UEK nano package (Tomas Jedlicka) [Orabug: 27039123] - Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Dhaval Giani) [Orabug: 27037801] - thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 26763484] [4.1.12-112.6.1] - ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 26808507] - rds: Proper init/exit declaration for module init/exit function (Ka-Cheong Poon) [Orabug: 26937730] - rds: Remove .exit from struct rds_transport (Ka-Cheong Poon) [Orabug: 26937730] - smartpqi: update driver version (Don Brace) [Orabug: 26882397] - smartpqi: cleanup raid map warning message (Kevin Barnett) [Orabug: 26882397] - smartpqi: update controller ids (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: remove the smp_handler stub (Christoph Hellwig) [Orabug: 26882397] - scsi: smartpqi: change driver version to 1.1.2-125 (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: add in new controller ids (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: update kexec and power down support (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: cleanup doorbell register usage. (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: update pqi passthru ioctl (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: enhance BMIC cache flush (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: add pqi reset quiesce support (Kevin Barnett) [Orabug: 26882397] - scsi: smartpqi: make pdev pointer names consistent (Kevin Barnett) [Orabug: 26882397] - udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 26921314] {CVE-2017-1000112} - be2net: fix TSO6/GSO issue causing TX-stall on Lancer/BEx (Suresh Reddy) [Orabug: 26928620] - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011248] {CVE-2017-7542} - xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013239] - nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26929569] [4.1.12-112.5.1] - uek-rpm: Build kernel ueknano rpm for OL7 (Somasundaram Krishnasamy) [Orabug: 26803594] - uek/config: enable NVME SG_IO support by default (Shan Hai) [Orabug: 26981802] - nvme: report the scsi TUR state correctly (Shan Hai) [Orabug: 26981802] - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesnt parse nlmsg properly (Xin Long) [Orabug: 26988631] {CVE-2017-14489} - CVE-2016-10318 missing authorization check fscrypt_process_policy (Jack Vogel) [Orabug: 26989776] - ovl: fix get_acl() on tmpfs (Miklos Szeredi) [Orabug: 26975443] [4.1.12-112.2.1] - ixgbe: Initialize 64-bit stats seqcounts (Florian Fainelli) [Orabug: 26785078] - ixgbe: Disable flow control for XFI (Tony Nguyen) [Orabug: 26785078] - ixgbe: Do not support flow control autonegotiation for X553 (Tony Nguyen) [Orabug: 26785078] - ixgbe: Update NW_MNG_IF_SEL support for X553 (Tony Nguyen) [Orabug: 26785078] - ixgbe: Enable LASI interrupts for X552 devices (Tony Nguyen) [Orabug: 26785078] - ixgbe: Ensure MAC filter was added before setting MACVLAN (Tony Nguyen) [Orabug: 26785078] - ixgbe: pci_set_drvdata must be called before register_netdev (Jeff Mahoney) [Orabug: 26785078] - ixgbe: Resolve cppcheck format string warning (Tony Nguyen) [Orabug: 26785078] - ixgbe: fix writes to PFQDE (Emil Tantilov) [Orabug: 26785078] - ixgbevf: Bump version number (Tony Nguyen) [Orabug: 26785078] - ixgbe: Bump version number (Tony Nguyen) [Orabug: 26785078] - ixgbe: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785078] - ixgbe: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785078] - ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785078] - ixgbe: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785078] - net: better skb->sender_cpu and skb->napi_id cohabitation (Eric Dumazet) [Orabug: 26953388] [Orabug: 26591689] - uek-rpm: Clean up installed directories when uninstalling kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 26929773] - uek-rpm: Add missing ko modules to nano rpm (Somasundaram Krishnasamy) [Orabug: 26929773] - i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Jacob Keller) [Orabug: 26785018] - i40e: avoid NVM acquire deadlock during NVM update (Anjali Singhai Jain) [Orabug: 26785018] - i40e/i40evf: avoid dynamic ITR updates when polling or low packet rate (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: remove ULTRA latency mode (Jacob Keller) [Orabug: 26785018] - i40e: invert logic for checking incorrect cpu vs irq affinity (Jacob Keller) [Orabug: 26785018] - i40e: initialize our affinity_mask based on cpu_possible_mask (Jacob Keller) [Orabug: 26785018] - i40e: move enabling icr0 into i40e_update_enable_itr (Jacob Keller) [Orabug: 26785018] - i40e: remove workaround for resetting XPS (Jacob Keller) [Orabug: 26785018] - i40e: Fix for unused value issue found by static analysis (Carolyn Wyborny) [Orabug: 26785018] - i40e: 25G FEC status improvements (Mariusz Stachura) [Orabug: 26785018] - i40e: force VMDQ device name truncation (Jacob Keller) [Orabug: 26785018] - i40evf: fix possible snprintf truncation of q_vector->name (Jacob Keller) [Orabug: 26785018] - i40e: Use correct flag to enable egress traffic for unicast promisc (Akeem G Abodunrin) [Orabug: 26785018] - i40e: prevent snprintf format specifier truncation (Jacob Keller) [Orabug: 26785018] - i40e: Store the requested FEC information (Mariusz Stachura) [Orabug: 26785018] - i40e: Update state variable for adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: synchronize nvmupdate command and adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: prevent changing ITR if adaptive-rx/tx enabled (Alan Brady) [Orabug: 26785018] - i40evf: use netdev variable in reset task (Alan Brady) [Orabug: 26785018] - i40e: move check for avoiding VID=0 filters into i40e_vsi_add_vlan (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: use cmpxchg64 when updating private flags in ethtool (Jacob Keller) [Orabug: 26785018] - i40e: Detect ATR HW Evict NVM issue and disable the feature (Anjali Singhai Jain) [Orabug: 26785018] - i40e: Fix a bug with VMDq RSS queue allocation (Anjali Singhai Jain) [Orabug: 26785018] - i40evf: prevent VF close returning before state transitions to DOWN (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: Initialize 64-bit statistics TX ring seqcount (Florian Fainelli) [Orabug: 26785018] - i40e: handle setting administratively set MAC address back to zero (Stefan Assmann) [Orabug: 26785018] - i40evf: remove unnecessary __packed (Tushar Dave) [Orabug: 26785018] - i40evf: add some missing includes (Jesse Brandeburg) [Orabug: 26785018] - i40e: display correct UDP tunnel type name (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: remove mismatched type warnings (Jesse Brandeburg) [Orabug: 26785018] - i40e/i40evf: make IPv6 ATR code clearer (Jesse Brandeburg) [Orabug: 26785018] - i40e: fix odd formatting and indent (Jesse Brandeburg) [Orabug: 26785018] - i40e: fix up 32 bit timespec references (Jesse Brandeburg) [Orabug: 26785018] - i40e: Handle admin Q timeout when releasing NVM (Paul M Stillwell Jr) [Orabug: 26785018] - i40e: remove WQ_UNBOUND and the task limit of our workqueue (Jacob Keller) [Orabug: 26785018] - i40e: Fix for trace found with S4 state (Carolyn Wyborny) [Orabug: 26785018] - i40e: fix incorrect variable assignment (Gustavo A R Silva) [Orabug: 26785018] - i40e: dont hold RTNL lock for the entire reset (Jacob Keller) [Orabug: 26785018] - i40e: clear only cause_ena bit (Shannon Nelson) [Orabug: 26785018] - i40e: fix disabling overflow promiscuous mode (Alan Brady) [Orabug: 26785018] - i40e: Add support for OEM firmware version (Filip Sadowski) [Orabug: 26785018] - i40e: genericize the partition bandwidth control (Shannon Nelson) [Orabug: 26785018] - i40e: Add message for unsupported MFP mode (Carolyn Wyborny) [Orabug: 26785018] - i40e: Support firmware CEE DCB UP to TC map re-definition (Greg Bowers) [Orabug: 26785018] - i40e: Fix potential out of bound array access (Sudheer Mogilappagari) [Orabug: 26785018] - i40e: comment that udp_port must be in host byte order (Jacob Keller) [Orabug: 26785018] - i40e: use dev_dbg instead of dev_info when warning about missing routine (Jacob Keller) [Orabug: 26785018] - i40e/i40evf: update WOL and I40E_AQC_ADDR_VALID_MASK flags (Alice Michael) [Orabug: 26785018] - i40evf: assign num_active_queues inside i40evf_alloc_queues (Jacob Keller) [Orabug: 26785018] - i40e: Fix a sleep-in-atomic bug (Jia-Ju Bai) [Orabug: 26785018] - i40e: fix handling of HW ATR eviction (Jacob Keller) [Orabug: 26785018] - i40evf: update i40evf.txt with new content (Jesse Brandeburg) [Orabug: 26785018] - i40evf: Add support for Adaptive Virtual Function (Preethi Banala) [Orabug: 26785018] - i40evf: drop i40e_type.h include (Jesse Brandeburg) [Orabug: 26785018] - i40e: Check for memory allocation failure (Christophe Jaillet) [Orabug: 26785018] - i40e: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785018] - i40e: use pf data structure directly in i40e_ptp_rx_hang (Jacob Keller) [Orabug: 26785018] - i40e: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785018] - i40e: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785018] - i40e: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785018] - i40evf: disable unused flags (Jesse Brandeburg) [Orabug: 26785018] - i40evf: fix merge error in older patch (Jesse Brandeburg) [Orabug: 26785018] - i40evf: fix duplicate lines (Jesse Brandeburg) [Orabug: 26785018] - i40evf: hide unused variable (Arnd Bergmann) [Orabug: 26785018] - i40evf: allocate queues before we setup the interrupts and q_vectors (Jacob Keller) [Orabug: 26785018] - i40evf: remove I40E_FLAG_FDIR_ATR_ENABLED (Jacob Keller) [Orabug: 26785018] - i40e: remove hw_disabled_flags in favor of using separate flag bits (Jacob Keller) [Orabug: 26785018] - i40evf: remove needless min_t() on num_online_cpus()*2 (Jacob Keller) [Orabug: 26785018] - i40e: remove unnecessary msleep() delay in i40e_free_vfs (Jacob Keller) [Orabug: 26785018] - i40e: amortize wait time when disabling lots of VFs (Jacob Keller) [Orabug: 26785018] - i40e: Reprogram port offloads after reset (Alexander Duyck) [Orabug: 26785018] - i40e: rename index to port to avoid confusion (Jacob Keller) [Orabug: 26785018] - i40e: make use of i40e_reset_all_vfs when initializing new VFs (Jacob Keller) [Orabug: 26785018] - i40e: properly spell I40E_VF_STATE_* flags (Jacob Keller) [Orabug: 26785018] - i40e: use i40e_stop_rings_no_wait to implement PORT_SUSPENDED state (Jacob Keller) [Orabug: 26785018] - i40e: reset all VFs in parallel when rebuilding PF (Jacob Keller) [Orabug: 26785018] - i40e: split some code in i40e_reset_vf into helpers (Jacob Keller) [Orabug: 26785018] - i40e: remove I40E_FLAG_IN_NETPOLL entirely (Jacob Keller) [Orabug: 26785018] - i40e: reduce wait time for adminq command completion (Jacob Keller) [Orabug: 26785018] - i40e: fix CONFIG_BUSY checks in i40e_set_settings function (Jacob Keller) [Orabug: 26785018] - i40e: factor out queue control from i40e_vsi_control_(tx|rx) (Jacob Keller) [Orabug: 26785018] - i40e: dont hold RTNL lock while waiting for VF reset to finish (Jacob Keller) [Orabug: 26785018] - i40e: new AQ commands (Jingjing Wu) [Orabug: 26785018] - i40e/i40evf: Add tracepoints (Scott Peterson) [Orabug: 26785018] - i40evf: add client interface (Mitch Williams) [Orabug: 26785018] - i40e: dump VF information in debugfs (Mitch Williams) [Orabug: 26785018] - i40e: Fix support for flow director programming status (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Remove VF Rx csum offload for tunneled packets (alice michael) [Orabug: 26785018] - i40evf: Use net_device_stats from struct net_device (Tobias Klauser) [Orabug: 26785018] - i40e: clean up historic deprecated flag definitions (Jacob Keller) [Orabug: 26785018] - i40e: remove I40E_FLAG_NEED_LINK_UPDATE (Alice Michael) [Orabug: 26785018] - i40e: remove extraneous loop in i40e_vsi_wait_queues_disabled (Jacob Keller) [Orabug: 26785018] - i40e: Simplify i40e_detect_recover_hung_queue logic (Alan Brady) [Orabug: 26785018] - i40e: Decrease the scope of rtnl lock (Maciej Sosin) [Orabug: 26785018] - i40e: Swap use of pf->flags and pf->hw_disabled_flags for ATR Eviction (Alexander Duyck) [Orabug: 26785018] - i40e: update error message when trying to add invalid filters (Jacob Keller) [Orabug: 26785018] - i40e: only register client on iWarp-capable devices (Mitch Williams) [Orabug: 26785018] - i40e: close client on remove and shutdown (Mitch Williams) [Orabug: 26785018] - i40e: register existing client on probe (Mitch Williams) [Orabug: 26785018] - i40e: remove client instance on driver unload (Mitch Williams) [Orabug: 26785018] - i40e: fix for queue timing delays (Wyborny, Carolyn) [Orabug: 26785018] - i40e/i40evf: Change the way we limit the maximum frame size for Rx (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Add legacy-rx private flag to allow fallback to old Rx flow (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Pull code for grabbing and syncing rx_buffer from fetch_buffer (Alexander Duyck) [Orabug: 26785018] - i40e/i40evf: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26785018] - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943864] [4.1.12-112.1.0] - x86/mm/64: Enable SWIOTLB if system has SRAT memory regions above MAX_DMA32_PFN (Igor Mammedov) [Orabug: 26754302] - x86/mm: Introduce max_possible_pfn (Igor Mammedov) [Orabug: 26754302] - dtrace lockstat provider probes (Alan Maguire) [Orabug: 26149674] [Orabug: 26149956] - rds: RDS diagnostics when connections are stuck in Receiver Not Ready state. (hui.han) - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26673877] {CVE-2017-10661} - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26540118] {CVE-2017-7541} - crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 25882988] {CVE-2017-7618} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883325] - selftests/memfd: add memfd_create hugetlbfs selftest (Mike Kravetz) [Orabug: 26768367] - mm/shmem: add hugetlbfs support to memfd_create() (Mike Kravetz) [Orabug: 26768367] - mm: shm: use new hugetlb size encoding definitions (Mike Kravetz) [Orabug: 26768367] - mm: arch: consolidate mmap hugetlb size encodings (Mike Kravetz) [Orabug: 26768367] - uapi/Kbuild: add new header file hugetlb_encode.h (Mike Kravetz) [Orabug: 26768367] - mm: hugetlb: define system call hugetlb size encodings in single file (Mike Kravetz) [Orabug: 26768367] - RDS: IB: Change the proxy qps path_mtu to IB_MTU_256 (Avinash Repaka) [Orabug: 26864694] - devpts: clean up interface to pty drivers (Linus Torvalds) [Orabug: 26743034] - tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26646104] - kvm: nVMX: Dont allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154} - dtrace: ensure SDT stub function returns 0 (Kris Van Hees) [Orabug: 26909775] - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26796038] {CVE-2017-14106} - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY (Sabrina Dubroca) [Orabug: 25959303] - rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26376434] {CVE-2017-7482} {CVE-2017-7482} - xen: dont print error message in case of missing Xenstore entry (Juergen Gross) [Orabug: 26841566] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26526968] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26526923] - rds: Fix non-atomic operation on shared flag variable (Hakon Bugge) [Orabug: 26842076] - rds: Fix incorrect statistics counting (Hakon Bugge) [Orabug: 26847583] - i40e: use cpumask_copy instead of direct assignment (Jacob Keller) [Orabug: 26822609] - mm: thp: set THP defrag by default to madvise and add a stall-free defrag option (Mel Gorman) [Orabug: 26587019] - crypto: testmgr - Set struct aead_testvec iv member size to MAX_IVLEN (Somasundaram Krishnasamy) [Orabug: 25925256] - SPEC: remove ctf.ko from ueknano modules list (Nick Alcock) [Orabug: 25815362] - SPEC: generate CTF when DTrace is enabled. (Nick Alcock) [Orabug: 25815362] - SPEC: bump libdtrace-ctf requirement to 0.7+. (Nick Alcock) [Orabug: 25815362] - Documentation: add watermark_scale_factor to the list of vm systcl file (Jerome Marchand) [Orabug: 26643957] - mm: scale kswapd watermarks in proportion to memory (Johannes Weiner) [Orabug: 26643957] - ctf: delete the deduplication blacklist (Nick Alcock) [Orabug: 26765112] - ctf: automate away the deduplication blacklist (Nick Alcock) [Orabug: 26765112] - ctf: drop CONFIG_DT_DISABLE_CTF, ctf.ko, and all that it implies (Nick Alcock) [Orabug: 25815362] - ctf: do not allow dwarf2ctf to run as root (Nick Alcock) [Orabug: 25815362] - ctf: decouple CTF building from the kernel build (Nick Alcock) [Orabug: 25815362] - ctf: handle the bit_offset in members with a DW_FORM_block data_member_location (Nick Alcock) [Orabug: 26387109] - ctf: handle DW_AT_specification (Nick Alcock) [Orabug: 26386100] IMPORTANT Copyright 2017 Oracle, Inc. CVE-2016-10318 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [2.6.32-696.18.7.OL6] - Update genkey [bug 25599697] [2.6.32-696.18.7] - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.18.6] - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.18.5] - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.18.1] - [s390] s390/qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1513314 1467962] - [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1514443 1492220] - [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1514443 1492220] - [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1512425 1497000] - [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1507512 1497152] - [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476122 1476124] {CVE-2017-11176} - [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477008 1477006] {CVE-2017-7542} - [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477008 1477006] {CVE-2017-7542} - [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] gre: fix a possible skb leak (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} [2.6.32-696.17.1] - [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1509876 1435787] - [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1509876 1435787] - [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1509876 1435787] - [fs] nfsd: remove the cache_hash list (Thiago Becker) [1509876 1435787] - [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1509876 1435787] - [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1509876 1435787] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.503.el6_9.4] - Fix CVE-2017-5715 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.10.2-62.0.1.el6_9.1] - Replace docs/et.png in tarball with blank image [0.10.2-62.el6_9.1] - util: Implement virFileReadHeaderFD (CVE-2017-5715) - util: add virFileReadHeaderQuiet wrapper around virFileReadHeaderFD (CVE-2017-5715) - util: introduce virHostCPUGetMicrocodeVersion (CVE-2017-5715) - conf: include x86 microcode version in virsh capabiltiies (CVE-2017-5715) - cpu: add CPU features and model for indirect branch prediction protection (CVE-2017-5715) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [52.5.2-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.5.2-1] - Update to 52.5.2 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7846 CVE-2017-7829 CVE-2017-7847 CVE-2017-7848 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 Oracle Linux 6 [1:1.8.0.161-0.b14] - Update to b14 with updated Zero fix for 8174962 (S8194828) - Resolves: rhbz#1528233 [1:1.8.0.161-0.b13] - Update to b13 including Zero fix for 8174962 (S8194739) and restoring tzdata2017c update - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Add new file cmsalpha.c to %{name}-remove-intree-libraries.sh - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Replace tarballs with version including AArch64 fix for 8174962 (S8194686) - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Switch bootstrap back to java-1.7.0-openjdk on all architectures, depending on RH1482244 fix - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Update to aarch64-jdk8u161-b12 and aarch64-shenandoah-jdk8u161-b12 (mbalao) - Drop upstreamed patches for 8075484 (RH1490713), 8153711 (RH1284948), 8162384 (RH1358661), 8164293 (RH1459641), 8173941, 8175813 (RH1448880), 8175887 and 8180048 (RH1449870).(mbalao) - Resolves: rhbz#1528233 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-2629 CVE-2018-2634 CVE-2018-2641 CVE-2018-2588 CVE-2018-2633 CVE-2018-2579 CVE-2018-2663 CVE-2018-2582 CVE-2018-2637 CVE-2018-2678 CVE-2018-2603 CVE-2018-2602 CVE-2018-2618 CVE-2018-2599 CVE-2018-2677 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [32:9.8.2-0.62.rc1.5] - Fix CVE-2017-3145 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-3145 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 Oracle Linux 6 Oracle Linux 7 [52.6.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.6.0-1] - Update to 52.6.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5095 CVE-2018-5104 CVE-2018-5089 CVE-2018-5091 CVE-2018-5097 CVE-2018-5102 CVE-2018-5103 CVE-2018-5117 CVE-2018-5096 CVE-2018-5098 CVE-2018-5099 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-696.20.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.20.1] - [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] pti/mm: Fix XEN PV boot failure (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.19.1] - [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1523783 1504260] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-9074 CVE-2017-11176 CVE-2017-7542 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [52.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.6.0-1] - Update to 52.6.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5099 CVE-2018-5095 CVE-2018-5104 CVE-2018-5117 CVE-2018-5096 CVE-2018-5098 CVE-2018-5103 CVE-2018-5102 CVE-2018-5097 CVE-2018-5089 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1:1.7.0.171-2.6.13.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.171-2.6.13.0] - Bump to 2.6.13 and u171b01. - Update java-1.7.0-openjdk-java-access-bridge-security.patch to apply after 8186080 - Update RC4 patch (8076221/PR2809) to apply after 8148108 (DH lower limit increase) - Fix file path in rh1022017.patch. - Resolves: rhbz#1528233 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-2637 CVE-2018-2677 CVE-2018-2663 CVE-2018-2599 CVE-2018-2634 CVE-2018-2678 CVE-2018-2588 CVE-2018-2603 CVE-2018-2633 CVE-2018-2579 CVE-2018-2618 CVE-2018-2641 CVE-2018-2602 CVE-2018-2629 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [12:4.1.1-53.P1.0.1.3] - Added oracle-errwarn-message.patch [12:4.1.1-53.P1.3] - Resolves: #1550085 - CVE-2018-5733 Avoid reference overflow <[12:4.1.1-53.P1.2 - Resolves: #1550083 - CVE-2018-5732 Avoid options buffer overflow IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5733 CVE-2018-5732 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [3:2.1.12-26.3] - Related: #1545967 - Add missed import [3:2.1.12-26.2] - Resolves: #1545967 - Fix XSS vulnerability in web UI. Add sanitizer [3:2.1.12-26.1] - Resolves: #1545967 - Fix XSS vulnerability in web UI MODERATE Copyright 2018 Oracle, Inc. CVE-2018-5950 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [2.6.32-696.23.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.23.1] - [scsi] avoid a permanent stop of the scsi device's request queue (Ewan Milne) [1519857 1513455] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1543022 1535645] - [x86] retpoline: Don't use kernel indirect thunks in vsyscalls (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1543022 1535645] - [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1543022 1535645] - [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1543022 1535645] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1543022 1535645] - [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1543022 1535645] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1543022 1535645] - [x86] Use IBRS for firmware update path (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1543022 1535645] - [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1543022 1535645] - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1543022 1535645] - [x86] mce: Make machine check speculation protected (Waiman Long) [1543022 1535645] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1543022 1535645] - [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1543022 1535645] - [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1543022 1535645] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1543022 1535645] - [x86] retpoline: Add initial retpoline support (Waiman Long) [1543022 1535645] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1543022 1535645] - [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12] (Waiman Long) [1543022 1535645] - [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1543022 1535645] - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1543022 1535645] - [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1543022 1535645] - [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1543022 1535645] - [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1543022 1535645] - [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1543022 1535645] - [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1543022 1535645] - [x86] alternatives: Document macros (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1543022 1535645] - [x86] alternatives: Add instruction padding (Waiman Long) [1543022 1535645] (Waiman Long) [1543022 1535645] - [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1543022 1535645] - [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1543022 1535645] - [x86] Make .altinstructions bit size neutral (Waiman Long) [1543022 1535645] - [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1543022 1535645] - [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1543022 1535645] [2.6.32-696.22.1] - [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [1527811 988988] - [mm] don't return 0 too early from find_get_pages() (Ian Kent) [1527811 988988] - [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1527802 1503322] - [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1531720 1538543] - [powerpc] Prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1531720 1538543] - [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1532733 1538542] - [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1532733 1538542] - [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1532733 1538542] - [s390] add ppa to system call and program check path (Hendrik Brueckner) [1532733 1538542] - [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1532733 1538542] - [s390] introduce CPU alternatives (Hendrik Brueckner) [1532733 1538542] [2.6.32-696.21.1] - [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1535938 1532786] IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 Oracle Linux 6 [1.2.11-15-94] - Release 1.2.11.15-94 - Resolves: Bug 1544415 - CVE-2017-15135 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (fix cherry-pick error) [1.2.11-15-93] - Release 1.2.11.15-93 - Resolves: Bug 1544415 - CVE-2017-15135 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c - Resolves: Bug 1543798 - EMBARGOED CVE-2018-1054 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c [1.2.11-15-92] - Release 1.2.11.15-92 - Resolves: Bug 1543798 - EMBARGOED CVE-2018-1054 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1054 CVE-2017-15135 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.503.el6_9.5] - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501296] - Resolves: bz#1501296 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-6.9.z]) MODERATE Copyright 2018 Oracle, Inc. CVE-2017-15289 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 Oracle Linux 6 [1:4.3.7.2-2.0.1.2] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile (jingdong.lu@oracle.com) - Build with --with-vendor='Oracle America, Inc.' (jingdong.lu@oracle.com) [1:4.3.7.2-2.2] - Resolves: rhbz#1545033 CVE-2018-6871 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-6871 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [52.7.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.7.0-1] - Update to 52.7.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5131 CVE-2018-5145 CVE-2018-5129 CVE-2018-5125 CVE-2018-5144 CVE-2018-5127 CVE-2018-5130 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [52.7.2-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.7.2-1] - Update to 52.7.2 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5146 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [52.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.7.0-1] - Update to 52.7.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5125 CVE-2018-5129 CVE-2018-5145 CVE-2018-5127 CVE-2018-5146 CVE-2018-5144 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.2.3-5.1] - Backport fix for CVE-2018-5146 [1.2.3-5] - fix CVE-2012-0444 (#787077) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5146 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [52.7.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.7.3-1] - Update to 52.7.3 ESR IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5148 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.7.5-4] - Fix and enable tests (%check). - Backport a change which makes tests exit with nonzero status when they fail. - Add a fix for upstream tests for CVE-2018-7750 (broken in previous). [1.7.5-3] - Fix a security flaw (CVE-2018-7750) in Paramiko's server mode (emphasis on **server** mode; this does **not** impact *client* use!) Backported from 1.10: https://gist.github.com/stevebeattie/0eb190004e10ba0926ad8782f89676ad Resolves #1557140 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-7750 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [1:1.8.0.171-3.b10] - Cleanup from previous commit. - Resolves: rhbz#1559766 [1:1.8.0.171-2.b10] - Backported from fedora: aarch64BuildFailure.patch, rhbz_1536622-JDK8197429-jdk8.patch, rhbz_1540242.patch - Resolves: rhbz#1559766 [1:1.8.0.171-0.b10] - Update to aarch64-jdk8u171-b10. - Resolves: rhbz#1559766 [1:1.8.0.162-0.b12] - Update to aarch64-jdk8u162-b12. - Resolves: rhbz#1559766 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-2795 CVE-2018-2799 CVE-2018-2794 CVE-2018-2798 CVE-2018-2814 CVE-2018-2797 CVE-2018-2800 CVE-2018-2790 CVE-2018-2796 CVE-2018-2815 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6-8] - Fixed year overflow detected in rpmdiff [2.6-7] - Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1000156 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [1.2.7-3.1] - fixed CVE-2018-1000140 - resolved: rhbz#1561230 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1000140 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [1:1.7.0.181-2.6.14.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.181-2.6.14.1] - Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones - Resolves: rhbz#1559766 [1:1.7.0.181-2.6.14.0] - Bump to 2.6.14 and u181b00. - Drop 8197981 Zero 32-bit patch now applied upstream. - Update RC4 patch (8076221/PR2809) to apply after 8175075 (disable 3DES) - Resolves: rhbz#1559766 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-2790 CVE-2018-2814 CVE-2018-2798 CVE-2018-2799 CVE-2018-2796 CVE-2018-2800 CVE-2018-2797 CVE-2018-2815 CVE-2018-2794 CVE-2018-2795 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-696.28.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.28.1] - [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897} - [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1569141 1568241] [2.6.32-696.27.1] - [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1565989 1559386] - [x86] pti/32: Don't use trampoline stack on Xen PV (Waiman Long) [1568327 1562725] - [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1568327 1562725] - [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1568327 1562725] - [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1568327 1562725] - [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1568327 1562725] - [x86] entry: Remove extra argument in call instruction (Waiman Long) [1568332 1562552] - [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1568332 1562552] - [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1568535 1558845] - [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1568535 1558845] - [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1568535 1558845] - [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1568535 1558845] - [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1568535 1558845] [2.6.32-696.26.1] - [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1557477 1520860] - [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1561441 1557562] {CVE-2017-5754} - [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Restore segments before int registers (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Unshare NMI return path (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1553283 1550599] {CVE-2017-5754} [2.6.32-696.25.1] - [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1557896 1535024] - [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1557896 1535024] - [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1557896 1535024] - [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1557896 1535024] - [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520818 1520817] {CVE-2017-8824} - [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447640 1447641] {CVE-2017-7645} - [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1552706 1437991] - [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1551471 1495167] - [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1551471 1495167] - [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1540481 1538340] - [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1538654 1408108] - [s390] fix transactional execution control register handling (Hendrik Brueckner) [1538591 1520862] - [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1538586 1518669] - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548429 1548432] {CVE-2017-13166} - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548429 1548432] {CVE-2017-13166} - [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543089 1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543089 1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543089 1543091] {CVE-2017-18017} - [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519627 1519626] {CVE-2017-1000410} [2.6.32-696.24.1] - [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1551475 1212959] - [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1551475 1212959] - [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1551475 1212959] - [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1551475 1212959] - [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1551475 1212959] - [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1550103 1532167] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7645 CVE-2017-13166 CVE-2017-1000410 CVE-2017-18017 CVE-2018-8897 CVE-2017-8824 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 Oracle Linux 6 [1.2.11.15-95] - Bump version to 1.2.11-15-95 - Resolves: Bug 1562152 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1089 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [52.8.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.8.0-1] - Update to 52.8.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5158 CVE-2018-5178 CVE-2018-5155 CVE-2018-5157 CVE-2018-5154 CVE-2018-5159 CVE-2018-5183 CVE-2018-5150 CVE-2018-5168 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [12:4.1.1-53.P1.0.1.4] - Added oracle-errwarn-message.patch [12:4.1.1-53.P1.el6_9.4] - Resolves: #1570897 - Fix comamnd execution in NM script (CVE-2018-1111) CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1111 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.181-2.6.14.8.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.181-2.6.14.8] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578550 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.8.0.171-8.b10] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578545 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [2.6.32-696.30.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.30.1] - [x86] x86/kvm: fix CPUID_7_EDX (word 18) mask (Jan Stancek) [1566893 1566899] {CVE-2018-3639} [2.6.32-696.29.1] - [x86] x86/spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Rename _RDS to _SSBD (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [kernel] prctl: Add speculation control prctls (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/kvm: Expose the RDS bit to the guest (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1573176 1572487] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.503.el6_9.6] - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574067] - Resolves: bz#1574067 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-6.9.z]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [0.10.2-62.0.1.el6_9.2] - Replace docs/et.png in tarball with blank image [0.10.2-62.el6_9.2] - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [52.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.8.0-2] - Update to 52.8.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5150 CVE-2018-5178 CVE-2018-5161 CVE-2018-5162 CVE-2018-5155 CVE-2018-5168 CVE-2018-5170 CVE-2018-5159 CVE-2018-5184 CVE-2018-5185 CVE-2018-5154 CVE-2018-5183 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [3.2.8-45.0.1.el6_9.3 ] - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug (Konrad Rzeszutek Wilk) [bug 18011019] [3.2.8-45.el6_9.3] - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves: CVE-2018-1124 [3.2.8-45.el6_9.2] - fix integer overflows leading to heap overflow in file2strvec() - Resolves: CVE-2018-1124 CVE-2018-1126 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1124 CVE-2018-1126 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [3.0-4.17] - Rebase patch to avoid orig files in source JAR - Related: CVE-2016-5003 [3.0-4.16] - Disallow deserialization of <ex:serializable> tags by default - Resolves: CVE-2016-5003 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-5003 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.OL6] - Update genkey [bug 25599697] [2.6.32-754] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639} - [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639} - [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639} - [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639} - [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494] - [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351] - [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148] - [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130} - [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130} [2.6.32-753] - [x86] vm86-32: Properly set up vm86-32 stack for task switching (Waiman Long) [1572865] - [x86] spec_ctrl: Enable IBRS and RSB stuffing in 32-bit interrupts (Waiman Long) [1571362] - [x86] entry/32: Fix regressions in 32-bit debug exception (Waiman Long) [1571362] [2.6.32-752] - [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1572487] - [fs] fix WARNING in rmdir() (Miklos Szeredi) [1282117] - [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1571357] - [net] security: export security_sk_clone (Marcelo Leitner) [1571357] [2.6.32-751] - [md] dm thin: fix regression that caused discards to be disabled if passdown was (Mike Snitzer) [1569377] - [s390] configs: enable auto expoline support (Hendrik Brueckner) [1554959] - [s390] correct nospec auto detection init order (Hendrik Brueckner) [1554959] - [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1554959] - [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1554959] - [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1554959] - [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1554959] - [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1554959] - [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1554959] - [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1554959] - [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1554959] - [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1554959] - [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1554959] - [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1554959] - [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1568241] - [net] sctp: verify size of a new chunk in _sctp_make_chunk() (Stefano Brivio) [1551908] {CVE-2018-5803} [2.6.32-750] - [fs] fuse: fix punching hole with unaligned end (Miklos Szeredi) [1387473] {CVE-2017-15121} - [documentation] kdump: fix documentation about panic_on_warn to match r (Pingfan Liu) [1555196] - [fs] Provide sane values for nlink (Leif Sahlberg) [1554342] [2.6.32-749] - [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1561788] - [powerpc] Move default security feature flags (Mauricio Oliveira) [1561788] - [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1561788] - [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1561788] - [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1561788] - [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1561788] - [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1561788] - [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1561788] - [lib] seq: Add seq_buf_printf() (Mauricio Oliveira) [1561788] - [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1561786] - [x86] pti/32: Dont use trampoline stack on Xen PV (Waiman Long) [1562725] - [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1562725] - [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1562725] - [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1562725] - [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1562725] - [x86] entry: Remove extra argument in call instruction (Waiman Long) [1562552] - [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1557562 1562552] - [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1558845] - [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1558845] - [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1558845] - [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1558845] - [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1558845] [2.6.32-748] - [mm] fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE (Bhupesh Sharma) [1494380] - [mm] brk: fix min_brk lower bound computation for COMPAT_BRK (Bhupesh Sharma) [1494380] - [mm] split ET_DYN ASLR from mmap ASLR (Bhupesh Sharma) [1494380] - [s390] redefine randomize_et_dyn for ELF_ET_DYN_BASE (Bhupesh Sharma) [1494380] - [mm] expose arch_mmap_rnd when available (Bhupesh Sharma) [1494380] - [s390] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [s390] mmap: randomize mmap base for bottom up direction (Bhupesh Sharma) [1494380] - [powerpc] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [x86] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: create Kconfig variable for PIE randomization (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: PIE: make PF_RANDOMIZE check comment more accurate (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: fix PIE execution with randomization disabled (Bhupesh Sharma) [1494380] - [acpi] acpica: Support calling _REG methods within ACPI interpreter (Lenny Szubowicz) [1522849] - [acpi] acpica: Function to test if ACPI interpreter already entered (Lenny Szubowicz) [1522849] - [acpi] acpica: Function to test if ACPI mutex held by this thread (Lenny Szubowicz) [1522849] [2.6.32-747] - [fs] gfs2: Check for the end of metadata in trunc_dealloc (Robert S Peterson) [1559928] - [fs] gfs2: clear journal live bit in gfs2_log_flush (Robert S Peterson) [1559928] - [netdrv] vmxnet3: fix tx data ring copy for variable size (Neil Horman) [1530378] - [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1559386] - [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1554631] - [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1554631] - [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1554630] - [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1554630] - [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1554630] [2.6.32-746] - [dm] fix race between dm_get_from_kobject() and __dm_destroy() (Mike Snitzer) [1551999] {CVE-2017-18203} - [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1557562] - [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1550599] {CVE-2017-5754} - [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1550599] {CVE-2017-5754} - [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1550599] {CVE-2017-5754} - [ipmi] pick up slave address from SMBIOS on an ACPI device (Tony Camuso) [1484525] - [ipmi] fix watchdog timeout set on reboot (Tony Camuso) [1484525] - [ipmi] fix watchdog hang on panic waiting for ipmi response (Tony Camuso) [1484525] - [ipmi] use smi_num for init_name (Tony Camuso) [1484525] - [ipmi] move platform device creation earlier in the initialization (Tony Camuso) [1484525] - [ipmi] clean up printks (Tony Camuso) [1484525] - [ipmi] cleanup error return (Tony Camuso) [1484525] - [md] raid0: apply base queue limits *before* disk_stack_limits (Xiao Ni) [1417294] - [md] raid0: update queue parameter in a safer location (Xiao Ni) [1417294] - [md] raid0: conditional mddev->queue access to suit dm-raid (Xiao Ni) [1417294] - [md] raid0: access mddev->queue (request queue member) conditionally because it is not set when accessed from dm-raid (Xiao Ni) [1417294] [2.6.32-745] - [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1550599] {CVE-2017-5754} - [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1550599] {CVE-2017-5754} - [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1550599] {CVE-2017-5754} - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548432] {CVE-2017-13166} - [scsi] lpfc: Fix crash from memory alloc at interrupt level with GFP_KERNEL set (Dick Kennedy) [1540706] [2.6.32-744] - [dm] io: fix duplicate bio completion due to missing ref count (Mikulas Patocka) [1334224] - [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1399822] - [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1399822] - [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1399822] [2.6.32-743] - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548432] {CVE-2017-13166} - [kernel] cgroup: initialize xattr before calling d_instantiate() (Aristeu Rozanski) [1533523] - [fs] ext*: Dont clear SGID when inheriting ACLs (Andreas Grunbacher) [1473482] - [fs] gfs2: writeout truncated pages (Robert S Peterson) [1331076] - [fs] export __block_write_full_page (Robert S Peterson) [1331076] - [scsi] mark queue as PREEMPT_ONLY before setting quiesce (Ming Lei) [1462959] - [block] call blk_queue_enter() before allocating request (Ming Lei) [1462959] - [block] introduce blk_queue_enter() (Ming Lei) [1462959] - [mm] shmem: replace_page must flush_dcache and others (Waiman Long) [1412337] - [mm] shmem: replace page if mapping excludes its zone (Waiman Long) [1412337] - [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1550599] {CVE-2017-5754} - [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1550599] {CVE-2017-5754} - [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Restore segments before int registers (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Unshare NMI return path (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1550599] {CVE-2017-5754} - [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1550599] {CVE-2017-5754} - [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1550599] {CVE-2017-5754} - [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1550599] {CVE-2017-5754} - [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1550599] {CVE-2017-5754} [2.6.32-742] - [mm] prevent /proc/sys/vm/percpu_pagelist_fraction divide-by-zero (Dave Anderson) [1405879] - [fs] proc: Resolve performance issues with multiple /proc/stat reads (Prarit Bhargava) [1544565] - [fs] nfs: fix pnfs direct write memory leak (Scott Mayhew) [1536900] - [fs] dcache: prevent multiple shrink_dcache_parent() on the same dentry (Miklos Szeredi) [1269288] - [fs] fifo: do not restart open() if it already found a partner (Miklos Szeredi) [1482983] - [audit] reinstate check for failed execve (Denys Vlasenko) [1488822] - [perf] x86/intel/uncore: Make PCI and MSR uncore independent (Jiri Olsa) [1427324] - [perf] fix perf_event_comm() vs. exec() assumption (Jiri Olsa) [1478980] - [lib] prevent BUG in kfree() due to memory exhaustion in __sg_alloc_table() (Larry Woodman) [1454453] - [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1212959] - [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1212959] - [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1212959] - [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1212959] - [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1212959] - [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1495167] - [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1495167] - [fs] gfs2: Defer deleting inodes under memory pressure (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_clear_inode, gfs2_delete_inode: Put glocks asynchronously (Andreas Grunbacher) [1255872] - [fs] gfs2: Get rid of gfs2_set_nlink (Andreas Grunbacher) [1255872] - [fs] add set_nlink() (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_glock_get: Wait on freeing glocks (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_create_inode: Keep glock across iput (Andreas Grunbacher) [1255872] - [fs] gfs2: Clean up glock work enqueuing (Andreas Grunbacher) [1255872] - [fs] gfs2: Protect gl->gl_object by spin lock (Andreas Grunbacher) [1255872] - [fs] gfs2: Get rid of flush_delayed_work in gfs2_clear_inode (Andreas Grunbacher) [1255872] - [fs] revert 'gfs2: Wait for iopen glock dequeues' (Andreas Grunbacher) [1255872] - [fs] gfs2: Fixup to 'Clear gl_object if gfs2_create_inode fails' (Andreas Grunbacher) [1506281] - [scsi] dual scan thread bug fix (Ewan Milne) [1508512] - [scsi] fix our current target reap infrastructure (Ewan Milne) [1508512] - [scsi] bnx2fc: Fix check in SCSI completion handler for timed out request (Chad Dupuis) [1538168] [2.6.32-741] - [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543091] {CVE-2017-18017} - [net] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (Hangbin Liu) [1470559] - [net] sctp: use the right sk after waking up from wait_buf sleep (Hangbin Liu) [1470559] - [net] sctp: do not free asoc when it is already dead in sctp_sendmsg (Hangbin Liu) [1470559] - [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1535024] - [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1535024] - [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1535024] - [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1535024] - [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1532167] - [net] revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (Jesper Brouer) [1508504] - [scsi] lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [1542773] - [scsi] hpsa: update driver version (Joseph Szczypek) [1541517] - [scsi] hpsa: correct resets on retried commands (Joseph Szczypek) [1541517] - [scsi] hpsa: rescan later if reset in progress (Joseph Szczypek) [1541517] [2.6.32-740] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1535645] - [x86] retpoline: Dont use kernel indirect thunks in vsyscalls (Waiman Long) [1535645] - [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1535645] - [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1535645] - [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1535645] - [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1535645] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1535645] - [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1535645] - [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1535645] - [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1535645] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1535645] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1535645] - [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1535645] - [x86] Use IBRS for firmware update path (Waiman Long) [1535645] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1535645] - [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1535645] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1535645] - [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1535645] - [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1535645] - [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1535645] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1535645] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1535645] - [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1535645] - [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1535645] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1535645] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1535645] - [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1535645] - [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1535645] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1535645] - [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1535645] - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1535645] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1535645] - [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1535645] - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1535645] - [x86] mce: Make machine check speculation protected (Waiman Long) [1535645] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1535645] - [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1535645] - [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1535645] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1535645] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1535645] - [x86] retpoline: Add initial retpoline support (Waiman Long) [1535645] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1535645] - [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1535645] - [x86] cpufeatures: Add X86_BUG_SPECTRE_V(12) (Waiman Long) [1535645] - [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1535645] - [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1535645] - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1535645] - [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1535645] - [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1535645] - [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1535645] - [x86] alternatives: Add missing 'n' at end of ALTERNATIVE inline asm (Waiman Long) [1535645] - [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1535645] - [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1535645] - [x86] alternatives: Document macros (Waiman Long) [1535645] - [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1535645] - [x86] alternatives: Add instruction padding (Waiman Long) [1535645] - [x86] alternative: Add header guards to asm/alternative-asm.h (Waiman Long) [1535645] - [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1535645] - [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1535645] - [x86] Make .altinstructions bit size neutral (Waiman Long) [1535645] [2.6.32-739] - [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1538543] - [powerpc] prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1538543] - [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1538542] - [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1538542] - [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1538542] - [s390] add ppa to system call and program check path (Hendrik Brueckner) [1538542] - [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1538542] - [s390] introduce CPU alternatives (Hendrik Brueckner) [1538542] [2.6.32-738] - [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1519802] {CVE-2017-5754} - [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Fix XEN PV boot failure (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519796] {CVE-2017-5715} - [x86] Revert 'entry: Use retpoline for syscalls indirect calls' (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel gs has been restored (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754} - [x86] Revert 'mm/kaiser: Disable global pages by default with KAISER' (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscalls indirect calls (Waiman Long) [1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519796] {CVE-2017-5715} - [x86] kvm: Pad RSB on VM transition (Waiman Long) [1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Dont switch to trampoline stack in paranoid_exit (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: enable kaiser in build (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519802] {CVE-2017-5754} [2.6.32-737] - [hv] netvsc: get rid of completion timeouts (Vitaly Kuznetsov) [1538592] - [fs] gfs2: Special case the rindex in gfs2_write_alloc_required() (Andrew Price) [1384184] - [scsi] scsi_dh_alua: fix race condition that causes multipath to hang (Mike Snitzer) [1500192] - [virtio] virtio-pci: fix leaks of msix_affinity_masks (Jason Wang) [1281754] - [fs] sunrpc: avoid warning in gss_key_timeout (J. Bruce Fields) [1456594] - [fs] sunrpc: fix RCU handling of gc_ctx field (J. Bruce Fields) [1456594] [2.6.32-736] - [drm] nouveau/disp/nv50-: execute supervisor on its own workqueue (Ben Skeggs) [1468825] - [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519626] {CVE-2017-1000410} - [scsi] storvsc: do not assume SG list is continuous when doing bounce buffers (for 4.1 and prior) (Cathy Avery) [1533175] [2.6.32-735] - [x86] tighten /dev/mem with zeroing reads (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: make size_inside_page() logic straight (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: cleanup unxlate_dev_mem_ptr() calls (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: introduce size_inside_page() (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: remove redundant test on len (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1538340] [2.6.32-734] - [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1518669] - [hv] vss: Operation timeouts should match host expectation (Mohammed Gamal) [1511431] - [hv] utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (Mohammed Gamal) [1511431] - [hv] utils: Check VSS daemon is listening before a hot backup (Mohammed Gamal) [1511431] - [hv] utils: Continue to poll VSS channel after handling requests (Mohammed Gamal) [1511431] - [md] dm: clear all discard attributes in queue_limits when discards are disabled (Mike Snitzer) [1433297] - [md] dm: discard support requires all targets in a table support discards (Mike Snitzer) [1433297] - [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520817] {CVE-2017-8824} - [net] tcp: fix tcp_trim_head() (Paolo Abeni) [1274139] - [net] sctp: fix src address selection if using secondary addresses for ipv6 (Xin Long) [1445919] - [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1470559] - [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1470559] - [net] tcp: fix race during timewait sk creation (Florian Westphal) [1205025] [2.6.32-733] - [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1532786] - [net] dma: fix memory leak in dma_pin_iocvec_pages (Sabrina Dubroca) [1459263] - [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1520860] - [s390] fix transactional execution control register handling (Hendrik Brueckner) [1520862] - [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1408108] [2.6.32-732] - [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [988988] - [mm] dont return 0 too early from find_get_pages() (Ian Kent) [988988] - [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1503322] - [s390] cpcmd,vmcp: avoid GFP_DMA allocations (Hendrik Brueckner) [1496105] - [fs] gfs2: Withdraw for IO errors writing to the journal or statfs (Robert S Peterson) [1505956] - [netdrv] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Ken Cox) [1523856] [2.6.32-731] - [kernel] fix __wait_on_atomic_t() to call the action func if the counter != 0 (David Howells) [1418631] - [fs] fscache: fix dead object requeue (David Howells) [1333592 1418631] - [fs] fscache: clear outstanding writes when disabling a cookie (David Howells) [1418631] - [fs] fscache: initialise stores_lock in netfs cookie (David Howells) [1418631] - [fs] cachefiles: fix attempt to read i_blocks after deleting file (David Howells) [1418631] - [fs] cachefiles: fix race between inactivating and culling a cache object (David Howells) [1418631] - [fs] fscache: make check_consistency callback return int (David Howells) [1418631] - [fs] fscache: wake write waiter after invalidating writes (David Howells) [1418631] - [fs] cachefiles: provide read-and-reset release counters for cachefilesd (David Howells) [1418631] - [s390] disassembler: increase show_code buffer size (Hendrik Brueckner) [1516654] - [fs] sunrpc: remove BUG_ONs checking RPC_IS_QUEUED (Dave Wysochanski) [1424630] - [fs] nfsv4.1: nfs4_fl_prepare_ds must be careful about reporting success (Scott Mayhew) [1205448] - [fs] cifs: add ratelimit for the log entry that causes a lockup (Leif Sahlberg) [1494999] - [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447168] [2.6.32-730] - [scsi] avoid a permanent stop of the scsi devices request queue (Ewan Milne) [1513455] - [fs] bio: more bio_map_user_iov() leak fixes (Ming Lei) [1503590] {CVE-2017-12190} - [fs] bio: fix unbalanced page refcounting in bio_map_user_iov (Ming Lei) [1503590] {CVE-2017-12190} [2.6.32-729] - [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1504260] [2.6.32-728] - [mm] introduce dedicated WQ_MEM_RECLAIM workqueue to do lru_add_drain_all (Waiman Long) [1463754] - [netdrv] cxgb4: Clear On FLASH config file after a FW upgrade (Arjun Vynipadath) [1446952] - [netdrv] chelsio : Fixes the issue seen on initiator while stopping the target (Sai Vemuri) [1442097] - [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1437991] - [netdrv] cxgb4vf: dont offload Rx checksums for IPv6 fragments (Davide Caratti) [1427036] - [scsi] qla2xxx: Get mutex lock before checking optrom_state (Himanshu Madhani) [1408549] [2.6.32-727] - [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1492220] - [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1492220] [2.6.32-726] - [s390] qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1467962] [2.6.32-725] - [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1497000] - [ipmi] create hardware-independent softdep for ipmi_devintf (Tony Camuso) [1457915] [2.6.32-724] - [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1435787] - [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1435787] - [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1435787] - [fs] nfsd: remove the cache_hash list (Thiago Becker) [1435787] - [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1435787] - [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1435787] [2.6.32-723] - [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] [2.6.32-722] - [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1497152] - [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476124] {CVE-2017-11176} [2.6.32-721] - [char] ipmi: use rcu lock around call to intf->handlers->sender() (Tony Camuso) [1466034] - [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1484946] {CVE-2017-7308} - [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1484946] {CVE-2017-7308} - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492961] {CVE-2017-1000253} [2.6.32-720] - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488340] {CVE-2017-14106} - [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488340] {CVE-2017-14106} - [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477006] {CVE-2017-7542} - [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477006] {CVE-2017-7542} - [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481529] {CVE-2017-1000112} - [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112} - [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112} [2.6.32-719] - [fs] nfs: dont disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1459636] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490062] {CVE-2017-1000251} [2.6.32-718] - [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1477288] - [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1477288] [2.6.32-717] - [video] efifb: allow user to disable write combined mapping (Dave Airlie) [1465097] [2.6.32-716] - [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1441773] - [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474782] {CVE-2017-7541} - [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1441169] - [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1441169] - [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1441169] - [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1441169] - [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1441169] - [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1441169] [2.6.32-715] - [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1466530] [2.6.32-714] - [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1464541] - [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1464541] - [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1464541] - [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1464541] [2.6.32-713] - [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] gre: fix a possible skb leak (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1459951] {CVE-2017-9074} [2.6.32-712] - [mm] backport upstream large stack guard patch to RHEL6 (Larry Woodman) [1464237 1452730] {CVE-2017-1000364} - [mm] revert 'enlarge stack guard gap' (Larry Woodman) [1452730] {CVE-2017-1000364} - [mm] revert 'allow JVM to implement its own stack guard pages' (Larry Woodman) [1464237] [2.6.32-711] - [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1459978] - [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1452358] [2.6.32-710] - [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1464237] - [mm] enlarge stack guard gap (Larry Woodman) [1452730] {CVE-2017-1000364} [2.6.32-709] - [netdrv] bnxt_en: Update to firmware interface spec 1.5.1 (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Added support for Secure Firmware Update (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for firmware updates for additional processors (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Update firmware spec. to 1.3.0 (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for updating flash more securely (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Request firmware reset after successful firwmare update (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add hwrm_send_message_silent() (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add installed-package firmware version reporting via Ethtool GDRVINFO (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Reset embedded processor after applying firmware upgrade (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for upgrading APE/NC-SI firmware via Ethtool FLASHDEV (Jonathan Toppins) [1439450] - [net] sctp: do not inherit ipv6_(mc|ac|fl)_list from parent (Florian Westphal) [1455612] {CVE-2017-9075} - [net] ipv6/dccp: do not inherit ipv6_mc_list from parent (Florian Westphal) [1455612] {CVE-2017-9076 CVE-2017-9077} - [net] dccp/tcp: do not inherit mc_list from parent (Florian Westphal) [1455612] {CVE-2017-8890} - [net] ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket (Florian Westphal) [1455612] [2.6.32-708] - [fs] sunrpc: Enable the keepalive option for TCP sockets (Dave Wysochanski) [1458421] - [mm] mempolicy.c: fix error handling in set_mempolicy and mbind (Bruno E. O. Meneguele) [1443539] {CVE-2017-7616} - [s390] zfcp: fix use-after-'free' in FC ingress path after TMF (Hendrik Brueckner) [1421762] - [scsi] scsi_transport_srp: Fix a race condition (Don Dutile) [1417305] - [scsi] scsi_transport_srp: Introduce srp_wait_for_queuecommand() (Don Dutile) [1417305] - [block] make blk_cleanup_queue() wait until request_fn finished (Don Dutile) [1417305] [2.6.32-707] - [kernel] audit: acquire creds selectively to reduce atomic op overhead (Paul Moore) [1454847] - [s390] kernel: initial cr0 bits (Hendrik Brueckner) [1445326] - [s390] zfcp: do not trace pure benign residual HBA responses at default level (Hendrik Brueckner) [1421760] - [s390] zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1421761] [2.6.32-706] - [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1442030] - [scsi] bnx2fc: fix race condition in bnx2fc_get_host_stats() (Maurizio Lombardi) [1393672] [2.6.32-705] - [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1446755] {CVE-2017-7895} - [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1446755] {CVE-2017-7895} - [perf] fix concurrent sys_perf_event_open() vs move_group race (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] remove confusing comment and move put_ctx() (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] restructure perf syscall point of no return (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] fix move_group() order (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] generalize event->group_flags (Jiri Olsa) [1434751] {CVE-2017-6001} - [scsi] libfc: quarantine timed out xids (Chris Leech) [1431440] [2.6.32-704] - [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1448170] - [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1441909] [2.6.32-703] - [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [869942] - [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [869942] [2.6.32-702] - [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1440361] - [net] ping: implement proper locking (Jakub Sitnicki) [1438999] {CVE-2017-2671} - [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430578] {CVE-2017-6214} - [net] ipv6: ip6_fragment: fix headroom tests and skb leak (Hannes Frederic Sowa) [1412331] [2.6.32-701] - [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1146727] - [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1434560] [2.6.32-700] - [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1431508] - [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1436527] - [crypto] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398456] {CVE-2016-8650} - [fs] aio: properly check iovec sizes (Mateusz Guzik) [1337517] {CVE-2015-8830} - [fs] vfs: make AIO use the proper rw_verify_area() area helpers (Mateusz Guzik) [1337535] {CVE-2012-6701} [2.6.32-699] - [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1429881] - [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1429881] [2.6.32-698] - [sched] fair: Rework throttle_count sync (Jiri Olsa) [1250762] - [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1250762] - [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1250762] - [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1250762] [2.6.32-697] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1360930] - [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429918] {CVE-2017-2636} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2015-8830 CVE-2016-8650 CVE-2017-6001 CVE-2017-9077 CVE-2017-7616 CVE-2018-1130 CVE-2018-3639 CVE-2012-6701 CVE-2017-7308 CVE-2017-9076 CVE-2017-18203 CVE-2018-5803 CVE-2017-2671 CVE-2017-12190 CVE-2017-15121 CVE-2017-7889 CVE-2017-8890 CVE-2017-9075 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [3.6.23-51.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.24-51] - resolves: #1513877 - Fix memory leak in winbind [3.6.24-50] - resolves: #1553018 - Fix CVE-2018-1050 [3.6.24-49] - resolves: #1536053 - Fix regression with non-wide symlinks to directories [3.6.24-48] - resolves: #1519884 - Fix segfault in winbind when querying groups [3.6.24-47] - resolves: #1413484 - Fix guest login with signing required [3.6.24-46] - resolves: #1509455 - Fix regression of CVE-2017-2619 [3.6.24-45] - resolves: #1491211 - CVE-2017-2619 CVE-2017-12150 CVE-2017-12163 [3.6.24-44] - resolves: #1451105 - Fix trusted domain handling in winbind - resolves: #1431000 - Fix crash while trying to authenticate with a disabled account - resolves: #1467395 - Add 'winbind request timeout' option [3.6.23-43] - resolves: #1450783 - Fix CVE-2017-7494 [3.6.23-42] - resolves: #1391256 - Performance issues with vfs_dirsort and extended attributes [3.6.23-41] - resolves: #1413672 - Auth regression after secret changed [3.6.23-40] - resolves: #1405356 - CVE-2016-2125 CVE-2016-2126 [3.6.23-39] - resolves: #1297805 - Fix issues with printer unpublishing from AD [3.6.23-38] - resolves: #1347843 - Fix RPC queryUserList returning NO_MEMORY for empty list [3.6.23-37] - resolves: #1380151 - Fix memory leak in idmap_ad module - resolves: #1333561 - Fix smbclient connection issues to DFS shares - resolves: #1372611 - Allow ntlmsssp session key setup without signing (Workaround for broken NetApp and EMC NAS) [3.6.23-35] - resolves: #1282289 - Fix winbind memory leak with each cached creds login [3.6.23-34] - resolves: #1327697 - Fix netlogon credential checks - resolves: #1327746 - Fix dcerpc trailer verificaton [3.6.23-33] - related: #1322687 - Update CVE patchset [3.6.23-32] - related: #1322687 - Update manpages [3.6.23-31] - related: #1322687 - Update CVE patchset [3.6.23-30] - related: #1322687 - Update CVE patchset [3.6.23-29] - resolves: #1322687 - Fix CVE-2015-5370 - resolves: #1322687 - Fix CVE-2016-2110 - resolves: #1322687 - Fix CVE-2016-2111 - resolves: #1322687 - Fix CVE-2016-2112 - resolves: #1322687 - Fix CVE-2016-2115 - resolves: #1322687 - Fix CVE-2016-2118 (Known as Badlock) [3.6.23-28] - resolves: #1305870 - Fix symlink verification [3.6.23-27] - resolves: #1314671 - Fix CVE-2015-7560 [3.6.23-26] - resolves: #1211744 - Fix DFS client access with Windows Server 2008 [3.6.23-25] - resolves: #1242614 - Fix unmappable S-1-18-1 sid truncates group lookups [3.6.23-24] - resolves: #1271763 - Fix segfault in NTLMv2_generate_names_blob() - resolves: #1261265 - Add '--no-dns-updates' option for 'net ads join' [3.6.23-23] - resolves: #1290707 - CVE-2015-5299 - related: #1290707 - CVE-2015-5296 - related: #1290707 - CVE-2015-5252 - related: #1290707 - CVE-2015-5330 [3.6.23-22] - resolves: #1232021 - Do not overwrite smb.conf manpage - resolves: #1216060 - Document netbios name length limitations - resolves: #1234249 - Fix 'map to guest = Bad Uid' option - resolves: #1219570 - Fix 'secuirtiy = server' (obsolete) share access - resolves: #1211657 - Fix stale cache entries if a printer gets renamed [3.6.23-21] - resolves: #1252180 - Fix 'force group' with 'winbind use default domain'. - resolves: #1250100 - Fix segfault in pam_winbind if option parsing fails - resolves: #1222985 - Fix segfault with 'mangling method = hash' option [3.6.23-20] - resolves: #1164269 - Fix rpcclient timeout command. [3.6.23-19] - resolves: #1201611 - Fix 'force user' with 'winbind use default domain'. [3.6.23-18] - resolves: #1194549 - Fix winbind caching issue and support SID compression. [3.6.23-17] - resolves: #1192211 - Fix restoring shadow copy snapshot with SMB2. [3.6.23-16] - resolves: #1117059 - Fix nss group enumeration with unresolved groups. [3.6.23-15] - resolves: #1165750 - Fix guid retrieval for published printers. - resolves: #1163383 - Fix 'net ads join -k' with existing keytab entries. - resolves: #1195456 - Fix starting daemons on read only filesystems. - resolves: #1138552 - Fix CPU utilization when re-reading the printcap info. - resolves: #1144916 - Fix smbclient NTLMv2 authentication. - resolves: #1164336 - Document 'sharesec' command for 'access based share enum' option. [3.6.23-14] - related: #1191339 - Update patchset for CVE-2015-0240. [3.6.23-13] - resolves: #1191339 - CVE-2015-0240: RCE in netlogon. [3.6.23-12] - resolves: #1127723 - Fix samlogon secure channel recovery. [3.6.23-11] - resolves: #1129006 - Add config variables to set spoolss os version. [3.6.23-10] - resolves: #1124835 - Fix dropbox share. [3.6.23-9] - related: #1053886 - Fix receiving the gecos field with winbind. [3.6.23-8] - resolves: #1110733 - Fix write operations as guest with 'security = share'. - resolves: #1053886 - Fix receiving the gecos field with winbind. [3.6.23-7] - resolves: #1107777 - Fix SMB2 with 'case sensitive = True' [3.6.23-6] - resolves: #1105500 - CVE-2014-0244: DoS in nmbd. - resolves: #1108841 - CVE-2014-3493: DoS in smbd with unicode path names. [3.6.23-5] - related: #1061301 - Only link glusterfs libraries to vfs module. [3.6.23-4] - resolves: #1051656 - Fix gecos field copy debug warning. - resolves: #1061301 - Add glusterfs vfs module. - resolves: #1087472 - Fix libsmbclient crash when HOME variable isnt set. - resolves: #1099443 - 'net ads testjoin' fails with IPv6. - resolves: #1100670 - Fix 'force user' with 'security = ads'. - resolves: #1096522 - Fix enabling SMB2 causes file operations to fail. [3.6.23-3] - resolves: #1081539 - Add timeout option to smbclient. [3.6.23-2] - resolves: #1022534 - Do not build Samba with fam support. - resolves: #1059301 - Fix nbt query with many components. - resolves: #1057332 - Fix force user with guest account. - resolves: #1021706 - Fix %G substitution in 'template homedir'. - resolves: #1040472 - Fix group expansion in service path. - resolves: #1069570 - Fix memory leak reading printer list. - resolves: #1067607 - Fix wbinfo -i with one-way trusts. - resolves: #1050887 - Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork. - resolves: #1029000 - Fix 'force user' with 'security = ads'. [3.6.23-1] - resolves: #1073356 - Fix CVE-2013-4496, CVE-2012-6150 and CVE-2013-6442. - resolves: #1018038 - Fix CVE-2013-4408. [3.6.22-1] - resolves: #1003921 - Rebase Samba to 3.6.22. - resolves: #1035332 - Fix force user with 'security = user'. LOW Copyright 2018 Oracle, Inc. CVE-2018-1050 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 ding-libs [0.4.0-13] - Resolves: rhbz#1538061 - sssd/libini_config cannot parse configuration file with line longer than 5102 [0.4.0-12] - Related: rhbz#1377213 - ding-libs dont parse lines without an equal sign sssd [1.13.3-60.0.1] - Orabug 26746822 - revert patch 0118 to fix LDAP netgroup lookup problem <isaac.chen@oracle.com> [1.13.3-60] - Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6 [1.13.3-59] - Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins MODERATE Copyright 2018 Oracle, Inc. CVE-2017-12173 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [2.12-1.212.0.1] - backport rh patch 1047983 from OL7, Orabug 25407655 [2.12-1.212] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504810) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504810) [2.12-1.211] - Avoid large allocas in the dynamic linker (#1452717) [2.12-1.210] - Fix thread cancellation issues for setmntent() and others (#1437147). MODERATE Copyright 2018 Oracle, Inc. CVE-2017-15670 CVE-2017-15804 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [4.2.10-15] - resolves: #1552005 - Fix CVE-2018-1050 [4.2.10-14] - resolves: #1492780 - Do not build with -Wl,-z,now on ppc64 LOW Copyright 2018 Oracle, Inc. CVE-2018-1050 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [0.10.2-64.0.1] - Replace docs/et.png in tarball with blank image [0.10.2-64] - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) [0.10.2-63] - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) LOW Copyright 2018 Oracle, Inc. CVE-2018-5748 CVE-2018-1064 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [4.3.11-8] - fix defects detected by Coverity related to CVE-2017-18206 and CVE-2018-1083 [4.3.11-7] - fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100) - fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083) - fix buffer overrun in xsymlinks (CVE-2017-18206) - fix buffer overflow when scanning very long path for symlinks (CVE-2014-10072) [4.3.11-6] - signal-handling related fixes collected from upstream (#1311166) [4.3.11-5] - fix malloc() signal leak in lexsave() (#1267903) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1083 CVE-2014-10072 CVE-2017-18206 CVE-2018-1100 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [0.12.1.2-2.506.el6_10.1] - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574074] - qemu-kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1574074] - qemu-kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1574074] - Resolves: bz#1574074 (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-6.10.z]) [0.12.1.2-2.506.el6] - kvm-vga-add-share_surface-flag.patch [bz#1553674] - kvm-vga-add-sanity-checks.patch [bz#1553674] - Resolves: bz#1553674 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-6]) [0.12.1.2-2.505.el6] - kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [bz#1525939 bz#1528024] - kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran.patch [bz#1525939 bz#1528024] - kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran.patch [bz#1525939 bz#1528024] - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501298] - kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1486641] - kvm-vga-check-the-validation-of-memory-addr-when-draw-te.patch [bz#1534692] - Resolves: bz#1486641 (CVE-2017-13672 qemu-kvm-rhev: Qemu: vga: OOB read access during display update [rhel-6.10]) - Resolves: bz#1501298 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-6.10]) - Resolves: bz#1525939 (CVE-2017-5715 qemu-kvm: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1528024 (CVE-2017-5715 qemu-kvm-rhev: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1534692 (CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text routine [rhel-6.10]) - Resolves: bz#1549152 (qemu-kvm-rhev: remove unused patch file [rhel-6.10]) [0.12.1.2-2.504.el6] - kvm-vnc-apply-display-size-limits.patch [bz#1430616 bz#1430617] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1443448 bz#1443450] - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1443448 bz#1443450 bz#1447542 bz#1447545] - kvm-cirrus-avoid-write-only-variables.patch [bz#1444378 bz#1444380] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1444378 bz#1444380] - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1444378 bz#1444380] - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1444378 bz#1444380] - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444378 bz#1444380] - Resolves: bz#1430616 (CVE-2017-2633 qemu-kvm: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1430617 (CVE-2017-2633 qemu-kvm-rhev: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1443448 (CVE-2017-7718 qemu-kvm: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1443450 (CVE-2017-7718 qemu-kvm-rhev: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1444378 (CVE-2017-7980 qemu-kvm: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1444380 (CVE-2017-7980 qemu-kvm-rhev: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1447542 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10]) - Resolves: bz#1447545 (CVE-2016-9603 qemu-kvm-rhev: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7858 CVE-2017-13672 CVE-2018-3639 CVE-2018-5683 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 Oracle Linux 6 [2.6.32-754.2.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.2.1] - [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1596113] {CVE-2018-10872} - [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas Grunbacher) [1506281] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576757] {CVE-2018-10675} - [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page() (Larry Woodman) [1381653] - [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Label each entry in the session slot tables with its slot number (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session pointer (Benjamin Coddington) [1553423] - [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin Coddington) [1553423] - [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression (Benjamin Coddington) [1553423] - [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310] - [scsi] ipr: Wait to do async scan until scsi host is initialized (Gustavo Duarte) [1572310] [2.6.32-754.1.1] - [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava) [1574592] - [x86] microcode: Synchronize late microcode loading (Prarit Bhargava) [1574592] - [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1574592] - [x86] microcode: Sanitize per-cpu microcode reloading interface (Prarit Bhargava) [1574592] - [x86] virt_spec_ctrl: Set correct host SSDB value for AMD (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584356] {CVE-2018-3639} - [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584356] {CVE-2018-3639} - [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584356] {CVE-2018-3639} - [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584356] {CVE-2018-3639} - [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584356] {CVE-2018-3639} - [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584356] {CVE-2018-3639} - [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Fix missing void (Waiman Long) [1584356] {CVE-2018-3639} - [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Waiman Long) [1584356] {CVE-2018-3639} - [kernel] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584356] {CVE-2018-3639} - [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584356] {CVE-2018-3639} - [uapi] prctl: Add force disable speculation (Waiman Long) [1584356] {CVE-2018-3639} - [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639} - [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639} - [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Show IBPB in the Spectre_v2 sysfs file (Waiman Long) [1584356] {CVE-2018-3639} - [x86] pti: Check MSR_IA32_ARCH_CAPABILITIES for Meltdown vulnearability (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584356] {CVE-2018-3639} - [x86] pti: Fix kexec warning on debug kernel (Waiman Long) [1584356] {CVE-2018-3639} - [x86] kvm/fpu: Enable eager FPU restore (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] always enable eager FPU by default (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Load xsave pointer *after* initialization (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Fix 32-bit signal frame handling (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Always restore_xinit_state() when use_eager_cpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Rename drop_init_fpu() to fpu_reset_state() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Fix math_state_restore() race with kernel_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Fold __drop_fpu() into its sole user (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't abuse drop_init_fpu() in flush_thread() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Introduce restore_init_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Document user_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Change xstateregs_get()/set() to use ->xsave.i387 rather than ->fxsave (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Always allow FPU in interrupt if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Introduce per-cpu in_kernel_fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Change math_error() to use unlazy_fpu(), kill (now) unused save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Merge simd_math_error() into math_error() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't reset thread.fpu_counter (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Allow FPU to be used at interrupt time even with eagerfpu (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387.c: Initialize thread xstate only on CPU0 only once (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] kvm: fix kvm's usage of kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] rhel: initialize scattered CPUID features early (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: make eagerfpu= boot param tri-state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: enable eagerfpu by default for xsaveopt (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: decouple non-lazy/eager fpu restore from xsave (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: use non-lazy fpu restore for processors supporting xsave (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: drop_fpu() before restoring new state from sigframe (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Unify signal handling code paths for x86 and x86_64 kernels (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: drop the fpu state during thread exit (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] signals: ia32_signal.c: add __user casts to fix sparse warnings (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Consolidate inline asm routines for saving/restoring fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] signal: Cleanup ifdefs and is_ia32, is_x32 (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu/xsave: Keep __user annotation in casts (Paolo Bonzini) [1589047] {CVE-2018-3665} (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] extable: Remove open-coded exception table entries in arch/x86/include/asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665} into exported and internal interfaces (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: Uninline the generic FP helpers that we expose to kernel modules (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: (DON'T ACTUALLY) support lazy restore of FPU state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: use 'restore_fpu_checking()' directly in task switching code (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: fix up some fpu_counter confusion (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: re-introduce FPU state preloading at context switch time (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: move TS_USEDFPU flag from thread_info to task_struct (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to restore (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: do not preload FPU state at task switch time (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: don't ever touch TS_USEDFPU directly, use helper functions (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: move TS_USEDFPU clearing out of __save_init_fpu and into callers (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: fix x86-64 preemption-unsafe user stack save/restore (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: math_state_restore() isn't called from asm (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fix potentially dangerous trailing '; ' in #defined values/expressions (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-32, fpu: Fix FPU exception handling on non-SSE systems (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Fix common misspellings (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] kvm: Initialize fpu state in preemptible context (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-32, fpu: Rewrite fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Remove PSHUFB_XMM5_* macros (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Remove unnecessary ifdefs from i387 code. (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-64, fpu: Simplify constraints for fxsave/fxtstor (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-64, fpu: Fix cs value in convert_from_fxsr() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-64, fpu: Disable preemption when using TS_USEDFPU (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge __save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge tolerant_fwait() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge fpu_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Disable xsave in i387 emulation mode (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Make xstate_enable_boot_cpu() __init, protect on CPU 0 (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Add __init attribute to setup_xstate_features() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Make init_xstate_buf static (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Check cpuid level for XSTATE_CPUID (0x0d) (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Introduce xstate enable functions (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Do not include asm/i387.h in asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Avoid unnecessary __clear_user() and xrstor in signal handling (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Cleanup return codes in check_for_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Separate fpu and xsave initialization (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Move boot cpu initialization to xsave_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Revert '[x86] fpu: change save_i387_xstate() to rely on unlazy_fpu()' (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Revert '[x86] fpu: shift clear_used_math() from save_i387_xstate() to handle_signal()' (Paolo Bonzini) [1589047] {CVE-2018-3665} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10675 CVE-2018-3665 CVE-2018-10872 CVE-2018-3639 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.0.14-9] - fix CVE-2018-12020 - missing sanitization of original filename IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12020 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [1:1.8.0.181-7.b13] - Update to aarch64-jdk8u181-b13. - Remove 8187577/PR3578 now applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.181-3.b04] - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.8.0.181-3.b04] - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 [1:1.8.0.181-2.b04] - Add '8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list' - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Mark bugs that have been pushed to 8u upstream and are scheduled for a release. - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Update to aarch64-jdk8u181-b04 and aarch64-shenandoah-jdk8u181-b04. - Resolves: rhbz#1594249 [1:1.8.0.181-0.b03] - Update to aarch64-jdk8u181-b03 and aarch64-shenandoah-jdk8u181-b03. - Remove AArch64 patch for PR3458/RH1540242 as applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.172-2.b11] - Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags. - Resolves: rhbz#1594249 [1:1.8.0.172-2.b11] - Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546) - Resolves: rhbz#1594249 [1:1.8.0.172-2.b11] - Split PR3458/RH1540242 fix into AArch64 & Zero sections, as their upstream trajectories differ. - Enable patch570 missed in last changeset. - Resolves: rhbz#1594249 [1:1.8.0.172-1.b11] - Sync with IcedTea 3.8.0. - Label architecture-specific fixes with architecture concerned - x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) - PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build - 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode - 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds - 8185723, PR3553: Zero: segfaults on Power PC 32-bit - 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe - PR3559: Use ldrexd for atomic reads on ARMv7. - 8187577, PR3578: JVM crash during gc doing concurrent marking - 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong - 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile - PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code - 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26 - Resolves: rhbz#1594249 [1:1.8.0.172-0.b11] - Update to aarch64-jdk8u172-b11 and aarch64-shenandoah-jdk8u172-b11. - Resolves: rhbz#1594249 [1:1.8.0.171-11.b12] - Update to aarch64-jdk8u171-b12 and aarch64-shenandoah-jdk8u171-b12. - Remove patch for 8200556/PR3566 as applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.171-11.b10] - Fix jconsole.desktop.in subcategory, replacing 'Monitor' with 'Profiling' (PR3550) - Resolves: rhbz#1594249 [1:1.8.0.171-11.b10] - Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones - Resolves: rhbz#1594249 [1:1.8.0.171-10.b03] - added missing hooks for c-j-c - Resolves: rhbz#1594249 [1:1.8.0.171-9.b10] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578548 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-2952 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [52.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.9.1-1] - Update to 52.9.1 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12365 CVE-2018-12360 CVE-2018-5188 CVE-2018-12359 CVE-2018-12362 CVE-2018-12363 CVE-2018-12366 CVE-2018-12373 CVE-2018-12374 CVE-2018-12364 CVE-2018-12372 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.191-2.6.15.4.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.191-2.6.15.4] - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.3] - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.2] - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.2] - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.1] - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.0] - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64) - ABS_JAVA_HOME_DIR is no longer used in the latest tapsets - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.11] - Fix patch files to appease git apply --stat - Resolves: rhbz#1578551 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-2952 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.1.30-42.0.1] - add dependency btrfs-progs for yum-plugin-fs-snapshot (guangyu.sun@oracle.com) [bug 16285176] - use unified btrfs binary instead of btrfsctl (guangyu.sun@oracle.com) [bug 16285176] [-1.1.30-42] - reposync: prevent path traversal. - Resolves: bug#1600619 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10897 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [2.0.0-3] - Fix possible heap memory corruption, CVE-2017-17833 Resolves: #1575699 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-17833 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.3.5.OL6] - Update genkey [bug 25599697] [2.6.32-754.3.5] - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620} [2.6.32-754.3.4] - [x86] x86/mm: Simplify p[g4um]d_page() macros (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/mm: Fix regression with huge pages on PAE (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Move PUD_PAGE macros to page_types.h (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Florian Westphal) [1611376] {CVE-2018-5390} [2.6.32-754.3.3] - [x86] syscall: Fix regression when using the last syscall (process_vm_writev) (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} - [x86] syscall: Fix regression on strace and stap (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} [2.6.32-754.3.2] - [kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (Paolo Bonzini) [1601851] {CVE-2018-10901} - [x86] Initialize __max_smt_threads to 1 (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Add topology_max_smt_threads() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix incorrect error return code in vm_insert_pfn() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Don't flush L1D cache if VMENTER_L1D_FLUSH_NEVER (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Take out the unused nosmt module parameter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries aganst L1TF for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [Documentation] Add section about CPU vulnerabilities (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Waiman Long) [1593376] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush logic (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Make indirect call speculation safe (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Enable acknowledge interupt on vmexit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D MSR based flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush algorithm (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add module argument for L1TF mitigation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] x86: Introducing kvm_x86_ops VM init/destroy hooks (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Waiman Long) [1593376] {CVE-2018-3620} - [x86] Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpufeatures: Add detection of L1D cache flush support. (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Add sysfs reporting for l1tf (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries against L1TF (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Change order of offset/type in swap entry (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Export the internal __cpu_bugs variable (Waiman Long) [1593376] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Move swap offset/type up in PTE to work around erratum (Waiman Long) [1593376] {CVE-2018-3620} [2.6.32-754.3.1] - [infiniband] ib/iser: Rewrite bounce buffer code path (Don Dutile) [1585312] - [sound] alsa: pcm: prevent UAF in snd_pcm_info (CVE-2017-0861) (Jaroslav Kysela) [1565188] {CVE-2017-0861} - [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550176] {CVE-2018-7566} - [sound] alsa: seq: Fix use-after-free at creating a port (Jaroslav Kysela) [1503383] {CVE-2017-15265} - [sound] alsa: seq: Make ioctls race-free (Jaroslav Kysela) [1537452] {CVE-2018-1000004} - [mm] reduce total RAM held in per-CPU pvecs by flushing them on compound/THP page arrival (Larry Woodman) [1575819] - [usb] acm: fix the computation of the number of data bits (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [misc] spectre: fix gadgets found by smatch scanner, part 2 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] kvm/vmx: Remove barrier_nospec() in slot_largepage_idx() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kvm] Remove memory alias support (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [misc] spectre: fix gadgets found by smatch scanner (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] posix-timers: Protect posix clock array access against speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [ipc] sysvipc/sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589032] {CVE-2018-3693} - media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [documentation] Document array_index_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} dependency (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589032] {CVE-2018-3693} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-0861 CVE-2018-3693 CVE-2018-3620 CVE-2018-10901 CVE-2018-3646 CVE-2018-5390 CVE-2018-7566 CVE-2018-1000004 CVE-2017-15265 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [5:1.5.21-28] - Resolves: CVE-2018-14354 CVE-2018-14357 CVE-2018-14362 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14362 CVE-2018-14357 CVE-2018-14354 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [32:9.8.2-0.68.rc1.1] - Fix CVE-2018-5740 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5740 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 Oracle Linux 6 spice-gtk [0.26-8.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 spice-server [0.12.4-16.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10873 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.0.4-12] - Fix CVE-2011-2767 (arbitrary Perl code execution in the context of the user account via a user-owned .htaccess) (bug #1626272) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2011-2767 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.6.3.OL6] - Update genkey [bug 25599697] [2.6.32-754.6.3] - [kvm] VMX: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1628796] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1628796] - [x86] KVM: VMX: skip L1TF flush on VM-entry if EPT is disabled (Marcelo Tosatti) [1616397] [2.6.32-754.6.2] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625976] {CVE-2018-14634} - [fs] exec.c: account for argv/envp pointers (Yauheni Kaliuta) [1625976] {CVE-2018-14634} [2.6.32-754.6.1] - [x86] set __max_smt_threads for 1 core systems (Prarit Bhargava) [1623255] - [md] dm rq: fix a race condition in rq_completed() (Ming Lei) [1574568] - [scsi] scsi_transport_fc: Hold queue lock while calling blk_run_queue_async() (Ming Lei) [1574568] - [block] Avoid scheduling delayed work on a dead queue (Ming Lei) [1574568] - [block] Avoid that request_fn is invoked on a dead queue (Ming Lei) [1574568] - [block] Let blk_drain_queue() caller obtain the queue lock (Ming Lei) [1574568] - [block] Rename queue dead flag (Ming Lei) [1574568] [2.6.32-754.5.1] - [s390] dasd: fix IO error for newly defined devices (Hendrik Brueckner) [1574448] - [s390] dasd: fix failing path verification (Hendrik Brueckner) [1581684] - [s390] qeth: on channel error, reject further cmd requests (Hendrik Brueckner) [1562009] - [s390] qdio: fix access to uninitialized qdio_q fields (Hendrik Brueckner) [1581685] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1585299] - [x86] Add host_initiated check in reading MSR_AMD64_VIRT_SPEC_CTRL (Wei Huang) [1608576] - [x86] KVM: pass host_initiated to functions that read MSRs (Wei Huang) [1608576] - [fs] gfs2: Special-case rindex for gfs2_grow (Robert S Peterson) [1384184] - [fs] Revert '[fs] gfs2: Special case the rindex in gfs2_write_alloc_required()' (Robert S Peterson) [1384184] - [net] ip: process in-order fragments efficiently (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ip: add helpers to process in-order fragments faster. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] net: modify skb_rbtree_purge to return the truesize of all purged skbs. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] net: speed up skb_rbtree_purge() (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] skbuff: Rename RHEL6 version of skb_tree_purge() to skb_tree_purge_sk() (Stefano Brivio) [1613925] {CVE-2018-5391} [2.6.32-754.4.1] - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620} - [x86] x86/mm: Simplify p[g4um]d_page() macros (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/mm: Fix regression with huge pages on PAE (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Move PUD_PAGE macros to page_types.h (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Florian Westphal) [1611376] {CVE-2018-5390} - [x86] syscall: Fix regression when using the last syscall (process_vm_writev) (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} - [x86] syscall: Fix regression on strace and stap (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} - [kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (Paolo Bonzini) [1601851] {CVE-2018-10901} - [x86] Initialize __max_smt_threads to 1 (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Add topology_max_smt_threads() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix incorrect error return code in vm_insert_pfn() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Don't flush L1D cache if VMENTER_L1D_FLUSH_NEVER (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Take out the unused nosmt module parameter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries aganst L1TF for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [Documentation] Add section about CPU vulnerabilities (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Waiman Long) [1593376] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush logic (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Make indirect call speculation safe (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Enable acknowledge interupt on vmexit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D MSR based flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush algorithm (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add module argument for L1TF mitigation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] x86: Introducing kvm_x86_ops VM init/destroy hooks (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Waiman Long) [1593376] {CVE-2018-3620} - [x86] Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpufeatures: Add detection of L1D cache flush support. (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Add sysfs reporting for l1tf (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries against L1TF (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Change order of offset/type in swap entry (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Export the internal __cpu_bugs variable (Waiman Long) [1593376] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Move swap offset/type up in PTE to work around erratum (Waiman Long) [1593376] {CVE-2018-3620} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5391 CVE-2018-14634 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 Oracle Linux 6 [3.12.2-18] - fixes bugs bz#1524336 bz#1622029 bz#1622452 [3.12.2-17] - fixes bugs bz#1615578 bz#1619416 bz#1619538 bz#1620469 bz#1620765 [3.12.2-16] - fixes bugs bz#1569657 bz#1608352 bz#1609163 bz#1609724 bz#1610825 bz#1611151 bz#1612098 bz#1615338 bz#1615440 [3.12.2-15] - fixes bugs bz#1589279 bz#1598384 bz#1599362 bz#1599998 bz#1600790 bz#1601331 bz#1603103 [3.12.2-14] - fixes bugs bz#1547903 bz#1566336 bz#1568896 bz#1578716 bz#1581047 bz#1581231 bz#1582066 bz#1593865 bz#1597506 bz#1597511 bz#1597654 bz#1597768 bz#1598105 bz#1598356 bz#1599037 bz#1599823 bz#1600057 bz#1601314 [3.12.2-13] - fixes bugs bz#1493085 bz#1518710 bz#1554255 bz#1558948 bz#1558989 bz#1559452 bz#1567001 bz#1569312 bz#1569951 bz#1575539 bz#1575557 bz#1577051 bz#1580120 bz#1581184 bz#1581553 bz#1581647 bz#1582119 bz#1582129 bz#1582417 bz#1583047 bz#1588408 bz#1592666 bz#1594658 [3.12.2-12] - fixes bugs bz#1558989 bz#1580344 bz#1581057 bz#1581219 [3.12.2-11] - fixes bugs bz#1558989 bz#1575555 bz#1578647 [3.12.2-10] - fixes bugs bz#1488120 bz#1565577 bz#1568297 bz#1570586 bz#1572043 bz#1572075 bz#1575840 bz#1575877 [3.12.2-9] - fixes bugs bz#1546717 bz#1557551 bz#1558948 bz#1561999 bz#1563804 bz#1565015 bz#1565119 bz#1565399 bz#1565577 bz#1567100 bz#1567899 bz#1568374 bz#1568969 bz#1569490 bz#1570514 bz#1570541 bz#1570582 bz#1571645 bz#1572087 bz#1572585 bz#1575895 [3.12.2-8] - fixes bugs bz#1466129 bz#1475779 bz#1523216 bz#1535281 bz#1546941 bz#1550315 bz#1550991 bz#1553677 bz#1554291 bz#1559452 bz#1560955 bz#1562744 bz#1563692 bz#1565962 bz#1567110 bz#1569457 [3.12.2-7] - fixes bugs bz#958062 bz#1186664 bz#1226874 bz#1446046 bz#1529451 bz#1550315 bz#1557365 bz#1559884 bz#1561733 [3.12.2-6] - fixes bugs bz#1491785 bz#1518710 bz#1523599 bz#1528733 bz#1550474 bz#1550982 bz#1551186 bz#1552360 bz#1552414 bz#1552425 bz#1554255 bz#1554905 bz#1555261 bz#1556895 bz#1557297 bz#1559084 bz#1559788 [3.12.2-5] - fixes bugs bz#1378371 bz#1384983 bz#1472445 bz#1493085 bz#1508999 bz#1516638 bz#1518260 bz#1529072 bz#1530519 bz#1537357 bz#1540908 bz#1541122 bz#1541932 bz#1543068 bz#1544382 bz#1544852 bz#1545570 bz#1546075 bz#1546945 bz#1546960 bz#1547012 bz#1549497 [3.12.2-4] - fixes bugs bz#1446125 bz#1467536 bz#1530146 bz#1540600 bz#1540664 bz#1540961 bz#1541830 bz#1543296 [3.12.2-3] - fixes bugs bz#1446125 bz#1463592 bz#1516249 bz#1517463 bz#1527309 bz#1530325 bz#1531041 bz#1539699 bz#1540011 [3.12.2-2] - fixes bugs bz#1264911 bz#1277924 bz#1286820 bz#1360331 bz#1401969 bz#1410719 bz#1419438 bz#1426042 bz#1444820 bz#1459101 bz#1464150 bz#1464350 bz#1466122 bz#1466129 bz#1467903 bz#1468972 bz#1476876 bz#1484446 bz#1492591 bz#1498391 bz#1498730 bz#1499865 bz#1500704 bz#1501345 bz#1505570 bz#1507361 bz#1507394 bz#1509102 bz#1509191 bz#1509810 bz#1509833 bz#1511766 bz#1512470 bz#1512496 bz#1512963 bz#1515051 bz#1519076 bz#1519740 bz#1534253 bz#1534530 [3.12.2-1] - rebase to upstream glusterfs at v3.12.2 - fixes bugs bz#1442983 bz#1474745 bz#1503244 bz#1505363 bz#1509102 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-10911 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [3.36.0-9.0.1] - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed [3.36.0-9] - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-12384 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 Oracle Linux 6 [1:1.8.0.191.b12-0] - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 [1:1.8.0.191.b10-0] - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 [1:1.8.0.181.b16-0] - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 [1:1.8.0.181.b16-0] - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Drop Shenandoah signedness fix as it appears in the new upstream tarball. - Resolves: rhbz#1633817 [1:1.8.0.181.b15-0] - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Fix signedness build failure in shenandoahHeapRegion.cpp (upstream patch from mvala) - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Add additional s390 size_t case for Shenandoah. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Actually add the patch... - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Attempt to fix Shenandoah build issues on s390. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Use the Shenandoah HotSpot on all architectures (aarch64-shenandoah-jdk8u181-b13). - Resolves: rhbz#1633817 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-3149 CVE-2018-3180 CVE-2018-3139 CVE-2018-3169 CVE-2018-3183 CVE-2018-3214 CVE-2018-3136 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.3.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12395 CVE-2018-12386 CVE-2018-12396 CVE-2018-12397 CVE-2017-16541 CVE-2018-12376 CVE-2018-12393 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12387 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.2.1-5.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.2.1-5] - Fixing minor issues [60.2.1-3] - Reverting deleting of key3db [60.2.1-2] - Update to 60.2.1 - Added fix for rhbz#1546988 [60.0-1] - Rebase to version 60 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12378 CVE-2018-12385 CVE-2018-12383 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12379 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.7.5-5] - Split handler tables for server and client side - Fix CVE-2018-1000805 - Resolves: rhbz#1637365 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1000805 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.201-2.6.16.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.201-2.6.16.0] - Bump to 2.6.16 and u201b00. - Update 8076221/PR2809 (disable RC4) to apply after 8208350 (disable DES) - Resolves: rhbz#1633817 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3169 CVE-2018-3180 CVE-2018-3139 CVE-2018-3149 CVE-2018-3214 CVE-2018-3136 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.4-16.2] - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 [0.12.4-16.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7506 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.3.0-1] - Update to 60.3.0 [60.2.1-6] - Fixed missing calendar langpacks IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12390 CVE-2018-12392 CVE-2018-12389 CVE-2018-12393 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [8.70-24.el6_10.2] - It was found that the fix for CVE-2018-16509 was not complete, the missing pieces added into ghostscript-CVE-2018-16509.patch [8.70-24.el6_10.1] - Resolves: #1641124 - CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore [8.70-24] - Added security fix for CVE-2017-8291 (bug #1446063) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-16509 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [60.4.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12405 CVE-2018-18492 CVE-2018-17466 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [4.2.6p5-15.0.1] - add disable monitor to default ntp.conf [CVE-2013-5211] [4.2.6p5-15] - fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327) [4.2.6p5-14] - fix CVE-2016-7429 patch to work correctly on multicast client (#1422973) [4.2.6p5-13] - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) LOW Copyright 2018 Oracle, Inc. CVE-2018-12327 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.2] - fuse: Call end_queued_requests() after releasing fc->lock in fuse_dev_release() (Ashish Samant) [Orabug: 26431550] - rds: Fix inaccurate accounting of unsignaled wrs in rds_ib_xmit_rdma (Hakon Bugge) [Orabug: 27097105] - rds: Fix inaccurate accounting of unsignaled wrs (Hakon Bugge) [Orabug: 27097105] - rds: ib: Fix NULL pointer dereference in debug code (Hakon Bugge) [Orabug: 27116566] - bnx2x: fix slowpath null crash (Zhu Yanjun) [Orabug: 27133587] - rds: System panic if RDS netfilter is enabled and RDS/TCP is used (Ka-Cheong Poon) [Orabug: 27150029] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206830] {CVE-2017-16525} - mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk) - xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad Rzeszutek Wilk) - xen/pcifront: Walk the PCI bus after XenStore notification (Konrad Rzeszutek Wilk) - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206880] {CVE-2017-16526} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206923] {CVE-2017-16529} - USB: uas: fix bug in handling of alternate settings (Alan Stern) [Orabug: 27206999] {CVE-2017-16530} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207224] {CVE-2017-16531} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207918] {CVE-2017-16533} - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (Alan Stern) [Orabug: 27207970] {CVE-2017-16535} - [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208047] {CVE-2017-16536} - Replace max_t() with sub_positive() in dequeue_entity_load_avg() (Gayatri Vasudevan) [Orabug: 27222316] - sched/fair: Fix cfs_rq avg tracking underflow (Gayatri Vasudevan) [Orabug: 27222316] - KVM: nVMX: Fix vmx_check_nested_events() return value in case an event was reinjected to L2 (Liran Alon) [Orabug: 27250111] - KVM: VMX: use kvm_event_needs_reinjection (Wanpeng Li) [Orabug: 27250111] - KVM: nVMX: Fix pending events injection (Wanpeng Li) [Orabug: 27250111] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16530 CVE-2017-16525 CVE-2017-16536 CVE-2017-16533 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16526 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.5] - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825] [4.1.12-112.14.4] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715} [4.1.12-112.14.3] - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 CVE-2017-5753 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.10] - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27355759] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27355887] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27352353] {CVE-2017-5754} - usb/core: usb_alloc_dev(): fix setting of ->portnum (Nicolai Stange) [Orabug: 27356522] - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) - Make use of ibrs_inuse consistent. (Jun Nakajima) [4.1.12-112.14.8] - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) [4.1.12-112.14.7] - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27352353] {CVE-2017-5754} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27352353] {CVE-2017-5754} - x86: Don't ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27352353] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27352353] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27352353] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27352353] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27352353] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27352353] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27352353] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27352353] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27352353] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27352353] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27352353] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27352353] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27352353] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5754 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.11] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715} IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.7.8] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378087] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378074] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378063] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27378035] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27345388] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27345388] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} [4.1.12-94.7.7] - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365568] {CVE-2017-5715} - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27364707] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27364720] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27358615] {CVE-2017-5754} - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) - Make use of ibrs_inuse consistent. (Jun Nakajima) - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27345388] {CVE-2017-5715} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27358615] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27358615] {CVE-2017-5754} - x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27358615] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27358615] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27358615] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27358615] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27358615] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27358615] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27358615] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27358615] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27358615] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27358615] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27358615] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27358615] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27358615] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} [4.1.12-94.7.6] - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351275] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715} [4.1.12-94.7.5] - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27345388] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27345388] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27345388] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27345388] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27345388] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27345388] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27345388] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27345388] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27345388] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27345388] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27345388] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} [4.1.12-94.7.4] - KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27062526] - KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062526] - KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062526] - KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062526] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27098332] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27098332] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27098332] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27098332] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27098332] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27098332] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27098332] IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.13] - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) [4.1.12-112.14.12] - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386890] - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 27386890] - xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 27386890] - xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 27386890] - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27403317] - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27403317] - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27403317] - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27403317] - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27403317] - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27403317] - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27403317] - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27403317] - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753} - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27402301] {CVE-2017-1000407} {CVE-2017-1000407} - xfs: give all workqueues rescuer threads (Chris Mason) [Orabug: 27397568] - ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins) [Orabug: 27397001] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-1000407 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [1:1.17-25.4.0.2] - Revert: early microcode load to allow updating Broadwell model 79 - Revert: Make sure 'modprobe microcode' is not executed on Broadwell model 79 - Revert: Run dracut upon microcode update - Revert updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715} 306c3 (06-3c-03 rev 0x23, Haswell); 306d4 (06-3d-04 rev 0x28, Broadwell); 306f2 (06-3f-02 rev 0x3b, Haswell); 306f4 (06-3f-04 rev 0x10, Haswell); 306e4 (06-3e-04 rev 0x42a, Ivy Bridge); 40651 (06-45-01 rev 0x21, Haswell); 40661 (06-46-01 rev 0x18, Haswell); 40671 (06-47-01 rev 0x1b, Broadwell); 406e3 (06-4e-03 rev 0xc2, Skylake); 406f1 (06-4f-01 rev 0xb000025, Broadwell); 50654 (06-55-04 rev 0x200003c, Skylake); 50662 (06-56-02 rev 0x14, Broadwell); 50663 (06-56-03 rev 0x7000011, Broadwell); 506e3 (06-5e-03 rev 0xc2, Skylake); 706a1 (06-7a-01 rev 0x22); 806e9 (06-8e-09 rev 0x80, Kaby Lake); 806ea (06-8e-0a rev 0x80); 906e9 (06-9e-09 rev 0x80, Kaby Lake) 906ea (06-9e-0a rev 0x80); 906eb (06-9e-0b rev 0x80) IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.2] - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: Dont print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move ENABLE_IBRS in the interrupt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: MACROS to set/clear IBRS and set IBPB (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: fix build breakage (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI to match upstream (Mike Kravetz) {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - KPTI: Report when enabled (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333761] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT, dynamically disable KAISER if PARAVIRT (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86-32: Fix boot with CONFIG_X86_INVD_BUG (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: user_map __kprobes_text too (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333761] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: fix bad backport to disable PCID on Xen (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86, cpufeature: Add CPU features from Intel document 319433-012A (H. Peter Anvin) [Orabug: 27333761] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333761] {CVE-2017-5754} - x86-64: Map the HPET NX (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} {CVE-2015-5157} - x86, cpu: Add cpufeature flag for PCIDs (Arun Thomas) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333761] {CVE-2017-5754} - locking/barriers: fix compile issue (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27346425] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5753 CVE-2017-5754 CVE-2017-5715 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-61.63.1] - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27439198] - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27439198] - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27439198] - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27439198] - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27439198] - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27439198] - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27439198] - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27439198] - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753} - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27439182] {CVE-2017-1000407} {CVE-2017-1000407} [4.1.12-61.62.1] - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386891] - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 27386891] - xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 27386891] - xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 27386891] [4.1.12-61.61.1] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378519] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378474] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378115] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27382622] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27345850] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27345850] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365614] {CVE-2017-5715} - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27371760] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27371757] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27371653] {CVE-2017-5754} - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) - Make use of ibrs_inuse consistent. (Jun Nakajima) - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27345850] {CVE-2017-5715} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27371653] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27371653] {CVE-2017-5754} - x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27371653] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27371653] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27371653] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27371653] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27371653] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27371653] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27371653] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27371653] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27371653] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27371653] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27371653] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27371653] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27371653] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351388] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715} [4.1.12-61.60.1] - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27345850] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27345850] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27345850] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} [4.1.12-61.59.1] - nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 26984819] - nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 26984819] - nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 26984819] [4.1.12-61.58.1] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27098331] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27098331] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27098331] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27098331] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27098331] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27098331] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27098331] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26338222] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26338222] {CVE-2017-1000364} - Revert 'SUNRPC: Refactor svc_set_num_threads()' (Kirtikar Kashyap) [Orabug: 26981903] - Revert 'NFSv4: Fix callback server shutdown' (Kirtikar Kashyap) [Orabug: 26981903] [4.1.12-61.57.1] - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 26681157] {CVE-2017-1000111} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650879] {CVE-2017-9075} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643642] {CVE-2017-11473} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643594] {CVE-2016-10044} - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643552] {CVE-2017-11176} - ping: implement proper locking (Eric Dumazet) [Orabug: 26540282] {CVE-2017-2671} - nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572912] {CVE-2017-8797} - nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572912] {CVE-2017-8797} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643594] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643594] {CVE-2016-10044} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26403981] {CVE-2017-1000365} {CVE-2017-1000365} - NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403981] {CVE-2017-9059} - SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403981] {CVE-2017-9059} [4.1.12-61.56.1] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867347] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867347] [4.1.12-61.55.1] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796420] {CVE-2017-1000251} - blk-mq: avoid re-initialize request which is failed in direct dispatch (Shaohua Li) [Orabug: 26752510] - xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26739166] [Orabug: 26739166] - Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088233] [4.1.12-61.54.1] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26669479] [Orabug: 26645497] {CVE-2017-12134} [4.1.12-61.53.1] - dentry name snapshots (Al Viro) [Orabug: 26630810] {CVE-2017-7533} [4.1.12-61.52.1] - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585991] {CVE-2016-9604} {CVE-2016-9604} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586044] {CVE-2016-10200} - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585947] {CVE-2016-6213} {CVE-2016-6213} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578193] {CVE-2017-9242} IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.2] - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] {CVE-2017-5753} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/spec: Don't print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] {CVE-2017-5715} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] {CVE-2017-5715} - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5754} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5754} - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] {CVE-2017-5715} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] {CVE-2017-5754} {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] {CVE-2017-5754} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] {CVE-2017-5754} - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] {CVE-2017-5754} - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] {CVE-2017-5754} - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix flush_tlb_page() on Xen (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} {CVE-2015-5157} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.14] - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 27234850] [Orabug: 27234850] - hugetlb: fix nr_pmds accounting with shared page tables (Kirill A. Shutemov) [Orabug: 26988581] - x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug: 27416198] - x86/IBRS: Dont try to change IBRS mode if IBRS is not available (Boris Ostrovsky) [Orabug: 27416198] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27416198] - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27418896] - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) - x86/spec: Dont print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk) - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) - x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky) [Orabug: 27449065] - xen: Make PV Dom0 Linux kernel NUMA aware (Elena Ufimtseva) - net/rds: Fix incorrect error handling (Hakon Bugge) [Orabug: 26848729] - net/rds: use multiple sge than buddy allocation in congestion code (Wei Lin Guay) [Orabug: 26848729] - Revert RDS: fix the sg allocation based on actual message size (Wei Lin Guay) [Orabug: 26848729] - Revert RDS: avoid large pages for sg allocation for TCP transport (Wei Lin Guay) [Orabug: 26848729] - Revert net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26848729] - net/rds: reduce memory footprint during ib_post_recv in IB transport (Wei Lin Guay) [Orabug: 26848729] - net/rds: reduce memory footprint during rds_sendmsg with IB transport (Wei Lin Guay) [Orabug: 26848729] - net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin Guay) [Orabug: 26848729] - bnxt_en: Fix possible corrupted NVRAM parameters from firmware response. (Michael Chan) [Orabug: 27199588] - x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122] - x86, efi, kasan: Fix build failure on !KASAN && KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122] - x86, efi, kasan: #undef memset/memcpy/memmove per arch (Andrey Ryabinin) [Orabug: 27255122] - Revert Makefile: Build with -Werror=date-time if the compiler supports it (Gayatri Vasudevan) [Orabug: 27255122] - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290300] {CVE-2017-8824} - x86/efi: Initialize and display UEFI secure boot state a bit later during init (Daniel Kiper) [Orabug: 27309477] - x86/espfix: Init espfix on the boot CPU side (Zhu Guihua) [Orabug: 27344552] - x86/espfix: Add cpu parameter to init_espfix_ap() (Zhu Guihua) [Orabug: 27344552] - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344841] {CVE-2017-0861} {CVE-2017-0861} - fs/ocfs2: remove page cache for converted direct write (Wengang Wang) - Revert ocfs2: code clean up for direct io (Wengang Wang) - assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug: 27364592] {CVE-2017-12193} {CVE-2017-12193} - Sanitize move_pages() permission checks (Linus Torvalds) [Orabug: 27364690] {CVE-2017-14140} - pti: compile fix for when PTI is disabled (Pavel Tatashin) [Orabug: 27383147] {CVE-2017-5754} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27386999] {CVE-2017-15115} - net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam) [Orabug: 27390682] {CVE-2017-17712} - mlx4: add mstflint secure boot access kernel support (Qing Huang) [Orabug: 27404202] - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) - x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk) [Orabug: 27449045] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-14140 CVE-2017-5754 CVE-2017-12193 CVE-2017-8824 CVE-2017-17712 CVE-2017-0861 CVE-2017-15115 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.3] - gre: fix a possible skb leak (Eric Dumazet) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403972] {CVE-2017-9074} - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813390] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880517] {CVE-2017-7482} {CVE-2017-7482} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883322] - KVM: x86: fix deadlock in clock-in-progress request handling (Marcelo Tosatti) [Orabug: 27065995] - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099835] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206837] {CVE-2017-16525} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206897] {CVE-2017-16526} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206928] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207240] {CVE-2017-16531} - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (Alan Stern) [Orabug: 27207983] {CVE-2017-16535} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290301] {CVE-2017-8824} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16535 CVE-2017-9074 CVE-2017-16526 CVE-2017-16529 CVE-2017-16531 CVE-2017-7482 CVE-2017-8824 CVE-2017-14106 CVE-2017-16525 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.3] - ext4: limit group search loop for non-extent files (Lachlan McIlroy) [Orabug: 17488415] - ext4: fixup 64-bit divides in 3.0-stable backport of upstream fix (Todd Poynor) [Orabug: 17488415] - ext4: use atomic64_t for the per-flexbg free_clusters count (Theodore Ts'o) [Orabug: 17488415] - ext4: init pagevec in ext4_da_block_invalidatepages (Eric Sandeen) [Orabug: 17488415] - ext4: do not try to write superblock on ro remount w/o journal (Michael Tokarev) [Orabug: 17488415] - xen-netback: fix grant_copy_op array size (Niranjan Patil) [Orabug: 25653941] - xen-netback: explicitly check max_slots_needed against meta_prod counter (Niranjan Patil) [Orabug: 25653941] - xen-netback: Fix handling of skbs requiring too many slots (Zoltan Kiss) [Orabug: 25653941] - xen-netback: worse-case estimate in xenvif_rx_action is underestimating (Paul Durrant) [Orabug: 25653941] - xen-netback: Add worse-case estimates of max_slots_needed in netbk_rx_action (Niranjan Patil) [Orabug: 25653941] - KEYS: Remove key_type::match in favour of overriding default by match_preparse (Tim Tianyang Chen) [Orabug: 25757946] {CVE-2017-6951} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26737475] - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813391] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880520] {CVE-2017-7482} {CVE-2017-7482} - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099836] - Check validity of cl_rpcclient in nfs_server_list_show (Malahal Naineni) [Orabug: 27112186] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206839] {CVE-2017-16525} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206934] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207243] {CVE-2017-16531} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290308] {CVE-2017-8824} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16531 CVE-2017-8824 CVE-2017-16525 CVE-2017-6951 CVE-2017-7482 CVE-2017-14106 CVE-2017-16529 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-112.16.7] - mlx4: change the ICM table allocations to lowest needed size (Daniel Jurgens) [Orabug: 27718305] - autofs: use dentry flags to block walks during expire (Ian Kent) [Orabug: 26032471] [Orabug: 27766149] - autofs races (Al Viro) [Orabug: 27766149] [Orabug: 27766149] - crypto: FIPS - allow tests to be disabled in FIPS mode (Stephan Mueller) [Orabug: 26182706] - crypto: rng - Zero seed in crypto_rng_reset (Herbert Xu) [Orabug: 26182706] - crypto: xts - consolidate sanity check for keys (Stephan Mueller) [Orabug: 26182706] [4.1.12-112.16.6] - fork: fix incorrect fput of ->exe_file causing use-after-free (Eric Biggers) [Orabug: 27290198] {CVE-2017-17052} - negotiate_mq should happen in all cases of a new VBD being discovered by xen-blkfront, whether called through _probe() or a hot-attached new VBD from dom-0 via xenstore. Otherwise, hot-attached new VBDs are left configured without multi-queue. (Patrick Colp) [Orabug: 27383895] - rds: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 27477007] - nvme: fix uninitialized prp2 value on small transfers (Jan H. Schonherr) [Orabug: 27581008] - xen-netfront: Improve error handling during initialization (Ross Lagerwall) [Orabug: 27655820] - RDS: IB: Fix null pointer issue (Guanglei Li) [Orabug: 27636704] - mstflint: update Makefile and Kconfig (Qing Huang) [Orabug: 27656465] - target: add inquiry_product module param to override LIO default (Kyle Fortin) [Orabug: 27679482] - target: add inquiry_vendor module param to override LIO-ORG (Kyle Fortin) [Orabug: 27679482] - net/rds: Avoid copy overhead if send buff is full (Gerd Rausch) [Orabug: 27747176] [4.1.12-112.16.5] - IB/core: Avoid calling ib_query_device (Or Gerlitz) [Orabug: 27687710] - IB/core: Save the device attributes on the device structure (Ira Weiny) [Orabug: 27687710] - KVM: x86: fix singlestepping over syscall (Paolo Bonzini) [Orabug: 27669907] {CVE-2017-7518} {CVE-2017-7518} - xen/acpi: upload _PSD info for non-dom0 CPUs too (Joao Martins) [Orabug: 27655757] - Revert RDS: dont commit to queue till transport connection is up (Santosh Shilimkar) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7518 CVE-2017-17052 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.1] - ctf: drop the run-as-root error (Nick Alcock) [Orabug: 27852654] - rds: Node crashes when trace buffer is opened (Ka-Cheong Poon) [Orabug: 27846191] - xfs: fix accidental reversion of aa6a6227435cb (Darrick J. Wong) [Orabug: 27845869] [4.1.12-124.13.1] - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27841392] {CVE-2017-16649} - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27841944] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - Revert 'sysctl: Drop reference added by grab_header in proc_sys_readdir' (Jack Vogel) [4.1.12-124.12.1] - xfs: remove 'no-allocation' reservations for file creations (Darrick J. Wong) [Orabug: 27609439] - xfs: dont print warnings when xfs_log_force fails (Christoph Hellwig) [Orabug: 27609404] - xfs: Properly retry failed dquot items in case of error during buffer writeback (Carlos Maiolino) [Orabug: 27609404] - xfs: Properly retry failed inode items in case of error during buffer writeback (Carlos Maiolino) [Orabug: 27609404] - xfs: Add infrastructure needed for error propagation during buffer IO failure (Carlos Maiolino) [Orabug: 27609404] - xfs: remove xfs_trans_ail_delete_bulk (Christoph Hellwig) [Orabug: 27609404] - xfs: fix and streamline error handling in xfs_end_io (Darrick J. Wong) [Orabug: 27609404] - xfs: dont leave EFIs on AIL on mount failure (Brian Foster) [Orabug: 27609404] - xfs: use EFI refcount consistently in log recovery (Brian Foster) [Orabug: 27609404] - xfs: ensure EFD trans aborts on log recovery extent free failure (Brian Foster) [Orabug: 27609404] - xfs: fix efi/efd error handling to avoid fs shutdown hangs (Brian Foster) [Orabug: 27609404] - xfs: return committed status from xfs_trans_roll() (Brian Foster) [Orabug: 27609404] - xfs: disentagle EFI release from the extent count (Brian Foster) [Orabug: 27609404] [4.1.12-124.11.1] - netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets (Florian Westphal) [Orabug: 27774012] {CVE-2018-1068} - ACPI / PAD: dont register acpi_pad driver if running as Xen dom0 (Juergen Gross) [Orabug: 27796473] - sched/fair: Fix typo in sync_throttle() (Xunlei Pang) [Orabug: 27787518] - sched/fair: Do not announce throttled next buddy in dequeue_task_fair() (Konstantin Khlebnikov) [Orabug: 27787518] - sched/fair: Initialize and rework throttle_count for new task-groups (Peter Zijlstra) [Orabug: 27787518] - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (Arnaldo Carvalho de Melo) [Orabug: 27240053] - crypto: FIPS - allow tests to be disabled in FIPS mode (Stephan Mueller) [Orabug: 27809271] - crypto: xts - consolidate sanity check for keys (Stephan Mueller) [Orabug: 27809271] - crypto: rng - Zero seed in crypto_rng_reset (Herbert Xu) [Orabug: 27809271] - enic: set IG desc cache flag in open (Govindarajulu Varadarajan) [Orabug: 27587345] [4.1.12-124.10.1] - Drivers: hv: utils: fix crash when device is removed from host side (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: introduce HVUTIL_TRANSPORT_DESTROY mode (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: rename outmsg_lock (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: fix memory leak on on_msg() failure (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: use memdup_user in hvt_op_write (Olaf Hering) [Orabug: 27426102] - hv: util: checking the wrong variable (Dan Carpenter) [Orabug: 27426102] - net/rds: Avoid copy overhead if send buff is full (Gerd Rausch) [Orabug: 27747165] - ext4: fix ->put_link panic (Junxiao Bi) [Orabug: 27498770] - KVM/VMX: Clear spec_ctrl status when resetting vcpu (Patrick Colp) - mlx4: change the ICM table allocations to lowest needed size (Daniel Jurgens) [Orabug: 27718303] - Revert 'Drivers: hv: utils: fix a race on userspace daemons registration' (Jack Vogel) [Orabug: 27673755] [4.1.12-124.9.1] - crypto: af_alg - Avoid sock_graft call warning (Herbert Xu) [Orabug: 26895616] - iscsi-target: Fix initial login PDU asynchronous socket close OOPs (Nicholas Bellinger) [Orabug: 27701211] - target/iscsi: Fix indentation in iscsi_target_start_negotiation() (Bart Van Assche) [Orabug: 27701211] - iscsi-target: Fix early sk_data_ready LOGIN_FLAGS_READY race (Nicholas Bellinger) [Orabug: 27701211] - iscsi-target: Fix rx_login_comp hang after login failure (Nicholas Bellinger) [Orabug: 27701211] - KVM: x86: fix singlestepping over syscall (Paolo Bonzini) [Orabug: 27669904] {CVE-2017-7518} {CVE-2017-7518} - nfs: system crashes after NFS4ERR_MOVED recovery (Bill.Baker@oracle.com) [Orabug: 27679350] - NFS: Clean up nfs4_set_client() (Anna Schumaker) [Orabug: 27679350] - NFS4: Avoid migration loops (Benjamin Coddington) [Orabug: 27679350] - mstflint: update Makefile and Kconfig (Qing Huang) [Orabug: 27707445] - target: add inquiry_product module param to override LIO default (Kyle Fortin) [Orabug: 27679431] - target: add inquiry_vendor module param to override LIO-ORG (Kyle Fortin) [Orabug: 27679431] - IB/core: Avoid calling ib_query_device (Or Gerlitz) [Orabug: 27687711] - IB/core: Save the device attributes on the device structure (Ira Weiny) [Orabug: 27687711] [4.1.12-124.8.1] - nvme: fix uninitialized prp2 value on small transfers (Jan H. Schonherr) [Orabug: 27624149] - bnxt_en: initialize bnxt_pf_wq (Brian Maly) [Orabug: 27674029] - x86/spectre_v2: Fix cpu offlining with IPBP. (Konrad Rzeszutek Wilk) [4.1.12-124.7.1] - retpoline: selectively disable IBRS in disable_ibrs_and_friends() (Chuck Anderson) [Orabug: 27665263] [4.1.12-124.6.1] - bnxt_en: Add cache line size setting to optimize performance. (Michael Chan) [Orabug: 27648355] - bnxt_en: Forward VF MAC address to the PF. (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Add BCM5745X NPAR device IDs (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Expand bnxt_check_rings() to check all resources. (Michael Chan) [Orabug: 27648355] - bnxt_en: Implement new method for the PF to assign SRIOV resources. (Michael Chan) [Orabug: 27648355] - bnxt_en: Reserve resources for RFS. (Michael Chan) [Orabug: 27648355] - bnxt_en: Implement new method to reserve rings. (Michael Chan) [Orabug: 27648355] - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode. (Michael Chan) [Orabug: 27648355] - bnxt_en: Add the new firmware API to query hardware resources. (Michael Chan) [Orabug: 27648355] - bnxt_en: Refactor hardware resource data structures. (Michael Chan) [Orabug: 27648355] - bnxt_en: Restore MSIX after disabling SRIOV. (Michael Chan) [Orabug: 27648355] - bnxt_en: Refactor bnxt_close_nic(). (Michael Chan) [Orabug: 27648355] - bnxt_en: Update firmware interface to 1.9.0. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. (Venkat Duvvuru) [Orabug: 27648355] - bnxt_en: Fix sources of spurious netpoll warnings (Calvin Owens) [Orabug: 27648355] - bnxt_en: Dont print 'Link speed -1 no longer supported' messages. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg() (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (Ray Jui) [Orabug: 27648355] - bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()' (Christophe JAILLET) [Orabug: 27648355] - bnxt: fix bnxt_hwrm_fw_set_time for y2038 (Arnd Bergmann) [Orabug: 27648355] - bnxt_en: Fix IRQ coalescing regression. (Michael Chan) [Orabug: 27648355] - bnxt_en: fix typo in bnxt_set_coalesce (Andy Gospodarek) [Orabug: 27648355] - bnxt_en: Refactor and simplify coalescing code. (Michael Chan) [Orabug: 27648355] - bnxt_en: Reorganize the coalescing parameters. (Michael Chan) [Orabug: 27648355] - bnxt_en: Add ethtool reset method (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Optimize .ndo_set_mac_address() for VFs. (Michael Chan) [Orabug: 27648355] - bnxt_en: Get firmware package version one time. (Michael Chan) [Orabug: 27648355] - bnxt_en: Check for zero length value in bnxt_get_nvram_item(). (Michael Chan) [Orabug: 27648355] - bnxt_en: adding PCI ID for SMARTNIC VF support (Rob Miller) [Orabug: 27648355] - bnxt_en: Add PCIe device ID for bcm58804 (Ray Jui) [Orabug: 27648355] - bnxt_en: Update firmware interface to 1.8.3.1 (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix possible corruption in DCB parameters from firmware. (Sankar Patchineelam) [Orabug: 27648355] - bnxt_en: Fix VF resource checking. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix VF PCIe link speed and width logic. (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Dont use rtnl lock to protect link change logic in workqueue. (Michael Chan) [Orabug: 27648355] - bnxt_en: Improve VF/PF link change logic. (Michael Chan) [Orabug: 27648355] - bnxt_en: Remove redundant unlikely() (Tobias Klauser) [Orabug: 27648355] - drivers: net: bnxt: use setup_timer() helper. (Allen Pais) [Orabug: 27648355] - bnxt_en: Reduce default rings on multi-port cards. (Michael Chan) [Orabug: 27648355] - bnxt_en: Improve -ENOMEM logic in NAPI poll loop. (Michael Chan) [Orabug: 27648355] - bnxt: initialize board_info values with proper enums (Scott Branden) [Orabug: 27648355] - bnxt: Add PCIe device IDs for bcm58802/bcm58808 (Ray Jui) [Orabug: 27648355] - bnxt_en: assign CPU affinity hints to bnxt_en IRQs (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Improve tx ring reservation logic. (Michael Chan) [Orabug: 27648355] - bnxt_en: Update firmware interface spec. to 1.8.1.4. (Michael Chan) [Orabug: 27648355] - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps(). (Michael Chan) [Orabug: 27648355] - bnxt_en: Free MSIX vectors when unregistering the device from bnxt_re. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix .ndo_setup_tc() to include XDP rings. (Michael Chan) [Orabug: 27648355] - bnxt: fix unused variable warnings (stephen hemminger) [Orabug: 27648355] - bnxt: fix unsigned comparsion with 0 (stephen hemminger) [Orabug: 27648355] - bnxt_en: Use SWITCHDEV_SET_OPS(). (David S. Miller) [Orabug: 27648355] - bnxt_en: Set ETS min_bw parameter for older firmware. (Michael Chan) [Orabug: 27648355] - dccp/tcp: fix routing redirect race (Jon Maxwell) [Orabug: 27661864] - Revert 'RDS: dont commit to queue till transport connection is up' (Santosh Shilimkar) [Orabug: 27606911] - be2net: locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() (Mark Rutland) [Orabug: 27615319] - be2net: Handle transmit completion errors in Lancer (Suresh Reddy) [Orabug: 27615319] - be2net: Fix HW stall issue in Lancer (Suresh Reddy) [Orabug: 27615319] - be2net: remove redundant initialization of 'head' and pointer txq (Colin Ian King) [Orabug: 27615319] - be2net: networking block comments dont use an empty /* line (Rohit Visavalia) [Orabug: 27615319] - be2net: restore properly promisc mode after queues reconfiguration (Ivan Vecera) [Orabug: 27615319] - be2net: use ARRAY_SIZE for array sizing calculation on array cmd_priv_map (Colin Ian King) [Orabug: 27615319] - RDS: IB: Fix null pointer issue (Guanglei Li) [Orabug: 27636711] - xen/acpi: upload _PSD info for non-dom0 CPUs too (Joao Martins) [Orabug: 27655759] - scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright (James Smart) [Orabug: 27631736] - scsi: lpfc: update driver version to 11.4.0.7 (James Smart) [Orabug: 27631736] - scsi: lpfc: Treat SCSI Write operation Underruns as an error (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix SCSI io host reset causing kernel crash (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix issue_lip if link is disabled (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (James Smart) [Orabug: 27631736] - scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix PRLI handling when topology type changes (James Smart) [Orabug: 27631736] - scsi: lpfc: fix a couple of minor indentation issues (Colin Ian King) [Orabug: 27631736] - scsi: lpfc: update driver version to 11.4.0.6 (James Smart) [Orabug: 27631736] - scsi: lpfc: update driver version to 11.4.0.5 (James Smart) [Orabug: 27631736] - scsi: lpfc: FLOGI failures are reported when connected to a private loop. (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix ndlp ref count for pt2pt mode issue RSCN (James Smart) [Orabug: 27631736] - scsi: lpfc: Linux LPFC driver does not process all RSCNs (James Smart) [Orabug: 27631736] - scsi: lpfc: Driver fails to detect direct attach storage array (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix crash after bad bar setup on driver attachment (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix hard lock up NMI in els timeout handling. (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: change version to 11.4.0.4 (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Extend RDP support (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Fix secure firmware updates (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: PLOGI failures during NPIV testing (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Fix crash receiving ELS while detaching driver (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: fix pci hot plug crash in timer management routines (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: remove redundant null check on eqe (Colin Ian King) [Orabug: 27631736] - scsi: lpfc: lpfc version bump 11.4.0.3 (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [Orabug: 27631736] - scsi: lpfc: Add Buffer to Buffer credit recovery support (James Smart) [Orabug: 27631736] - scsi: lpfc: Correct issues with FAWWN and FDISCs (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Fix rediscovery on switch blade pull (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: remove useless code in lpfc_sli4_bsg_link_diag_test (Gustavo A. R. Silva) [Orabug: 27631736] - scsi: lpfc: Fix plogi collision that causes illegal state transition (Dick Kennedy) [Orabug: 27631736] - lpfc: Fix Express lane queue creation (Maurizio Lombardi) [Orabug: 27631736] - Cosmetic updates to arch/x86/kernel/cpu/microcode/xen.c to pass checkpatch.pl and match UEK5 code. (Aaron Young) [Orabug: 27640697] - Incorporate arch/x86/kernel/cpu/microcode/xen.c into cpu microcode driver. (Aaron Young) [Orabug: 27640697] - 1. Move arch/x86/kernel/microcode_xen.c file to proper cpu microcode driver location and rename to arch/x86/kernel/cpu/microcode/xen.c. (Aaron Young) [Orabug: 27640697] - fork: fix incorrect fput of ->exe_file causing use-after-free (Eric Biggers) [Orabug: 27648200] {CVE-2017-17052} - scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: NVMe passthrough command support (Shivasharan S) [Orabug: 27625001] - scsi: megaraid: use ktime_get_real for firmware time (Arnd Bergmann) [Orabug: 27625001] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: re-work DCMD refire code (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Expose fw_cmds_outstanding through sysfs (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Selectively apply stream detection based on IO type (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Update LD map after populating drv_map driver map copy (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Use megasas_wait_for_adapter_operational to detect controller state in IOCTL path (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Avoid firing DCMDs while OCR is in progress (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Reset ldio_outstanding in megasas_resume (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Return the DCMD status from megasas_get_seq_num (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: memset IOC INIT frame using correct size (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: zero out IOC INIT and stream detection memory (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: fix spelling mistake: 'thershold' -> 'threshold' (Colin Ian King) [Orabug: 27625001] - scsi: megaraid: Remove redundant code in megasas_alloc_cmds (Yisheng Xie) [Orabug: 27625001] - License cleanup: add SPDX GPL-2.0 license identifier to files with no license (Greg Kroah-Hartman) [Orabug: 27625001] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Add support for 64bit consistent DMA (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Do not limit queue_depth to 1k in non-RDPQ mode (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Retry with reduced queue depth when alloc fails for higher QD (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Incorrect processing of IOCTL frames for SMP/STP commands (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Resize MFA frame used for IOC INIT to 4k (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Update current host time to FW during IOC Init (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Move controller memory allocations and DMA mask settings from probe to megasas_init_fw (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Move initialization of instance parameters inside newly created function megasas_init_ctrl_params (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: remove instance->ctrl_info (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Pre-allocate frequently used DMA buffers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Create separate functions for allocating and freeing controller DMA buffers (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Create separate functions to allocate ctrl memory (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: reduce size of fusion_context and use kmalloc for allocation (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: replace is_ventura with adapter_type checks (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Remove redundant checks for ctrl_context (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: replace instance->ctrl_context checks with instance->adapter_type (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Add support for Crusader controllers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: use adapter_type for all gen controllers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: call megasas_dump_frame with correct IO frame size (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: modified few prints in OCR and IOC INIT path (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: replace internal FALSE/TRUE definitions with false/true (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: use vmalloc for crash dump buffers and drivers local RAID map (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Use SMID for Task abort case only (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Fix endianness issues in DCMD handling (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Do not re-fire shutdown DCMD after OCR (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Call megasas_complete_cmd_dpc_fusion every 1 second while there are pending commands (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Use synchronize_irq in target reset case (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: mismatch of allocated MFI frame size and length exposed in MFI MPT pass through command (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: fix error handle in megasas_probe_one (weiping zhang) [Orabug: 27625001] - scsi: megaraid_sas: fix allocate instance->pd_info twice (weiping) [Orabug: 27625001] - scsi: remove DRIVER_ATTR() usage (Greg Kroah-Hartman) [Orabug: 27625001] - scsi: megaraid: Replace PCI pool old API (Romain Perier) [Orabug: 27625001] - scsi: megaraid_sas: fix memleak in megasas_alloc_cmdlist_fusion (Shu Wang) [Orabug: 27625001] - scsi: megaraid: Fix a sleep-in-atomic bug (Jia-Ju Bai) [Orabug: 27625001] - drivers/scsi/megaraid: remove expensive inline from megasas_return_cmd (Andi Kleen) [Orabug: 27625001] - megaraid_sas: remove redundant code initialzing *pDevHandle with MR_DEVHANDLE_INVALID (Sumit Saxena) [Orabug: 27625001] - usb: usbtest: fix NULL pointer dereference (Alan Stern) [Orabug: 27602322] {CVE-2017-16532} - rds: Incorrect reference counting in TCP socket creation (Ka-Cheong Poon) [Orabug: 27602824] - enic: enable rq before updating rq descriptors (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: add sw timestamp support (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: add wq clean up budget (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: Add support for 'ethtool -g/-G' (Parvi Kaustubhi) [Orabug: 27587345] - enic: reset fetch index (Parvi Kaustubhi) [Orabug: 27587345] - drivers: net: enic: use setup_timer() helper. (Allen Pais) [Orabug: 27587345] - drivers: net: enic: use setup_timer() helper. (Allen Pais) [Orabug: 27587345] - enic: update enic maintainers (Govindarajulu Varadarajan) [Orabug: 27587345] - cisco: enic: Fic an error handling path in 'vnic_dev_init_devcmd2()' (Christophe Jaillet) [Orabug: 27587345] - enic: Fix format truncation warning (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: add devcmds for vxlan offload (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: increment devcmd2 result ring in case of timeout (Sandeep Pillai) [Orabug: 27587345] - scsi: fnic: use kzalloc in fnic_fcoe_process_vlan_resp (Rasmus Villemoes) [Orabug: 27587343] - scsi: fnic: add a space after %p in printf format (Nicolas Iooss) [Orabug: 27587343] - scsi: fnic: Fix coccinelle warnings (Vasyl Gomonovych) [Orabug: 27587343] - scsi: fnic: do not call host reset from command abort (Hannes Reinecke) [Orabug: 27587343] - scsi: fnic: fix format string overflow warning (Arnd Bergmann) [Orabug: 27587343] - scsi: fnic: correct speed display and add support for 25,40 and 100G (Satish Kharat) [Orabug: 27587343] - scsi: fnic: added timestamp reporting in fnic debug stats (Satish Kharat) [Orabug: 27587343] - scsi: fnic: Zero io_cmpl_skip on fw reset completion (Satish Kharat) [Orabug: 27587343] - scsi: fnic: Ratelimit printks to avoid flooding when vlan is not set by the switch.i (Satish Kharat) [Orabug: 27587343] - scsi: fnic: use kernels '%pM' format option to print MAC (Andy Shevchenko) [Orabug: 27587343] - fnic: pci_dma_mapping_error() doesnt return an error code (Dan Carpenter) [Orabug: 27587343] - fnic: move printk()s outside of the critical code section. (Maurizio Lombardi) [Orabug: 27587343] - fnic: check pci_map_single() return value (Maurizio Lombardi) [Orabug: 27587343] - retpoline: move setting of sysctl_ibrs_enabled and sysctl_ibpb_enabled to where SPEC_CTRL_IBRS_INUSE and SPEC_CTRL_IBPB_INUSE are set (Chuck Anderson) [Orabug: 27625404] - retpoline: set IBRS and IBPB in use only on the boot CPU call to init_scattered_cpuid_features() (Chuck Anderson) [Orabug: 27625404] - retpoline: display IBPB feature status along with IBRS status (Chuck Anderson) [Orabug: 27625404] - retpoline: move lock/unlock of spec_ctrl_mutex to check_modinfo() (Chuck Anderson) [Orabug: 27625404] - retpoline: call clear_retpoline_fallback() with boot parm spectre_v2_heuristics=off (Chuck Anderson) [Orabug: 27625404] - retpoline: add brackets to check_ibrs_inuse() and clear_ibpb_inuse() (Chuck Anderson) [Orabug: 27625404] - retpoline/module: do not enable IBRS/IPBP if SPEC_CTRL_IBRS_ADMIN_DISABLED/SPEC_CTRL_IBPB_ADMIN_DISABLED is set (Chuck Anderson) [Orabug: 27625353] - retpoline: microcode incorrectly reported as broken during early boot (Chuck Anderson) [Orabug: 27625404] - retpoline: move lock/unlock of spec_ctrl_mutex into init_scattered_cpuid_features() (Chuck Anderson) [Orabug: 27625404] - retpoline/module: fall back to another spectre mitigation when disabling retpoline (Chuck Anderson) [Orabug: 27457549] - retpoline/module: add bit defs for use_ibpb (Chuck Anderson) [Orabug: 27457549] - x86/spectre_v2: Fix the documentation to say the right thing. (Konrad Rzeszutek Wilk) - x86/spectre_v2: Dont check bad microcode versions when running under hypervisors. (Konrad Rzeszutek Wilk) [Orabug: 27601736] - x86/speculation: Use IBRS if available before calling into firmware (David Woodhouse) [Orabug: 27516477] - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601789] - Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Konrad Rzeszutek Wilk) - KVM: Disable irq while unregistering user notifier (Ignacio Alvarado) - dtrace: increase instruction limit for FBT entry probe detection (Kris Van Hees) [Orabug: 27410742] [4.1.12-124.5.1] - trace: declare blk_add_trace_rq non-static on OL6 (Todd Vierling) [Orabug: 27578618] - x86/ia32/syscall: RESTORE_EXTRA_REGS when returning from syscall (Ankur Arora) [Orabug: 27461990] {CVE-2017-5715} - x86/ia32/syscall: dont do RESTORE_EXTRA_REGS prematurely (Ankur Arora) [Orabug: 27461990] {CVE-2017-5715} - firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) [Orabug: 27586223] - uek-rpm: enable USERFAULTFD in debug kernels (UEK4 QU7) (Mike Kravetz) [Orabug: 27579702] - vmxnet3: repair memory leak (Neil Horman) [Orabug: 27479086] - bonding: attempt to better support longer hw addresses (Jarod Wilson) [Orabug: 27542370] - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (Bart Van Assche) [Orabug: 27546768] - scsi: Protect SCSI device state changes with a mutex (Bart Van Assche) [Orabug: 27546768] - scsi: Introduce scsi_start_queue() (Bart Van Assche) [Orabug: 27546768] - scsi: avoid a permanent stop of the scsi devices request queue (Wei Fang) [Orabug: 27546768] - IB/ipoib: ioctls IPOIBACLNADD and IPOIBACLNGET do not work correctly (Ka-Cheong Poon) [Orabug: 27533123] - x86/spectre: move microcode check before kernel ibrs flags are set (Daniel Jordan) [Orabug: 27542331] {CVE-2017-5715} [4.1.12-124.4.1] - x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI (Todd Vierling) [Orabug: 27540463] - x86/spectre_v2: Only use IBRS when ibrs_inuse tells us to (Konrad Rzeszutek Wilk) - kernel: on OL6 only, simulate the gcc 4.4 kABI for __stack_chk_fail() (Todd Vierling) [Orabug: 27509351] - uek-rpm: configs: Dont set HAVE_FENTRY on OL6 builds. (Todd Vierling) [Orabug: 27509351] - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 27525575] - x86/spectre_v2: Disable IBRS if spectre_v2=off (Konrad Rzeszutek Wilk) - xenbus: track caller request id (Joao Martins) [Orabug: 27472576] - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27523393] - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27524608] - Fix typo IBRS_ATT, which should be IBRS_ALL (redux) (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Add spectre_v2_heuristics= (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Do not disable IBPB when disabling IBRS (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/scattered: Fix the order. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Favor IBRS on Skylake over retpoline (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (Darren Kenny) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/bugs: Drop one 'mitigation' from dmesg (Borislav Petkov) [Orabug: 27477743] {CVE-2017-5715} - x86/nospec: Fix header guards names (Borislav Petkov) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/cpu: Keep model defines sorted by model number (Andy Shevchenko) [Orabug: 27477743] {CVE-2017-5715} - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/msr: Add definitions for new speculation control MSRs (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/cpufeatures: Add AMD feature bits for Speculation Control (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Print what options are available. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Add VMEXIT_FILL_RSB instead of RETPOLINE (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: If IBRS is enabled disable 'Filling RSB on context switch' (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Dont allow {ibrs,ipbp,lfence}_enabled to be toggled if retpoline (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Fix retpoline_enabled (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Update sysctl values if toggled only by set_{ibrs,ibpb}_disabled (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - retpoline/module: Taint kernel for missing retpoline in module (Andi Kleen) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Fill RSB on context switch for affected CPUs (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB (Andi Kleen) [Orabug: 27477743] {CVE-2017-5715} - kprobes/x86: Disable optimizing on the function jumps to indirect thunk (Masami Hiramatsu) [Orabug: 27477743] {CVE-2017-5715} - kprobes/x86: Blacklist indirect thunk functions for kprobes (Masami Hiramatsu) [Orabug: 27477743] {CVE-2017-5715} - retpoline: Introduce start/end markers of indirect thunk (Masami Hiramatsu) [Orabug: 27477743] {CVE-2017-5715} - x86/mce: Make machine check speculation protected (Thomas Gleixner) [Orabug: 27477743] {CVE-2017-5715} - kbuild: modversions for EXPORT_SYMBOL() for asm (Nicholas Piggin) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Tom Lendacky) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Remove compile time warning (Thomas Gleixner) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Fill return stack buffer on vmexit (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/irq32: Convert assembler indirect jumps (Andi Kleen) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/checksum32: Convert assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/xen: Convert Xen hypercall indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/hyperv: Convert assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/entry: Convert entry assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/crypto: Convert crypto assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Add disable_ibrs_and_friends (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Figure out if STUFF_RSB macro needs to be used. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Figure out when to use IBRS. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Add IBRS option. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Add boot time option to select Spectre v2 mitigation (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Add initial retpoline support (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - kconfig.h: use __is_defined() to check if MODULE is defined (Masahiro Yamada) [Orabug: 27477743] {CVE-2017-5715} - EXPORT_SYMBOL() for asm (Al Viro) [Orabug: 27477743] {CVE-2017-5715} - x86/asm: Make asm/alternative.h safe from assembly (Andy Lutomirski) [Orabug: 27477743] {CVE-2017-5715} - x86/kbuild: enable modversions for symbols exported from asm (Adam Borowski) [Orabug: 27477743] {CVE-2017-5715} - x86/asm: Use register variable to get stack pointer value (Andrey Ryabinin) [Orabug: 27477743] {CVE-2017-5715} - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (Andy Lutomirski) [Orabug: 27477743] {CVE-2017-5715} - x86/alternatives: Add missing ' ' at end of ALTERNATIVE inline asm (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/alternatives: Fix optimize_nops() checking (Borislav Petkov) [Orabug: 27477743] {CVE-2017-5715} - block: Check for gaps on front and back merges (Jens Axboe) [Orabug: 27484719] - block: Copy a user iovec if it includes gaps (Sagi Grimberg) [Orabug: 27484719] - block: Replace SG_GAPS with new queue limits mask (Keith Busch) [Orabug: 27484719] - Revert 'block: Copy a user iovec if it includes gaps' (Ashok Vairavan) [Orabug: 27484719] - Revert 'block: Check for gaps on front and back merges' (Ashok Vairavan) [Orabug: 27484719] - Revert 'blk: [Partial] Replace SG_GAPGS with new queue limits mask' (Ashok Vairavan) [Orabug: 27484719] - qlcnic: fix deadlock bug (Junxiao Bi) [Orabug: 27496907] - x86/entry: RESTORE_IBRS needs to be done under kernel CR3 (Ankur Arora) [Orabug: 27501734] [4.1.12-124.3.1] - rds: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 27477010] - Btrfs: fix unexpected EEXIST from btrfs_get_extent (Liu Bo) [Orabug: 27446668] - Btrfs: fix incorrect block_len in merge_extent_mapping (Liu Bo) [Orabug: 27446668] - Btrfs: add WARN_ONCE to detect unexpected error from merge_extent_mapping (Liu Bo) [Orabug: 27446668] - Btrfs: deal with existing encompassing extent map in btrfs_get_extent() (Omar Sandoval) [Orabug: 27446668] - Btrfs: deal with duplciates during extent_map insertion in btrfs_get_extent (Chris Mason) [Orabug: 27446668] - x86/spec: Fix spectre_v1 bug and mitigation indicators (John Haxby) [Orabug: 27470687] - Drivers: hv: util: Backup: Fix a rescind processing issue (K. Y. Srinivasan) [Orabug: 27426063] - Drivers: hv: vss: Operation timeouts should match host expectation (Alex Ng) [Orabug: 27426063] - Drivers: hv: vss: Improve log messages. (Alex Ng) [Orabug: 27426063] - Drivers: hv: utils: Check VSS daemon is listening before a hot backup (Alex Ng) [Orabug: 27426063] - Drivers: hv: utils: Continue to poll VSS channel after handling requests. (Alex Ng) [Orabug: 27426063] - Drivers: hv: utils: fix a race on userspace daemons registration (Vitaly Kuznetsov) [Orabug: 27426063] - Drivers: hv: util: catch allocation errors (Olaf Hering) [Orabug: 27426063] - Drivers: hv: vss: run only on supported host versions (Olaf Hering) [Orabug: 27426063] - Drivers: hv: utils: unify driver registration reporting (Vitaly Kuznetsov) [Orabug: 27426063] - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943864] [Orabug: 27465736] - rds: Calling getsockname() on unbounded socket generates seg fault (Ka-Cheong Poon) [Orabug: 27463484] - rds: Second bind() can overwrite the first bind() (Ka-Cheong Poon) [Orabug: 27463500] - rds: Un-connected socket sendmsg() with a NULL destination does not fail (Ka-Cheong Poon) [Orabug: 27463507] - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) - x86: Fix compile issues if CONFIG_XEN not defined (Konrad Rzeszutek Wilk) - hugetlb: fix nr_pmds accounting with shared page tables (Kirill A. Shutemov) [Orabug: 27451809] - net/mlx4_core: allow QPs with enable_smi_admin enabled (Zhu Yanjun) [Orabug: 27452072] - net/rds: Fix incorrect error handling (Hakon Bugge) [Orabug: 27469760] [4.1.12-124.2.1] - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) - x86/spec: Dont print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk) - x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk) - x86/IBRS: Dont try to change IBRS mode if IBRS is not available (Boris Ostrovsky) [Orabug: 27448280] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27448280] - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) - x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug: 27448280] - x86/IBRS/IBPB: Remove procfs interface to ibrs/ibpb_enable (Boris Ostrovsky) [Orabug: 27448280] - x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky) [Orabug: 27448313] - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27448330] - fs/ocfs2: remove page cache for converted direct write (Wengang Wang) - Revert 'ocfs2: code clean up for direct io' (Wengang Wang) - mlx4: add mstflint secure boot access kernel support (Qing Huang) [Orabug: 27424392] - x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343609] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343609] - autofs: use dentry flags to block walks during expire (Ian Kent) [Orabug: 26032471] - autofs races (Al Viro) [Orabug: 26032471] - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) [4.1.12-124.1.1] - dtrace: revive dtrace_gethrtime() (Tomas Jedlicka) [Orabug: 27409933] [4.1.12-124] - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27353383] - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27353383] - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27353383] - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27353383] - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27353383] - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27353383] - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27353383] - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27353383] - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753} - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27206805] {CVE-2017-1000407} {CVE-2017-1000407} - ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins) [Orabug: 27397028] - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 26670475] - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 26670475] - xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 26670475] - xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 26670475] - x86/fpu: Dont let userspace set bogus xcomp_bv (Tim Tianyang Chen) [Orabug: 27050688] {CVE-2017-15537} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27386997] {CVE-2017-15115} - media: dib0700: fix invalid dvb_detach argument (Andrey Konovalov) [Orabug: 27215141] {CVE-2017-16646} - Sanitize 'move_pages()' permission checks (Linus Torvalds) [Orabug: 27364683] {CVE-2017-14140} - assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug: 27364588] {CVE-2017-12193} {CVE-2017-12193} - net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam) [Orabug: 27390679] {CVE-2017-17712} [4.1.12-123] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378516] [Orabug: 27333760] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378451] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378102] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27382723] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27344012] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27344012] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365575] {CVE-2017-5715} - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27365431] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27365419] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27333760] {CVE-2017-5754} - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) [Orabug: 27365403] - Make use of ibrs_inuse consistent. (Jun Nakajima) [Orabug: 27365390] - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) [Orabug: 27364900] - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27344012] {CVE-2017-5715} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27333760] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27333760] {CVE-2017-5754} - x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27333760] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333760] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27333760] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27333760] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27333760] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27333760] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27333760] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27333760] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27333760] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333760] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27333760] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27333760] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333760] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27333760] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27333760] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27333760] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351274] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27344012] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27344012] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27344012] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27344012] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27344012] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27344012] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27344012] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27344012] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27344012] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27344012] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27344012] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290292] {CVE-2017-8824} - negotiate_mq should happen in all cases of a new VBD being discovered by xen-blkfront, whether called through _probe() or a hot-attached new VBD from dom-0 via xenstore. Otherwise, hot-attached new VBDs are left configured without multi-queue. (Patrick Colp) [Orabug: 27180421] - e1000: avoid null pointer dereference on invalid stat type (Colin Ian King) [Orabug: 27069012] - e1000: fix race condition between e1000_down() and e1000_watchdog (Vincenzo Maffione) [Orabug: 27069012] - e1000e: Be drop monitor friendly (Florian Fainelli) [Orabug: 27069012] - e1000e: apply burst mode settings only on default (Willem de Bruijn) [Orabug: 27069012] - e1000e: fix buffer overrun while the I219 is processing DMA transactions (Sasha Neftin) [Orabug: 27069012] - e1000e: Avoid receiver overrun interrupt bursts (Benjamin Poirier) [Orabug: 27069012] - e1000e: Separate signaling for link check/link up (Benjamin Poirier) [Orabug: 27069012] - e1000e: Fix return value test (Benjamin Poirier) [Orabug: 27069012] - e1000e: Fix wrong comment related to link detection (Benjamin Poirier) [Orabug: 27069012] - e1000e: Fix error path in link detection (Benjamin Poirier) [Orabug: 27069012] - drivers: net: e1000e: use setup_timer() helper. (Allen Pais) [Orabug: 27069012] - e1000e: Initial Support for IceLake (Sasha Neftin) [Orabug: 27069012] - e1000e: add check on e1e_wphy() return value (Gustavo A R Silva) [Orabug: 27069012] - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (Chris Wilson) [Orabug: 27069012] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16646 CVE-2017-16532 CVE-2017-15537 CVE-2018-1068 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.2] - scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled (Jianchao Wang) [Orabug: 27726302] - block: fix bio_will_gap() for first bvec with offset (Ming Lei) [Orabug: 27775588] - block: relax check on sg gap (Ming Lei) [Orabug: 27775588] - block: don't optimize for non-cloned bio in bio_get_last_bvec() (Ming Lei) [Orabug: 27775588] - block: merge: get the 1st and last bvec via helpers (Ming Lei) [Orabug: 27775588] - block: get the 1st and last bvec via helpers (Ming Lei) [Orabug: 27775588] - block: check virt boundary in bio_will_gap() (Ming Lei) [Orabug: 27775588] - block: bio: introduce helpers to get the 1st and last bvec (Ming Lei) [Orabug: 27775588] - Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount (Olga Kornievskaia) [Orabug: 27848303] - ext4: add validity checks for bitmap block numbers (Theodore Ts'o) [Orabug: 27854373] {CVE-2018-1093} {CVE-2018-1093} - ocfs2: Take inode cluster lock before moving reflinked inode from orphan dir (Ashish Samant) [Orabug: 27869411] - Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27869844] {CVE-2017-16643} - Input: ims-psu - check if CDC union descriptor is sane (Dmitry Torokhov) [Orabug: 27870333] {CVE-2017-16645} - vfio/pci: Virtualize Maximum Payload Size (Alex Williamson) - vfio-pci: Virtualize PCIe & AF FLR (Alex Williamson) - uek-rpm: Disable DMA CMA (Jianchao Wang) [Orabug: 27892359] - nvme-pci: fix multiple ctrl removal scheduling (Rakesh Pandit) [Orabug: 27892359] - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (Jianchao Wang) [Orabug: 27892359] - nvme/pci: Fix stuck nvme reset (Keith Busch) [Orabug: 27892359] - nvme: don't schedule multiple resets (Keith Busch) [Orabug: 27892359] - blk-mq: fix use-after-free in blk_mq_free_tag_set() (Junichi Nomura) [Orabug: 27892359] - USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27895909] - driver core: platform: fix race condition with driver_override (Adrian Salido) [Orabug: 27897874] {CVE-2017-12146} - usb/core: usb_alloc_dev(): fix setting of ->portnum (Nicolai Stange) [Orabug: 27908746] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-12146 CVE-2017-16643 CVE-2018-1093 CVE-2017-16645 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.3] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-100199} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-100199 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.6] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199} [2.6.39-400.298.5] - xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579] [2.6.39-400.298.4] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533} - cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215206] {CVE-2017-16649} - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861} - Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715} - x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715} - x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715} - x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848] - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773] - x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974] - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044] - x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909] - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715} - x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441] - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441] - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958] - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954] - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923] - x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083] - x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-100199 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.6] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-100199} [3.8.13-118.20.5] - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27806667] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27806667] - x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27806667] [3.8.13-118.20.4] - Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin) [Orabug: 21191022] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148281] {CVE-2017-16527} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929] {CVE-2017-16533} - [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215201] {CVE-2017-16649} - x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343577] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343577] - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344793] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344793] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344843] {CVE-2017-0861} {CVE-2017-0861} - ptrace: use fsuid, fsgid, effective creds for fs access checks (Jann Horn) [Orabug: 27364691] {CVE-2017-14140} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27387001] {CVE-2017-15115} - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/mitigation/spectre_v2: Add reporting of 'lfence'' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: bring spec_ctrl management logic closer to UEK4 (Ankur Arora) [Orabug: 27516512] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27516357] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27516419] {CVE-2017-5715} - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516419] {CVE-2017-5715} - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516419] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516419] - x86/spectre: expose 'stibp' (Konrad Rzeszutek Wilk) [Orabug: 27516419] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27516379] {CVE-2017-5715} - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516379] {CVE-2017-5715} - x86/spectre: fix spectre_v1 mitigation indicators (Ankur Arora) [Orabug: 27509932] {CVE-2017-5715} - x86/ia32/syscall: Clear extended registers %r8-%r15 (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: Save full stack frame throughout the entry code (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: cleanup trailing whitespace (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Clear callee saved registers (%r12-%r15, %rbp, %rbx) (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Save callee saved registers on syscall entrance (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-100199 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.5] - vhost/scsi: fix reuse of &vq->iov[out] in response (Benjamin Coddington) [Orabug: 27928330] [4.1.12-124.14.4] - kernel.spec: add requires system-release for OL7 (Brian Maly) [Orabug: 27955380] - x86/kernel/traps.c: fix trace_die_notifier return value (Kris Van Hees) {CVE-2018-8897} - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} - kvm/x86: fix icebp instruction handling (gregkh@linuxfoundation.org) {CVE-2018-1087} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1087 CVE-2018-8897 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.7] - net/rds: Fix endless RNR situation (Hakon Bugge) [Orabug: 27645402] - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-8897 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.7] - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-8897 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.15.1] - netfilter: nfnetlink_cthelper: Add missing permission checks (Kevin Cernekee) [Orabug: 27260771] {CVE-2017-17448} - netlink: Add netns check on taps (Kevin Cernekee) [Orabug: 27260799] {CVE-2017-17449} - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27290606] {CVE-2017-17741} {CVE-2017-17741} - xprtrdma: Detect unreachable NFS/RDMA servers more reliably (Chuck Lever) [Orabug: 27587008] - sunrpc: Export xprt_force_disconnect() (Chuck Lever) [Orabug: 27587008] - sunrpc: Allow xprt->ops->timer method to sleep (Chuck Lever) [Orabug: 27587008] - KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (Haozhong Zhang) [Orabug: 27720128] - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27878230] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27878230] - x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27878230] - mm/pagewalk.c: report holes in hugetlb ranges (Jann Horn) [Orabug: 27913118] {CVE-2017-16994} - KEYS: dont let add_key() update an uninstantiated key (David Howells) [Orabug: 27913330] {CVE-2017-15299} - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 27913367] {CVE-2017-7294} - vmscan: Support multiple kswapd threads per node (Buddy Lumpkin) [Orabug: 27913411] - tcp: dont use F-RTO on non-recurring timeouts (Yuchung Cheng) [Orabug: 27901860] - net/rds: ib: Release correct number of frags (Hakon Bugge) [Orabug: 27924161] - crypto: rng - Remove old low-level rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - crypto: drbg - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - crypto: ansi_cprng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - crypto: krng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934066] {CVE-2018-5332} - net: Fix double free and memory corruption in get_net_ns_by_id() (Eric W. Biederman) [Orabug: 27934789] {CVE-2017-15129} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5332 CVE-2017-7294 CVE-2017-16994 CVE-2017-15129 CVE-2017-17448 CVE-2017-15299 CVE-2017-15116 CVE-2017-17741 CVE-2017-17449 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.21.1] - media: imon: Fix null-ptr-deref in imon_probe (Arvind Yadav) [Orabug: 27208380] {CVE-2017-16537} - Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27215090] {CVE-2017-16643} - usb: usbtest: fix NULL pointer dereference (Alan Stern) [Orabug: 27602324] {CVE-2017-16532} - x86/spectre_v2: Fix cpu offlining with IPBP. (Konrad Rzeszutek Wilk) - fuse: fix deadlock caused by wrong locking order (Junxiao Bi) [Orabug: 27760268] - jbd: dont wait (forever) for stale tid caused by wraparound (Jan Kara) [Orabug: 27842289] - netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets (Florian Westphal) [Orabug: 27774015] {CVE-2018-1068} - RDS: IB: Fix null pointer issue (hui.han) [Orabug: 27843171] - ext4: add validity checks for bitmap block numbers (Theodore Tso) [Orabug: 27854376] {CVE-2018-1093} {CVE-2018-1093} - USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27898074] {CVE-2017-17558} - netfilter: nfnetlink_cthelper: Add missing permission checks (Kevin Cernekee) [Orabug: 27898167] {CVE-2017-17448} - KEYS: dont let add_key() update an uninstantiated key (David Howells) [Orabug: 27913332] {CVE-2017-15299} - RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934073] {CVE-2018-5332} - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-100199} - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27806667] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27806667] - x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27806667] - Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin) [Orabug: 21191022] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148281] {CVE-2017-16527} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929] {CVE-2017-16533} - [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215201] {CVE-2017-16649} - x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343577] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343577] - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344793] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344793] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344843] {CVE-2017-0861} {CVE-2017-0861} - ptrace: use fsuid, fsgid, effective creds for fs access checks (Jann Horn) [Orabug: 27364691] {CVE-2017-14140} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27387001] {CVE-2017-15115} - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/mitigation/spectre_v2: Add reporting of 'lfence'' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: bring spec_ctrl management logic closer to UEK4 (Ankur Arora) [Orabug: 27516512] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27516357] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27516419] {CVE-2017-5715} - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516419] {CVE-2017-5715} - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516419] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516419] - x86/spectre: expose 'stibp' (Konrad Rzeszutek Wilk) [Orabug: 27516419] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27516379] {CVE-2017-5715} - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516379] {CVE-2017-5715} - x86/spectre: fix spectre_v1 mitigation indicators (Ankur Arora) [Orabug: 27509932] {CVE-2017-5715} - x86/ia32/syscall: Clear extended registers %r8-%r15 (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: Save full stack frame throughout the entry code (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: cleanup trailing whitespace (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Clear callee saved registers (%r12-%r15, %rbp, %rbx) (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Save callee saved registers on syscall entrance (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - gre: fix a possible skb leak (Eric Dumazet) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403972] {CVE-2017-9074} - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813390] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26880517] {CVE-2017-7482} {CVE-2017-7482} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883322] - KVM: x86: fix deadlock in clock-in-progress request handling (Marcelo Tosatti) [Orabug: 27065995] - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099835] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206837] {CVE-2017-16525} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206897] {CVE-2017-16526} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206928] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207240] {CVE-2017-16531} - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (Alan Stern) [Orabug: 27207983] {CVE-2017-16535} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290301] {CVE-2017-8824} - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] {CVE-2017-5753} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/spec: Dont print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] {CVE-2017-5715} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] {CVE-2017-5715} - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5754} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5754} - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] {CVE-2017-5715} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] {CVE-2017-5754} {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] {CVE-2017-5754} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] {CVE-2017-5754} - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] {CVE-2017-5754} - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] {CVE-2017-5754} - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix flush_tlb_page() on Xen (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} {CVE-2015-5157} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1068 CVE-2017-17558 CVE-2018-1093 CVE-2018-5332 CVE-2017-16643 CVE-2017-16537 CVE-2017-17448 CVE-2017-15299 CVE-2017-16532 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.299.1] - ext4/jbd2: dont wait (forever) for stale tid caused by wraparound (Theodore Tso) [Orabug: 26424268] - jbd2: dont wake kjournald unnecessarily (Eric Sandeen) [Orabug: 26424268] - ext4: fix data corruption in inodes with journalled data (Jan Kara) [Orabug: 26424268] - media: imon: Fix null-ptr-deref in imon_probe (Arvind Yadav) [Orabug: 27208383] {CVE-2017-16537} - Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27215095] {CVE-2017-16643} - RDS: IB: Fix null pointer issue (Guanglei Li) [Orabug: 27241654] - usb: usbtest: fix NULL pointer dereference (Alan Stern) [Orabug: 27602321] {CVE-2017-16532} - vfs,proc: guarantee unique inodes in /proc (Linus Torvalds) [Orabug: 27637293] - vfs: dont chain pipe/anon/socket on superblock s_inodes list (Eric Dumazet) [Orabug: 27637293] - fuse: fix deadlock caused by wrong locking order (Junxiao Bi) [Orabug: 27719848] - jbd: dont wait (forever) for stale tid caused by wraparound (Jan Kara) [Orabug: 27734012] - netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets (Florian Westphal) [Orabug: 27774010] {CVE-2018-1068} - x86/spec: set_ibrs[ibpb]_disabled() should disable ibrs[ibpb]_admin_disabled (Krish Sadhukhan) [Orabug: 27788624] - x86/spec: Fix wrong output from sysfs (Krish Sadhukhan) [Orabug: 27795350] - x86/spec: Fix spectre_v1 bug and mitigation indicators (John Haxby) [Orabug: 27811437] - ext4: add validity checks for bitmap block numbers (Theodore Tso) [Orabug: 27854370] {CVE-2018-1093} {CVE-2018-1093} - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27878228] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27878228] - x86/cpufeatures: use cpu_data in scan_spec_ctrl_features and rescan_spec_ctrl_features (Ankur Arora) [Orabug: 27878228] - USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27898064] {CVE-2017-17558} - retpoline: microcode incorrectly reported as broken during early boot (Chuck Anderson) [Orabug: 27915293] - x86/spec: scan_spec_ctrl_feature should be executed only for cpu_index 0 (Krish Sadhukhan) [Orabug: 27915355] - RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934081] {CVE-2018-5332} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989490] {CVE-2018-10323} - net/rds: Fix endless RNR situation (Hakon Bugge) [Orabug: 27645402] - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199} - xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533} - cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215206] {CVE-2017-16649} - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861} - Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715} - x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715} - x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715} - x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848] - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773] - x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974] - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044] - x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909] - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715} - x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441] - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441] - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958] - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954] - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923] - x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083] - x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378] - ext4: limit group search loop for non-extent files (Lachlan McIlroy) [Orabug: 17488415] - ext4: fixup 64-bit divides in 3.0-stable backport of upstream fix (Todd Poynor) [Orabug: 17488415] - ext4: use atomic64_t for the per-flexbg free_clusters count (Theodore Tso) [Orabug: 17488415] - ext4: init pagevec in ext4_da_block_invalidatepages (Eric Sandeen) [Orabug: 17488415] - ext4: do not try to write superblock on ro remount w/o journal (Michael Tokarev) [Orabug: 17488415] - xen-netback: fix grant_copy_op array size (Niranjan Patil) [Orabug: 25653941] - xen-netback: explicitly check max_slots_needed against meta_prod counter (Niranjan Patil) [Orabug: 25653941] - xen-netback: Fix handling of skbs requiring too many slots (Zoltan Kiss) [Orabug: 25653941] - xen-netback: worse-case estimate in xenvif_rx_action is underestimating (Paul Durrant) [Orabug: 25653941] - xen-netback: Add worse-case estimates of max_slots_needed in netbk_rx_action (Niranjan Patil) [Orabug: 25653941] - KEYS: Remove key_type::match in favour of overriding default by match_preparse (Tim Tianyang Chen) [Orabug: 25757946] {CVE-2017-6951} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26737475] - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813391] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26880520] {CVE-2017-7482} {CVE-2017-7482} - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099836] - Check validity of cl_rpcclient in nfs_server_list_show (Malahal Naineni) [Orabug: 27112186] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206839] {CVE-2017-16525} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206934] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207243] {CVE-2017-16531} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290308] {CVE-2017-8824} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: Dont print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move ENABLE_IBRS in the interrupt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: MACROS to set/clear IBRS and set IBPB (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: fix build breakage (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI to match upstream (Mike Kravetz) {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - KPTI: Report when enabled (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333761] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT, dynamically disable KAISER if PARAVIRT (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86-32: Fix boot with CONFIG_X86_INVD_BUG (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: user_map __kprobes_text too (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333761] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: fix bad backport to disable PCID on Xen (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86, cpufeature: Add CPU features from Intel document 319433-012A (H. Peter Anvin) [Orabug: 27333761] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333761] {CVE-2017-5754} - x86-64: Map the HPET NX (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} {CVE-2015-5157} - x86, cpu: Add cpufeature flag for PCIDs (Arun Thomas) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333761] {CVE-2017-5754} - locking/barriers: fix compile issue (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27346425] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1093 CVE-2017-16532 CVE-2017-16643 CVE-2018-5332 CVE-2017-16537 CVE-2017-17558 CVE-2017-15299 CVE-2018-1068 CVE-2017-17448 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.15.2] - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) {CVE-2018-3639} - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639} - x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina) {CVE-2018-3639} - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) {CVE-2018-3639} - proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Kees Cook) {CVE-2018-3639} - seccomp: Move speculation migitation control to arch code (Thomas Gleixner) {CVE-2018-3639} - seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook) {CVE-2018-3639} - seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) {CVE-2018-3639} - prctl: Add force disable speculation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - seccomp: Enable speculation flaw mitigations (Kees Cook) {CVE-2018-3639} - proc: Provide details on speculation flaw mitigations (Kees Cook) {CVE-2018-3639} - nospec: Allow getting/setting on non-current task (Kees Cook) {CVE-2018-3639} - x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/speculation: Add prctl for Speculative Store Bypass mitigation (Thomas Gleixner) {CVE-2018-3639} - x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas) {CVE-2018-3639} - x86/process: Allow runtime control of Speculative Store Bypass (Thomas Gleixner) {CVE-2018-3639} - prctl: Add speculation control prctls (Thomas Gleixner) {CVE-2018-3639} - x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas Gleixner) {CVE-2018-3639} - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/intel: Set proper CPU features and setup RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) {CVE-2018-3639} - x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko) {CVE-2018-3639} - x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Warn if IBRS is enabled during boot. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Use variable instead of defines for enabling IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - scsi: libfc: Revisit kref handling (Hannes Reinecke) - scsi: libfc: reset exchange manager during LOGO handling (Hannes Reinecke) - scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke) - scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke) - libfc: Update rport reference counting (Hannes Reinecke) - amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena Ufimtseva) - RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27422832] {CVE-2018-5333} - ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27501257] {CVE-2018-5750} - futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27539548] {CVE-2018-6927} - net: ipv4: add support for ECMP hash policy choice (Venkat Venkatsubra) [Orabug: 27547114] - net: ipv4: Consider failed nexthops in multipath routes (David Ahern) [Orabug: 27547114] - ipv4: L3 hash-based multipath (Peter Norlund) [Orabug: 27547114] - dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) [Orabug: 27677556] {CVE-2017-18203} - NFS: only invalidate dentrys that are clearly invalid. (NeilBrown) [Orabug: 27870824] - net: Improve handling of failures on link and route dumps (David Ahern) [Orabug: 27959177] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 27963519] {CVE-2018-10675} - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27963530] {CVE-2018-8781} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27963576] {CVE-2018-10323} - Revert 'mlx4: change the ICM table allocations to lowest needed size' (Hakon Bugge) [Orabug: 27980030] - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030514] {CVE-2017-1000410} {CVE-2017-1000410} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5750 CVE-2017-1000410 CVE-2018-10323 CVE-2017-18203 CVE-2018-10675 CVE-2018-3639 CVE-2018-6927 CVE-2018-5333 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.15.4] - x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas) - fs/pstore: update the backend parameter in pstore module (Wang Long) [Orabug: 27994372] - kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210] - dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932] - x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] {CVE-2018-3639} - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] {CVE-2018-3639} - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Rework speculative_store_bypass_update() (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639} [4.1.12-124.15.3] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1000199 CVE-2018-3639 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.16.2] - netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] {CVE-2017-16939} - ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] {CVE-2017-16939} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16939 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.21.4] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] {CVE-2018-3665} [3.8.13-118.21.3] - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] {CVE-2017-17741} {CVE-2017-17741} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] {CVE-2018-10323} - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] {CVE-2016-2384} [3.8.13-118.21.2] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-2543 CVE-2016-2544 CVE-2017-1000410 CVE-2017-17741 CVE-2018-1000199 CVE-2018-10323 CVE-2016-2549 CVE-2016-2545 CVE-2016-2548 CVE-2018-3665 CVE-2016-2384 CVE-2016-2547 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.16.4] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28135099] {CVE-2018-3665} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3665 cpe:/a:oracle:linux:7::security_validation cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.299.3] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156175] {CVE-2018-3665} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 22876528] {CVE-2016-2384} - mlx4_ib: DREQ silently dropped by PF passive side (Venkat Venkatsubra) [Orabug: 25090540] - net: tcpdump fails with EFAULT (Venkat Venkatsubra) [Orabug: 25209691] - x86/spec: Remove rescan_spec_ctrl_feature as it's not needed anymore (Krish Sadhukhan) [Orabug: 27934121] [2.6.39-400.299.2] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947612] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-2543 CVE-2016-2548 CVE-2016-2549 CVE-2016-2545 CVE-2016-2544 CVE-2018-1000199 CVE-2018-3665 CVE-2016-2547 CVE-2016-2384 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [2.12-1.212.0.1] - backport rh patch 1047983 from OL7, Orabug 25407655 [2.12-1.212] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504810) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504810) [2.12-1.211] - Avoid large allocas in the dynamic linker (#1452717) [2.12-1.210] - Fix thread cancellation issues for setmntent() and others (#1437147). IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.17.1] - block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756] - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130} - net/rds: Implement ARP flushing correctly (Hakon Bugge) [Orabug: 28219857] - net/rds: Fix incorrect bigger vs. smaller IP address check (Hakon Bugge) [Orabug: 28236599] - ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391] - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] {CVE-2017-11600} {CVE-2017-11600} [4.1.12-124.16.6] - add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400] - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] {CVE-2017-7616} - xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023] - mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) [Orabug: 27718303] - mlx4_core: allocate ICM memory in page size chunks (Qing Huang) [Orabug: 27718303] - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124} - rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214] - ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032] - net/rds: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198749] - sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240074] {CVE-2018-5803} [4.1.12-124.16.5] - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896802] {CVE-2017-18017} - kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] {CVE-2018-10087} - x86/bugs/module: Provide retpoline_modules_only parameter to fail non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10087 CVE-2018-10124 CVE-2018-1130 CVE-2017-7616 CVE-2017-18017 CVE-2018-5803 CVE-2017-11600 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.22.1] - dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) {CVE-2017-18203} - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27986407] {CVE-2018-8781} - kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488] {CVE-2018-10087} - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) {CVE-2018-10124} - bluetooth: Validate socket address length in sco_sock_bind(). (mlevatic) [Orabug: 28130293] {CVE-2015-8575} - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220402] {CVE-2017-8824} {CVE-2018-1130} - sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240075] {CVE-2018-5803} - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242478] {CVE-2017-7616} - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264121] {CVE-2017-11600} {CVE-2017-11600} - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] {CVE-2018-3665} - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] {CVE-2017-17741} {CVE-2017-17741} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] {CVE-2018-10323} - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] {CVE-2016-2384} - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-18203 CVE-2018-1130 CVE-2017-11600 CVE-2015-8575 CVE-2018-5803 CVE-2018-8781 CVE-2017-7616 CVE-2018-10124 CVE-2018-10087 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.300.2] - Revert 'RDS: don't commit to queue till transport connection is up' (Santosh Shilimkar) [Orabug: 27619034] - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951293] {CVE-2017-17741} {CVE-2017-17741} - kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049790] {CVE-2018-10087} - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28082989] {CVE-2018-10124} - bluetooth: Validate socket address length in sco_sock_bind(). (mlevatic) [Orabug: 28130291] {CVE-2015-8575} - x86/bug: Fix typo's from commit b2d2b5b2 (x86/fpu: Make eager FPU default) (Mihai Carabas) [Orabug: 28194606] - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220512] {CVE-2017-8824} {CVE-2018-1130} - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242479] {CVE-2017-7616} - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264531] {CVE-2017-11600} {CVE-2017-11600} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7616 CVE-2018-10087 CVE-2015-8575 CVE-2017-17741 CVE-2017-11600 CVE-2018-10124 CVE-2018-1130 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [1.0.1e-57.0.3] - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-3735 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6:10:base Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.23.1] - xen/blkback: free requests on disconnection (Dongli Zhang) [Orabug: 22111941] - RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27986376] {CVE-2018-5333} - ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27986392] {CVE-2018-5750} - futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27986395] {CVE-2018-6927} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5750 CVE-2018-6927 CVE-2018-5333 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.18.5] - inet: frag: enforce memory limits earlier (Eric Dumazet) [Orabug: 28450977] - x86/mm/pageattr.c: fix page prot mask (Mihai Carabas) [Orabug: 28492122] - x86/pgtable.h: fix PMD/PUD mask (Mihai Carabas) [Orabug: 28492122] - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28492122] [4.1.12-124.18.4] - kvm/vmx: Dont mark vmx_exit() __exit (Boris Ostrovsky) [Orabug: 28491688] - x86/speculation: Dont mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28491688] - x86/speculation: parse l1tf boot parameter early (Boris Ostrovsky) [Orabug: 28491688] [4.1.12-124.18.3] - posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481412] {CVE-2017-18344} [4.1.12-124.18.2] - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Fix SMT supported evaluation (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620} - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (KarimAllah Ahmed) [Orabug: 28220674] {CVE-2018-3646} - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620} - Documentation/l1tf: Remove Yonah processors from not vulnerable list (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM/VMX: Dont set l1tf_flush_l1d from vmx_handle_external_intr() (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646} - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646} - x86: Dont include linux/irq.h from asm/hardirq.h (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3620} - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - x86/KVM/VMX: Dont set l1tf_flush_l1d to true from vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paolo Bonzini) [Orabug: 28220625] {CVE-2018-3646} - KVM: X86: Introduce kvm_get_msr_feature() (Wanpeng Li) [Orabug: 28220674] {CVE-2018-3646} - KVM: x86: Add a framework for supporting MSR-based features (Tom Lendacky) [Orabug: 28220674] {CVE-2018-3646} - cpu/hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [Orabug: 28220674] {CVE-2018-3620} - Documentation/l1tf: Fix typos (Tony Luck) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages content (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646} - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620} - Documentation: Add section about CPU vulnerabilities (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3646} - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Expose SMT control init function (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620} - x86/kvm: Allow runtime control of L1D flush (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/kvm: Serialize L1D flush parameter setter (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/kvm: Add static key for flush always (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/kvm: Move l1tf setup function (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3646} - x86/l1tf: Handle EPT disabled state proper (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3620} - x86/kvm: Drop L1TF MSR list approach (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/litf: Introduce vmx status variable (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Online siblings when SMT control is turned on (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add find_msr() helper function (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add L1D flush logic (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add L1D MSR based flush (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add L1D flush algorithm (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add module argument for L1TF mitigation (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} {CVE-2018-3646} - locking/static_keys: Add static_key_{en,dis}able() helpers (Peter Zijlstra) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks (Suravee Suthikulpanit) [Orabug: 28220674] {CVE-2018-3646} - cpu/hotplug: Boot HT siblings at least once (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620} - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620} - x86/cpufeatures: Add detection of L1D cache flush support. (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620} - x86/apic: Ignore secondary threads if nosmt=force (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/AMD: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/intel: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/topology: Provide detect_extended_topology_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/common: Provide detect_ht_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/AMD: Remove the pointless detect_ht() call (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu: Remove the pointless CPU printout (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Provide knobs to control SMT (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/topology: Add topology_max_smt_threads() (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Split do_cpu_down() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/topology: Provide topology_smt_supported() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/smp: Provide topology_is_primary_thread() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/mm: Limit mmap() of /dev/mem to valid physical addresses (Craig Bergstrom) [Orabug: 28220674] {CVE-2018-3620} - x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border (Kirill A. Shutemov) [Orabug: 28220674] {CVE-2018-3620} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-18344 CVE-2018-5391 CVE-2018-3620 CVE-2018-3646 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.18.6] - qla2xxx: Update the version to 9.00.00.00.41.0-k1. (Giridhar Malavali) [Orabug: 28172611] - qla2xxx: Utilize complete local DMA buffer for DIF PI inforamtion. (Giridhar Malavali) [Orabug: 28172611] - qla2xxx: Correction to total data segment count when local DMA buffers used for DIF PI. (Giridhar Malavali) - scsi: megaraid_sas: fix the wrong way to get irq number (Jianchao Wang) [Orabug: 28436426] - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459728] {CVE-2018-7566} - ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459728] {CVE-2018-7566} - oracleasm: Fix use after free for request processing timer (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Fix incorrectly set flag (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Fix memory leak (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Add ENXIO handling (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Add missing tracepoint (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Don't assume bip was allocated by oracleasm (Martin K. Petersen) [Orabug: 28506080] - oracleasm: fix asmfs_dir_operations compiler error (Tom Saeger) [Orabug: 28506080] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7566 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.18.9] - rebuild bumping release [4.1.12-124.18.8] - Cipso: cipso_v4_optptr enter infinite loop (yujuan.qi) [Orabug: 28563992] {CVE-2018-10938} - Btrfs: fix list_add corruption and soft lockups in fsync (Liu Bo) [Orabug: 28119834] - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter Zijlstra) [Orabug: 28474643] {CVE-2018-15594} - sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in sym_hipd.c (George Kennedy) [Orabug: 28481893] - md/raid1: Avoid raid1 resync getting stuck (Jes Sorensen) [Orabug: 28529228] - x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is available. (Boris Ostrovsky) [Orabug: 28540376] [4.1.12-124.18.7] - ext4: avoid deadlock when expanding inode size (Jan Kara) [Orabug: 25718971] - ext4: properly align shifted xattrs when expanding inodes (Jan Kara) [Orabug: 25718971] - ext4: fix xattr shifting when expanding inodes part 2 (Jan Kara) [Orabug: 25718971] - ext4: fix xattr shifting when expanding inodes (Jan Kara) [Orabug: 25718971] - uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug: 27801171] - nfsd: give out fewer session slots as limit approaches (J. Bruce Fields) [Orabug: 28023821] - nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28023821] - uek-rpm: config-debug: Turn off torture testing by default (Knut Omang) [Orabug: 28261886] - ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg() (Junichi Nomura) - x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs (Yazen Ghannam) [Orabug: 28416303] - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459477] {CVE-2018-13405} - scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459685] {CVE-2018-10021} - PCI: Allocate ATS struct during enumeration (Bjorn Helgaas) [Orabug: 28460092] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-15594 CVE-2018-10938 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.1] - x86/entry/64: Ensure %ebx handling correct in xen_failsafe_callback (George Kennedy) [Orabug: 28402927] {CVE-2018-14678} - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28488808] {CVE-2018-3620} - x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck) [Orabug: 28488808] {CVE-2018-3620} - x86/spectre: Add missing family 6 check to microcode check (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620} - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner) [Orabug: 28488808] {CVE-2018-3646} - x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [Orabug: 28488808] {CVE-2018-3620} - x86/microcode: Do not upload microcode if CPUs are offline (Ashok Raj) [Orabug: 28488808] {CVE-2018-3620} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14678 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.24.1] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 28022108] {CVE-2018-10675} - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459478] {CVE-2018-13405} - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459729] {CVE-2018-7566} - ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459729] {CVE-2018-7566} - posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481409] {CVE-2017-18344} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7566 CVE-2017-18344 CVE-2018-10675 CVE-2018-13405 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.301.1] - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505519] {CVE-2018-3620} - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - mm: pagewalk: fix misbehavior of walk_page_range for vma(VM_PFNMAP) (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (Cliff Wickman) [Orabug: 28505519] {CVE-2018-3620} - pagewalk: don't look up vma if walk->hugetlb_entry is unused (KOSAKI Motohiro) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620} - x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620} - x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620} - mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505519] {CVE-2018-3620} - x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620} - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620} - x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620} - x86/cpufeature: uniquely define *IA32_ARCH_CAPS and *IBRS_ATT (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620} - Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 28001909] - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 28001909] - x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (David Woodhouse) [Orabug: 28001909] - Add driver auto probing for x86 features v4 (Andi Kleen) [Orabug: 28001909] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 28022110] {CVE-2018-10675} - xen-netback: do not requeue skb if xenvif is already disconnected (Dongli Zhang) [Orabug: 28247698] - posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481397] {CVE-2017-18344} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10675 CVE-2018-3620 CVE-2017-18344 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.24.2] - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27958074] - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27958074] - x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth Ghatraju) [Orabug: 27958074] - x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES supported (Kanth Ghatraju) [Orabug: 27958074] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3620 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.2] - tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug: 28639707] {CVE-2018-5390} - tcp: refine tcp_prune_ofo_queue() to not drop all packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: introduce tcp_under_memory_pressure() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: increment sk_drops for dropped rx packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5390 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.5] - nsfs: mark dentry with DCACHE_RCUACCESS (Cong Wang) [Orabug: 28576290] {CVE-2018-5873} - dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk) [Orabug: 28604628] - IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655409] - IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) [Orabug: 28655409] - IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) [Orabug: 28655409] - IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) [Orabug: 28655409] - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664501] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664577] {CVE-2017-13695} - uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680213] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-13695 CVE-2018-16658 CVE-2018-5873 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [1.0.1e-57.0.5] - Merge upstream patch to fix CVE-2018-0739 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-0739 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 Oracle Linux 6 [1.0.1e-57.0.5] - Merge upstream patch to fix CVE-2018-0739 [1.0.1e-57.0.3] - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.6] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28709994] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14634 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.24.3] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14634 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.301.2] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710024] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14634 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.20.1] - bnxt_en: xdp: don't make drivers report attachment mode (partial backport) (Somasundaram Krishnasamy) [Orabug: 27988326] - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita V. Shirokov) [Orabug: 27988326] - bnxt_en: add meta pointer for direct access (partial backport) (Somasundaram Krishnasamy) [Orabug: 27988326] - bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug: 27988326] - bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG (Martin KaFai Lau) [Orabug: 27988326] - bnxt_en: Optimize doorbell write operations for newer chips (reapply). (Michael Chan) [Orabug: 27988326] - bnxt_en: Use short TX BDs for the XDP TX ring. (Michael Chan) [Orabug: 27988326] - bnxt_en: Add ethtool mac loopback self test (reapply). (Michael Chan) [Orabug: 27988326] - bnxt_en: Add support for XDP_TX action. (Michael Chan) [Orabug: 27988326] - bnxt_en: Add basic XDP support. (Michael Chan) [Orabug: 27988326] - x86/ia32: Restore r8 correctly in 32bit SYSCALL instruction entry. (Gayatri Vasudevan) [Orabug: 28529706] - net: enable RPS on vlan devices (Shannon Nelson) [Orabug: 28645929] - xen-blkback: hold write vbd-lock while swapping the vbd (Ankur Arora) [Orabug: 28651655] - xen-blkback: implement swapping of active vbd (Ankur Arora) [Orabug: 28651655] - xen-blkback: emit active physical device to xenstore (Ankur Arora) [Orabug: 28651655] - xen-blkback: refactor backend_changed() (Ankur Arora) [Orabug: 28651655] - xen-blkback: pull out blkif grant features from vbd (Ankur Arora) [Orabug: 28651655] - mm: get rid of vmacache_flush_all() entirely (Linus Torvalds) [Orabug: 28701016] {CVE-2018-17182} [4.1.12-124.19.9] - rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28506569] [4.1.12-124.19.8] - IB/core: For multicast functions, verify that LIDs are multicast LIDs (Michael J. Ruhl) [Orabug: 28700490] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-17182 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.25.1] - x86/spectre_v2: Don't check microcode versions when running under hypervisors (Konrad Rzeszutek Wilk) [Orabug: 27959785] - rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28552792] {CVE-2018-7492} - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664530] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664579] {CVE-2017-13695} - uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680238] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634} - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27958074] - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27958074] - x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth Ghatraju) [Orabug: 27958074] - x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES supported (Kanth Ghatraju) [Orabug: 27958074] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7492 CVE-2017-13695 CVE-2018-16658 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 [1.0.1e-57.0.6] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-0737 CVE-2018-0732 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 Oracle Linux 6 [2.6.39-400.302.2] - Revert 'Fix up non-directory creation in SGID directories' (Brian Maly) [Orabug: 28781234] [2.6.39-400.302.1] - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459479] {CVE-2018-13405} - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459730] {CVE-2018-7566} - rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28539910] {CVE-2018-7492} - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664549] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664580] {CVE-2017-13695} - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710024] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7492 CVE-2018-7566 CVE-2017-13695 CVE-2018-16658 cpe:/a:oracle:linux:6::UEK_latest Oracle Linux 6 [1.0.1e-57.0.6] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.20.7] - Revert 'rds: RDS (tcp) hangs on sendto() to unresponding address' (Brian Maly) [Orabug: 28837953] [4.1.12-124.20.6] - x86/speculation: Retpoline should always be available on Skylake (Alexandre Chartre) [Orabug: 28801831] [4.1.12-124.20.5] - x86/speculation: Add sysfs entry to enable/disable retpoline (Alexandre Chartre) [Orabug: 28607548] - x86/speculation: Switch to IBRS when loading a non-retpoline module (Alexandre Chartre) [Orabug: 28607548] - x86/speculation: Remove unnecessary retpoline alternatives (Alexandre Chartre) [Orabug: 28607548] - x86/speculation: Use static key to enable/disable retpoline (Alexandre Chartre) [Orabug: 28607548] - locking/static_keys: Provide DECLARE and well as DEFINE macros (Tony Luck) [Orabug: 28607548] - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (Jason Baron) [Orabug: 28607548] - locking/static_key: Fix concurrent static_key_slow_inc() (Paolo Bonzini) [Orabug: 28607548] - jump_label: make static_key_enabled() work on static_key_true/false types too (Tejun Heo) [Orabug: 28607548] - locking/static_keys: Fix up the static keys documentation (Jonathan Corbet) [Orabug: 28607548] - locking/static_keys: Fix a silly typo (Jonathan Corbet) [Orabug: 28607548] - jump label, locking/static_keys: Update docs (Jason Baron) [Orabug: 28607548] - x86/asm: Add asm macros for static keys/jump labels (Andy Lutomirski) [Orabug: 28607548] - x86/asm: Error out if asm/jump_label.h is included inappropriately (Andy Lutomirski) [Orabug: 28607548] - jump_label/x86: Work around asm build bug on older/backported GCCs (Peter Zijlstra) [Orabug: 28607548] - locking/static_keys: Add a new static_key interface (Peter Zijlstra) [Orabug: 28607548] - locking/static_keys: Rework update logic (Peter Zijlstra) [Orabug: 28607548] - jump_label: Add jump_entry_key() helper (Peter Zijlstra) [Orabug: 28607548] - jump_label, locking/static_keys: Rename JUMP_LABEL_TYPE_* and related helpers to the static_key* pattern (Peter Zijlstra) [Orabug: 28607548] - jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} (Peter Zijlstra) [Orabug: 28607548] - module, jump_label: Fix module locking (Peter Zijlstra) [Orabug: 28607548] - x86/speculation: Protect against userspace-userspace spectreRSB (Jiri Kosina) [Orabug: 28631590] {CVE-2018-15572} - x86/spectre_v2: Remove remaining references to lfence mitigation (Alejandro Jimenez) [Orabug: 28631590] {CVE-2018-15572} - Revert 'md: allow a partially recovered device to be hot-added to an array.' (NeilBrown) [Orabug: 28702623] - x86/bugs: ssbd_ibrs_selected called prematurely (Daniel Jordan) [Orabug: 28788839] - net/mlx4_core: print firmware version during driver loading (Qing Huang) [Orabug: 28809377] - mm: numa: Do not trap faults on shared data section pages. (Henry Willard) [Orabug: 28814880] - hugetlbfs: dirty pages as they are added to pagecache (Mike Kravetz) [Orabug: 28813968] [4.1.12-124.20.4] - rds: RDS (tcp) hangs on sendto() to unresponding address (Ka-Cheong Poon) [Orabug: 28762608] - nfs: fix a deadlock in nfs client initialization (Scott Mayhew) [Orabug: 28486463] - infiniband: fix a possible use-after-free bug (Cong Wang) [Orabug: 28774517] {CVE-2018-14734} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14734 CVE-2018-15572 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.21.1] - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz) [Orabug: 28839992] - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927687] {CVE-2018-7757} - KVM: vmx: shadow more fields that are read/written on every vmexits (Paolo Bonzini) [Orabug: 28581045] - vhost/scsi: Use common handling code in request queue handler (Bijan Mottahedeh) [Orabug: 28775573] - vhost/scsi: Extract common handling code from control queue handler (Bijan Mottahedeh) [Orabug: 28775573] - vhost/scsi: Respond to control queue operations (Bijan Mottahedeh) [Orabug: 28775573] [4.1.12-124.20.8] - scsi: lpfc: devloss timeout race condition caused null pointer reference (James Smart) [Orabug: 27994179] - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (Ben Hutchings) [Orabug: 28013813] - i40e: Add programming descriptors to cleaned_count (Alexander Duyck) [Orabug: 28228724] - i40e: Fix memory leak related filter programming status (Alexander Duyck) [Orabug: 28228724] - xen-swiotlb: use actually allocated size on check physical continuous (Joe Jin) [Orabug: 28258102] - Revert 'Revert 'xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent'' (Dongli Zhang) [Orabug: 28258102] - net/mlx4_en: fix potential use-after-free with dma_unmap_page (Sarah Newman) [Orabug: 28376051] - ocfs2: fix ocfs2 read block panic (Junxiao Bi) [Orabug: 28580543] - block: fix bdi vs gendisk lifetime mismatch (Dan Williams) [Orabug: 28645416] - e1000e: Fix link check race condition (Benjamin Poirier) [Orabug: 28716958] - Revert 'e1000e: Separate signaling for link check/link up' (Benjamin Poirier) [Orabug: 28716958] - e1000e: Avoid missed interrupts following ICR read (Benjamin Poirier) [Orabug: 28716958] - e1000e: Fix queue interrupt re-raising in Other interrupt (Benjamin Poirier) [Orabug: 28716958] - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (Benjamin Poirier) [Orabug: 28716958] - e1000e: Remove Other from EIAC (Benjamin Poirier) [Orabug: 28716958] - Fix error code in nfs_lookup_verify_inode() (Lance Shelton) [Orabug: 28789030] - workqueue: Allow modifying low level unbound workqueue cpumask (Lai Jiangshan) [Orabug: 28813166] - workqueue: Create low-level unbound workqueues cpumask (Frederic Weisbecker) [Orabug: 28813166] - scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824718] {CVE-2017-13168} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7757 CVE-2017-13168 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.26.1] - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896807] {CVE-2017-18017} - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927692] {CVE-2018-7757} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-18017 CVE-2018-7757 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.303.1] - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927686] {CVE-2018-7757} - Revert 'Fix up non-directory creation in SGID directories' (Brian Maly) [Orabug: 28781234] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7757 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.22.4] - Revert commit 8bd274934987 ('block: fix bdi vs gendisk lifetime mismatch') (Ashish Samant) [Orabug: 28968102] - KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28703712] - x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris Ostrovsky) [Orabug: 28814570] - x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace (Boris Ostrovsky) [Orabug: 28814570] - x86/speculation: x86_spec_ctrl_set needs to be called unconditionally (Boris Ostrovsky) [Orabug: 28814570] - x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris Ostrovsky) [Orabug: 28814570] - x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris Ostrovsky) [Orabug: 28814570] [4.1.12-124.22.3] - net: net_failover: fix typo in net_failover_slave_register() (Liran Alon) [Orabug: 28122104] - virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala) [Orabug: 28122104] - virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala) [Orabug: 28122104] - net: Introduce net_failover driver (Sridhar Samudrala) [Orabug: 28122104] - net: Introduce generic failover module (Sridhar Samudrala) [Orabug: 28122104] - net: introduce lower state changed info structure for LAG lowers (Jiri Pirko) [Orabug: 28122104] - net: introduce change lower state notifier (Jiri Pirko) [Orabug: 28122104] - net: add info struct for LAG changeupper (Jiri Pirko) [Orabug: 28122104] - net: add possibility to pass information about upper device via notifier (Jiri Pirko) [Orabug: 28122104] - net: Check CHANGEUPPER notifier return value (Ido Schimmel) [Orabug: 28122104] - net: introduce change upper device notifier change info (Jiri Pirko) [Orabug: 28122104] - x86/bugs: rework x86_spec_ctrl_set to make its changes explicit (Daniel Jordan) [Orabug: 28271063] - x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel Jordan) [Orabug: 28271063] - x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec ctrl MSR (Daniel Jordan) [Orabug: 28271063] - xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil) [Orabug: 28798861] - scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28855939] - scsi: virtio_scsi: let host do exception handling (Paolo Bonzini) [Orabug: 28856913] - net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857027] - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892656] {CVE-2018-1000204} - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929767] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-18710 CVE-2018-1000204 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.23.1] - xfs: don't call xfs_da_shrink_inode with NULL bp (Eric Sandeen) [Orabug: 28898616] {CVE-2018-13094} - ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28898636] {CVE-2018-10902} - md/raid5: fix a race condition in stripe batch (Shaohua Li) [Orabug: 28917012] - xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (Darrick J. Wong) [Orabug: 28924091] {CVE-2018-18690} - certs: Add Oracle's new X509 cert into the kernel keyring (Eric Snowberg) [Orabug: 28926203] - block: fix bdi vs gendisk lifetime mismatch (Shan Hai) [Orabug: 28945039] - Add the following entries to 'uek-rpm/ol[67]/nano_modules.list': kernel/drivers/net/net_failover.ko kernel/net/core/failover.ko Fixes: b3bc7c163fc9 ('net: Introduce generic failover module') (Vijay Balakrishna) [Orabug: 28953351] - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956547] {CVE-2018-7755} {CVE-2018-7755} - iov_iter: don't revert iov buffer if csum error (Ding Tianhong) [Orabug: 28960296] - crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976583] {CVE-2017-17805} - crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976653] {CVE-2017-17806} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-17805 CVE-2018-10902 CVE-2018-13094 CVE-2018-7755 CVE-2017-17806 CVE-2018-18690 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.28.1] - udf: Check component length before reading it (Jan Kara) [Orabug: 21193696] {CVE-2014-9728} - udf: Verify i_size when loading inode (Shan Hai) [Orabug: 21193696] {CVE-2014-9728} - intel_pstate: Fix overflow in busy_scaled due to long delay (mridula shastry) [Orabug: 28005134] - scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459689] {CVE-2018-10021} - nfsd: silence sparse warning about accessing credentials (Jeff Layton) [Orabug: 28824742] {CVE-2017-13168} - scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824742] {CVE-2017-13168} - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892683] {CVE-2018-1000204} - ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28898650] {CVE-2018-10902} - KVM: MTRR: remove MSR 0x2f8 (Andy Honig) [Orabug: 28901657] {CVE-2016-3713} {CVE-2016-3713} - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929777] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) {CVE-2018-7755} {CVE-2018-7755} - crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976585] {CVE-2017-17805} - crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976654] {CVE-2017-17806} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-13168 CVE-2017-17806 CVE-2018-1000204 CVE-2014-9728 CVE-2016-3713 CVE-2018-10021 CVE-2018-10902 CVE-2018-7755 CVE-2017-17805 CVE-2018-18710 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.304.1] - mnt: Prevent pivot_root from creating a loop in the mount tree (Eric W. Biederman) [Orabug: 26575709] {CVE-2014-7970} {CVE-2014-7970} - vfs: more mnt_parent cleanups (Al Viro) [Orabug: 26575709] {CVE-2014-7970} - vfs: new internal helper: mnt_has_parent(mnt) (Al Viro) [Orabug: 26575709] {CVE-2014-7970} - ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459730] {CVE-2018-7566} - xen-netback: calculate full_coalesce before the pre-estimation of ring buffer slots to consume (Dongli Zhang) [Orabug: 28818690] - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892695] {CVE-2018-1000204} - KVM: MTRR: remove MSR 0x2f8 (Andy Honig) [Orabug: 28901711] {CVE-2016-3713} {CVE-2016-3713} - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929788] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} - udf: Check component length before reading it (Jan Kara) [Orabug: 28941923] {CVE-2014-9728} - udf: Verify symlink size before loading it (Shan Hai) [Orabug: 28941923] {CVE-2014-9728} - udf: Verify i_size when loading inode (Shan Hai) [Orabug: 28941923] {CVE-2014-9728} - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956549] {CVE-2018-7755} {CVE-2018-7755} - crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976586] {CVE-2017-17805} - crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976655] {CVE-2017-17806} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2014-7970 CVE-2014-9728 CVE-2017-17806 CVE-2018-7755 CVE-2016-3713 CVE-2018-1000204 CVE-2017-17805 CVE-2018-18710 CVE-2018-7566 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.23.2] - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (Linus Torvalds) [Orabug: 28855335] {CVE-2018-18386} - nfs: Don't take a reference on fl->fl_file for LOCK operation (Benjamin Coddington) [Orabug: 28887442] - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Samuel Neves) [Orabug: 28933009] - ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005188] {CVE-2018-1000004} - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (Wei Yongjun) [Orabug: 29012346] {CVE-2018-8043} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-18386 CVE-2018-8043 CVE-2018-1000004 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [60.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.4.0-1] - Update to 60.4.0 [60.3.0-1] - Update to 60.3.0 [60.2.1-6] - Fixed missing calendar langpacks IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18494 CVE-2018-18498 CVE-2018-18493 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.5.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) CRITICAL Copyright 2019 Oracle, Inc. CVE-2018-18505 CVE-2018-18501 CVE-2018-18500 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.4-16.3] - Fix off-by-one error during guest-to-host memory address conversion Resolves: CVE-2019-3813 [0.12.4-16.2] - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 [0.12.4-16.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-3813 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.5.0-1] - Update to 60.5.0 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-18500 CVE-2018-18501 CVE-2016-5824 CVE-2018-18505 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.5.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-18356 CVE-2019-5785 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.11.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.11.1] - [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1644401] - [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593083] {CVE-2018-10902} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10902 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 Oracle Linux 6 [1:1.8.0.201.b09-0] - Update to aarch64-shenandoah-jdk8u201-b09. - Resolves: rhbz#1661577 [1:1.8.0.192.b12-1] - Add 8160748 for AArch64 which is missing from upstream 8u version. - Add port of 8189170 to AArch64 which is missing from upstream 8u version. - Resolves: rhbz#1661577 [1:1.8.0.192.b12-0] - Update to aarch64-shenandoah-jdk8u192-b12. - Remove patches included upstream - PR3548/RH1540242 - JDK-6260348/PR3066 - JDK-8185723/PR3553 - JDK-8186461/PR3557 - JDK-8201509/PR3579 - JDK-8205104/PR3539/RH1548475 - JDK-8206406/PR3610/RH1597825 - JDK-8201495/PR2415 - Re-generate patches (mostly due to upstream build changes) - JDK-8073139/PR1758/RH1191652 - JDK-8197429/PR3546/RH1536622 (due to JDK-8189170) - JDK-8199936/PR3533 - JDK-8199936/PR3591 - PR3559 (due to JDK-8185723/JDK-8186461/JDK-8201509) - PR3593 (due to JDK-8081202) - RH1566890/CVE-2018-3639 (due to JDK-8189170) - RH1649664 (due to JDK-8196516) - RH1649731 - Resolves: rhbz#1661577 [1:1.8.0.191.b14-1] - Add 8131048 & 8164920 (PR3574/RH1498936) to provide a CRC32 intrinsic for PPC64. - Resolves: rhbz#1661577 [1:1.8.0.191.b14-0] - Update to aarch64-shenandoah-jdk8u191-b14. - Adjust JDK-8073139/PR1758/RH1191652 to apply following 8155627 backport. - Resolves: rhbz#1661577 [1:1.8.0.191.b13-0] - Update to aarch64-shenandoah-jdk8u191-b13. - Update tarball generation script in preparation for PR3667/RH1656676 SunEC changes. - Use remove-intree-libraries.sh to remove the remaining SunEC code for now. - Resolves: rhbz#1661577 MODERATE Copyright 2019 Oracle, Inc. CVE-2019-2422 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.96-11.el6_10.1] - Fix of CVE-2019-6133, PID reuse via slow fork - Resolves: rhbz#1667310 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-6133 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.211-2.6.17.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.211-2.6.17.1] - Produce debug symbols for libpulse-java.so - Set IT_CFLAGS=-g so that debug symbols for the pulse audio - native library are being produced. This is needed to fix - rpmdiff errors of missing .debug_info in pulse-java.so.debug. - Resolves: rhbz#1661577 [1:1.7.0.211-2.6.17.0] - Bump to 2.6.17. - Adjust jdk8076221-pr2809-disable_rc4_cipher_suites.patch to apply after 8211883 - Resolves: rhbz#1661577 [1:1.7.0.201-2.6.17pre01.0] - Bump to 2.6.17pre01. - Add support for icedtea_snapshot so we can build pre-releases. - Resolves: rhbz#1661577 MODERATE Copyright 2019 Oracle, Inc. CVE-2019-2422 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.6.0-3.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) CRITICAL Copyright 2019 Oracle, Inc. CVE-2019-9793 CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9796 CVE-2019-9792 CVE-2019-9795 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.6.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.6.1-1] - Update to 60.6.1 ESR (Build 1) CRITICAL Copyright 2019 Oracle, Inc. CVE-2019-9810 CVE-2019-9813 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.6.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.6.1-1] - Update to 60.6.1 [60.6.0-1] - Update to 60.6.0 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-18506 CVE-2019-9788 CVE-2019-9792 CVE-2019-9793 CVE-2019-9813 CVE-2019-9795 CVE-2019-9796 CVE-2019-9790 CVE-2019-9791 CVE-2019-9810 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [5.3p1-124] - Fix for CVE-2018-15473: User enumeration via malformed packets in authentication requests LOW Copyright 2019 Oracle, Inc. CVE-2018-15473 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [2.6.32-754.12.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.12.1] - [x86] vDSO: Don't generate retpoline for indirect call (Waiman Long) [1638552] - [fs] cifs: fix reparse point/symlink breakage (Leif Sahlberg) [1636484] - [scsi] qla2xxx: Mask off Scope bits in retry delay (Himanshu Madhani) [1588133] - [net] tcp: make tcp_retransmit_timer a no-op on empty write queue (Paolo Abeni) [1585892] - [kernel] sched/sysctl: Check user input value of sysctl_sched_time_avg (Lauro Ramos Venancio) [1579128] - [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] hugetlbfs: switch to inode_init_owner() (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] udf: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] ubifs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] ramfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] ext4: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] ext3: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] ext2: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] btrfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405} - [fs] vfs: Add inode uid,gid,mode init helper (Miklos Szeredi) [1600951] {CVE-2018-13405} - [s390] kernel: adapt to changed CPU vulnerabilities function prototypes (Hendrik Brueckner) [1625381] - [s390] detect etoken facility (Hendrik Brueckner) [1625381] - [s390] Correct register corruption in critical section cleanup (Hendrik Brueckner) [1625381] - [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1625381] - [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1625381] - [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1625381] - [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1625381] - [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1625381] - [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1625381] - [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Oleksandr Natalenko) [1670328] - [perf] Fix a race between ring_buffer_detach() and ring_buffer_attach() (Jiri Olsa) [1589340] - [perf] Fix mmap() accounting hole (Jiri Olsa) [1627672] - [perf] Fix perf mmap bugs (Jiri Olsa) [1627672] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-13405 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 Oracle Linux 6 [1:1.8.0.212.b04-1] - Update to aarch64-shenandoah-jdk8u212-b04. - Resolves: rhbz#1693468 [1:1.8.0.212.b03-0] - Update to aarch64-shenandoah-jdk8u212-b03. - Resolves: rhbz#1693468 [1:1.8.0.212.b02-0] - Update to aarch64-shenandoah-jdk8u212-b02. - Remove patches included upstream - JDK-8197429/PR3546/RH153662{2,3} - JDK-8184309/PR3596 - Re-generate patches - JDK-8203030 - Add casts to resolve s390 ambiguity in calls to log2_intptr - Resolves: rhbz#1693468 [1:1.8.0.202.b08-0] - Update to aarch64-shenandoah-jdk8u202-b08. - Remove patches included upstream - JDK-8211387/PR3559 - JDK-8073139/PR1758/RH1191652 - JDK-8044235 - JDK-8131048/PR3574/RH1498936 - JDK-8164920/PR3574/RH1498936 - Resolves: rhbz#1693468 [1:1.8.0.201.b13-0] - Update to aarch64-shenandoah-jdk8u201-b13. - Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream. - Resolves: rhbz#1693468 [1:1.8.0.201.b09-3] - Update patch for RH1566890. - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to rh1566890-CVE_2018_3639-speculative_store_bypass.patch - Added dependent patch, rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch - Resolves: rhbz#1693468 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.221-2.6.18.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.221-2.6.18.0] - Bump to 2.6.18 and OpenJDK 7u221-b02. - Resolves: rhbz#1693468 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.14.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.14.2] - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Provide arch_smt_update() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} [2.6.32-754.14.1] - [s390] kernel: Add crypto card toleration support (Hendrik Brueckner) [1695496] [2.6.32-754.13.1] - [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1686170] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12127 CVE-2018-12130 CVE-2018-12126 CVE-2019-11091 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 Oracle Linux 6 [0.10.2-64.0.1] - Replace docs/et.png in tarball with blank image [0.10.2-64.el6_10.1] - cpu_x86: Do not cache microcode version (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127) - cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12127 CVE-2019-11091 CVE-2018-12126 CVE-2018-12130 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.506.el6_10.3] - kvm-target-i386-define-md-clear-bit.patch [bz#1698996] - Resolves: bz#1698996 (CVE-2018-12130 qemu-kvm: hardware: MFBDS) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 Oracle Linux 6 [60.7.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.7.0-1] - Updated to 60.7.0 ESR [60.6.3-1] - Updated to 60.6.3 ESR [60.6.2-1] - Updated to 60.6.2 ESR [60.6.1-2] - Added fix for mozbz#526293 - show remote locations on file chooser dialog. CRITICAL Copyright 2019 Oracle, Inc. CVE-2019-5798 CVE-2018-18511 CVE-2019-9797 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-11691 CVE-2019-11693 CVE-2019-9820 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-11692 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.7.0-1] - Update to 60.7.0 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-5798 CVE-2019-9819 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9820 CVE-2019-11692 CVE-2018-18511 CVE-2019-9797 CVE-2019-9817 CVE-2019-11693 CVE-2019-11691 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.6-68.0.1] - Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma) [2.6.6-68] - Security fix for CVE-2019-10160 Resolves: rhbz#1716744 [2.6.6-67] - Security fix for CVE-2019-9636 Resolves: rhbz#1716744 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-10160 CVE-2019-9636 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [2.6.32-754.15.3.OL6] - Update genkey [bug 25599697] [2.6.32-754.15.3] - [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719614] {CVE-2019-11479} - [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614] {CVE-2019-11479} - [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719840] {CVE-2019-11478} - [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719585] {CVE-2019-11477} - [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719585] {CVE-2019-11477} [2.6.32-754.15.2] - [lib] idr: free the top layer if idr tree has the maximum height (Denys Vlasenko) [1698139] {CVE-2019-3896} - [lib] idr: fix top layer handling (Denys Vlasenko) [1698139] {CVE-2019-3896} - [lib] idr: fix backtrack logic in idr_remove_all (Denys Vlasenko) [1698139] {CVE-2019-3896} [2.6.32-754.15.1] - [x86] x86/speculation: Don't print MDS_MSG_SMT message if mds_nosmt specified (Waiman Long) [1710081 1710517] - [x86] x86/spec_ctrl: Fix incorrect MDS handling in late microcode loading (Waiman Long) [1710081 1710517] - [x86] x86/speculation: Fix misuse of boot_cpu_has() with bug bits (Waiman Long) [1710121] - [x86] x86/speculation/mds: Fix documentation typo (Waiman Long) [1710517] - [documentation] Documentation: Correct the possible MDS sysfs values (Waiman Long) [1710517] - [x86] x86/mds: Add MDSUM variant to the MDS documentation (Waiman Long) [1710517] - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1710517] - [x86] x86/speculation/mds: Fix comment (Waiman Long) [1710517] - [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/speculation: Provide arch_smt_update() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} - [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11477 CVE-2019-3896 CVE-2019-11478 CVE-2019-11479 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [32:9.8.2-0.68.rc1.3] - Use only selected documentation files [32:9.8.2-0.68.rc1.2] - Fix CVE-2018-5743 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-5743 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [0.10.2-64.0.1] - Replace docs/et.png in tarball with blank image [0.10.2-64.el6_10.2] - api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161) MODERATE Copyright 2019 Oracle, Inc. CVE-2019-10161 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.7.2-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.7.2-1] - Update to 60.7.2 ESR [60.7.1-1] - Updated to 60.7.1 ESR CRITICAL Copyright 2019 Oracle, Inc. CVE-2019-11708 CVE-2019-11707 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.7.2-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.7.2-2] - Update to 60.7.2 build2 [60.7.2-1] - Update to 60.7.2 [60.7.1-1] - Update to 60.7.1 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11707 CVE-2019-11708 CVE-2019-11704 CVE-2019-11705 CVE-2019-11703 CVE-2019-11706 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.506.el6_10.4] - kvm-target-i386-Sanitize-the-XSAVE-related-feature-bits.patch [bz#1673779] - kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1689790] - Resolves: bz#1673779 (RHEL8 VM's do not install on RHEL6 KVM hypervisor) - Resolves: bz#1689790 (CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [rhel-6]) LOW Copyright 2019 Oracle, Inc. CVE-2019-9824 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 Oracle Linux 6 [1.4.2-3.0.1.el6_10.1] - [Orabug: 29909723] Added patch CVE-2019-3862. (qing.lin@oracle.com) Added Additional length checks to prevent out-of-bounds (CVE-2019-3862) [1.4.2-3.el6_10.1] - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) - use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-3857 CVE-2019-3856 CVE-2019-3855 CVE-2019-3863 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [1:1.2.24-11.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.2.24-11] - Apply patch for CVE-2019-12749 (#1725574) [1:1.2.24-10] - Fix CVE-2019-12749 (#1725574) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-12749 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [60.8.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one CRITICAL Copyright 2019 Oracle, Inc. CVE-2019-9811 CVE-2019-11711 CVE-2019-11712 CVE-2019-11709 CVE-2019-11713 CVE-2019-11730 CVE-2019-11715 CVE-2019-11717 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2:7.4.629-5.2] - 1724045 - fix CVE-2019-12735 the :source! command allows arbitrary command execution via the modeline - fix spec warnings about expanding macros IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-12735 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [60.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.8.0-1] - Updated to 60.8.0 [60.7.2-3] - Rebuild to fix rhbz#1725919 - Thunderbird fails to authenticate with gmail with ssl/tls and OAuth2. IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11709 CVE-2019-9811 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11730 CVE-2019-11717 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.8.0.222.b10-0] - Update to aarch64-shenandoah-jdk8u222-b10. - Resolves: rhbz#1724452 [1:1.8.0.222.b09-0] - Update to aarch64-shenandoah-jdk8u222-b09. - Switch to GA mode for final release. - Resolves: rhbz#1724452 [1:1.8.0.222.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u222-b08. - Resolves: rhbz#1724452 [1:1.8.0.222.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13. - Resolves: rhbz#1724452 [1:1.8.0.222.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u222-b06. - Resolves: rhbz#1724452 [1:1.8.0.222.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u222-b05. - Resolves: rhbz#1724452 [1:1.8.0.222.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u222-b04. - Resolves: rhbz#1724452 [1:1.8.0.222.b03-0.1.ea] - Restore docs make target so docs are built again. - Resolves: rhbz#1724452 [1:1.8.0.222.b03-0.1.ea] - Remove zip-docs make target as RHEL 6.10 RPM does not have that patch. - Resolves: rhbz#1724452 [1:1.8.0.222.b03-0.1.ea] - Provide Javadoc debug subpackage for now, but populate it from the normal build. - Resolves: rhbz#1724452 [1:1.8.0.222.b03-0.1.ea] - Don't produce javadoc sub package for the debug variant build. - Don't perform a bootcycle build for the debug variant build. - Resolves: rhbz#1724452 [1:1.8.0.222.b03-0.0.ea] - Include 'ea' designator in Release when appropriate. - Use --with-native-debug-symbols=internal which JDK-8036003 adds. - Resolves: rhbz#1724452 [1:1.8.0.222.b03-0] - Update to aarch64-shenandoah-jdk8u222-b03. - Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. - Resolves: rhbz#1724452 [1:1.8.0.222.b02-0] - Update to aarch64-shenandoah-jdk8u222-b02. - Resolves: rhbz#1724452 [1:1.8.0.222.b01-0] - Update to aarch64-shenandoah-jdk8u222-b01. - Drop 8171000, 8197546 & PR3634 as applied upstream. - Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp - Resolves: rhbz#1724452 MODERATE Copyright 2019 Oracle, Inc. CVE-2019-2745 CVE-2019-2762 CVE-2019-2786 CVE-2019-2816 CVE-2019-2769 CVE-2019-2842 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.231-2.6.19.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.231-2.6.19.1] - Add missing hyphen in tapset filename. - Resolves: rhbz#1724452 [1:1.7.0.231-2.6.19.0] - Update tapset name in patch. - Resolves: rhbz#1724452 [1:1.7.0.231-2.6.19.0] - Bump to 2.6.19 (including tapsets) and OpenJDK 7u231-b01. - Fix fsg.sh to fail if patching fails. - Resolves: rhbz#1724452 MODERATE Copyright 2019 Oracle, Inc. CVE-2019-2762 CVE-2019-2842 CVE-2019-2786 CVE-2019-2745 CVE-2019-2816 CVE-2019-2769 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.1e-58] - fix CVE-2019-1559 - 0-byte record padding oracle MODERATE Copyright 2019 Oracle, Inc. CVE-2019-1559 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [2.6.32-754.18.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.18.2] - [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125} - [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125} [2.6.32-754.18.1] - [virt] xenbus: don't look up transaction IDs for ordinary writes (Vitaly Kuznetsov) [1663262] - [virt] xenbus: don't BUG() on user mode induced condition (Vitaly Kuznetsov) [1663262] - [virt] xenbus: Add proper handling of XS_ERROR from Xenbus for transactions (Vitaly Kuznetsov) [1663262] - [fs] proc: restrict kernel stack dumps to root (Denys Vlasenko) [1638193] {CVE-2018-17972} - [crypto] salsa20 - fix blkcipher_walk API usage (Bruno Eduardo de Oliveira Meneguele) [1543984] - [mm] vmscan: do not loop on too_many_isolated for ever (Rafael Aquini) [1658254] - [x86] spec_ctrl: Don't report the use of retpoline on Skylake as vulnerable (Waiman Long) [1666102] - [mm] try harder to allocate vmemmap blocks (Rafael Aquini) [1591394] - [v4l] dvb: revert spectre v1 mitigation (Josh Poimboeuf) [1647975] - [fs] binfmt_misc.c: do not allow offset overflow (Bill O'Donnell) [1710149] - [x86] pti: Don't use PCID and INVPCID in x86-32 (Waiman Long) [1702782] - [mm] mincore.c: make mincore() more conservative (Rafael Aquini) [1664197] {CVE-2019-5489} - [x86] spec: Move retp_compiler() inline function to bugs.c (Waiman Long) [1722185] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-17972 CVE-2019-1125 CVE-2019-5489 CVE-2017-17805 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 Oracle Linux 6 [60.9.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.9.0-1] - Update to 60.9.0 ESR CRITICAL Copyright 2019 Oracle, Inc. CVE-2019-11740 CVE-2019-9812 CVE-2019-11733 CVE-2019-11744 CVE-2019-11742 CVE-2019-11743 CVE-2019-11752 CVE-2019-11746 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.21.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.21.1] - [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712858] {CVE-2019-11810} - [net] net: Set sk_prot_creator when copying sockets to the right proto (Andrea Claudi) [1657117] {CVE-2018-9568} [2.6.32-754.20.1] - [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125} - [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125} [2.6.32-754.19.1] - [net] tcp: be more careful in tcp_fragment() (Marcelo Leitner) [1732107] - [net] tcp: refine memory limit test in tcp_fragment() (Florian Westphal) [1728931] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-9568 CVE-2019-11810 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.9.0-1] - Update to 60.9.0 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11740 CVE-2019-11744 CVE-2019-11739 CVE-2019-11752 CVE-2019-11742 CVE-2019-11746 CVE-2019-11743 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.23.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.23.1] - [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750869 1750869] {CVE-2019-14835} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-14835 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 Oracle Linux 6 [1:2.0.9-22.1] - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes (#1752708) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11500 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.506.el6_10.5] - kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669066] - kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669066] - kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669066] - kvm-qxl-check-release-info-object.patch [bz#1712728] - kvm-net-Use-iov-helper-functions.patch [bz#1636415] - kvm-net-increase-buffer-size-to-accommodate-Jumbo-frame-.patch [bz#1636415] - kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636415] - kvm-net-drop-too-large-packet-early.patch [bz#1636415] - kvm-PATCH-slirp-fix-buffer-overrun.patch [bz#1586251] - kvm-Fix-build-from-previous-commit.patch [bz#1586251] - kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586251] - kvm-slirp-Convert-mbufs-to-use-g_malloc-and-g_free.patch [bz#1586251] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586251] - kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636774] - Resolves: bz#1586251 (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-6.10.z]) - Resolves: bz#1636415 (CVE-2018-10839 qemu-kvm: Qemu: ne2000: integer overflow leads to buffer overflow issue [rhel-6]) - Resolves: bz#1636774 (CVE-2018-17962 qemu-kvm: Qemu: pcnet: integer overflow leads to buffer overflow [rhel-6]) - Resolves: bz#1669066 (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-6.10.z]) - Resolves: bz#1712728 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-6]) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10839 CVE-2019-12155 CVE-2018-17962 CVE-2019-6778 CVE-2018-11806 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 Oracle Linux 6 [1:1.8.0.232.b09-0] - Update to aarch64-shenandoah-jdk8u232-b09. - Switch to GA mode for final release. - Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. - Resolves: rhbz#1753423 [1:1.8.0.232.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u232-b08. - Resolves: rhbz#1753423 [1:1.8.0.232.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u232-b05-shenandoah-merge-2019-09-09. - Update version logic to handle -shenandoah* tag suffix. - Resolves: rhbz#1753423 [1:1.8.0.232.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u232-b05. - Resolves: rhbz#1753423 [1:1.8.0.232.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u232-b01. - Switch to EA mode. - Resolves: rhbz#1753423 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-2987 CVE-2019-2988 CVE-2019-2964 CVE-2019-2962 CVE-2019-2989 CVE-2019-2999 CVE-2019-2975 CVE-2019-2981 CVE-2019-2983 CVE-2019-2945 CVE-2019-2949 CVE-2019-2973 CVE-2019-2978 CVE-2019-2992 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.241-2.6.20.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.241-2.6.20.0] - Bump to 2.6.20 and OpenJDK 7u241-b01. - Drop PR1834/RH1022017 which is now handled by JDK-8228825 upstream. - Drop JDK-8226318/RH1738637 which is now included upstream. - Resolves: rhbz#1753423 MODERATE Copyright 2019 Oracle, Inc. CVE-2019-2973 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2981 CVE-2019-2964 CVE-2019-2945 CVE-2019-2978 CVE-2019-2989 CVE-2019-2999 CVE-2019-2962 CVE-2019-2992 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.2.0-4.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-11762 CVE-2019-11757 CVE-2019-11760 CVE-2019-11764 CVE-2019-11759 CVE-2019-11761 CVE-2019-11763 CVE-2019-11758 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [5.3.3-50] - fix underflow in env_path_info in fpm_main.c CVE-2019-11043 CRITICAL Copyright 2019 Oracle, Inc. CVE-2019-11043 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.8.6p3-29.0.1.el6_10.2] - Fixes [OraBug: 28747380] sudo does not honor env_keep-='KRB5CCNAME' after 'sudo -k' (isaac.chen@oracle.com) [1.8.6p3-29.2] - RHEL-6.10.z ERRATUM - fixed CVE-2019-14287 Resolves: rhbz#1760684 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-14287 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [2.6.32-754.24.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.24.2] - [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207} - [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207} - [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207} - [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135} - [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135} - [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154} - [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154} - [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155} [2.6.32-754.24.1] - [net] ip: Don't leak head fragment on queue timeout (Stefano Brivio) [1752536] - [vhost] vhost_net: fix possible infinite loop (Eugenio Perez) [1702941] - [vhost] vhost: introduce vhost_exceeds_weight() (Eugenio Perez) [1702941] - [vhost] vhost_net: introduce vhost_exceeds_weight() (Eugenio Perez) [1702941] - [vhost] vhost_net: use packet weight for rx handler, too (Eugenio Perez) [1702941] - [vhost] vhost-net: set packet weight of tx polling to 2 * vq size (Eugenio Perez) [1702941] - [x86] x86/pti: Fix incorrect global bit setting with PTI on (Waiman Long) [1645724] - [x86] spec_ctrl: disable IBRS in idle, part 2 (Rafael Aquini) [1560787] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-3900 CVE-2019-0154 CVE-2019-11135 CVE-2018-12207 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.24.3.OL6] - Update genkey [bug 25599697] [2.6.32-754.24.3] - [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-0155 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [68.3.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17005 CVE-2019-17012 CVE-2019-17010 CVE-2019-17008 CVE-2019-17011 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [3.44.0-6.0.1] - Add fips140-2 DSA Known Answer Test fix [Orabug 26696773] - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug 26617866], [Orabug 26617833], [Orabug 26617780] [3.44.0-6] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775909) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11745 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [68.3.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.3.0-3] - Update to 68.3.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17005 CVE-2019-17012 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.3.11-19] - Fix potential buffer overflow - Resolves: #1767863 [2.3.11-18] - Fix potential buffer overflow - Resolves: #1758402 MODERATE Copyright 2019 Oracle, Inc. CVE-2015-9381 CVE-2015-9382 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 Oracle Linux 6 [2.6.32-754.25.1.OL6] - Update genkey [Orabug: 25599697] [2.6.32-754.25.1] - [kvm] KVM: VMX: Set VMENTER_L1D_FLUSH_NOT_REQUIRED if !X86_BUG_L1TF (Waiman Long) [1733760] - [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746799] {CVE-2019-14821} - [virt] KVM: MMIO: Lock coalesced device when checking for available entry (Bandan Das) [1746799] {CVE-2019-14821} - [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1749512] - [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1749512] - [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1749512] - [security] KEYS: prevent creating a different user's keyrings (David Howells) [1537371] - [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207} - [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207} - [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207} - [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135} - [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135} - [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155} - [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154} - [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154} - [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-14821 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.24.1] - pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration (Laxman Dewangan) [Orabug: 27539246] {CVE-2017-18174} - mlock: fix mlock count can not decrease in race condition (Yisheng Xie) [Orabug: 27677611] {CVE-2017-18221} - perf/core: Fix the perf_cpu_time_max_percent check (Tan Xiaojun) [Orabug: 27823815] {CVE-2017-18255} - x86/microcode/intel: Fix a wrong assignment of revision in _save_mc (Zhenzhong Duan) [Orabug: 28190263] - mm: cma: fix incorrect type conversion for size during dma allocation (Rohit Vaswani) [Orabug: 28407826] {CVE-2017-9725} - x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474851] - x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474851] - x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474851] - xen/blkback: fix disconnect while I/Os in flight (Juergen Gross) [Orabug: 28744234] - mlx4_vnic: use the mlid while calling ib_detach_mcast (aru kolappan) [Orabug: 29029705] - ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 29048557] {CVE-2018-1092} {CVE-2018-1092} - Bluetooth: hidp: buffer overflow in hidp_process_report (Mark Salyzyn) [Orabug: 29121215] {CVE-2018-9363} {CVE-2018-9363} - HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128165] {CVE-2018-9516} - x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug: 29149888] {CVE-2018-7995} - Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152328] {CVE-2017-18079} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2017-18174 CVE-2017-18221 CVE-2018-1092 CVE-2017-18079 CVE-2017-18255 CVE-2018-9363 CVE-2018-7995 CVE-2017-9725 CVE-2018-9516 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.29.1] - Copy secure_boot flag in boot params across kexec reboot (Dave Young) [Orabug: 22066352] {CVE-2015-7837} - ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841} - ipv6: add complete rcu protection around np->opt (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841} - scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) [Orabug: 28220420] {CVE-2017-14051} - ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 28220433] {CVE-2018-1092} {CVE-2018-1092} - certs: Add Oracle's new X509 cert into the kernel keyring (Eric Snowberg) [Orabug: 28926205] - ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005190] {CVE-2018-1000004} - netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037832] {CVE-2017-17450} - wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 29060697] {CVE-2018-5848} - HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128167] {CVE-2018-9516} - x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug: 29152249] {CVE-2018-7995} - Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152329] {CVE-2017-18079} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2015-7837 CVE-2014-9728 CVE-2016-3713 CVE-2016-3841 CVE-2017-13168 CVE-2017-17450 CVE-2017-17806 CVE-2017-18079 CVE-2018-1000004 CVE-2018-10021 CVE-2018-1092 CVE-2018-18710 CVE-2018-5848 CVE-2018-7757 CVE-2017-14051 CVE-2018-9516 CVE-2017-17805 CVE-2017-18017 CVE-2018-10902 CVE-2018-1000204 CVE-2018-7995 CVE-2018-7755 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.305.1] - ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Eric Dumazet) [Orabug: 25059185] {CVE-2016-3841} - ipv6: add complete rcu protection around np->opt (Eric Dumazet) [Orabug: 25059185] {CVE-2016-3841} - scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) [Orabug: 28220492] {CVE-2017-14051} - ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 28220543] {CVE-2018-1092} {CVE-2018-1092} - ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005191] {CVE-2018-1000004} - netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037833] {CVE-2017-17450} - HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128174] {CVE-2018-9516} - Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152330] {CVE-2017-18079} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2017-18079 CVE-2018-1000004 CVE-2017-17450 CVE-2018-1092 CVE-2017-14051 CVE-2018-9516 CVE-2016-3841 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.24.3] - ext4: update i_disksize when new eof exceeds it (Shan Hai) [Orabug: 28940828] - ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28940828] - ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28940828] - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Hui Peng) [Orabug: 29042981] {CVE-2018-19824} - ALSA: usb-audio: Replace probing flag with active refcount (Takashi Iwai) [Orabug: 29042981] {CVE-2018-19824} - ALSA: usb-audio: Avoid nested autoresume calls (Takashi Iwai) [Orabug: 29042981] {CVE-2018-19824} - ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 29114440] {CVE-2018-1094} - ext4: update inline int ext4_has_metadata_csum(struct super_block *sb) (John Donnelly) [Orabug: 29114440] {CVE-2018-1094} - ext4: always initialize the crc32c checksum driver (Theodore Ts'o) [Orabug: 29114440] {CVE-2018-1094} {CVE-2018-1094} - Revert 'bnxt_en: Reduce default rings on multi-port cards.' (Brian Maly) [Orabug: 28687746] - mlx4_core: Disable P_Key Violation Traps (Hakon Bugge) [Orabug: 27693633] - rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 28733324] [4.1.12-124.24.2] - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 28069548] - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded (Mihai Carabas) [Orabug: 28069548] - KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28069548] - KVM: x86: pass host_initiated to functions that read MSRs (Paolo Bonzini) [Orabug: 28069548] - KVM: VMX: make MSR bitmaps per-VCPU (Paolo Bonzini) [Orabug: 28069548] - KVM: VMX: introduce alloc_loaded_vmcs (Paolo Bonzini) [Orabug: 28069548] - KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson) [Orabug: 28069548] - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (Radim Krcmar) [Orabug: 28069548] - ocfs2: dont clear bh uptodate for block read (Junxiao Bi) [Orabug: 28762940] - ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 28924775] - ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 28924775] - net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun) [Orabug: 28947481] - x86/speculation: Always disable IBRS in disable_ibrs_and_friends() (Alejandro Jimenez) [Orabug: 29139710] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-1094 CVE-2018-19824 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.24.5] - rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 28425811] - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug: 28127993] - net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004503] - xhci: fix usb2 resume timing and races. (Mathias Nyman) [Orabug: 29028940] - xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices (Mathias Nyman) [Orabug: 29028940] - userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug: 29163750] {CVE-2018-18397} - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163750] {CVE-2018-18397} - x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29196396] - xen/blkback: rework validate_io_op() (Dongli Zhang) [Orabug: 29199843] - xen/blkback: optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug: 29199843] - xen/blkback: do not BUG() for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29199843] - net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29201779] - xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29217927] - Revert 'xfs: remove nonblocking mode from xfs_vm_writepage' (Wengang Wang) [Orabug: 29279692] - Revert 'xfs: remove xfs_cancel_ioend' (Wengang Wang) [Orabug: 29279692] - Revert 'xfs: Introduce writeback context for writepages' (Wengang Wang) [Orabug: 29279692] - Revert 'xfs: xfs_cluster_write is redundant' (Wengang Wang) [Orabug: 29279692] - Revert 'xfs: factor mapping out of xfs_do_writepage' (Wengang Wang) [Orabug: 29279692] - Revert 'xfs: dont chain ioends during writepage submission' (Wengang Wang) [Orabug: 29279692] [4.1.12-124.24.4] - mstflint: Fix coding style issues - left with LINUX_VERSION_CODE (Idan Mehalel) [Orabug: 28878697] - mstflint: Fix coding-style issues (Idan Mehalel) [Orabug: 28878697] - mstflint: Fix errors found with checkpatch script (Idan Mehalel) [Orabug: 28878697] - Added support for 5th Gen devices in Secure Boot module and mtcr (Adham Masarwah) [Orabug: 28878697] - Fix typos in mst_kernel (Adham Masarwah) [Orabug: 28878697] - bnxt_en: Report PCIe link properties with pcie_print_link_status() (Brian Maly) [Orabug: 28942099] - selinux: Perform both commoncap and selinux xattr checks (Eric W. Biederman) [Orabug: 28951521] - Introduce v3 namespaced file capabilities (Serge E. Hallyn) [Orabug: 28951521] - rds: ib: Use a delay when reconnecting to the very same IP address (Hakon Bugge) [Orabug: 29138813] - Change mincore() to count 'mapped' pages rather than 'cached' pages (Linus Torvalds) [Orabug: 29187415] {CVE-2019-5489} - NFSD: Set the attributes used to store the verifier for EXCLUSIVE4_1 (Kinglong Mee) [Orabug: 29204157] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-5489 CVE-2018-18397 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.25.1] - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (Tom Lendacky) [Orabug: 28870524] {CVE-2018-3639} - x86/bugs: Add AMD's SPEC_CTRL MSR usage (Konrad Rzeszutek Wilk) [Orabug: 28870524] {CVE-2018-3639} - x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to X86_FEATURE_LS_CFG_SSBD (Mihai Carabas) [Orabug: 28870524] {CVE-2018-3639} - Make file credentials available to the seqfile interfaces (Linus Torvalds) [Orabug: 29114879] {CVE-2018-17972} - proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114879] {CVE-2018-17972} - x86/speculation: Clean up retpoline code in bugs.c (Alejandro Jimenez) [Orabug: 29211617] - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (WANG Chao) [Orabug: 29211617] - x86/build: Fix compiler support check for CONFIG_RETPOLINE (Masahiro Yamada) [Orabug: 29211617] - x86/retpoline: Remove minimal retpoline support (Zhenzhong Duan) [Orabug: 29211617] - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 29211617] - nl80211: check for the required netlink attributes presence (Vladis Dronov) [Orabug: 29245533] {CVE-2017-12153} {CVE-2017-12153} - scsi: lpfc: Fix PT2PT PRLI reject (reapply patch) (James Smart) [Orabug: 29281346] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-3639 CVE-2017-12153 CVE-2018-17972 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.30.1] - ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 28220451] {CVE-2018-1094} - ext4: always initialize the crc32c checksum driver (Theodore Ts'o) [Orabug: 28220451] {CVE-2018-1094} {CVE-2018-1094} - vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells) [Orabug: 28220451] {CVE-2018-1094} - ocfs2: should wait dio before inode lock in ocfs2_setattr() (alex chen) [Orabug: 28852830] {CVE-2017-18204} - Make file credentials available to the seqfile interfaces (Linus Torvalds) [Orabug: 29114878] {CVE-2018-17972} - proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114878] {CVE-2018-17972} - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (Qu Wenruo) [Orabug: 29301105] {CVE-2018-14609} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-1094 CVE-2018-17972 CVE-2018-14609 CVE-2017-18204 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.306.1] - ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 28220576] {CVE-2018-1094} - Provide a NLM_F_* flag void dumping inet/inet6 stats in rtnl_if_info() (Manish Kumar Singh) [Orabug: 28318718] - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (Qu Wenruo) [Orabug: 29301108] {CVE-2018-14609} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-14609 CVE-2018-1094 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [1.0-5] - Fix ol_yum_configure.sh [ OraBug 29241080] IMPORTANT Copyright 2019 Oracle, Inc. cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.26.1] - NFS: commit direct writes even if they fail partially (J. Bruce Fields) [Orabug: 28212440] - rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29175685] - ext4: only look at the bg_flags field if it is valid (Theodore Tso) [Orabug: 29316684] {CVE-2018-10876} {CVE-2018-10876} - uek-rpm: Add kernel-uek version to kernel-ueknano provides (Somasundaram Krishnasamy) [Orabug: 29357643] - net: Set sk_prot_creator when cloning sockets to the right proto (Christoph Paasch) [Orabug: 29422739] {CVE-2018-9568} - ext4: always check block group bounds in ext4_init_block_bitmap() (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878} - ext4: make sure bitmaps and the inode table dont overlap with bg descriptors (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878} - vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells) [Orabug: 29428607] {CVE-2018-10878} - iscsi: Capture iscsi debug messages using tracepoints (Fred Herard) [Orabug: 29429855] [4.1.12-124.25.4] - KEYS: add missing permission check for request_key() destination (Eric Biggers) [Orabug: 29304551] {CVE-2017-17807} - KEYS: Dont permit request_key() to construct a new keyring (David Howells) [Orabug: 29304551] {CVE-2017-17807} - mlx4_ib: Distribute completion vectors when zero is supplied (Hakon Bugge) [Orabug: 29318191] - bnxt_en: Fix TX timeout during netpoll. (Michael Chan) [Orabug: 29357977] - bnxt_en: Fix for system hang if request_irq fails (Vikas Gupta) [Orabug: 29357977] - bnxt_en: Fix firmware message delay loop regression. (Michael Chan) [Orabug: 29357977] - bnxt_en: reduce timeout on initial HWRM calls (Andy Gospodarek) [Orabug: 29357977] - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq(). (Michael Chan) [Orabug: 29357977] - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan) [Orabug: 29357977] - bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. (Michael Chan) [Orabug: 29357977] - mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 29364670] {CVE-2018-16862} - l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 29368048] - net/packet: fix a race in packet_bind() and packet_notifier() (Eric Dumazet) [Orabug: 29385593] {CVE-2018-18559} - ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Tso) [Orabug: 29396712] {CVE-2018-10877} {CVE-2018-10877} [4.1.12-124.25.3] - blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van Assche) [Orabug: 28766011] - uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev) [Orabug: 29323635] - uek-rpm: optimize find-requires usage (Alexander Burmashev) [Orabug: 29323635] - find-debuginfo.sh: backport parallel files procession (Alexander Burmashev) [Orabug: 29323635] - KVM: SVM: Add MSR-based feature support for serializing LFENCE (Tom Lendacky) [Orabug: 29335274] [4.1.12-124.25.2] - Enable RANDOMIZE_BASE (John Haxby) [Orabug: 29305587] - slub: make ->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28620592] - dtrace: support kernels built with RANDOMIZE_BASE (Kris Van Hees) [Orabug: 29204005] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10878 CVE-2018-18559 CVE-2018-9568 CVE-2018-16862 CVE-2018-10876 CVE-2018-10877 CVE-2017-17807 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.31.1] - alarmtimer: Prevent overflow for relative nanosleep (Thomas Gleixner) [Orabug: 29269167] {CVE-2018-13053} - KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 29304552] {CVE-2017-17807} - KEYS: add missing permission check for request_key() destination (Eric Biggers) [Orabug: 29304552] {CVE-2017-17807} - ext4: only look at the bg_flags field if it is valid (Theodore Ts'o) [Orabug: 29409425] {CVE-2018-10876} {CVE-2018-10876} - net: Set sk_prot_creator when cloning sockets to the right proto (Christoph Paasch) [Orabug: 29422740] {CVE-2018-9568} - ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (Theodore Ts'o) [Orabug: 29428608] {CVE-2018-10878} - ext4: always check block group bounds in ext4_init_block_bitmap() (Theodore Ts'o) [Orabug: 29428608] {CVE-2018-10878} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10876 CVE-2018-10878 CVE-2018-13053 CVE-2017-17807 CVE-2018-9568 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.307.1] - proc: restrict kernel stack dumps to root (John Donnelly) [Orabug: 29114880] {CVE-2018-17972} - alarmtimer: Prevent overflow for relative nanosleep (Thomas Gleixner) [Orabug: 29269182] {CVE-2018-13053} - ext4: only look at the bg_flags field if it is valid (Theodore Ts'o) [Orabug: 29409428] {CVE-2018-10876} {CVE-2018-10876} - vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells) [Orabug: 29409428] {CVE-2018-10876} - net: Set sk_prot_creator when cloning sockets to the right proto (Christoph Paasch) [Orabug: 29422741] {CVE-2018-9568} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-17972 CVE-2018-10876 CVE-2018-13053 CVE-2018-9568 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.26.5] - scsi: scsi_transport_iscsi: modify detected conn err to KERN_ERR (Fred Herard) [Orabug: 29487790] - xen/blkfront: avoid NULL blkfront_info dereference on device removal (Vasilis Liaskovitis) [Orabug: 29469740] [4.1.12-124.26.4U] - bnxt_en: Fix race conditions in .ndo_get_stats64(). (Michael Chan) [Orabug: 29129625] - ext4: always verify the magic number in xattr blocks (Theodore Ts'o) [Orabug: 29437127] {CVE-2018-10879} {CVE-2018-10879} - ext4: add corruption check in ext4_xattr_set_entry() (Theodore Ts'o) [Orabug: 29437127] {CVE-2018-10879} {CVE-2018-10879} - net: add netif_is_lag_port helper (Jiri Pirko) [Orabug: 29495360] - net: add netif_is_lag_master helper (Jiri Pirko) [Orabug: 29495360] - net: add netif_is_team_port helper (Jiri Pirko) [Orabug: 29495360] - net: add netif_is_team_master helper (Jiri Pirko) [Orabug: 29495360] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10879 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.26.7] - ib_core: initialize shpd field when allocating 'struct ib_pd' (Mukesh Kacker) [Orabug: 29384815] - Revert 'x86/apic: Make arch_setup_hwirq NUMA node aware' (Brian Maly) [Orabug: 29542185] - qlcnic: fix Tx descriptor corruption on 82xx devices (Shahed Shaikh) [Orabug: 27708787] - block: Fix a race between blk_cleanup_queue() and timeout handling (Bart Van Assche) [Orabug: 29158186] - can: gw: ensure DLC boundaries after CAN frame modification (Oliver Hartkopp) [Orabug: 29215299] {CVE-2019-3701} {CVE-2019-3701} - CIFS: Enable encryption during session setup phase (Pavel Shilovsky) [Orabug: 29338239] {CVE-2018-1066} - ext4: clear i_data in ext4_inode_info when removing inline data (Theodore Ts'o) [Orabug: 29540709] {CVE-2018-10881} {CVE-2018-10881} - ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: 29545566] {CVE-2018-10882} {CVE-2018-10882} - Revert 'KVM: nVMX: Eliminate vmcs02 pool' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM: VMX: introduce alloc_loaded_vmcs' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM: VMX: make MSR bitmaps per-VCPU' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM: x86: pass host_initiated to functions that read MSRs' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM/x86: Add IBPB support' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM: SVM: Add MSR-based feature support for serializing LFENCE' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to X86_FEATURE_LS_CFG_SSBD' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'x86/bugs: Add AMD's SPEC_CTRL MSR usage' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR' (Boris Ostrovsky) [Orabug: 29542029] - arch: x86: remove unsued SET_IBPB from spec_ctrl.h (Mihai Carabas) [Orabug: 29336760] - x86: cpu: microcode: fix late loading SpectreV2 bugs eval (Mihai Carabas) [Orabug: 29336760] - x86: cpu: microcode: fix late loading SSBD and L1TF bugs eval (Mihai Carabas) [Orabug: 29336760] - x86: cpu: microcode: Re-evaluate bugs in a CPU after microcode loading (Mihai Carabas) [Orabug: 29336760] - x86: cpu: microcode: update flags for all cpus (Mihai Carabas) [Orabug: 29336760] [4.1.12-124.26.6] - x86/apic: Make arch_setup_hwirq NUMA node aware (Henry Willard) [Orabug: 29292411] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10881 CVE-2019-3701 CVE-2018-10882 CVE-2018-1066 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.32.1] - x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg Nesterov) [Orabug: 29012034] - x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg Nesterov) [Orabug: 29012034] - x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 29012034] - x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg Nesterov) [Orabug: 29012034] - x86/fpu: Don't reset fpu_counter (Oleg Nesterov) [Orabug: 29012034] - x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg Nesterov) [Orabug: 29012034] - x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) [Orabug: 29012034] - x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg Nesterov) [Orabug: 29012034] - x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka Riikonen) [Orabug: 29012034] - can: gw: ensure DLC boundaries after CAN frame modification (Oliver Hartkopp) [Orabug: 29215300] {CVE-2019-3701} {CVE-2019-3701} - ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Ts'o) [Orabug: 29396713] {CVE-2018-10877} {CVE-2018-10877} - ext4: always verify the magic number in xattr blocks (Theodore Ts'o) [Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879} - ext4: add corruption check in ext4_xattr_set_entry() (Theodore Ts'o) [Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879} - ext4: clear i_data in ext4_inode_info when removing inline data (Theodore Ts'o) [Orabug: 29540710] {CVE-2018-10881} {CVE-2018-10881} - ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: 29545567] {CVE-2018-10882} {CVE-2018-10882} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10881 CVE-2018-10879 CVE-2018-10882 CVE-2018-10877 CVE-2019-3701 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.308.1] - x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 28874707] - x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg Nesterov) [Orabug: 28874707] - x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg Nesterov) [Orabug: 28874707] - x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg Nesterov) [Orabug: 28874707] - x86/fpu: Don't reset thread.fpu_counter (Oleg Nesterov) [Orabug: 28874707] - x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg Nesterov) [Orabug: 28874707] - x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg Nesterov) [Orabug: 28874707] - x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) [Orabug: 28874707] - x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU (Suresh Siddha) [Orabug: 28874707] - x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka Riikonen) [Orabug: 28874707] - ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Ts'o) [Orabug: 29396714] {CVE-2018-10877} {CVE-2018-10877} - ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: 29545568] {CVE-2018-10882} {CVE-2018-10882} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-10882 CVE-2018-10877 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.26.10] - x86/apic: Make arch_setup_hwirq NUMA node aware (Henry Willard) [Orabug: 29534769] [4.1.12-124.26.9] - KEYS: encrypted: fix buffer overread in valid_master_desc() (Eric Biggers) [Orabug: 29591025] {CVE-2017-13305} [4.1.12-124.26.8] - scsi: target: remove hardcoded T10 Vendor ID in INQUIRY response (Alan Adamson) [Orabug: 29344862] - scsi: target: add device vendor id, product id and revision configfs attributes (Alan Adamson) [Orabug: 29344862] - scsi: target: consistently null-terminate t10_wwn strings (David Disseldorp) [Orabug: 29344862] - scsi: target: use consistent left-aligned ASCII INQUIRY data (David Disseldorp) [Orabug: 29344862] - ext4: fix data corruption caused by unaligned direct AIO (Lukas Czerner) [Orabug: 29553371] - swiotlb: checking whether swiotlb buffer is full with io_tlb_used (Dongli Zhang) [Orabug: 29582587] - swiotlb: add debugfs to track swiotlb buffer usage (Dongli Zhang) [Orabug: 29582587] - swiotlb: fix comment on swiotlb_bounce() (Dongli Zhang) [Orabug: 29582587] - NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success. (NeilBrown) [Orabug: 29617508] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2017-13305 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.26.12] - x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721935] {CVE-2019-11091} - x86/microcode: Add loader version file in debugfs (Boris Ostrovsky) [Orabug: 29754165] - x86/microcode: Fix CPU synchronization routine (Borislav Petkov) [Orabug: 29754165] - x86/microcode: Synchronize late microcode loading (Borislav Petkov) [Orabug: 29754165] [4.1.12-124.26.11] - x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: update mds_mitigation to reflect debugfs configuration (Mihai Carabas) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: fix microcode late loading (Mihai Carabas) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12126 CVE-2019-11091 CVE-2018-12127 CVE-2018-12130 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.33.2] - x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [Orabug: 29751729] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Only worry about firmware loaded microcode (Patrick Colp) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} [3.8.13-118.33.1] - x86/mds: Add empty commit for CVE-2019-11091 (Patrick Colp) [Orabug: 29721936] {CVE-2019-11091} - x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Allow runtime checking of CPU features (Patrick Colp) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.310.1] - x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [Orabug: 29752091] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Only worry about firmware loaded microcode (Patrick Colp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} [2.6.39-400.309.1] - x86/mds: Add empty commit for CVE-2019-11091 (Patrick Colp) [Orabug: 29721938] {CVE-2019-11091} - x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Allow runtime checking of CPU features (Patrick Colp) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} - x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29641786] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11091 CVE-2018-12127 CVE-2018-12126 CVE-2018-12130 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.27.1] - scsi: libfc: sanitize E_D_TOV and R_A_TOV setting (Hannes Reinecke) [Orabug: 25933179] - scsi: libfc: use configured rport E_D_TOV (Hannes Reinecke) [Orabug: 25933179] - scsi: libfc: additional debugging messages (Hannes Reinecke) [Orabug: 25933179] - scsi: libfc: don't advance state machine for incoming FLOGI (Hannes Reinecke) [Orabug: 25933179] - scsi: libfc: Do not login if the port is already started (Hannes Reinecke) [Orabug: 25933179] - scsi: libfc: Do not drop down to FLOGI for fc_rport_login() (Hannes Reinecke) [Orabug: 25933179] - scsi: libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response. (Chad Dupuis) [Orabug: 25933179] - scsi: libfc: Fixup disc_mutex handling (Hannes Reinecke) [Orabug: 25933179] - xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050] - net: sched: run ingress qdisc without locks (Alexei Starovoitov) [Orabug: 29395374] - bnxt_en: Fix typo in firmware message timeout logic. (Michael Chan) [Orabug: 29412112] - bnxt_en: Wait longer for the firmware message response to complete. (Michael Chan) [Orabug: 29412112] - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. (Tetsuo Handa) [Orabug: 29456281] - X.509: Handle midnight alternative notation in GeneralizedTime (David Howells) [Orabug: 29460344] {CVE-2015-5327} - X.509: Support leap seconds (David Howells) [Orabug: 29460344] {CVE-2015-5327} - X.509: Fix the time validation [ver #2] (David Howells) [Orabug: 29460344] {CVE-2015-5327} {CVE-2015-5327} - be2net: enable new Kconfig items in kernel configs (Brian Maly) [Orabug: 29475071] - benet: remove broken and unused macro (Lubomir Rintel) [Orabug: 29475071] - be2net: don't flip hw_features when VXLANs are added/deleted (Davide Caratti) [Orabug: 29475071] - be2net: Fix memory leak in be_cmd_get_profile_config() (Petr Oros) [Orabug: 29475071] - be2net: Use Kconfig flag to support for enabling/disabling adapters (Petr Oros) [Orabug: 29475071] - be2net: Mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 29475071] - be2net: fix spelling mistake 'seqence' -> 'sequence' (Colin Ian King) [Orabug: 29475071] - be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29475071] - be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (Suresh Reddy) [Orabug: 29475071] - be2net: move rss_flags field in rss_info to ensure proper alignment (Ivan Vecera) [Orabug: 29475071] - be2net: re-order fields in be_error_recovert to avoid hole (Ivan Vecera) [Orabug: 29475071] - be2net: remove unused tx_jiffies field from be_tx_stats (Ivan Vecera) [Orabug: 29475071] - be2net: move txcp field in be_tx_obj to eliminate holes in the struct (Ivan Vecera) [Orabug: 29475071] - be2net: reorder fields in be_eq_obj structure (Ivan Vecera) [Orabug: 29475071] - be2net: remove unused old custom busy-poll fields (Ivan Vecera) [Orabug: 29475071] - be2net: remove unused old AIC info (Ivan Vecera) [Orabug: 29475071] - be2net: Fix error detection logic for BE3 (Suresh Reddy) [Orabug: 29475071] - scsi: sd: Do not override max_sectors_kb sysfs setting (Martin K. Petersen) [Orabug: 29596510] - USB: serial: io_ti: fix div-by-zero in set_termios (Johan Hovold) [Orabug: 29487834] {CVE-2017-18360} - bnxt_en: Drop oversize TX packets to prevent errors. (Michael Chan) [Orabug: 29516462] - x86/speculation: Read per-cpu value of x86_spec_ctrl_priv in x86_virt_spec_ctrl() (Alejandro Jimenez) [Orabug: 29526401] - x86/speculation: Keep enhanced IBRS on when prctl is used for SSBD control (Alejandro Jimenez) [Orabug: 29526401] - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug: 29605982] {CVE-2018-19985} {CVE-2018-19985} - swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang) [Orabug: 29637525] - swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang) [Orabug: 29637525] - x86/bugs, kvm: don't miss SSBD when IBRS is in use. (Quentin Casasnovas) [Orabug: 29642113] - cifs: Fix use after free of a mid_q_entry (Shuning Zhang) [Orabug: 29654888] - binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677233] {CVE-2019-11190} - x86/microcode: Don't return error if microcode update is not needed (Boris Ostrovsky) [Orabug: 29759756] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11190 CVE-2018-19985 CVE-2015-5327 CVE-2017-18360 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.34.1] - Input: wacom - move the USB (now hid) Wacom driver in drivers/hid (Benjamin Tissoires) [Orabug: 25512494] {CVE-2016-3139} - net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215229] {CVE-2017-16650} - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug: 29605987] {CVE-2018-19985} {CVE-2018-19985} - KEYS: encrypted: fix buffer overread in valid_master_desc() (Eric Biggers) [Orabug: 29605993] {CVE-2017-13305} - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 29666607] {CVE-2016-1583} {CVE-2016-1583} - Revert 'ecryptfs: forbid opening files without mmap handler' (Brian Maly) [Orabug: 29666607] {CVE-2016-1583} - binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677234] {CVE-2019-11190} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2016-3139 CVE-2016-1583 CVE-2017-16650 CVE-2017-13305 CVE-2019-11190 CVE-2018-19985 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.311.1] - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) {CVE-2018-19985} {CVE-2018-19985} - binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677235] {CVE-2019-11190} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-19985 CVE-2019-11190 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [7.29.0-51.0.1] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2016-8618 CVE-2016-8623 CVE-2016-8622 CVE-2016-8615 CVE-2016-8617 CVE-2016-8620 CVE-2016-8616 CVE-2016-8624 CVE-2016-8619 CVE-2016-8621 CVE-2016-8625 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.27.2] - x86/speculation/mds: Check for the right microcode before setting mitigation (Kanth Ghatraju) [Orabug: 29797118] - vxlan: test dev->flags & IFF_UP before accessing vxlan->dev->dev_addr (Venkat Venkatsubra) [Orabug: 29710939] - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (Eric Dumazet) [Orabug: 29710939] - nvme: allow timed-out ios to retry (James Smart) [Orabug: 29301607] - rds: Introduce a pool of worker threads for connection management (Hakon Bugge) [Orabug: 29391909] - rds: Use rds_conn_path cp_wq when applicable (Hakon Bugge) [Orabug: 29391909] - rds: ib: Implement proper cm_id compare (Hakon Bugge) [Orabug: 29391909] - Revert 'net/rds: prevent RDS connections using stale ARP entries' (Hakon Bugge) [Orabug: 29391909] - rds: ib: Flush ARP cache when needed (Hakon Bugge) [Orabug: 29391909] - rds: Add simple heuristics to determine connect delay (Hakon Bugge) [Orabug: 29391909] - rds: Fix one-sided connect (Hakon Bugge) [Orabug: 29391909] - rds: Consolidate and align ftrace related to connection management (Hakon Bugge) [Orabug: 29391909] - rds: ib: Fix gratuitous ARP storm (Hakon Bugge) [Orabug: 29391909] - IB/mlx4: Increase the timeout for CM cache (Hakon Bugge) [Orabug: 29391909] - kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug: 29423804] - x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423804] - x86/speculation: Clean up enhanced IBRS checks in bugs_64.c (Alejandro Jimenez) [Orabug: 29423804] - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 29510356] - bnxt_en: Reset device on RX buffer errors. (Michael Chan) [Orabug: 29651238] - x86/mitigations: Fix the test for Xen PV guest (Boris Ostrovsky) [Orabug: 29774291] - x86/speculation/mds: Fix verw usage to use memory operand (Kanth Ghatraju) [Orabug: 29791036] {CVE-2018-12127} {CVE-2018-12130} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12127 CVE-2018-12130 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.28.1] - hugetlbfs: don't retry when pool page allocations start to fail (Mike Kravetz) [Orabug: 29324267] - x86/speculation: RSB stuffing with retpoline on Skylake+ cpus (William Roche) [Orabug: 29660924] - x86/speculation: reformatting RSB overwrite macro (William Roche) [Orabug: 29660924] - x86/speculation: Dynamic enable and disable of RSB stuffing with IBRS&!SMEP (William Roche) [Orabug: 29660924] - x86/speculation: STUFF_RSB dynamic enable (William Roche) [Orabug: 29660924] - int3 handler better address space detection on interrupts (William Roche) [Orabug: 29660924] - repairing out-of-tree build functionality (Mark Nicholson) [Orabug: 29755100] - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Shuning Zhang) [Orabug: 29797007] [4.1.12-124.27.3] - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (Shuning Zhang) [Orabug: 29233739] - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (Marcel Holtmann) [Orabug: 29526426] {CVE-2019-3459} - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426] {CVE-2019-3459} - HID: debug: fix the ring buffer implementation (Vladis Dronov) [Orabug: 29629481] {CVE-2019-3819} {CVE-2019-3819} - scsi: target: iscsi: Use hex2bin instead of a re-implementation (Vincent Pelletier) [Orabug: 29778875] {CVE-2018-14633} {CVE-2018-14633} - scsi: libsas: fix a race condition when smp task timeout (Jason Yan) [Orabug: 29783225] {CVE-2018-20836} - scsi: megaraid_sas: return error when create DMA pool failed (Jason Yan) [Orabug: 29783254] {CVE-2019-11810} - Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786786] {CVE-2011-1079} {CVE-2019-11884} - x86/speculation/mds: Add 'mitigations=' support for MDS (Kanth Ghatraju) [Orabug: 29791046] - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). (Mao Wenan) [Orabug: 29802785] {CVE-2019-11815} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11815 CVE-2019-11884 CVE-2019-3459 CVE-2019-3819 CVE-2019-11810 CVE-2018-20836 CVE-2018-14633 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.35.1] - Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786787] {CVE-2011-1079} {CVE-2019-11884} - x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [Orabug: 29791038] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Make cpu_vuln_whitelist __cpuinitconst (Patrick Colp) [Orabug: 29792023] - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29792061] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12127 CVE-2019-11091 CVE-2018-12126 CVE-2019-11884 CVE-2018-12130 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.312.1] - Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786788] {CVE-2011-1079} {CVE-2019-11884} - x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [Orabug: 29791037] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Make cpu_vuln_whitelist __cpuinitconst (Patrick Colp) [Orabug: 29792027] - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29792064] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Call VERW on NMI path when returning to user (Patrick Colp) [Orabug: 29792097] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Fix incorrect check against MSR_IA32_ARCH_CAPABILITIES (Patrick Colp) [Orabug: 29820653] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12130 CVE-2019-11884 CVE-2018-12126 CVE-2019-11091 CVE-2018-12127 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.28.3] - Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} - tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820] - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598] [4.1.12-124.28.2] - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306] - tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306] - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11478 CVE-2019-11479 CVE-2019-11477 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.35.2] - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886600] {CVE-2019-11477} - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11479} - tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11478} - tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890831] {CVE-2019-11477} - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11477} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11478 CVE-2019-11479 CVE-2019-11477 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.312.2] - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886601] {CVE-2019-11477} - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11479} - tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11478} - tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890843] {CVE-2019-11477} - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11477} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11478 CVE-2019-11479 CVE-2019-11477 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [1.4.2-2.0.1.el6_7.1] - [Orabug: 29909723] Added patch CVE-2019-3862. Added Additional length checks to prevent out-of-bounds (CVE-2019-3862) IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-3862 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.36.1] - tun: call dev_get_valid_name() before register_netdevice() (Cong Wang) [Orabug: 29925557] {CVE-2018-7191} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-7191 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.28.6] - scsi: libfc: Fixup disc_mutex handling in fcoe module (Hannes Reinecke) [Orabug: 29511036] - scsi: libfc: sanitize E_D_TOV and R_A_TOV setting in fcp (Hannes Reinecke) [Orabug: 29511036] - sysctl: Fix kabi breakage (Shuning Zhang) [Orabug: 29689925] - proc: Fix proc_sys_prune_dcache to hold a sb reference (Eric W. Biederman) [Orabug: 29689925] - proc/sysctl: Don't grab i_lock under sysctl_lock. (Eric W. Biederman) [Orabug: 29689925] - proc/sysctl: prune stale dentries during unregistering (Konstantin Khlebnikov) [Orabug: 29689925] - scsi: smartpqi: correct lun reset issues (Kevin Barnett) [Orabug: 29848621] - fork: record start_time late (David Herrmann) [Orabug: 29850581] {CVE-2019-6133} - mm: avoid taking zone lock in pagetypeinfo_showmixed() (Vinayak Menon) [Orabug: 29905302] - x86/retpoline/ia32entry: Convert to non-speculative calls (Ankur Arora) [Orabug: 29909295] {CVE-2017-5715} - tun: call dev_get_valid_name() before register_netdevice() (Cong Wang) [Orabug: 29925555] {CVE-2018-7191} - mm/madvise.c: fix madvise() infinite loop under special circumstances (chenjie) [Orabug: 29925610] {CVE-2017-18208} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2017-18208 CVE-2017-5715 CVE-2019-6133 CVE-2018-7191 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.29.3] - mlx4_core: change log_num_{qp,rdmarc} with scale_profile (Mukesh Kacker) [Orabug: 30064080] [4.1.12-124.29.2] - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (Cathy Avery) [Orabug: 30052805] [4.1.12-124.29.1] - USB: check usb_get_extra_descriptor for proper size (Mathias Payer) [Orabug: 29755247] {CVE-2018-20169} - rds: ib: Fix dereference of conn when NULL and cleanup thereof (Hakon Bugge) [Orabug: 29924849] - ext4: zero out the unused memory region in the extent tree block (Sriram Rajagopalan) [Orabug: 29925523] {CVE-2019-11833} {CVE-2019-11833} - ip_sockglue: Fix missing-check bug in ip_ra_control() (Gen Zhang) [Orabug: 29926005] {CVE-2019-12381} - ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() (Gen Zhang) [Orabug: 29926057] {CVE-2019-12378} - x86/microcode: fix x86_spec_ctrl_mask on late loading. (Mihai Carabas) [Orabug: 29941248] - net: rds: fix rds recv memory leak (Zhu Yanjun) [Orabug: 30034815] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-20169 CVE-2019-11833 CVE-2019-12378 CVE-2019-12381 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.29.3.1] - x86/speculation: Exclude ATOMs from speculation through SWAPGS (Thomas Gleixner) [Orabug: 29967571] {CVE-2019-1125} - x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 29967571] {CVE-2019-1125} - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 29967571] {CVE-2019-1125} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-1125 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.30.1] - xen: let alloc_xenballooned_pages() fail if not enough memory free (Juergen Gross) [Orabug: 30073695] - mm/page_alloc.c: calculate 'available' memory in a separate function (Igor Redko) [Orabug: 30073695] - Input: gtco - bounds check collection indent level (Grant Hernandez) [Orabug: 30074413] {CVE-2019-13631} - Documentation/Docbook/Makefile: process xml files in parallel, based on nproc --all value (Alexander Burmashev) [Orabug: 30079814] - net: rds: fix compile warning (Zhu Yanjun) [Orabug: 30118035] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-13631 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.37.1] - Input: gtco - bounds check collection indent level (Grant Hernandez) [Orabug: 30074414] {CVE-2019-13631} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-13631 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.313.1] - ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27987133] {CVE-2018-5750} - dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) [Orabug: 27987143] {CVE-2017-18203} - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886601] {CVE-2019-11477} - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11479} - tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11478} - tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890843] {CVE-2019-11477} - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11477} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2017-18203 CVE-2018-5750 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.1e-58] - fix CVE-2019-1559 - 0-byte record padding oracle [1.0.1e-57] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher [1.0.1e-55] - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts [1.0.1e-54] - fix handling of ciphersuites present after the FALLBACK_SCSV ciphersuite entry (#1386350) [1.0.1e-53] - add README.legacy-settings [1.0.1e-52] - deprecate and disable verification of insecure hash algorithms - disallow DH keys with less than 1024 bits in TLS client - remove support for weak and export ciphersuites - use correct digest when exporting keying material in TLS1.2 (#1376741) [1.0.1e-50] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates [1.0.1e-49] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-42] - fix regression caused by mistake in fix for CVE-2015-1791 [1.0.1e-41] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-40] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-39] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-38] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-37] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-36] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-35] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-34] - copy digest algorithm when handling SNI context switch - improve documentation of ciphersuites - patch by Hubert Kario - add support for setting Kerberos service and keytab in s_server and s_client [1.0.1e-33] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records [1.0.1e-32] - use FIPS approved method for computation of d in RSA [1.0.1e-31] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document [1.0.0-8] - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode [1.0.0-7] - listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6 (#601612) - fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers (#619762) [1.0.0-6] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-5] - fix race in extension parsing code - CVE-2010-3864 (#649304) [1.0.0-4] - openssl man page fix (#609484) [1.0.0-3] - fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738) - fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732) [1.0.0-2] - make CA dir readable - the private keys are in private subdir (#584810) - a few fixes from upstream CVS - make X509_NAME_hash_old work in FIPS mode (#568395) [1.0.0-1] - update to final 1.0.0 upstream release [1.0.0-0.22.beta5] - make TLS work in the FIPS mode [1.0.0-0.21.beta5] - gracefully handle zero length in assembler implementations of OPENSSL_cleanse (#564029) - do not fail in s_server if client hostname not resolvable (#561260) [1.0.0-0.20.beta5] - new upstream release [1.0.0-0.19.beta4] - fix CVE-2009-4355 - leak in applications incorrectly calling CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling [1.0.0-0.18.beta4] - add support for Intel AES-NI [1.0.0-0.17.beta4] - upstream fix compression handling on session resumption - various null checks and other small fixes from upstream - upstream changes for the renegotiation info according to the latest draft [1.0.0-0.16.beta4] - fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS [1.0.0-0.15.beta4] - add better error reporting for the unsafe renegotiation [1.0.0-0.14.beta4] - fix build on s390x [1.0.0-0.13.beta4] - disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot [1.0.0-0.12.beta4] - keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check [1.0.0-0.11.beta4] - update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final. [1.0.0-0.10.beta3] - fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342) [1.0.0-0.9.beta3] - fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION() [1.0.0-0.8.beta3] - fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127) [1.0.0-0.7.beta3] - temporarily disable x86_64 camellia assembler code (#521127) [1.0.0-0.6.beta3] - fix openssl dgst -dss1 (#520152) [1.0.0-0.5.beta3] - drop the compat symlink hacks [1.0.0-0.4.beta3] - constify SSL_CIPHER_description() [1.0.0-0.3.beta3] - fix WWW:Curl:Easy reference in tsget [1.0.0-0.2.beta3] - enable MD-2 [1.0.0-0.1.beta3] - update to new major upstream release [0.9.8k-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Bill Nottingham <notting@redhat.com> - do not build special 'optimized' versions for i686, as that's the base arch in Fedora now [0.9.8k-6] - abort if selftests failed and random number generator is polled - mention EVP_aes and EVP_sha2xx routines in the manpages - add README.FIPS - make CA dir absolute path (#445344) - change default length for RSA key generation to 2048 (#484101) [0.9.8k-5] - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572) [0.9.8k-4] - support compatibility DTLS mode for CISCO AnyConnect (#464629) [0.9.8k-3] - correct the SHLIB_VERSION define [0.9.8k-2] - add support for multiple CRLs with same subject - load only dynamic engine support in FIPS mode [0.9.8k-1] - update to new upstream release (minor bug fixes, security fixes and machine code optimizations only) [0.9.8j-10] - move libraries to /usr/lib (#239375) [0.9.8j-9] - add a static subpackage [0.9.8j-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [0.9.8j-7] - must also verify checksum of libssl.so in the FIPS mode - obtain the seed for FIPS rng directly from the kernel device - drop the temporary symlinks [0.9.8j-6] - drop the temporary triggerpostun and symlinking in post - fix the pkgconfig files and drop the unnecessary buildrequires on pkgconfig as it is a rpmbuild dependency (#481419) [0.9.8j-5] - add temporary triggerpostun to reinstate the symlinks [0.9.8j-4] - no pairwise key tests in non-fips mode (#479817) [0.9.8j-3] - even more robust test for the temporary symlinks [0.9.8j-2] - try to ensure the temporary symlinks exist [0.9.8j-1] - new upstream version with necessary soname bump (#455753) - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) - add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493) [0.9.8g-11] - do not add tls extensions to server hello for SSLv3 either [0.9.8g-10] - move root CA bundle to ca-certificates package [0.9.8g-9] - fix CVE-2008-0891 - server name extension crash (#448492) - fix CVE-2008-1672 - server key exchange message omit crash (#448495) [0.9.8g-8] - super-H arch support - drop workaround for bug 199604 as it should be fixed in gcc-4.3 [0.9.8g-7] - sparc handling [0.9.8g-6] - update to new root CA bundle from mozilla.org (r1.45) [0.9.8g-5] - Autorebuild for GCC 4.3 [0.9.8g-4] - merge review fixes (#226220) - adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846) [0.9.8g-3] - set default paths when no explicit paths are set (#418771) - do not add tls extensions to client hello for SSLv3 (#422081) [0.9.8g-2] - enable some new crypto algorithms and features - add some more important bug fixes from openssl CVS [0.9.8g-1] - update to latest upstream release, SONAME bumped to 7 [0.9.8b-17] - update to new CA bundle from mozilla.org [0.9.8b-16] - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) - add alpha sub-archs (#296031) [0.9.8b-15] - rebuild [0.9.8b-14] - use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys (#250577) - make ssl session cache id matching strict (#233599) [0.9.8b-13] - allow building on ARM architectures (#245417) - use reference timestamps to prevent multilib conflicts (#218064) - -devel package must require pkgconfig (#241031) [0.9.8b-12] - detect duplicates in add_dir properly (#206346) [0.9.8b-11] - the previous change still didn't make X509_NAME_cmp transitive [0.9.8b-10] - make X509_NAME_cmp transitive otherwise certificate lookup is broken (#216050) [0.9.8b-9] - aliasing bug in engine loading, patch by IBM (#213216) [0.9.8b-8] - CVE-2006-2940 fix was incorrect (#208744) [0.9.8b-7] - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940) [0.9.8b-6] - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) [0.9.8b-5] - set buffering to none on stdio/stdout FILE when bufsize is set (#200580) patch by IBM [0.9.8b-4.1] - rebuild with new binutils (#200330) [0.9.8b-4] - add a temporary workaround for sha512 test failure on s390 (#199604) * Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) - add patches for BN threadsafety, AES cache collision attack hazard fix and pkcs7 code memleak fix from upstream CVS [0.9.8b-3.1] - rebuild [0.9.8b-3] - dropped libica and ica engine from build * Wed Jun 21 2006 Joe Orton <jorton@redhat.com> - update to new CA bundle from mozilla.org; adds CA certificates from netlock.hu and startcom.org [0.9.8b-2] - fixed a few rpmlint warnings - better fix for #173399 from upstream - upstream fix for pkcs12 [0.9.8b-1] - upgrade to new version, stays ABI compatible - there is no more linux/config.h (it was empty anyway) [0.9.8a-6] - fix stale open handles in libica (#177155) - fix build if 'rand' or 'passwd' in buildroot path (#178782) - initialize VIA Padlock engine (#186857) [0.9.8a-5.2] - bump again for double-long bug on ppc(64) [0.9.8a-5.1] - rebuilt for new gcc4.1 snapshot and glibc changes [0.9.8a-5] - don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [0.9.8a-4] - fix build (-lcrypto was erroneusly dropped) of the updated libica - updated ICA engine to 1.3.6-rc3 [0.9.8a-3] - disable builtin compression methods for now until they work properly (#173399) [0.9.8a-2] - don't set -rpath for openssl binary [0.9.8a-1] - new upstream version - patches partially renumbered [0.9.7f-11] - updated IBM ICA engine library and patch to latest upstream version [0.9.7f-10] - fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803) [0.9.7f-9] - add *.so.soversion as symlinks in /lib (#165264) - remove unpackaged symlinks (#159595) - fixes from upstream (constant time fixes for DSA, bn assembler div on ppc arch, initialize memory on realloc) [0.9.7f-8] - Updated ICA engine IBM patch to latest upstream version. [0.9.7f-7] - fix CAN-2005-0109 - use constant time/memory access mod_exp so bits of private key aren't leaked by cache eviction (#157631) - a few more fixes from upstream 0.9.7g [0.9.7f-6] - use poll instead of select in rand (#128285) - fix Makefile.certificate to point to /etc/pki/tls - change the default string mask in ASN1 to PrintableString+UTF8String [0.9.7f-5] - update to revision 1.37 of Mozilla CA bundle [0.9.7f-4] - move certificates to _sysconfdir/pki/tls (#143392) - move CA directories to _sysconfdir/pki/CA - patch the CA script and the default config so it points to the CA directories [0.9.7f-3] - uninitialized variable mustn't be used as input in inline assembly - reenable the x86_64 assembly again [0.9.7f-2] - add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken - disable broken bignum assembly on x86_64 [0.9.7f-1] - reenable optimizations on ppc64 and assembly code on ia64 - upgrade to new upstream version (no soname bump needed) - disable thread test - it was testing the backport of the RSA blinding - no longer needed - added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903) [0.9.7e-3] - libcrypto shouldn't depend on libkrb5 (#135961) [0.9.7e-2] - rebuild [0.9.7e-1] - new upstream source, updated patches - added patch so we are hopefully ABI compatible with upcoming 0.9.7f * Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com> - Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq [0.9.7a-46] - generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32) [0.9.7a-45] - Fixed and updated libica-1.3.4-urandom.patch patch (#122967) [0.9.7a-44] - rebuild [0.9.7a-43] - rebuild [0.9.7a-42] - rebuild [0.9.7a-41] - remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040) [0.9.7a-40] - Include latest libica version with important bugfixes * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-38] - Updated ICA engine IBM patch to latest upstream version. [0.9.7a-37] - build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik) [0.9.7a-36] - handle %{_arch}=i486/i586/i686/athlon cases in the intermediate header (#124303) [0.9.7a-35] - add security fixes for CAN-2004-0079, CAN-2004-0112 * Tue Mar 16 2004 Phil Knirsch <pknirsch@redhat.com> - Fixed libica filespec. [0.9.7a-34] - ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix the intermediate header [0.9.7a-33] - add an intermediate <openssl/opensslconf.h> which points to the right arch-specific opensslconf.h on multilib arches * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-32] - Updated libica to latest upstream version 1.3.5. [0.9.7a-31] - Update ICA crypto engine patch from IBM to latest version. * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-29] - rebuilt [0.9.7a-28] - Fixed libica build. * Wed Feb 04 2004 Nalin Dahyabhai <nalin@redhat.com> - add '-ldl' to link flags added for Linux-on-ARM (#99313) [0.9.7a-27] - updated ca-bundle.crt: removed expired GeoTrust roots, added freessl.com root, removed trustcenter.de Class 0 root [0.9.7a-26] - Fix link line for libssl (bug #111154). [0.9.7a-25] - add dependency on zlib-devel for the -devel package, which depends on zlib symbols because we enable zlib for libssl (#102962) [0.9.7a-24] - Use /dev/urandom instead of PRNG for libica. - Apply libica-1.3.5 fix for /dev/urandom in icalinux.c - Use latest ICA engine patch from IBM. [0.9.7a-22.1] - rebuild [0.9.7a-22] - rebuild (22 wasn't actually built, fun eh?) [0.9.7a-23] - re-disable optimizations on ppc64 * Tue Sep 30 2003 Joe Orton <jorton@redhat.com> - add a_mbstr.c fix for 64-bit platforms from CVS [0.9.7a-22] - add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged as not needing executable stacks [0.9.7a-21] - rebuild * Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> - re-enable optimizations on ppc64 * Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> - remove exclusivearch [0.9.7a-20] - only parse a client cert if one was requested - temporarily exclusivearch for %{ix86} * Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> - add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544) and heap corruption (CAN-2003-0545) - update RHNS-CA-CERT files - ease back on the number of threads used in the threading test [0.9.7a-19] - rebuild to fix gzipped file md5sums (#91211) [0.9.7a-18] - Updated libica to version 1.3.4. [0.9.7a-17] - rebuild [0.9.7a-10.9] - free the kssl_ctx structure when we free an SSL structure (#99066) [0.9.7a-16] - rebuild [0.9.7a-15] - lower thread test count on s390x [0.9.7a-14] - rebuild [0.9.7a-13] - disable assembly on arches where it seems to conflict with threading [0.9.7a-12] - Updated libica to latest upstream version 1.3.0 [0.9.7a-9.9] - rebuild [0.9.7a-11] - rebuild [0.9.7a-10] - ubsec: don't stomp on output data which might also be input data [0.9.7a-9] - temporarily disable optimizations on ppc64 * Mon Jun 09 2003 Nalin Dahyabhai <nalin@redhat.com> - backport fix for engine-used-for-everything from 0.9.7b - backport fix for prng not being seeded causing problems, also from 0.9.7b - add a check at build-time to ensure that RSA is thread-safe - keep perlpath from stomping on the libica configure scripts * Fri Jun 06 2003 Nalin Dahyabhai <nalin@redhat.com> - thread-safety fix for RSA blinding [0.9.7a-8] - rebuilt [0.9.7a-7] - Added libica-1.2 to openssl (featurerequest). [0.9.7a-6] - fix building with incorrect flags on ppc64 [0.9.7a-5] - add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's attack (CAN-2003-0131) [ 0.9.7a-4] - add patch to enable RSA blinding by default, closing a timing attack (CAN-2003-0147) [0.9.7a-3] - disable use of BN assembly module on x86_64, but continue to allow inline assembly (#83403) [0.9.7a-2] - disable EC algorithms [0.9.7a-1] - update to 0.9.7a [0.9.7-8] - add fix to guard against attempts to allocate negative amounts of memory - add patch for CAN-2003-0078, fixing a timing attack [0.9.7-7] - Add openssl-ppc64.patch [0.9.7-6] - EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(), to get the right behavior when passed uninitialized context structures (#83766) - build with -mcpu=ev5 on alpha family (#83828) * Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt [0.9.7-4] - Added IBM hw crypto support patch. * Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> - add missing builddep on sed [0.9.7-3] - debloat - fix broken manpage symlinks [0.9.7-2] - fix double-free in 'openssl ca' [0.9.7-1] - update to 0.9.7 final [0.9.7-0] - update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) * Wed Dec 11 2002 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) [0.9.6b-30] - add configuration stanza for x86_64 and use it on x86_64 - build for linux-ppc on ppc - start running the self-tests again [0.9.6b-29hammer.3] - Merge fixes from previous hammer packages, including general x86-64 and multilib [0.9.6b-29] - rebuild [0.9.6b-28] - update asn patch to fix accidental reversal of a logic check [0.9.6b-27] - update asn patch to reduce chance that compiler optimization will remove one of the added tests [0.9.6b-26] - rebuild [0.9.6b-25] - add patch to fix ASN.1 vulnerabilities [0.9.6b-24] - add backport of Ben Laurie's patches for OpenSSL 0.9.6d [0.9.6b-23] - own {_datadir}/ssl/misc * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Sun May 26 2002 Tim Powers <timp@redhat.com> - automated rebuild [0.9.6b-20] - free ride through the build system (whee!) [0.9.6b-19] - rebuild in new environment [0.9.6b-17, 0.9.6b-18] - merge RHL-specific bits into stronghold package, rename [stronghold-0.9.6c-2] - add support for Chrysalis Luna token * Tue Mar 26 2002 Gary Benson <gbenson@redhat.com> - disable AEP random number generation, other AEP fixes [0.9.6b-15] - only build subpackages on primary arches [0.9.6b-13] - on ia32, only disable use of assembler on i386 - enable assembly on ia64 [0.9.6b-11] - fix sparcv9 entry [stronghold-0.9.6c-1] - upgrade to 0.9.6c - bump BuildArch to i686 and enable assembler on all platforms - synchronise with shrimpy and rawhide - bump soversion to 3 * Wed Oct 10 2001 Florian La Roche <Florian.LaRoche@redhat.de> - delete BN_LLONG for s390x, patch from Oliver Paukstadt [0.9.6b-9] - update AEP driver patch * Mon Sep 10 2001 Nalin Dahyabhai <nalin@redhat.com> - adjust RNG disabling patch to match version of patch from Broadcom [0.9.6b-8] - disable the RNG in the ubsec engine driver [0.9.6b-7] - tweaks to the ubsec engine driver [0.9.6b-6] - tweaks to the ubsec engine driver [0.9.6b-5] - update ubsec engine driver from Broadcom [0.9.6b-4] - move man pages back to %{_mandir}/man?/foo.?ssl from %{_mandir}/man?ssl/foo.? - add an [ engine ] section to the default configuration file * Thu Aug 09 2001 Nalin Dahyabhai <nalin@redhat.com> - add a patch for selecting a default engine in SSL_library_init() [0.9.6b-3] - add patches for AEP hardware support - add patch to keep trying when we fail to load a cert from a file and there are more in the file - add missing prototype for ENGINE_ubsec() in engine_int.h [0.9.6b-2] - actually add hw_ubsec to the engine list * Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com> - add in the hw_ubsec driver from CVS [0.9.6b-1] - update to 0.9.6b * Thu Jul 05 2001 Nalin Dahyabhai <nalin@redhat.com> - move .so symlinks back to %{_libdir} * Tue Jul 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move shared libraries to /lib (#38410) * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com> - switch to engine code base * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com> - add a script for creating dummy certificates - move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.? * Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de> - add s390x support * Fri Jun 01 2001 Nalin Dahyabhai <nalin@redhat.com> - change two memcpy() calls to memmove() - don't define L_ENDIAN on alpha [stronghold-0.9.6a-1] - Add 'stronghold-' prefix to package names. - Obsolete standard openssl packages. * Wed May 16 2001 Joe Orton <jorton@redhat.com> - Add BuildArch: i586 as per Nalin's advice. * Tue May 15 2001 Joe Orton <jorton@redhat.com> - Enable assembler on ix86 (using new .tar.bz2 which does include the asm directories). * Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com> - make subpackages depend on the main package * Tue May 01 2001 Nalin Dahyabhai <nalin@redhat.com> - adjust the hobble script to not disturb symlinks in include/ (fix from Joe Orton) * Fri Apr 27 2001 Nalin Dahyabhai <nalin@redhat.com> - drop the m2crypo patch we weren't using * Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com> - configure using 'shared' as well * Sun Apr 08 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6a - use the build-shared target to build shared libraries - bump the soversion to 2 because we're no longer compatible with our 0.9.5a packages or our 0.9.6 packages - drop the patch for making rsatest a no-op when rsa null support is used - put all man pages into <section>ssl instead of <section> - break the m2crypto modules into a separate package * Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com> - use BN_LLONG on s390 * Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com> - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) * Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move c_rehash to the perl subpackage, because it's a perl script now * Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0 * Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de> - change hobble-openssl for disabling MD2 again * Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com> - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> - disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) * Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - fix s390 patch * Fri Dec 08 2000 Than Ngo <than@redhat.com> - added support s390 * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> - remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage * Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com> - always build with -mcpu=ev5 on alpha * Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com> - add a symlink from cert.pem to ca-bundle.crt * Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com> - add a ca-bundle file for packages like Samba to reference for CA certificates * Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com> - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) * Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com> - add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4 * Tue Sep 26 2000 Bill Nottingham <notting@redhat.com> - fix some issues in building when it's not installed * Wed Sep 06 2000 Nalin Dahyabhai <nalin@redhat.com> - make sure the headers we include are the ones we built with (aaaaarrgh!) * Fri Sep 01 2000 Nalin Dahyabhai <nalin@redhat.com> - add Richard Henderson's patch for BN on ia64 - clean up the changelog * Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com> - fix the building of python modules without openssl-devel already installed * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com> - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) by marking them as .PRECIOUS * Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com> - break out python extensions into a subpackage * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more * Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com> - disable MD2 support * Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com> - disable MDC2 support * Sun Jul 02 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the disabling of RC5, IDEA support - tweak the makefile * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> - strip binaries and libraries - rework certificate makefile to have the right parts for Apache * Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com> - use %{_perl} instead of /usr/bin/perl - disable alpha until it passes its own test suite * Fri Jun 09 2000 Nalin Dahyabhai <nalin@redhat.com> - move the passwd.1 man page out of the passwd package's way * Fri Jun 02 2000 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - move certificate makefile to another package - disable RC5, IDEA, RSA support - remove optimizations for now * Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package * Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs * Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ * Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - Fix build on non-x86 platforms * Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package * Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS IMPORTANT Copyright 2019 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.38.1] - x86/speculation: Exclude ATOMs from speculation through SWAPGS (Thomas Gleixner) [Orabug: 30165288] {CVE-2019-1125} - x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 30165288] {CVE-2019-1125} - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 30165288] {CVE-2019-1125} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-1125 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.314.1] - x86/speculation: Exclude ATOMs from speculation through SWAPGS (Thomas Gleixner) [Orabug: 30165287] {CVE-2019-1125} - x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 30165287] {CVE-2019-1125} - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 30165287] {CVE-2019-1125} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-1125 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.31.1.1] - KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug: 30318042] {CVE-2019-14821} {CVE-2019-14821} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-14821 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.32.1] - NFSv4: Don't try to reclaim unused state owners (Trond Myklebust) [Orabug: 30124013] - x86/microcode: Update late microcode in parallel (Ashok Raj) [Orabug: 30302412] - floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318219] {CVE-2019-14283} - xen-netback: stop netif TX queue on guest queuing failure (Ankur Arora) [Orabug: 30351050] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-14283 CVE-2019-15239 CVE-2019-14821 CVE-2019-15666 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.39.1] - tcp: purge write queue in tcp_connect_init() (Eric Dumazet) [Orabug: 30240134] {CVE-2019-15239} - cx24116: fix a buffer overflow when checking userspace params (Mauro Carvalho Chehab) [Orabug: 30254282] {CVE-2015-9289} - floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318220] {CVE-2019-14283} - ext4: fix data corruption caused by unaligned direct AIO (Lukas Czerner) [Orabug: 30324140] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-14283 CVE-2015-9289 CVE-2019-15239 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.315.1] - loopback: off by one in tcm_loop_make_naa_tpg() (Dan Carpenter) [Orabug: 30254296] {CVE-2011-5327} - floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318221] {CVE-2019-14283} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-14283 CVE-2011-5327 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.32.3] - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (Hannes Reinecke) [Orabug: 26941755] {CVE-2017-14991} - failover: allow name change on IFF_UP slave interfaces (Si-Wei Liu) [Orabug: 29707258] - Revert 'net_failover: delay taking over primary device to accommodate udevd renaming' (Si-Wei Liu) [Orabug: 29707258] - build: Revert 'repairing out-of-tree build functionality' (Todd Vierling) [Orabug: 30257829] - rds: add ibmr to busy_list in flush code path (Manjunath Patil) - rds: fix uninteneded increase of rds_rdma:pool->max_items_soft (Manjunath Patil) [4.1.12-124.32.2] - ext4: fix data exposure after a crash (Jan Kara) [Orabug: 30361860] {CVE-2017-7495} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2017-14991 CVE-2017-7495 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.32.3.2] - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419233] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} - x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} - x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30419233] {CVE-2019-11135} - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} - x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} [4.1.12-124.32.3.1] - kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207} - kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207} - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207} - kvm: x86: Do not release the page inside mmu_set_spte() (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207} - x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta) [Orabug: 29967631] {CVE-2018-12207} - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: MMU: Move mapping_level_dirty_bitmap() call in mapping_level() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207} - Revert 'KVM: x86: use the fast way to invalidate all pages' (Sean Christopherson) [Orabug: 29967631] {CVE-2018-12207} - kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: MMU: Simplify force_pt_level calculation code in FNAME(page_fault)() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: MMU: Make mmu_set_spte() return emulate value (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207} - KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (Takuya Yoshikawa) [Orabug: 29967631] {CVE-2018-12207} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12207 CVE-2019-11135 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.39.1.1] - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419232] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135} - x86/tsx: Add 'auto' option to TSX cmdline parameter (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135} - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135} - x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135} - x86/tsx: Add TSX cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135} - x86: Add helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135} - x86/tsx: Add enumeration support for IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419232] {CVE-2019-11135} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11135 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.315.1.1] - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419231] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/tsx: Add 'auto' option to TSX cmdline parameter (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/tsx: Add TSX cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86: Add helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/tsx: Add enumeration support for IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11135 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.33.4] - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30036349] - ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349] - SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30165838] - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838] - vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] {CVE-2019-14835} - vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30312787] {CVE-2019-14835} - vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787] - array_index_nospec: Sanitize speculative array de-references (Dan Williams) [Orabug: 30312787] - net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444853] {CVE-2019-16995} - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444946] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445158] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445305] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490491] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511741] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] {CVE-2019-15217} - target: Propagate backend read-only to core_tpg_add_lun (Nicholas Bellinger) [Orabug: 30538419] - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539766] - cpu/speculation: Uninline and export CPU mitigations helpers (Kanth Ghatraju) [Orabug: 30539766] [4.1.12-124.33.3] - rds: Use correct conn when dropping connections due to cancel (Hakon Bugge) [Orabug: 30316058] - rds: ib: Optimize rds_ib_laddr_check (Hakon Bugge) [Orabug: 30327671] - rds: Bring loop-back peer down as well (Hakon Bugge) [Orabug: 30271704] - rds: ib: Avoid connect retry on loopback connections (Hakon Bugge) [Orabug: 30271704] - rds: ib: Qualify CM REQ duplicate detection with connection being up (Hakon Bugge) [Orabug: 30062150] - rds: Further prioritize local loop-back connections (Hakon Bugge) [Orabug: 30062150] - rds: Fix initial zero delay when queuing re-connect work (Hakon Bugge) [Orabug: 30062150] - rds: Re-introduce separate work-queue for local connections (Hakon Bugge) [Orabug: 30062150] - rds: Re-factor and avoid superfluous queuing of shutdown work (Hakon Bugge) [Orabug: 29994551] - rds: ib: Flush ARP cache when connection attempt is rejected (Hakon Bugge) [Orabug: 29994550] - rds: ib: Fix incorrect setting of cp_reconnect_racing (Hakon Bugge) [Orabug: 29994553] - RDMA/cma: Make # CM retries configurable (Hakon Bugge) [Orabug: 29994555] - rds: Re-factor and avoid superfluous queuing of reconnect work (Hakon Bugge) [Orabug: 29994558] - rds: ib: Correct the cm_id compare commit (Hakon Bugge) [Orabug: 29994560] - rds: Increase entropy in hashing (Hakon Bugge) [Orabug: 29994561] - rds: ib: Resurrect the CQs instead of delete+create (Hakon Bugge) [Orabug: 29994566] - rds: Avoid queuing superfluous send and recv work (Hakon Bugge) [Orabug: 29994564] [4.1.12-124.33.2] - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30517133] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30517133] {CVE-2019-11135} - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207} - kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207} - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207} - kvm: x86: Do not release the page inside mmu_set_spte() (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207} - x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta) [Orabug: 30517059] {CVE-2018-12207} - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: MMU: Move mapping_level_dirty_bitmap() call in mapping_level() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207} - Revert 'KVM: x86: use the fast way to invalidate all pages' (Sean Christopherson) [Orabug: 30517059] {CVE-2018-12207} - kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: MMU: Simplify force_pt_level calculation code in FNAME(page_fault)() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: MMU: Make mmu_set_spte() return emulate value (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207} - KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207} [4.1.12-124.33.1] - scsi: qla2xxx: Fix NULL pointer crash due to probe failure (himanshu.madhani@cavium.com) [Orabug: 30161119] - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Jeremy Compostella) [Orabug: 30210503] {CVE-2017-18551} - scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT passthrough commands. (Giridhar Malavali) [Orabug: 30256423] - net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350263] {CVE-2019-15916} - Drivers: hv: vmbus: add special crash handler (Vitaly Kuznetsov) [Orabug: 30374399] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-12207 CVE-2019-15215 CVE-2019-17055 CVE-2017-15128 CVE-2019-14835 CVE-2019-15213 CVE-2019-17053 CVE-2019-14284 CVE-2019-15217 CVE-2019-16994 CVE-2019-15916 CVE-2017-18551 CVE-2017-15102 CVE-2019-11135 CVE-2019-11478 CVE-2019-16995 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.40.1] - USB: check usb_get_extra_descriptor for proper size (Mathias Payer) [Orabug: 30045797] {CVE-2018-20169} - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (Hannes Reinecke) [Orabug: 30393902] {CVE-2017-14991} - usb: misc: legousbtower: Fix NULL pointer deference (Greg Kroah-Hartman) [Orabug: 30412151] {CVE-2017-15102} - floppy: fix div-by-zero in setup_format_params (Denis Efremov) [Orabug: 30447844] {CVE-2019-14284} - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Jeremy Compostella) [Orabug: 30468842] {CVE-2017-18551} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-20169 CVE-2017-14991 CVE-2017-18551 CVE-2017-15102 CVE-2019-14284 CVE-2019-11135 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.316.1] - ipv4: ipmr: various fixes and cleanups (Eric Dumazet) [Orabug: 30183226] {CVE-2017-18509} - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (Hannes Reinecke) [Orabug: 30393903] {CVE-2017-14991} - usb: misc: legousbtower: Fix NULL pointer deference (Greg Kroah-Hartman) [Orabug: 30412152] {CVE-2017-15102} - floppy: fix div-by-zero in setup_format_params (Denis Efremov) [Orabug: 30447845] {CVE-2019-14284} - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Jeremy Compostella) [Orabug: 30468843] {CVE-2017-18551} - USB: check usb_get_extra_descriptor for proper size (Mathias Payer) [Orabug: 30057430] {CVE-2018-20169} - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419231] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/tsx: Add 'auto' option to TSX cmdline parameter (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/tsx: Add TSX cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86: Add helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} - x86/tsx: Add enumeration support for IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419231] {CVE-2019-11135} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2017-18551 CVE-2019-11135 CVE-2019-14284 CVE-2017-18509 CVE-2018-20169 CVE-2017-14991 CVE-2017-15102 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [3:1.17-33.19.0.4] - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] [3:1.17-33.19.0.1] - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe (except BDW-79) - update 06-55-04 to 0x2000065 - update 06-55-07 to 0x500002c IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-11135 CVE-2018-12207 CVE-2019-11139 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.34.1] - block/loop: set hw_sectors (Shaohua Li) [Orabug: 30244514] - block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30273956] - oled: export symbols (Wengang Wang) [Orabug: 30512063] - oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30512063] - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548565] {CVE-2019-15219} [4.1.12-124.33.5] - net/mlx5: bump driver rev (Brian Maly) [Orabug: 30479538] - net/mlx5: Add 25G and 50G types (John Donnelly) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 VF device ID (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix pci error recovery flow (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Add timeout handle to commands with callback (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix potential deadlock in command mode change (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix wait_vital for VFs and remove fixed sleep (Daniel Jurgens) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Add missing 50G baseSR2 link mode (Gal Pressman) [Orabug: 30479538] - net/mlx5_core: Add ConnectX-5 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Fix MLX5E_100BASE_T define (Rana Shahout) [Orabug: 30479538] - net/mlx5e: Fix soft lockup when HW Timestamping is enabled (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5: Make command timeout way shorter (Or Gerlitz) [Orabug: 30479538] - net/mlx5: Fix teardown errors that happen in pci error handler (Mohamad Haj Yahia) [Orabug: 30479538] - IB/mlx5: Support setting Ethernet priority for Raw Packet QPs (majd@mellanox.com) [Orabug: 30479538] - IB/mlx5: Add Raw Packet QP query functionality (majd@mellanox.com) [Orabug: 30479538] - net/mlx5_core: Warn on unsupported events of QP/RQ/SQ (majd@mellanox.com) [Orabug: 30479538] - net/mlx5_core: Add RQ and SQ event handling (majd@mellanox.com) [Orabug: 30479538] - net/mlx5_core: Export transport objects (majd@mellanox.com) [Orabug: 30479538] - IB/mlx5: Add CQE version 1 support to user QPs and SRQs (Haggai Abramovsky) [Orabug: 30479538] - net/mlx5_core: Fix trimming down IRQ number (Doron Tsur) [Orabug: 30479538] - net/mlx5_core: Export flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Make ipv4/ipv6 location more clear (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Enable flow steering support for the IB driver (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Initialize namespaces only when supported by device (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Set priority attributes (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Connect flow tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce modify flow table command (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Managing root flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add utilities to find next and prev flow-tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering autogrouped flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Add PTP Hardware Clock (PHC) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Add HW timestamping (TS) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access function to read internal timer (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Do not modify the TX SKB (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add setting ATOMIC endian mode (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access functions to enable/disable RoCE (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Break down the vport mac address query function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename en_flow_table.c to en_fs.c (Maor Gottlieb) [Orabug: 30479538] - net/mlx5: Use flow steering infrastructure for mlx5_en (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Flow steering tree initialization (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering lookup algorithms (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering base data structures (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering firmware commands (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Assign random MAC address if needed (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix query E-Switch capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add support for SR-IOV ndos (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce get vf statistics (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce set vport vlan (VST mode) (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce HCA cap and E-Switch vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce Vport administration functions (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Add SR-IOV (FDB) support (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce FDB hardware capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introducing E-Switch and l2 table (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write vlan list into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write UC/MC list and promisc mode into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport vlans (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport promisc mode (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport state (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport mac lists (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Update access functions to Query/Modify vport MAC address (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Add HW capabilities and structs for SR-IOV E-Switch (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Add base sriov support (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Modify enable/disable hca functions (Eli Cohen) [Orabug: 30479538] - mlx5: support napi_complete_done() (Eric Dumazet) [Orabug: 30479538] - mlx5: add busy polling support (Eric Dumazet) [Orabug: 30479538] - net/mlx5e: Use the right DMA free function on TX path (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Max mtu comparison fix (Doron Tsur) [Orabug: 30479538] - net/mlx5e: Added self loopback prevention (Tariq Toukan) [Orabug: 30479538] - net/mlx5e: Fix inline header size calculation (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix LSO vlan insertion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Re-eanble client vlan TX acceleration (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Return error in case mlx5e_set_features() fails (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Don't allow more than max supported channels (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Use the the real irqn in eq->irqn (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Wait for RX buffers initialization in a more proper manner (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid NULL pointer access in case of configuration failure (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Wait for FW readiness on startup (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Add pci error handlers to mlx5_core driver (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix internal error detection conditions (Eli Cohen) [Orabug: 30479538] (Christoph Hellwig) [Orabug: 30479538] - net/mlx5e: Disable VLAN filter in promiscuous mode (Achiad Shochat) [Orabug: 30479538] - net/mlx5: Fix typo in mlx5_query_port_pvlc (Jiri Pirko) [Orabug: 30479538] - net/mlx5_core: Use private health thread for each device (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Use accessor functions to read from device memory (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Prepare cmd interface to system errors handling (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Improve mlx5 messages (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Update health syndromes (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix wrong name in struct (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: New init and exit flow for mlx5_core (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix notification of page supplement error (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix async commands return code (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Remove redundant 'err' variable usage (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Fix struct type in the DESTROY_TIR/TIS device commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Priv state flag not rolled-back upon netdev open error (Achiad Shochat) [Orabug: 30479538] - IB/mlx5: Remove support for IB_DEVICE_LOCAL_DMA_LKEY (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose max_sge_rd correctly (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose correct page_size_cap in device attributes (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix missing device local_dma_lkey (Sagi Grimberg) [Orabug: 30479538] - net/mlx5e: Avoid accessing NULL pointer at ndo_select_queue (Rana Shahout) [Orabug: 30479538] - mlx5e: Fix sparse warnings in mlx5e_handle_csum(). (David S. Miller) [Orabug: 30479538] - net/mlx5e: Support RX CHECKSUM_COMPLETE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support ethtool get/set_pauseparam (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Ethtool link speed setting fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: HW LRO changes/fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support smaller RX/TX ring sizes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Add ethtool RSS configuration options (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Make RSS indirection table size a constant (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Have a single RSS Toeplitz hash key (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Set log_uar_page_sz for non 4K page size architecture (Carol L Soto) [Orabug: 30479538] - net/mlx5_core: Support physical port counters (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Take advantage of the light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Disable async events before unregister_netdev() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename/move functions following the ndo_stop flow change (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Introduce access function to modify RSS/LRO params (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce the 'Drop RQ' (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Unify the RX flow (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove the mlx5e_update_priv_params() function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce create/destroy RSS indir table access functions (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Do not use netdev_err() before the netdev is registered (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant de-reference (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant assignment of sq->user_index (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant field mlx5e_priv->num_tc (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use hard-coded 4K page size for RQ/SQ/CQ (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Check the return value of mlx5_command_exec() (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5e: Input IPSEC.SPI into the RX RSS hash function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Cosmetics: use BIT() instead of '1 <<', and others (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: TX latency optimization to save DMA reads (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support TX packet copy into WQE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Allocate DMA coherent memory on reader NUMA node (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Support ETH_RSS_HASH_XOR (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Prefetch skb data on RX (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Pop cq outside mlx5e_get_cqe (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove mlx5e_cq.sqrq back-pointer (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove extra spaces (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid TX CQE generation if more xmit packets expected (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant dev_kfree_skb() upon NOP completion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove re-assignment of wq type in mlx5e_enable_rq() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use skb_shinfo(skb)->gso_segs rather than counting them (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Static mapping of netdev priv resources to/from netdev TX queues (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add transport domain to the ethernet TIRs/TISs (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add transport domain alloc/dealloc support (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support NETIF_F_SG (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Enforce max flow-tables level >= 3 (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Disable client vlan TX acceleration (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add HW cacheline start padding (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix HW MTU settings (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: fix an error code (Dan Carpenter) [Orabug: 30479538] - net/mlx5_core: Fix static checker warnings around system guid query flow (Majd Dibbiny) [Orabug: 30479538] - mlx5: Enable mutual support for IB and Ethernet (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Add more query port helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number when querying port ptys (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number in the query port mtu helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Get vendor-id using the query adapter command (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Add new query HCA vport commands (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Make the vport helpers available for the IB driver too (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Check the return bitmask when querying ISSI (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Enable XRCs and SRQs when using ISSI > 0 (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Apply proper name convention to helpers (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_en: Add missing check for memory allocation failure (Amir Vadai) [Orabug: 30479538] - net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet resource handling files (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet Datapath files (Amir Vadai) [Orabug: 30479538] - net/mlx5_core: Set/Query port MTU commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Modify CQ moderation parameters (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement get/set port status (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement access functions of ptys register fields (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: New device capabilities handling (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: HW data structs/types definitions cleanup (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Set irq affinity hints (Saeed Mahameed) [Orabug: 30479538] - mlx5: add kcompat.h (Brian Maly) [Orabug: 30479538] - net/mlx5_core,mlx5_ib: Do not use vmap() on coherent memory (Amir Vadai) [Orabug: 30479538] - mlx5: enable module in kernel configs (Brian Maly) [Orabug: 30479538] - config: disable mlx5_ib (Brian Maly) [Orabug: 30479538] - nano: remove mlx5_ib (Brian Maly) [Orabug: 30479538] - fix retpoline build breakage when CONFIG_RETPOLINE is not set (Brian Maly) [Orabug: 30479538] IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-15219 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.41.1] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379626] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444947] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445159] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445307] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490492] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511742] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532775] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548566] {CVE-2019-15219} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-15213 CVE-2019-15215 CVE-2019-17055 CVE-2019-15217 CVE-2019-15219 CVE-2019-16994 CVE-2019-17053 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.317.1] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444948] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445161] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445309] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490493] {CVE-2019-15213} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532776] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548567] {CVE-2019-15219} IMPORTANT Copyright 2019 Oracle, Inc. CVE-2019-17053 CVE-2019-17055 CVE-2019-15213 CVE-2019-15219 CVE-2019-16994 CVE-2019-15217 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 IMPORTANT Copyright 2019 Oracle, Inc. CVE-2018-20852 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 Oracle Linux 6 [68.4.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17024 CVE-2019-17026 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.4.1-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.4.1-2] - Update to 68.4.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17017 CVE-2019-17024 CVE-2019-17026 CVE-2019-17016 CVE-2019-17022 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.8.0.242.b07-1] - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-0] - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. - Resolves: rhbz#1785753 [1:1.8.0.242.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u242-b05. - Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. - Revise b05 snapshot to include JDK-8236178. - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-3] - Revert SSBD removal for now, until appropriate messaging has been decided. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-2] - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2590 CVE-2020-2604 CVE-2020-2601 CVE-2020-2593 CVE-2020-2659 CVE-2020-2583 CVE-2020-2654 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.3-3.el6_10.1] - Do not eval strings passed to toColor - Resolves: #1788551 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17626 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.0.0-4] - Fix a heap-based buffer overflow vulnerability leading to remote code execution, CVE-2019-5544 Resolves: #1788447 CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-5544 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.7.1-10] - fixes arbitrary code execution via .gitmodules Resolves: CVE-2018-17456 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-17456 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.26-8.2] - Fix insufficient encoding checks for LZ Resolves: rhbz#1598651 [0.26-8.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-10893 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [20120801-38] - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790542 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14868 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 6 [68.5.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6798 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6800 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.4.5-11] - Fixed buffer overflow in the eap_request and eap_response functions Resolves: CVE-2020-8597 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8597 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.251-2.6.21.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.251-2.6.21.0] - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 CVE-2020-2590 CVE-2020-2593 CVE-2020-2583 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [3.0.1-21] - add security fix for CVE-2018-1311 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-1311 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.8.6p3-29.0.1.el6_10.3] - Fixes [OraBug: 28747380] sudo does not honor env_keep-='KRB5CCNAME' after 'sudo -k' (isaac.chen@oracle.com) [1.8.6p3-29.3] - RHEL-6.10.z ERRATUM - fixed CVE-2019-18634 Resolves: rhbz#1799018 [1.8.6p3-29.2] - RHEL-6.10.z ERRATUM - fixed CVE-2019-14287 Resolves: rhbz#1760684 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18634 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 Oracle Linux 6 [0.12.1.2-2.506.el6_10.6] - kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734747] - kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749731] - kvm-tcp_emu-Fix-oob-access.patch [bz#1791558] - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791558] - kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791558] - Resolves: bz#1734747 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-6.10.z]) - Resolves: bz#1749731 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-6]) - Resolves: bz#1791558 (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 CVE-2019-14378 CVE-2019-15890 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.28.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.28.1] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1795404] - [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779473] {CVE-2019-17055} - [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778625] {CVE-2019-17133} - [netdrv] bonding: speed/duplex update at NETDEV_UP event (Patrick Talbert) [1772779] - [netdrv] bonding: make speed, duplex setting consistent with link state (Patrick Talbert) [1772779] - [netdrv] bonding: simplify / unify event handling code for 3ad mode (Patrick Talbert) [1772779] - [netdrv] bonding: unify all places where actor-oper key needs to be updated (Patrick Talbert) [1772779] - [netdrv] bonding: simple code refactor (Patrick Talbert) [1772779] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17133 CVE-2019-17055 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 Oracle Linux 6 [68.6.0-1.0.1.el6_10] - fix LD_LIBRARY_PATH - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.6.0-1] - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20503 CVE-2020-6814 CVE-2020-6805 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6806 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [4.3.11-11] - improve printing of error messages introduced by the fix of CVE-2019-20044 [4.3.11-10] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20044 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [4.2.1-15] - Apply icu.13634.integer.overflow.patch - Apply icu.20958.segv.mapper.patch - Resolves: rhbz#1809876 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 Oracle Linux 6 [1.1.6-20] - Fixes for CVE-2020-5312 and related part of CVE-2019-16865 Resolves: rhbz#1789533 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5312 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0:6.0.24-114] - Related: rhbz#1806803 Update patch to remove secret attribute renaming [0:6.0.24-113] - Related: rhbz#1806803 Add IIS attributes to filter pattern and update secret logic [0:6.0.24-112] - Resolves: rhbz#1806803 CVE-2020-1938 tomcat6: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1938 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.6.0-1] - Update to 68.6.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20503 CVE-2020-6807 CVE-2020-6811 CVE-2020-6806 CVE-2020-6812 CVE-2020-6814 CVE-2020-6805 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.8.15-3] - Backport fix for CVE-2020-5208 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5208 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:0.17-49] - Resolves: #1814775 - Arbitrary remote code execution in utility.c via short writes or urgent data IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.6.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6819 CVE-2020-6820 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.0.1-10] - Apply previous patch - Resolves: #1814774 [1.0.1-9] - Fix CVE-2020-10188 (netclear()/nextitem() buffer overrun) - Resolves: #1814774 [1.0.1-8] - bump release number to sort newer than the recent 6.2 update IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.506.el6_10.7] - kvm-slirp-disable-tcp_emu.patch [bz#1791680] - kvm-slirp-add-slirp_fmt-helpers.patch [bz#1798966] - kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798966] - Resolves: bz#1791680 (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6]) - Resolves: bz#1798966 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8608 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 Oracle Linux 6 [68.7.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6820 CVE-2020-6821 CVE-2020-6825 CVE-2020-6822 CVE-2020-6819 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.8.0.252.b09-2] - Add release notes. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-1] - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-0] - Update to aarch64-shenandoah-jdk8u242-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:1.8.0.252.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 [1:1.8.0.252.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 [1:1.8.0.252.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 [1:1.8.0.252.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 [1:1.8.0.252.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 [1:1.8.0.252.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b03. - Resolves: rhbz#1810557 [1:1.8.0.252.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 [1:1.8.0.252.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Resolves: rhbz#1810557 [1:1.8.0.242.b08-0] - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2803 CVE-2020-2830 CVE-2020-2773 CVE-2020-2754 CVE-2020-2805 CVE-2020-2755 CVE-2020-2800 CVE-2020-2781 CVE-2020-2756 CVE-2020-2757 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.261-2.6.22.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.261-2.6.22.1] - Add release notes from IcedTea. - Resolves: rhbz#1810557 [1:1.7.0.261-2.6.22.0] - Bump to 2.6.22 and OpenJDK 7u261-b02. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2756 CVE-2020-2781 CVE-2020-2800 CVE-2020-2757 CVE-2020-2773 CVE-2020-2805 CVE-2020-2830 CVE-2020-2803 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.29.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.29.1] - [wireless] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775226] {CVE-2019-17666} - [x86] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes (Denys Vlasenko) [1485759] - [powerpc] powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB (Denys Vlasenko) [1485759] - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Denys Vlasenko) [1485759] - [powerpc] powerpc: Use generic PIE randomization (Denys Vlasenko) [1485759] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-1000371 CVE-2019-17666 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [8.2.0-7] - Fix CVE-2020-10108 HTTP request smuggling when presented with two Content-Length headers Resolves: rhbz#1813439 - Remove useless macros definitions IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10108 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.8.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-12387 CVE-2020-12395 CVE-2020-12392 CVE-2020-6831 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.8.0-1] - Update to 68.8.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6831 CVE-2020-12397 CVE-2020-12395 CVE-2020-12387 CVE-2020-12392 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.29.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.29.2] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10711 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 Oracle Linux 6 [68.9.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12410 CVE-2020-12406 CVE-2020-12405 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [32:9.8.2-0.68.rc1.7] - Correct tests covering CVE-2020-8617 [32:9.8.2-0.68.rc1.6] - Add additional fix to limit recursions [32:9.8.2-0.68.rc1.5] - Add CVE tests to codebase [32:9.8.2-0.68.rc1.4] - Limit number of queries triggered by a request (CVE-2020-8616) - Fix invalid tsig request (CVE-2020-8617) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8616 CVE-2020-8617 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 6 [1.0.2-7] - CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841980) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13398 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.30.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.30.2] - x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543} [2.6.32-754.30.1] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711} - [netdrv] bonding: don't set slave->link in bond_update_speed_duplex() (Patrick Talbert) [1828604] - [security] KEYS: prevent KEYCTL_READ on negative key (Patrick Talbert) [1498368] {CVE-2017-12192} MODERATE Copyright 2020 Oracle, Inc. CVE-2017-12192 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 6 [3:1.17-33.26.0.1] - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] [2:1.17-33.26] - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795353, #1795357, #1827186): - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. [2:1.17-33.25] - Update Intel CPU microcode to microcode-20200520 release (#1839193): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78. [2:1.17-33.24] - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models (#1835555). [2:1.17-33.23] - Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064 by default (#1774635). [2:1.17-33.22] - Update Intel CPU microcode to microcode-20191115 release: - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4 up to 0xd6; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca; - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca; - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision 0xc6 up to 0xca; - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca; - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca; - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca. [2:1.17-33.21] - Update Intel CPU microcode to microcode-20191113 release: - Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6. - Drop 0001-releasenote-changes-summary-fixes.patch. [2:1.17-33.20] - Package the publicy available microcode-20191112 release (#1755021): - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d; - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c; - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16; - Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150 up to 0x1000151; - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision 0x2000064 up to 0x2000065; - Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b up to 0x500002c; - Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32; - Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release. - Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch). - Update README.caveats with the link to the new Knowledge Base article. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0549 CVE-2020-0543 CVE-2020-0548 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 6 [0.6.21-6] - Add patch for CVE-2020-13112 - Resolves: #1840948 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13112 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0:6.0.24-115] - Resolves: CVE-2020-9484 tomcat6: tomcat: Apache Tomcat Remote Code Execution via session persistence IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-9484 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.9.0-1] - Update to 68.9.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.4.20-29.1] - Fix segfault in unbound-1.4.20-amplifying-an-incoming-query.patch - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-28.1] - Fix unbound-1.4.20-amplifying-an-incoming-query.patch patch so it won't produce compiler warnings - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-27.1] - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-26.1] - Resolves: #1655929 - Unbound crashed when running 'unbound-control log_reopen' IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12662 CVE-2020-12663 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.10.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12420 CVE-2020-12421 CVE-2020-12419 CVE-2020-12418 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.31.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.31.1] - [x86] x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543} - [netdrv] bonding/802.3ad: fix link_failure_count tracking (Patrick Talbert) [1841819] - [mm] mm: migration: add migrate_entry_wait_huge() (Waiman Long) [1839653] - [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1796810] - [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Update Spectre v2 reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1796810] - [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Disable the speculation barrier from the command line (Gustavo Duarte) [1796810] - [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Patch barrier_nospec in modules (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add barrier_nospec (Gustavo Duarte) [1796810] - [powerpc] powerpc: Add helper to check if offset is within relative branch range (Gustavo Duarte) [1796810] - [powerpc] powerpc: Have patch_instruction detect faults (Gustavo Duarte) [1796810] - [powerpc] powerpc: Introduce asm-prototypes.h (Gustavo Duarte) [1796810] - [powerpc] powerpc: Move local setup.h declarations to arch includes (Gustavo Duarte) [1796810] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18660 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12419 CVE-2020-12418 CVE-2020-12421 CVE-2020-12420 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.8.0.262.b10-0] - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b09. - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.2.ea] - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b05. - Resolves: rhbz#1838811 [1:1.8.0.262.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.1.ea] - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Introduce jfr_arches for architectures which support JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 [1:1.8.0.262.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Add recently added binaries to alternatives set (clhsdb, hsdb, jfr) - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14593 CVE-2020-14583 CVE-2020-14577 CVE-2020-14578 CVE-2020-14621 CVE-2020-14556 CVE-2020-14579 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.11.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Thu Jul 23 2020 Jan Horak <jhorak@redhat.com> - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-6463 CVE-2020-15652 CVE-2020-15659 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [8.4.704-4] - require explicitly jdk-1.6 due to ABI bytecode compatibility [8.4.704-3] - fixed XXE vulnerability (CVE-2020-13692) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13692 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-15659 CVE-2020-6463 CVE-2020-15652 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.33.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.33.1] - [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1824907] [2.6.32-754.32.1] - [wireless] libertas: make lbs_ibss_join_existing() return error code on rates overflow (Jarod Wilson) [1776569] - [wireless] libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held (Jarod Wilson) [1776569] - [wireless] libertas: Fix two buffer overflows at parsing bss descriptor (Jarod Wilson) [1776569] - [security] keys: Protect request_key() against a type with no match function (Patrick Talbert) [1433220] {CVE-2017-2647} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14896 CVE-2017-2647 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 Oracle Linux 6 [68.12.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Thu Aug 20 2020 Jan Horak <jhorak@redhat.com> - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [68.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.12.0-1] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [78.3.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [78.3.0] - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15677 CVE-2020-15673 CVE-2020-15676 CVE-2020-15678 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.506.el6_10.8] - kvm-qemu-kvm-QEMU-usb-check-RNDIS-message-length.patch [bz#1869684] - kvm-qemu-kvm-QEMU-usb-fix-setup_len-init-CVE-2020-14364.patch [bz#1869684] - Resolves: bz#1869684 (CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14364 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15673 CVE-2020-15678 CVE-2020-15676 CVE-2020-15677 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.35.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.35.1] - [ata] libata: fix NULL sdev dereference race in atapi_qc_complete() (Kenneth Yin) [1876296] [2.6.32-754.34.1] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705003] - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705003] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-11487 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [32:9.8.2-0.68.rc1.8] - Fix tsig-request verify (CVE-2020-8622) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8622 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 Oracle Linux 6 [1:1.8.0.272.b10-0] - Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Switch to EA mode. - Add debugging output for build. - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - Update tarball generation script to use PR3795, following inclusion of JDK-8177334 - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14779 CVE-2020-14796 CVE-2020-14782 CVE-2020-14792 CVE-2020-14797 CVE-2020-14803 CVE-2020-14781 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.6.4-4] - Fix CVE-2020-14363 (#1873920) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14363 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 6 [78.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.0-1] - Update to 78.4.0 build1 - Disabled telemetry [78.3.1-1] - Update to 78.3.1 build1 [78.3.0-3] - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL [78.2.1-1] - Update to 78.2.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15683 CVE-2020-15969 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.17.4-18.0.1] - Fix regression from the patch for Orabug 27204421 which crashes Xvfb [Orabug: 28485058] - Fix X consumes 100% CPU if messagebus restarted [Orabug: 27204421] - Fix X server failure in FIPS mode [Orabug: 22866111] [1.17.4-18] - CVE fixes for: CVE-2020-14345 (#1872388), CVE-2020-14346 (#1872392), CVE-2020-14361 (#1872399), CVE-2020-14362 (#1872406) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14345 CVE-2020-14346 CVE-2020-14361 CVE-2020-14362 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [3:1.17-33.31.0.1] - recognize the 'force-intel' file path available on EL7+ [orabug 31655792] - disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792] - merge Oracle changes for early load via dracut - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - remove other caveat support to be compatible with early load logic - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] [2:1.17-33.31] - Update Intel CPU microcode to microcode-20201027 release, addresses CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (#1893243, #1893238): - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode (in microcode.dat) at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat) at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode (in microcode.dat) at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in microcode-06-4e-03.dat) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in microcode-06-55-04.dat) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in microcode-06-5e-03.dat) from revision 0xdc up to 0xe2; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode (in microcode.dat) from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode (in microcode.dat) from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode (in microcode.dat) from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat) from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode (in microcode.dat) from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode (in microcode.dat) from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode (in microcode.dat) from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from revision 0x78 up to 0xa0; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in microcode.dat) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from revision 0xca up to 0xe0. [2:1.17-33.30] - Add README file to the documentation directory. - Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. - Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8698 CVE-2020-8696 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 6 [78.4.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Tue Nov 10 2020 erack@redhat.com - 78.4.1-1 - Update to 78.4.1 - Filtering nss/nspr libs [78.4.0-3] - Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading [78.4.0-2] - Enable addon sideloading [78.4.0-1] - Update to 78.4.0 build2 * Fri Sep 18 2020 Jan Horak <jhorak@redhat.com> - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:5.5-60.0.1] - Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373] [1:5.5-60.el6.2] - fix CVE-2020-15862 (#1875960) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15862 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 6 [78.4.3-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.3-1] - Update to 78.4.3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [78.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.0-1] - Update to 78.5.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26951 CVE-2020-26960 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-16012 CVE-2020-26958 CVE-2020-26965 CVE-2020-26961 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [78.5.0-1.0.1] - Fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [78.5.0-1] - Update to 78.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26965 CVE-2020-26951 CVE-2020-26959 CVE-2020-26968 CVE-2020-26961 CVE-2020-26956 CVE-2020-26953 CVE-2020-16012 CVE-2020-26958 CVE-2020-26960 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.35.1] - ixgbe: protect TX timestamping from API misuse (Manjunath Patil) [Orabug: 30275491] - block: init flush rq ref count to 1 (Josef Bacik) [Orabug: 30360559] - block: fix null pointer dereference in blk_mq_rq_timed_out() (Yufen Yu) [Orabug: 30360559] - blk-mq: Remove generation seqeunce (Keith Busch) [Orabug: 30360559] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580687] {CVE-2019-15807} - scsi: qla2xxx: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 30618784] {CVE-2019-16233} - printk: Default console logging level should be set to 4 (Boris Ostrovsky) [Orabug: 30657070] [4.1.12-124.34.2] - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (James Smart) [Orabug: 30569875] - scsi: lpfc: Make PBDE optimizations configurable (James Smart) [Orabug: 30569875] - scsi: lpfc: Update driver version to 11.4.0.8 and Copyright updates (Ketan Mukadam) [Orabug: 30569875] - scsi: lpfc: Fix ELS abort on SLI-3 adapters (James Smart) [Orabug: 30569875] - scsi: lpfc: Correct race with abort on completion path (James Smart) [Orabug: 30569875] - scsi: lpfc: update manufacturer attribute to reflect Broadcom (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Correct topology type reporting on G7 adapters (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (James Smart) [Orabug: 30569875] - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (James Smart) [Orabug: 30569875] - scsi: lpfc: Enhance log messages when reporting CQE errors (James Smart) [Orabug: 30569875] - scsi: lpfc: Fix frequency of Release WQE CQEs (James Smart) [Orabug: 30569875] - scsi: lpfc: Code cleanup for 128byte wqe data type (James Smart) [Orabug: 30569875] - scsi: lpfc: use __raw_writeX on DPP copies (James Smart) [Orabug: 30569875] - scsi: lpfc: Add embedded data pointers for enhanced performance (James Smart) [Orabug: 30569875] - scsi: lpfc: Enable fw download on if_type=6 devices (James Smart) [Orabug: 30569875] - scsi: lpfc: Add if_type=6 support for cycling valid bits (James Smart) [Orabug: 30569875] - scsi: lpfc: Add 64G link speed support (James Smart) [Orabug: 30569875] - scsi: lpfc: Add PCI Ids for if_type=6 hardware (James Smart) [Orabug: 30569875] - scsi: lpfc: Add push-to-adapter support to sli4 (James Smart) [Orabug: 30569875] - scsi: lpfc: Add SLI-4 if_type=6 support to the code base (James Smart) [Orabug: 30569875] - scsi: lpfc: Rework sli4 doorbell infrastructure (James Smart) [Orabug: 30569875] - scsi: lpfc: Rework lpfc to allow different sli4 cq and eq handlers (James Smart) [Orabug: 30569875] - x86/bugs: use check_bugs instead of microcode_late_select_mitigation (Mihai Carabas) [Orabug: 30332499] - x86/bugs: spec_ctrl_mutex taken in stop_machine context (Mihai Carabas) [Orabug: 30332499] - x86/microcode: moved cpu feature late eval to stop_machine (Mihai Carabas) [Orabug: 30332499] - x86/cpu: Re-apply forced caps every time CPU caps are re-read (Andy Lutomirski) [Orabug: 30332499] - x86/microcode/intel: Check microcode revision before updating sibling threads (Ashok Raj) [Orabug: 30332499] - tracing: Fix possible double free on failure of allocating trace buffer (Steven Rostedt (VMware)) [Orabug: 30633873] {CVE-2017-18595} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 CVE-2019-16233 CVE-2017-18595 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.42.1] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580688] {CVE-2019-15807} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.318.1] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379640] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580689] {CVE-2019-15807} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 5 Oracle Linux 6 [2.6.39-400.319.1] - net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350265] {CVE-2019-15916} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15916 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.1] - iscsi-target: graceful disconnect on invalid mapping to iovec (Imran Haider) [Orabug: 30459537] - x86/microcode: Issue update message only once (Borislav Petkov) [Orabug: 30528904] - x86/microcode/intel: Issue the revision updated message only on the BSP (Borislav Petkov) [Orabug: 30528904] - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658695] {CVE-2019-19332} - rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807748] {CVE-2019-17666} [4.1.12-124.35.5] - x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557086] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557086] - mlx5: lock mlx5_core to prevent module unload (Brian Maly) [Orabug: 30566775] - rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 30576433] - x86: bugs: replace static_ with boot_ for CPU bugs mitigations (Mihai Carabas) [Orabug: 30649400] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17666 CVE-2019-19332 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.3] - Fix KABI error by keeping the struct field being removed by the below patch (Ritika Srivastava) [Orabug: 30902926] - Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Ritika Srivastava) [Orabug: 30902926] [4.1.12-124.36.2] - rds: Use bitmap to designate dropped connections (Hakon Bugge) [Orabug: 30868399] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 29797476] - CIFS: fix POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 30399972] - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819439] {CVE-2019-14901} - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864533] {CVE-2019-15291} - rds: prevent use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) [Orabug: 30865080] - KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [Orabug: 30867886] - KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [Orabug: 30867886] - slub: do not sanity check if SLAB_DEBUG_FREE is not set (Dongli Zhang) [Orabug: 30903145] - slub: extend slub debug to handle multiple slabs (Aaron Tomlin) [Orabug: 30903145] - Fix kmalloc slab creation sequence (Christoph Lameter) [Orabug: 30903145] - slab: correct size_index table before replacing the bootstrap kmem_cache_node (Daniel Sanders) [Orabug: 30903145] - mm/slab_common: support the slub_debug boot option on specific object size (Gavin Guo) [Orabug: 30903145] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 CVE-2019-14901 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.1.1] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30847137] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30847137] {CVE-2020-2732} - KVM: nVMX: Dont emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30847137] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.4] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30944739] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30944739] {CVE-2020-2732} - KVM: nVMX: Don't emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30944739] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.43.1] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864534] {CVE-2019-15291} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.320.1] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 30650888] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864535] {CVE-2019-15291} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [7.19.7-54.0.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] 462 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-5482 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.38.1] - rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31031928] - KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31078882] - vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085993] {CVE-2020-10942} - Revert 'oled: give panic handler chance to run before kexec' (Wengang Wang) [Orabug: 31098797] [4.1.12-124.37.3] - kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31047871] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055327] {CVE-2019-18806} - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085017] {CVE-2018-5953} - KVM: x86: Expose more Intel AVX512 feature to guest (Luwei Kang) [Orabug: 31085086] - x86/cpufeature: Enable new AVX-512 features (Fenghua Yu) [Orabug: 31085086] [4.1.12-124.37.2] - xenbus: req->err should be updated before req->state (Dongli Zhang) [Orabug: 30705030] - xenbus: req->body should be updated before req->state (Dongli Zhang) [Orabug: 30705030] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 CVE-2020-10942 CVE-2018-5953 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.44.1] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055328] {CVE-2019-18806} - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085018] {CVE-2018-5953} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 CVE-2018-5953 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.321.1] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055329] {CVE-2019-18806} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.1] - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] {CVE-2019-9503} - percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] {CVE-2019-19056} - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov) [Orabug: 31262557] {CVE-2017-7346} [4.1.12-124.38.5] - i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: prevent service task from running while we're suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: don't clear suspended state until we finish resuming (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: use newer generic PM support instead of legacy PM callbacks (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: use separate state bit for miscellaneous IRQ setup (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix for flow director counters not wrapping as expected (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: relax warning message in case of version mismatch (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: simplify member variable accesses (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Fix link down message when interface is brought up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Fix unqualified module message while bringing link up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} [4.1.12-124.38.4] - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208622] {CVE-2019-19532} - qla2xxx: DBG: disable 3D mailbox. (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Fix mtcp dump collection failure (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Add Serdes support for ISP27XX (Joe Carnuccio) [Orabug: 30890687] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143947] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8649} {CVE-2020-8647} - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527} - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31233769] {CVE-2019-19523} [4.1.12-124.38.3] - ipv4: implement support for NOPREFIXROUTE ifa flag for ipv4 address (Paolo Abeni) [Orabug: 30292825] - vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} - vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} - vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} {CVE-2020-8648} - xfs: stop searching for free slots in an inode chunk when there are none (Carlos Maiolino) [Orabug: 31030659] - xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [Orabug: 31032831] - xfs: validate sb_logsunit is a multiple of the fs blocksize (Darrick J. Wong) [Orabug: 31034071] - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104481] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} [4.1.12-124.38.2] - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770962] {CVE-2016-5244} - xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 30944736] - xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30944736] - xfs: increase the default parallelism levels of pwork clients (Junxiao Bi) [Orabug: 30944736] - xfs: decide if inode needs inactivation (Junxiao Bi) [Orabug: 30944736] - xfs: refactor the predicate part of xfs_free_eofblocks (Junxiao Bi) [Orabug: 30944736] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067516] {CVE-2020-9383} - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118691] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136753] {CVE-2020-11494} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-0144 CVE-2019-19527 CVE-2016-5244 CVE-2020-8647 CVE-2019-0140 CVE-2019-14815 CVE-2017-7346 CVE-2020-11494 CVE-2020-8649 CVE-2020-9383 CVE-2019-0139 CVE-2020-8648 CVE-2019-19056 CVE-2019-19532 CVE-2019-9503 CVE-2019-14814 CVE-2019-14816 CVE-2019-19523 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.45.1] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208623] {CVE-2019-19532} - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 31224360] {CVE-2017-7261} - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 31234676] {CVE-2019-9503} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-7261 CVE-2019-19527 CVE-2019-19532 CVE-2019-9503 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.46.1] - ipv6: only static routes qualify for equal cost multipathing (Hannes Frederic Sowa) [Orabug: 30977687] {CVE-2013-4125} - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240296] {CVE-2019-19523} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317668] {CVE-2019-19537} - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351063] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351063] {CVE-2019-19528} - mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352012] {CVE-2018-18281} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2013-4125 CVE-2018-18281 CVE-2019-19523 CVE-2019-19528 CVE-2019-19537 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.5] - Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213691] {CVE-2019-19524} - libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351307] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897} - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook) [Orabug: 31352068] {CVE-2017-1000370} {CVE-2017-1000371} {CVE-2017-1000370} - NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357212] - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357212] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387466] [4.1.12-124.39.4] - acpi: disable erst (Wengang Wang) [Orabug: 31194253] - mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222292] {CVE-2019-12819} - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302708] - vxlan: dont migrate permanent fdb entries during learn (Roopa Prabhu) [Orabug: 31325318] - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351061] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351061] {CVE-2019-19528} - mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352011] {CVE-2018-18281} [4.1.12-124.39.3] - Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200558] {CVE-2019-20636} - media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200579] {CVE-2020-11609} - media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213758] {CVE-2020-11608} - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213767] {CVE-2020-11668} - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263147] {CVE-2019-19057} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317667] {CVE-2019-19537} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11609 CVE-2017-1000370 CVE-2019-12819 CVE-2019-14897 CVE-2019-19528 CVE-2019-19537 CVE-2019-19057 CVE-2018-18281 CVE-2019-19524 CVE-2020-11668 CVE-2019-20636 CVE-2020-11608 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.322.1] - ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208624] {CVE-2019-19532} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19532 CVE-2019-19527 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 5 Oracle Linux 6 [2.6.39-400.323.1] - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240297] {CVE-2019-19523} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317669] {CVE-2019-19537} - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351064] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351064] {CVE-2019-19528} [2.6.39-400.322.1] - ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208624] {CVE-2019-19532} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19523 CVE-2019-19528 CVE-2019-19537 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.5.1] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352782] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352782] {CVE-2020-054 3} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352782] {CVE- 2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31352782] {CVE-2020-0543} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0543 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.40.6] - ipv4: ipv4_default_advmss() should use route mtu (Eric Dumazet) [Orabug: 31563095] - net: ipv4: Refine the ipv4_default_advmss (Gao Feng) [Orabug: 31563095] [4.1.12-124.40.5] - Revert 'bnxt_en: Remove busy poll logic in the driver.' (Brian Maly) [Orabug: 28151475] - md: batch flush requests. (NeilBrown) [Orabug: 31332821] - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351891] {CVE-2019-15214} - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538} - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538} - atomic_open(): fix the handling of create_error (Al Viro) [Orabug: 31493395] [4.1.12-124.40.4] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351119] {CVE-2019-19533} - NFS: Fix a performance regression in readdir (Trond Myklebust) [Orabug: 31409061] [4.1.12-124.40.3] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31475612] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31475612] {CVE-2020-0543} [4.1.12-124.40.2] - MCE: Restrict MCE banks to 6 on AMD platform (Zhenzhong Duan) [Orabug: 30000521] - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351141] {CVE-2019-19534} - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351250] {CVE-2019-19536} - xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430876] [4.1.12-124.40.1] - iscsi_target: fix mismatch spinlock unlock (Junxiao Bi) [Orabug: 31202372] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19533 CVE-2019-19536 CVE-2017-16538 CVE-2019-15214 CVE-2019-19534 CVE-2020-0543 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.47.1] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351121] {CVE-2019-19533} - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351143] {CVE-2019-19534} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351893] {CVE-2019-15214} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19534 CVE-2019-19533 CVE-2019-15214 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.324.1] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351122] {CVE-2019-19533} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351895] {CVE-2019-15214} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19533 CVE-2019-15214 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.41.4] - uek-rpm: Add OL6 shim conflict for new signing key (Eric Snowberg) [Orabug: 31688239] - Revert 'certs: Add Oracle's new X509 cert into the kernel keyring' (Eric Snowberg) [Orabug: 31688223] - blk-mq: don't overwrite rq->mq_ctx (Jens Axboe) [Orabug: 31457304] - blk-mq: mark ctx as pending at batch in flush plug path (Ming Lei) [Orabug: 31457304] [4.1.12-124.41.3] - scsi: qla2xxx: Fix stuck session in GNL (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx: Serialize session free in qlt_free_session_done (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx: v2: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 26932683] - scsi: qla2xxx: v2: Move ABTS code behind qpair (Quinn Tran) [Orabug: 31517449] - ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31027042] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31027042] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31027042] - block_dev: don't test bdev->bd_contains when it is not stable (NeilBrown) [Orabug: 31554143] - KVM: x86: Remove spurious semicolon (Joao Martins) [Orabug: 31584727] [4.1.12-124.41.2] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351672] {CVE-2019-19054} - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} {CVE-2020-12888} - vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439671] {CVE-2020-12888} - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - mm: bring in additional flag for fixup_user_fault to signal unlock (Dominik Dingel) [Orabug: 31439671] {CVE-2020-12888} - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439671] {CVE-2020-12888} - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31514993] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31514993] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31514993] - Revert 'x86/efi: Request desired alignment via the PE/COFF headers' (Matt Fleming) [Orabug: 31602576] [4.1.12-124.41.1] - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31516085] {CVE-2020-14416} - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() (himanshu.madhani@cavium.com) [Orabug: 31530589] - scsi: qla2xxx: Fix NULL pointer access for fcport structure (Quinn Tran) [Orabug: 31530589] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12888 CVE-2020-14416 CVE-2019-19054 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.48.1] - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351641] {CVE-2019-19062} - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351673] {CVE-2019-19054} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19062 CVE-2019-19054 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.42.3] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535} - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644} - fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] - clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270] [4.1.12-124.42.2] - mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] - mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] - mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975] - genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450] [4.1.12-124.42.1] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10732 CVE-2019-19049 CVE-2019-19062 CVE-2019-20811 CVE-2017-16644 CVE-2019-10639 CVE-2019-19535 CVE-2019-10638 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.49.1] - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351996] {CVE-2018-16884} - sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351996] {CVE-2018-16884} - af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439108] {CVE-2019-20812} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705122] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783152] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20812 CVE-2018-16884 CVE-2020-14331 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.43.4] - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) (Jann Horn) [Orabug: 29434845] {CVE-2019-6974} - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) (Peter Shier) [Orabug: 29434898] {CVE-2019-7221} - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) (Paolo Bonzini) [Orabug: 29434924] {CVE-2019-7222} - net: arc_emac: fix koops caused by sk_buff free (Alexander Kochetkov) [Orabug: 30254239] {CVE-2016-10906} - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - x86/apic/msi: update address_hi on set msi affinity (Joe Jin) [Orabug: 31477035] - x86/apic/msi: check and sync apic IRR on msi_set_affinity (Joe Jin) [Orabug: 31477035] - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [Orabug: 31872821] {CVE-2020-1749} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872910] {CVE-2020-25212} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884169] {CVE-2020-25284} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884239] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895331] {CVE-2020-14314} [4.1.12-124.43.3] - ARM: amba: Fix race condition with driver_override (Geert Uytterhoeven) [Orabug: 29671212] {CVE-2018-9415} - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (xiao jin) [Orabug: 30120513] {CVE-2018-20856} - USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484761] {CVE-2017-8925} - nl80211: validate beacon head (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add and use strongly typed element iteration macros (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add helper to find an IE that matches a byte-array (Luca Coelho) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: allow finding vendor with OUI without specifying the OUI type (Emmanuel Grumbach) [Orabug: 30556264] {CVE-2019-16746} - dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30732821] {CVE-2019-20096} - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770913] {CVE-2019-19965} - kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon) [Orabug: 31350720] {CVE-2019-14898} - sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 31350720] {CVE-2019-14898} - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351572] {CVE-2019-19073} - can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) [Orabug: 31351682] {CVE-2019-19052} - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (Takashi Iwai) [Orabug: 31351837] {CVE-2019-15927} - media: usb: siano: Fix general protection fault in smsusb (Alan Stern) [Orabug: 31351875] {CVE-2019-15218} - crypto: vmac - separate tfm and request context (Eric Biggers) [Orabug: 31584410] - SUNRPC: Fix a race with XPRT_CONNECTING (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Reduce latency when send queue is congested (Trond Myklebust) [Orabug: 31796770] - SUNRPC: RPC transport queue must be low latency (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix a potential race in xprt_connect() (Trond Myklebust) [Orabug: 31796770] - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (NeilBrown) [Orabug: 31796770] - SUNRPC: Fix races between socket connection and destroy code (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Prevent SYN+SYNACK+RST storms (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Report TCP errors to the caller (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Ensure we release the TCP socket once it has been closed (Trond Myklebust) [Orabug: 31796770] - net-gro: fix use-after-free read in napi_gro_frags() (Eric Dumazet) [Orabug: 31856195] {CVE-2020-10720} - PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867577] [4.1.12-124.43.2] - ALSA: seq: Cancel pending autoload work at unbinding device (Takashi Iwai) [Orabug: 31352045] {CVE-2017-16528} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352084] {CVE-2017-8924} - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543032] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543032] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543032] - tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543032] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543032] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543032] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543032] - tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543032] [4.1.12-124.43.1] - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123576] {CVE-2019-19768} - media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224554] {CVE-2019-15505} - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351746] {CVE-2019-18885} - RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 31351783] {CVE-2019-17075} - mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} - mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} {CVE-2019-3846} - repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351941] {CVE-2019-11487} - mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351941] {CVE-2019-11487} - mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351960] {CVE-2019-3874} - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439107] {CVE-2019-20812} - selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439369] {CVE-2020-10751} - selinux: Print 'sclass' as string when unrecognized netlink message occurs (Marek Milkovic) [Orabug: 31439369] {CVE-2020-10751} - mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen) [Orabug: 31473652] {CVE-2019-5108} - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky) [Orabug: 31473652] {CVE-2019-5108} - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535529] {CVE-2020-10769} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705121] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783151] [4.1.12-124.42.4] - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30634865] - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31683116] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31683116] [4.1.12-124.42.3] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535} - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644} - fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] - clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270] [4.1.12-124.42.2] - mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] - mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] - mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975] - genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450] [4.1.12-124.42.1] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2016-10905 CVE-2019-16746 CVE-2019-19768 CVE-2019-20812 CVE-2020-10751 CVE-2017-8924 CVE-2019-17075 CVE-2019-18885 CVE-2020-25212 CVE-2020-10769 CVE-2017-16528 CVE-2018-9415 CVE-2019-5108 CVE-2020-25284 CVE-2019-19965 CVE-2020-14314 CVE-2019-3846 CVE-2020-1749 CVE-2019-15218 CVE-2019-15505 CVE-2019-15927 CVE-2019-19073 CVE-2019-11487 CVE-2019-20096 CVE-2019-3874 CVE-2019-7221 CVE-2016-10906 CVE-2017-8925 CVE-2019-7222 CVE-2020-14331 CVE-2019-19052 CVE-2020-25285 CVE-2019-6974 CVE-2018-20856 CVE-2019-20054 CVE-2020-10720 CVE-2018-16884 CVE-2019-14898 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.325.1] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351676] {CVE-2019-19054} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705125] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783153] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19054 CVE-2020-14331 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.50.1] - USB: serial: omninet: fix reference leaks at open (Mark Nicholson) [Orabug: 30484762] {CVE-2017-8925} - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254252] {CVE-2016-10905} - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254252] {CVE-2016-10905} - GFS2: Use range based functions for rgrp sync/invalidation (Steven Whitehouse) [Orabug: 30254252] {CVE-2016-10905} - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732940] {CVE-2019-20054} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732940] {CVE-2019-20054} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770914] {CVE-2019-19965} - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351573] {CVE-2019-19073} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352085] {CVE-2017-8924} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884241] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895332] {CVE-2020-14314} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19965 CVE-2019-20054 CVE-2019-19073 CVE-2020-25285 CVE-2016-10905 CVE-2017-8924 CVE-2017-8925 CVE-2020-14314 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.326.1] - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351574] {CVE-2019-19073} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352086] {CVE-2017-8924} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884244] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895333] {CVE-2020-14314} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14314 CVE-2020-25285 CVE-2017-8924 CVE-2019-19073 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.44.4] - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (himanshu.madhani@cavium.com) [Orabug: 32020790] [4.1.12-124.44.3] - qed: Reduce verbosity of unimplemented MFW messages (Mintz, Yuval) [Orabug: 31959299] - kexec: validate pe files against the system_blacklist_keyring (Eric Snowberg) [Orabug: 31961119] {CVE-2020-26541} [4.1.12-124.44.2] - usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351088] {CVE-2019-19530} - net/rds: migration of a delayed initialized port present in down state (Praveen Kumar Kannoju) [Orabug: 31729995] - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31835223] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31835223] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aruna Ramakrishna) [Orabug: 31835223] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aruna Ramakrishna) [Orabug: 31835223] - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk (Mel Gorman) [Orabug: 31835223] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872865] {CVE-2020-25211} - net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880144] - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974559] [4.1.12-124.44.1] - oracleasm: Retrieve d_bdev before dropping inode (Stephen Brennan) [Orabug: 31832592] - KVM: VMX: fixes for vmentry_l1d_flush module parameter (Paolo Bonzini) [Orabug: 31962487] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2016-7917 CVE-2019-19530 CVE-2020-25643 CVE-2016-7913 CVE-2020-26541 CVE-2020-25211 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.44.4.1] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040806] {CVE-2020-8694} {CVE-2020-8695} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8694 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.45.2] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32137965] {CVE-2020-8694} {CVE-2020-8695} [4.1.12-124.45.1] - Revert 'x86/efi: Initialize and display UEFI secure boot state a bit later during init' (Eric Snowberg) [Orabug: 31887248] - xfs: fix xfs_inode use after free (Wengang Wang) [Orabug: 31932452] - SUNRPC: ECONNREFUSED should cause a rebind. (NeilBrown) [Orabug: 32070175] - netfilter: nfnetlink: correctly validate length of batch messages (Phil Turnbull) [Orabug: 30658635] {CVE-2016-7917} - xc2028: Fix use-after-free bug properly (Takashi Iwai) [Orabug: 30658659] {CVE-2016-7913} - [media] xc2028: avoid use after free (Mauro Carvalho Chehab) [Orabug: 30658659] {CVE-2016-7913} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 30821411] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989190] {CVE-2020-25643} - tracing: Reverse the order of trace_types_lock and event_mutex (Alan Maguire) [Orabug: 32002706] - ocfs2/dlm: move lock to the tail of grant queue while doing in-place convert (xuejiufei) [Orabug: 32071234] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8694 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2014-4508 cpe:/a:oracle:linux:6::MODRHCK cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.327.1] - USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484765] {CVE-2017-8925} - x86_32, entry: Store badsys error code in %eax (Sven Wegener) [Orabug: 30783266] {CVE-2014-4508} {CVE-2014-4508} - x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508) (Andy Lutomirski) [Orabug: 30783266] {CVE-2014-4508} {CVE-2014-4508} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-8925 CVE-2014-4508 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.51.2] - Revert 'kexec: Validate pe files against the system_lacklist_keyring' (John Donnelly) [Orabug: 32171714] {CVE-2020-26541} {CVE-2020-26541} [3.8.13-118.51.1] - usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351090] {CVE-2019-19530} - kexec: Validate pe files against the system_lacklist_keyring (Eric Snowberg) [Orabug: 31961121] {CVE-2020-26541} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974695] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19530 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.45.6] - qla2xxx: disable target reset during link reset and update version (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix early srb free on abort (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (Masanari Iida) [Orabug: 32095664] - scsi: qla2xxx: Enable Async TMF processing (himanshu.madhani@cavium.com) [Orabug: 32095664] - qla2xxx: tweak debug message for task management path (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Arun Easi) [Orabug: 32095664] - scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix race between switch cmd completion and timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx:v2: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: v2 Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: v2 Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: v2: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 32095664] [4.1.12-124.45.5] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31512608] [4.1.12-124.45.4] - block: Move part of bdi_destory() to del_gendisk() as bdi_unregister(). (Jan Kara) [Orabug: 32124131] - kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138039] [4.1.12-124.45.3] - drm/vmwgfx: Make sure backup_handle is always valid (Sinclair Yeh) [Orabug: 31352076] {CVE-2017-9605} - random32: move the pseudo-random 32-bit definitions to prandom.h (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166} - random32: remove net_rand_state from the latent entropy gcc plugin (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166} - random: fix circular include dependency on arm64 after addition of percpu.h (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166} - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166} - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021856] - kvm: x86: do not leak guest xcr0 into host interrupt handlers (David Matlack) [Orabug: 32021856] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-9605 CVE-2020-16166 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.52.1] - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535530] {CVE-2020-10769} - crypto: authenc - Export key parsing helper function (Mathias Krause) [Orabug: 31535530] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10769 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 [2.6.39-400.328.1] - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535531] {CVE-2020-10769} - crypto: authenc - Export key parsing helper function (Mathias Krause) [Orabug: 31535531] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10769 cpe:/a:oracle:linux:6::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.53.1] - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176267] - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176267] {CVE-2020-28915} - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187751] {CVE-2020-28974} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-28915 CVE-2020-28974 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.46.3] - mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781859] {CVE-2019-14895} {CVE-2019-14895} - ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265320] {CVE-2019-19037} {CVE-2019-19037} - netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350493] {CVE-2020-10711} - scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652} - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652} - USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350967] {CVE-2020-12464} - drivers: usb: core: Minimize irq disabling in usb_sg_cancel() (David Mosberger) [Orabug: 31350967] {CVE-2020-12464} - drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. (David Mosberger) [Orabug: 31350967] {CVE-2020-12464} - ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351014] {CVE-2019-19447} - xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 31984319] - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (Josh Abraham) [Orabug: 31984319] - ext4: fix fencepost in s_first_meta_bg validation (Theodore Ts'o) [Orabug: 32197511] - dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32202000] - sched/fair: Don't free p->numa_faults with concurrent readers (Jann Horn) [Orabug: 32212524] {CVE-2019-20934} - netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Vasily Averin) [Orabug: 32222844] {CVE-2020-14305} - perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233360] {CVE-2020-14351} - ext4: fix calculation of meta_bg descriptor backups (Andy Leiserson) [Orabug: 32245133] [4.1.12-124.46.2] - ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 31780626] - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915} - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915} - page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177993] - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187749] {CVE-2020-28974} - block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194609] {CVE-2020-15436} - icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227971] {CVE-2020-25705} [4.1.12-124.46.1] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722767] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722767] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722767] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722767] - xfs: catch inode allocation state mismatch corruption (Gautham Ananthakrishna) [Orabug: 32071488] - tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122731] {CVE-2020-25668} - IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136900] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-25668 CVE-2019-20934 CVE-2020-14305 CVE-2020-28915 CVE-2020-12652 CVE-2020-28974 CVE-2020-12464 CVE-2020-15436 CVE-2019-19037 CVE-2020-10711 CVE-2019-19447 CVE-2020-14351 CVE-2019-14895 CVE-2020-25705 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.46.4.1] - target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32248041] {CVE-2020-28374} [4.1.12-124.46.4] - xen/events: block rogue events for some time (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673} - xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32223358] {CVE-2020-29569} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-28374 CVE-2020-27673 CVE-2020-29569 CVE-2020-29568 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 [1.8.6p3-29.0.2.el6_10.3] - backport the fix CVE-2021-3156.patch from ol7. IMPORTANT Copyright 2021 Oracle, Inc. cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.47.3] - sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 31588015] [4.1.12-124.47.2] - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350932] {CVE-2020-12653} - lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 31435700] - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (Takashi Iwai) [Orabug: 32240688] {CVE-2020-27786} - xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568} - xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568} - xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568} - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568} - xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568} - KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251907] - tty: Fix ->session locking (Jann Horn) [Orabug: 32266682] {CVE-2020-29660} - tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266682] {CVE-2020-29660} - tty: core: Use correct spinlock flavor in tiocspgrp() (Peter Hurley) [Orabug: 32266682] {CVE-2020-29660} - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349208] {CVE-2020-36158} [4.1.12-124.47.1] - target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32374139] {CVE-2020-28374} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-36158 CVE-2020-29660 CVE-2020-29568 CVE-2020-27786 CVE-2020-12653 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.54.1] - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349209] {CVE-2020-36158} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-36158 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.54.1] - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349209] {CVE-2020-36158} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-36158 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 [2.6.39-400.330.1] - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349211] {CVE-2020-36158} [2.6.39-400.329.1] - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176268] {CVE-2020-28915} - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176268] {CVE-2020-28915} - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187752] {CVE-2020-28974} - vt: sort out locking for font handling (Alan Cox) [Orabug: 32187752] {CVE-2020-28974} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-28915 CVE-2020-36158 CVE-2020-28974 cpe:/a:oracle:linux:6::UEK_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.48.3.1] - xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492113] {CVE-2021-26930} - xen-scsiback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492105] {CVE-2021-26931} - xen-netback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492105] {CVE-2021-26931} - xen-blkback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492105] {CVE-2021-26931} - Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932} - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932} - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932} - Xen/x86: don't bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932} [4.1.12-124.48.3] - bnxt_en: Fix ethtool -x crash when device is down. (Michael Chan) [Orabug: 32466092] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-26932 CVE-2021-26930 CVE-2021-26931 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 [253-1.0.1] - fix xutf8.h to work with up-to-date Xlib - fix crash in combining character support {CVE-2021-27135} [orabug 32496959] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-27135 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-26930 CVE-2021-26932 CVE-2020-0431 CVE-2021-26931 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.48.6] - scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603382] - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603382] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} - scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603382] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603382] - scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603382] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 [32:9.8.2-0.68.rc1.0.1.8] - Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749) IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-8625 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 Oracle Linux 6 [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-1971 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 Oracle Linux 6 [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.1e-58] - fix CVE-2019-1559 - 0-byte record padding oracle [1.0.1e-57] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher [1.0.1e-55] - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts [1.0.1e-54] - fix handling of ciphersuites present after the FALLBACK_SCSV ciphersuite entry (#1386350) [1.0.1e-53] - add README.legacy-settings [1.0.1e-52] - deprecate and disable verification of insecure hash algorithms - disallow DH keys with less than 1024 bits in TLS client - remove support for weak and export ciphersuites - use correct digest when exporting keying material in TLS1.2 (#1376741) [1.0.1e-50] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates [1.0.1e-49] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-42] - fix regression caused by mistake in fix for CVE-2015-1791 [1.0.1e-41] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-40] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-39] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-38] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-37] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-36] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-35] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-34] - copy digest algorithm when handling SNI context switch - improve documentation of ciphersuites - patch by Hubert Kario - add support for setting Kerberos service and keytab in s_server and s_client [1.0.1e-33] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records [1.0.1e-32] - use FIPS approved method for computation of d in RSA [1.0.1e-31] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-1971 cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.49.3.1] - SecureBoot Digicert 2021 certificates update (Brian Maly) [Orabug: 32532671] [4.1.12-124.49.3] - xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32485156] - audit: fix error handling in audit_data_to_entry() (Paul Moore) [Orabug: 32608451] {CVE-2020-0444} [4.1.12-124.49.2] - scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32640641] - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32640641] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} - scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32640641] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32640641] - scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32640641] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365} [4.1.12-124.49.1] - hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576074] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-27364 CVE-2021-27363 CVE-2021-27365 CVE-2020-0444 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [1.8.6p3-29.0.3.el6_10.3] - Fix a bug on CVE-2021-3156.patch backported from ol7 [Orabug: 32717065] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-3156 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 Oracle Linux 6 [2.6.32-754.35.1.0.3.OL6] - Fixes for RHSA-2021:1288 [Orabug: 32809880] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-20265 CVE-2021-27364 CVE-2021-27365 CVE-2020-29661 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing (CVE-2021-25215) IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-25215 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.50.2] - btrfs: fix race when cloning extent buffer during rewind of an old root (Filipe Manana) [Orabug: 32669454] {CVE-2021-28964} - xen-blkback: don't leak persistent grants from xen_blkbk_map() (Jan Beulich) [Orabug: 32697855] {CVE-2021-28688} - netfilter: x_tables: Use correct memory barriers. (Mark Tomlinson) [Orabug: 32709125] {CVE-2021-29650} - netfilter: x_tables: make xt_replace_table wait until old rules are not used anymore (Florian Westphal) [Orabug: 32709125] {CVE-2021-29650} - do_epoll_ctl(): clean the failure exits up a bit (Al Viro) [Orabug: 32759496] {CVE-2020-0466} - epoll: Keep a reference on files added to the check list (Marc Zyngier) [Orabug: 32759496] {CVE-2020-0466} - HID: core: Sanitize event code and type when mapping input (Marc Zyngier) [Orabug: 32759553] {CVE-2020-0465} [4.1.12-124.50.1] - floppy: fix lock_fdc() signal handling (Jiri Kosina) [Orabug: 32624116] {CVE-2021-20261} - Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651478] {CVE-2021-28038} - n_tty: Fix stall at n_tty_receive_char_special(). (Tetsuo Handa) [Orabug: 32656942] {CVE-2021-20219} - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (Eddy Wu) [Orabug: 32695783] {CVE-2020-35508} - Return EBUSY from BLKRRPART for mounted whole-dev fs (Eric Sandeen) [Orabug: 32696741] - SecureBoot Digicert 2021 certificates update (Brian Maly) [Orabug: 32734505] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-0465 CVE-2020-0466 CVE-2021-29650 CVE-2021-28964 CVE-2021-20261 CVE-2021-28688 CVE-2021-28038 CVE-2021-20219 CVE-2020-35508 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [4:5.10.1-144.0.1] - Backport patch for CVE-2020-10543 [Orabug: 32855589] - Backport patch for CVE-2020-10878 [Orabug: 32855589] - Backport patch for CVE-2020-12723 [Orabug: 32855589] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-10543 CVE-2020-12723 CVE-2020-10878 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 Oracle Linux 6 [12:4.1.1-63.P1.0.2] - Added dhcp-4.1.1-P1-CVE-2021-25217.patch [Orabug: 33005948] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-25217 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [2.28.8-10.0.1] - Backport fixes for CVE-2021-27219 [Orabug: 33017896] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-27219 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.52.4] - IB/core: Only update PKEY and GID caches on respective events (Hakon Bugge) [Orabug: 32816368] - Revert 'Allow mce to reset instead of panic on UE' (William Roche) [Orabug: 32820278] - Bluetooth: verify AMP hci_chan before amp_destroy (Archie Pusaka) [Orabug: 32912103] {CVE-2021-33034} - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (Peilin Ye) [Orabug: 33013890] {CVE-2020-36386} - qla2xxx: update version to 9.00.00.00.42.0-k1-v5 (Quinn Tran) [Orabug: 33015884] - scsi: qla2xxx: v2: Fix login retry count (Quinn Tran) [Orabug: 29411891] [Orabug: 33015884] - scsi: qla2xxx: Properly extract ADISC error codes (Quinn Tran) [Orabug: 33015884] - scsi: qla2xxx: Replace GPDB with async ADISC command (Quinn Tran) [Orabug: 33015884] - qla2xxx: update version to 9.00.00.00.42.0-k1-v4 (Quinn Tran) [Orabug: 33015884] - qla2xxx: fix relogin stalled. (Quinn Tran) [Orabug: 27700529] [Orabug: 33015884] - net/mlx4: Treat VFs fair when handling comm_channel_events (Hans Westgaard Ry) [Orabug: 33017263] [4.1.12-124.52.3] - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Bartosz Golaszewski) [Orabug: 32974492] - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (David Woodhouse) [Orabug: 32974492] - secureboot: make sure kernel-signing.cer is copied to kernel-keys dir (Brian Maly) [Orabug: 32978042] [4.1.12-124.52.2] - Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021289] {CVE-2020-12352} - RDS tcp loopback connection can hang (Rao Shoaib) [Orabug: 32926868] [4.1.12-124.52.1] - dm ioctl: fix out of bounds array access when no devices (Mikulas Patocka) [Orabug: 32860494] {CVE-2021-31916} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-31916 CVE-2021-33034 CVE-2020-12352 CVE-2020-36386 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.52.5] - seq_file: disallow extremely large seq buffer allocations (Eric Sandeen) [Orabug: 33135634] {CVE-2021-33909} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-33909 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.6.32-754.35.1.0.4.OL6] - seq_file: disallow extremely large seq buffer allocations (CVE-2021-33909) (Eric Sandeen) [Orabug: 33137331] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-33909 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.53.5] - seq_file: disallow extremely large seq buffer allocations (Eric Sandeen) [Orabug: 33143006] {CVE-2021-33909} [4.1.12-124.53.3] - net/mlx4: Fix EEPROM dump support (Vladyslav Tarasiuk) [Orabug: 31895301] {CVE-2020-14304} - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (Erez Alfasi) [Orabug: 31895301] {CVE-2020-14304} - netfilter: x_tables: fix compat match/target pad out-of-bound write (Florian Westphal) [Orabug: 33093028] {CVE-2021-22555} - xen/blkback: Make sure all vbd fields are initialized (Boris Ostrovsky) [Orabug: 33131620] [4.1.12-124.53.2] - scsi: lpfc: Fix driver crash in target reset handler (James Smart) [Orabug: 33048899] [4.1.12-124.53.1] - xfs: fix lockup issue (Junxiao Bi) [Orabug: 32836026] - bluetooth: eliminate the potential race condition when removing the HCI controller (Lin Ma) [Orabug: 32912036] {CVE-2021-32399} {CVE-2021-32399} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-32399 CVE-2021-33909 CVE-2020-14304 CVE-2021-22555 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.6.32-754.35.1.0.5.OL6] - [kernel] futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [1922249] {CVE-2021-3347} [Orabug: 33150734] - [kernel] futex: Handle faults correctly for PI futexes (Thomas Gleixner) [1922249] {CVE-2021-3347} [Orabug: 33150734] - [kernel] futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [1922249] {CVE-2021-3347}[Orabug: 33150734] - [kernel] futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [1922249] {CVE-2021-3347} [Orabug: 33150734] - [kernel] futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [1922249] {CVE-2021-3347} [Orabug: 33150734] - [drm] drm/i915/guc: Disable firmware loading on i915 option (Dave Airlie) [1930246] {CVE-2020-12362} [Orabug: 33150734] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-3347 CVE-2020-12362 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.54.6] - xen-netback: do not kfree_skb() when irq is disabled (Dongli Zhang) [Orabug: 33282046] [4.1.12-124.54.5] - l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall() (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429} - l2tp: ensure sessions are freed after their PPPOL2TP socket (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429} - l2tp: Refactor the codes with existing macros instead of literal number (Gao Feng) [Orabug: 33113975] {CVE-2020-0429} - l2tp: fix duplicate session creation (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429} - l2tp: ensure session can't get removed during pppol2tp_session_ioctl() (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429} - l2tp: fix race in l2tp_recv_common() (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429} - net: l2tp: Make l2tp_ip6 namespace aware (Shmulik Ladkani) [Orabug: 33113975] {CVE-2020-0429} - l2tp: Correctly return -EBADF from pppol2tp_getname. (phil.turnbull@oracle.com) [Orabug: 33113975] {CVE-2020-0429} [4.1.12-124.54.4] - USB: mon: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 33113260] {CVE-2019-9456} - usb: usbmon: Read text within supplied buffer size (Pete Zaitcev) [Orabug: 33113260] {CVE-2019-9456} [4.1.12-124.54.3] - uek-rpm: mark /etc/ld.so.conf.d/ files as %config (Stephen Brennan) [Orabug: 32060376] - config: remove CONFIG_VGACON_SOFT_SCROLLBACK from kernel configs (Brian Maly) [Orabug: 33047770] {CVE-2020-28097} {CVE-2020-28097} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 33047770] {CVE-2020-28097} - can: bcm: delay release of struct bcm_op after synchronize_rcu() (Thadeu Lima de Souza Cascardo) [Orabug: 33114649] {CVE-2021-3609} - iommu/vt-d: Use plain writeq() for dmar_writeq() where available (David Woodhouse) [Orabug: 33199774] [4.1.12-124.54.2] - qla2xxx: update version to 9.00.00.00.42.0-k1-v6 (Quinn Tran) [Orabug: 33196002] - qla2xxx: add heartbeat check (Quinn Tran) [Orabug: 33196002] [4.1.12-124.54.1] - can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) [Orabug: 33030701] {CVE-2021-34693} - CIFS: 511c54a2f691 adds a check for session expiry (Aruna Ramakrishna) [Orabug: 33063858] - CIFS: Reconnect expired SMB sessions (Pavel Shilovsky) [Orabug: 33063858] - media: v4l: event: Add subscription to list before calling 'add' operation (Sakari Ailus) [Orabug: 33113344] {CVE-2019-9458} - media: v4l: event: Prevent freeing event subscriptions while accessed (Sakari Ailus) [Orabug: 33113344] {CVE-2019-9458} - chardev: Avoid potential use-after-free in 'chrdev_open()' (Will Deacon) [Orabug: 33113412] {CVE-2020-0305} - kobject: Export kobject_get_unless_zero() (Jan Kara) [Orabug: 33113412] {CVE-2020-0305} - cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE (Sergey Matyukevich) [Orabug: 33114443] {CVE-2020-27068} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-34693 CVE-2020-28097 CVE-2019-9456 CVE-2020-0429 CVE-2019-9458 CVE-2020-0305 CVE-2021-3609 CVE-2020-27068 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.54.6.1] - fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 33369433] {CVE-2020-12114} {CVE-2020-12114} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 33369414] {CVE-2019-19448} {CVE-2019-19448} - cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 33369390] {CVE-2019-17133} - vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} {CVE-2019-3900} - vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} - vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} - vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 33369374] {CVE-2019-3900} - vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang) [Orabug: 33369374] {CVE-2019-3900} - mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587} - mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: check defrag PN against current frame (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: add fragment cache to sta_info (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: drop A-MSDUs on old ciphers (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588} - cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588} - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586} - mac80211: assure all fragments are encrypted (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147} - sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33369303] {CVE-2021-3655} - virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33369276] {CVE-2021-38160} - net_sched: cls_route: remove the right filter from hashtable (Cong Wang) [Orabug: 33369231] {CVE-2021-3715} - HID: make arrays usage and value to be the same (Will McVicker) [Orabug: 33369121] {CVE-2021-0512} - ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33369043] {CVE-2021-40490} IMPORTANT Copyright 2021 Oracle, Inc. CVE-2020-26143 CVE-2020-26144 CVE-2020-26146 CVE-2021-40490 CVE-2019-19448 CVE-2020-26141 CVE-2021-0512 CVE-2020-26139 CVE-2021-38160 CVE-2019-3900 CVE-2020-24588 CVE-2020-26145 CVE-2020-24587 CVE-2021-3655 CVE-2020-26147 CVE-2020-12114 CVE-2020-26140 CVE-2020-26142 CVE-2021-3715 CVE-2020-24586 CVE-2019-17133 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.56.1] - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (alex chen) [Orabug: 29184589] {CVE-2017-18216} - bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) {CVE-2020-12771} - filldir[64]: remove WARN_ON_ONCE() for bad directory entries (Linus Torvalds) [Orabug: 31351271] {CVE-2019-10220} - Make filldir[64]() verify the directory entry filename is valid (Linus Torvalds) [Orabug: 31351271] {CVE-2019-10220} - ath9k: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351559] {CVE-2019-19074} - scsi: bfa: release allocated memory in case of error (Navid Emamdoost) [Orabug: 31351615] {CVE-2019-19066} - rtlwifi: prevent memory leak in rtl_usb_probe (Navid Emamdoost) [Orabug: 31351626] {CVE-2019-19063} - perf/core: Fix perf_event_open() vs. execve() race (Peter Zijlstra) [Orabug: 31351766] {CVE-2019-3901} - l2tp: pass tunnel pointer to ->session_create() (Guillaume Nault) [Orabug: 31352004] {CVE-2018-9517} - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33039295] - Revert 'uek-rpm: mark /etc/ld.so.conf.d/ files as %config' (aloktiw) [Orabug: 33359684] - ksplice: Fix build warning with ksplice_sysctls (John Donnelly) [Orabug: 33365274] - kvm:vmx Fix build error in kvm/vmx.c (John Donnelly) [Orabug: 33375485] - vmscan: Fix build error in mm/vmscan.c (John Donnelly) [Orabug: 33375931] - constify iov_iter_count() and iter_is_iovec() (Al Viro) [Orabug: 33381741] [4.1.12-124.55.3] - fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 31350976] {CVE-2020-12114} {CVE-2020-12114} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351025] {CVE-2019-19448} {CVE-2019-19448} - cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 31351800] {CVE-2019-17133} - vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351950] {CVE-2019-3900} {CVE-2019-3900} - vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351950] {CVE-2019-3900} - vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351950] {CVE-2019-3900} - vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 31351950] {CVE-2019-3900} - vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang) [Orabug: 31351950] {CVE-2019-3900} - mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587} - mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: check defrag PN against current frame (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: add fragment cache to sta_info (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: drop A-MSDUs on old ciphers (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588} - cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588} - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586} - mac80211: assure all fragments are encrypted (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147} - sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33198409] {CVE-2021-3655} - virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33209274] {CVE-2021-38160} - net_sched: cls_route: remove the right filter from hashtable (Cong Wang) [Orabug: 33326887] {CVE-2021-3715} - HID: make arrays usage and value to be the same (Will McVicker) [Orabug: 33326939] {CVE-2021-0512} - ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33327200] {CVE-2021-40490} [4.1.12-124.55.2] - x86/mm: Fix compiler warning in pageattr.c (John Donnelly) [Orabug: 33332673] - security: Make inode argument of inode_getsecid non-const (Andreas Gruenbacher) [Orabug: 33337179] - security: Make inode argument of inode_getsecurity non-const (Andreas Gruenbacher) [Orabug: 33337179] [4.1.12-124.55.1] - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE (Srinivas Dasari) [Orabug: 31351335] {CVE-2017-11089} - ocfs2: issue zeroout to EOF blocks (Junxiao Bi) [Orabug: 32974989] - ocfs2: fix zero out valid data (Junxiao Bi) [Orabug: 32974989] - ocfs2: fix data corruption by fallocate (Junxiao Bi) [Orabug: 32974989] - l2tp: fix l2tp_eth module loading (Guillaume Nault) [Orabug: 33114384] {CVE-2020-27067} - af_key: pfkey_dump needs parameter validation (Mark Salyzyn) [Orabug: 33114539] {CVE-2021-0605} - af_key: Add lock to key dump (Yuejie Shi) [Orabug: 33114539] {CVE-2021-0605} - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (Alexander Larkin) [Orabug: 33114989] {CVE-2021-3612} - Input: joydev - prevent potential read overflow in ioctl (Dan Carpenter) [Orabug: 33114989] {CVE-2021-3612} - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Haoran Luo) [Orabug: 33198437] {CVE-2021-3679} - dtrace: Corrects - warning: assignment makes pointer from integer without a cast (John Donnelly) [Orabug: 33314947] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2019-19074 CVE-2017-18216 CVE-2019-3901 CVE-2020-12771 CVE-2019-19063 CVE-2018-9517 CVE-2019-19066 CVE-2019-10220 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.57.1] - target; fix print statement warning (John Donnelly) [Orabug: 33495661] - enic;: fix warning on module_param disable_vlan0, (John Donnelly) [Orabug: 33495661] - bnx2fc: correct BNX2FC_TM_TIMEOUT to be 60 sec (John Donnelly) [Orabug: 33495661] - target: Fix linux-4.1.y specific compile warning (Nicholas Bellinger) [Orabug: 33495661] - net/mlx4: Fixing warning in mlx4_get_module_info() (John Donnelly) [Orabug: 33495661] - rds: Avoid compiler warning in ib_send.c: opcode (John Donnelly) [Orabug: 33495661] - RDMA/mad: correct build warning (John Donnelly) [Orabug: 33495661] - dtrace: Fix warning in dtrace_sync() (Tomas Jedlicka) [Orabug: 33495661] - virtio: Silence uninitialized variable warning (Dan Carpenter) [Orabug: 33495661] - scsi: correct uninitialized variable (John Donnelly) [Orabug: 33495661] - media: smsusb: better handle optional alignment (Mauro Carvalho Chehab) [Orabug: 33495661] - media: usb: siano: Fix false-positive 'uninitialized variable' warning (Alan Stern) [Orabug: 33495661] - toshiba_acpi: correct build warning (John Donnelly) [Orabug: 33495661] - RDS/IB: corrects build warning (John Donnelly) [Orabug: 33495661] - x86/mce: correct return warning (John Donnelly) [Orabug: 33495661] - x86/asm/msr: Make wrmsrl_safe() a function (Andy Lutomirski) [Orabug: 33495661] - x86/mitigations: fix warnings in taa_select_mitigation() (John Donnelly) [Orabug: 33495661] - mm: correct build warning with pgprot (John Donnelly) [Orabug: 33495661] - Thermal: remove unused variable (John Donnelly) [Orabug: 33495661] - ixgbe: remove unused variables and functions (John Donnelly) [Orabug: 33495661] - i40e: remove unused variables and functions (John Donnelly) [Orabug: 33495661] - mlx4: remove unused variables and functions, (John Donnelly) [Orabug: 33495661] - nvme: remove unused variables and functions (John Donnelly) [Orabug: 33495661] - ocfs2: remove unused function: ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 33495661] - ipv6: remove unused variable: payload_len (John Donnelly) [Orabug: 33495661] - Revert 'efi: Fix out-of-bounds read in variable_matches()' (John Donnelly) [Orabug: 33495661] - dtrace: remove unused variable 'iph' (John Donnelly) [Orabug: 33495661] - ext4: remove unused function ext4_init_inode_bitmap() (John Donnelly) [Orabug: 33495661] - cpuidle: remove unused function: call_cpuidle() (John Donnelly) [Orabug: 33495661] - cifs: remove unused label (John Donnelly) [Orabug: 33495661] - block: remove unused out: label (John Donnelly) [Orabug: 33495661] - Bluetooth: hci_uart: check for missing tty operations (Vladis Dronov) [Orabug: 30244627] {CVE-2019-10207} {CVE-2019-10207} - Bluetooth: hci_uart: Add basic support for Intel Lightning Peak devices (Loic Poulain) [Orabug: 30244627] {CVE-2019-10207} - Bluetooth: hci_uart: Add new line discipline enhancements (Ilya Faenson) [Orabug: 30244627] {CVE-2019-10207} - Bluetooth: hci_uart: Support operational speed during setup (Frederic Danis) [Orabug: 30244627] {CVE-2019-10207} [4.1.12-124.56.2] - btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864610] {CVE-2019-19813} - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864610] {CVE-2019-19813} - net: create skb_gso_validate_mac_len() (Daniel Axtens) [Orabug: 28094432] {CVE-2018-1000026} - bnx2x: disable GSO where gso_size is too big for hardware (Daniel Axtens) [Orabug: 28094432] {CVE-2018-1000026} - Bluetooth: fix the erroneous flush_work() order (Lin Ma) [Orabug: 33014035] {CVE-2021-3564} {CVE-2021-3564} - l2tp: Avoid schedule while atomic in exit_net (Ridge Kennedy) [Orabug: 33360013] - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (Xin Long) [Orabug: 33360013] - dtrace: remove unused variables (John Donnelly) [Orabug: 33387203] - scsi: treat lun as 64-bit in scsi_report_lun_scan() error message (Henry Willard) [Orabug: 33387203] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2019-19813 CVE-2018-1000026 CVE-2019-10207 CVE-2021-3564 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.58.2] - ovl: prevent private clone if bind mount is not allowed (Miklos Szeredi) [Orabug: 33560431] {CVE-2021-3732} [4.1.12-124.58.1] - sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott Mayhew) [Orabug: 33443537] - xen/netfront: stop tx queues during live migration (Dongli Zhang) [Orabug: 33536410] IMPORTANT Copyright 2021 Oracle, Inc. CVE-2021-3732 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [3.44.0-7.0.2] - Fix CVE-2021-43527 [Orabug: 33627334] CRITICAL Copyright 2021 Oracle, Inc. CVE-2021-43527 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.69.5] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 34798594] [4.1.12-124.69.4] - btrfs: Remove BUG_ON() as it is causing kernel to panic (Rhythm Mahajan) [Orabug: 34840579] [4.1.12-124.69.3] - btrfs: fix missing return for a non-void function. (Harshit Mogalapalli) [Orabug: 34827292] [4.1.12-124.69.2] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265340] {CVE-2019-19377} - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) [Orabug: 34670757] {CVE-2022-40768} - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (Eric Dumazet) [Orabug: 34791643] {CVE-2022-20368} - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (Willem de Bruijn) [Orabug: 34791643] - fs/attr.c: handling case when inode does not attach with dentry structure (Alok Tiwari) [Orabug: 34733462] [Orabug: 34798221] [Orabug: 34816013] [4.1.12-124.69.1] - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) [Orabug: 33014078] {CVE-2021-20292} - netfilter: nf_conntrack_irc: Tighten matching on DCC message (David Leadbeater) [Orabug: 34555474] {CVE-2022-2663} - openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) [Orabug: 34607642] {CVE-2022-2639} - openvswitch: fix flow actions reallocation (Andrea Righi) [Orabug: 34607642] - openvswitch: fix the incorrect flow action alloc size (zhangliping) [Orabug: 34607642] - cgroup: Prevent kill_css() from being called more than once (Waiman Long) [Orabug: 34679307] - mISDN: fix use-after-free bugs in l1oip timer handlers (Duoming Zhou) [Orabug: 34719783] {CVE-2022-3565} - vsock: Fix memory leak in vsock_connect() (Peilin Ye) [Orabug: 34731194] {CVE-2022-3629} - vsock: split dwork to avoid reinitializations (Cong Wang) [Orabug: 34731194] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3629 CVE-2022-2663 CVE-2022-3565 CVE-2022-40768 CVE-2019-19377 CVE-2022-2639 CVE-2021-20292 CVE-2022-20368 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.69.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883048] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883048] {CVE-2022-4378} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-4378 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.70.2] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882781] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882781] {CVE-2022-4378} - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) [Orabug: 34872056] {CVE-2022-2663} - r8152: Rate limit overflow messages (Andrew Gaul) [Orabug: 34719940] {CVE-2022-3594} - HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) [Orabug: 34670789] {CVE-2022-41850} [4.1.12-124.70.1] - usb: mon: make mmapped memory read only (Tadeusz Struk) [Orabug: 34820828] {CVE-2022-43750} - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) [Orabug: 34731314] {CVE-2022-3586} - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) [Orabug: 34731314] {CVE-2022-3586} - sch_sfb: keep backlog updated with qlen (WANG Cong) [Orabug: 34731314] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3586 CVE-2022-3594 CVE-2022-43750 CVE-2022-2663 CVE-2022-41850 CVE-2022-4378 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.59.1.2] - fix regression in 'epoll: Keep a reference on files added to the check list' (Al Viro) [Orabug: 33679854] {CVE-2021-1048} - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679806] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679806] - af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) [Orabug: 33679806] {CVE-2021-0920} - net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 33679806] [4.1.12-124.59.1.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33703630] {CVE-2021-4155} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4155 CVE-2021-0920 CVE-2021-1048 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4104 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [0.96-11.0.1.el6_10.1] - pkexec: local privilege escalation [Orabug: 33789506][CVE-2021-4034] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4034 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.60.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699627] [Orabug: 33762471] {CVE-2021-4155} - fix regression in 'epoll: Keep a reference on files added to the check list' (Al Viro) [Orabug: 33679854] [Orabug: 33762505] {CVE-2021-1048} {CVE-2021-1048} - Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) [Orabug: 33406421] {CVE-2021-3752} - vt_kdsetmode: extend console locking (Linus Torvalds) [Orabug: 33406445] {CVE-2021-3753} - Bluetooth: SMP: Fail if remote and local public keys are identical (Luiz Augusto von Dentz) [Orabug: 33556779] {CVE-2021-0129} - Bluetooth: use constant time memory comparison for secret values (Jason A. Donenfeld) [Orabug: 33556779] {CVE-2021-0129} - Bluetooth: Add bt_dev logging macros (Loic Poulain) [Orabug: 33556779] {CVE-2021-0129} - ovl: fix missing negative dentry check in ovl_rename() (Zheng Liang) [Orabug: 33694378] {CVE-2021-20321} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-1048 CVE-2021-3753 CVE-2021-20321 CVE-2021-4155 CVE-2021-0129 CVE-2021-3752 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [32:9.8.2-0.68.rc1.0.3.8] - Backport fix for CVE-2018-5741 [Orabug: 33496185] [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing (CVE-2021-25215) [32:9.8.2-0.68.rc1.0.1.8] - Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749) [32:9.8.2-0.68.rc1.8] - Fix tsig-request verify (CVE-2020-8622) [32:9.8.2-0.68.rc1.7] - Correct tests covering CVE-2020-8617 [32:9.8.2-0.68.rc1.6] - Add additional fix to limit recursions [32:9.8.2-0.68.rc1.5] - Add CVE tests to codebase [32:9.8.2-0.68.rc1.4] - Limit number of queries triggered by a request (CVE-2020-8616) - Fix invalid tsig request (CVE-2020-8617) [32:9.8.2-0.68.rc1.3] - Use only selected documentation files [32:9.8.2-0.68.rc1.2] - Fix CVE-2018-5743 [32:9.8.2-0.68.rc1.1] - Fix CVE-2018-5740 [32:9.8.2-0.68.rc1] - Fix CVE-2017-3145 [32:9.8.2-0.67.rc1] - Change EDNS flags only after successful query (#1416035) - Fix crash in ldap driver at bind-sdb stop (#1426626) [32:9.8.2-0.66.rc1] - Fix CVE-2017-3142 and CVE-2017-3143 [32:9.8.2-0.65.rc1] - Update root servers and trust anchors [32:9.8.2-0.64.rc1] - Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391) [32:9.8.2-0.63.rc1] - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) [32:9.8.2-0.62.rc1] - Fix and test caching CNAME before DNAME (ISC change 4558) [32:9.8.2-0.61.rc1] - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) [32:9.8.2-0.60.rc1] - Restore SELinux contexts before named restart [32:9.8.2-0.59.rc1] - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path [32:9.8.2-0.58.rc1] - Fix CVE-2016-8864 [32:9.8.2-0.57.rc1] - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) [32:9.8.2-0.56.rc1] - Do not include patch backup in docs (fixes #1325081 patch) [32:9.8.2-0.55.rc1] - Backported relevant parts of [RT #39567] (#1259923) [32:9.8.2-0.54.rc1] - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) [32:9.8.2-0.53.rc1] - Fix multiple realms in nsupdate script like upstream (#1313286) [32:9.8.2-0.52.rc1] - Fix multiple realm in nsupdate script (#1313286) [32:9.8.2-0.51.rc1] - Use resolver-query-timeout high enough to recover all forwarders (#1325081) [32:9.8.2-0.50.rc1] - Fix CVE-2016-2848 [32:9.8.2-0.49.rc1] - Fix infinite loop in start_lookup (#1306504) [32:9.8.2-0.48.rc1] - Fix CVE-2016-2776 [32:9.8.2-0.47.rc1] - Fix CVE-2016-1285 and CVE-2016-1286 [32:9.8.2-0.46.rc1] - Fix CVE-2015-8704 [32:9.8.2-0.45.rc1] - Updated named.ca hints file to the latest version (#1267991) [32:9.8.2-0.44.rc1] - Fix CVE-2015-8000 [32:9.8.2-0.43.rc1] - Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1227189) - Added the fixed tarball with configuration to Sources (Related: #1223359) [32:9.8.2-0.42.rc1] - Don't use ISC's DLV by default (#1223359) [32:9.8.2-0.41.rc1] - Added support for CAA records (#1252611) [32:9.8.2-0.40.rc1] - Fix CVE-2015-5722 [32:9.8.2-0.39.rc1] - Fix CVE-2015-5477 [32:9.8.2-0.38.rc1] - Fix CVE-2015-4620 [32:9.8.2-0.37.rc1] - Resolves: 1215687 - DNS resolution failure in high load environment with SERVFAIL and 'out of memory/success' in the log [32:9.8.2-0.36.rc1] - Fix CVE-2015-1349 [32:9.8.2-0.35.rc1] - Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476) [32:9.8.2-0.34.rc1] - Fix race condition when using isc__begin_beginexclusive (#1175321) [32:9.8.2-0.33.rc1] - Sanitize SDB API to better handle database errors (#1146893) [32:9.8.2-0.32.rc1] - Fix CVE-2014-8500 (#1171974) [32:9.8.2-0.31.rc1] - Fix RRL slip behavior when set to 1 (#1112356) - Fix issue causing bind to hang after reload if using DYNDB (#1142152) [32:9.8.2-0.30.rc1] - Use /dev/urandom when generating rndc.key file (#951255) [32:9.8.2-0.29.rc1] - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035 [32:9.8.2-0.28.rc1] - Add support for TLSA resource records (#956685) - Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035) [32:9.8.2-0.27.rc1] - Fix segmentation fault in nsupdate when -r option is used (#1064045) - Fix race condition on send buffer in host tool when sending UDP query (#1008827) - Allow authentication using TSIG in allow-notify configuration statement (#1044545) - Fix SELinux context of /var/named/chroot/etc/localtime (#902431) - Include updated named.ca file with root server addresses (#917356) - Don't generate rndc.key if there is rndc.conf on start-up (#997743) - Fix dig man page regarding how to disable IDN (#1023045) - Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876) [32:9.8.2-0.26.rc1] - Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065) - Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033) - Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123) - Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414) - Fix initscript not to mount chroot filesystem is named is already running (#948743) - Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632) - Correct the installed documentation ownership (#1051283) [32:9.8.2-0.25.rc1] - configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008) - Fix race condition when destroying a resolver fetch object (#993612) - Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700) - Fix segfault on SERVFAIL to NXDOMAIN failover (#919545) [32:9.8.2-0.24.rc1] - Fix CVE-2014-0591 [32:9.8.2-0.23.rc1] - Fix gssapictx memory leak (#911167) [32:9.8.2-0.22.rc1] - fix CVE-2013-4854 [32:9.8.2-0.21.rc1] - fix CVE-2013-2266 - ship dns/rrl.h in -devel subpkg [32:9.8.2-0.20.rc1] - remove one bogus file from /usr/share/doc, introduced by RRL patch [32:9.8.2-0.19.rc1] - fix CVE-2012-5689 [32:9.8.2-0.18.rc1] - add response rate limit patch (#873624) [32:9.8.2-0.17.rc1] - fix CVE-2012-5688 [32:9.8.2-0.16.rc1] - initscript: silence spurious 'named.pid: No such file' error [32:9.8.2-0.15.rc1] - fix CVE-2012-5166 [32:9.8.2-0.14.rc1] - allow forward{,ers} statement in static-stub zones [32:9.8.2-0.13.rc1] - fix CVE-2012-4244 [32:9.8.2-0.12.rc1] - fix CVE-2012-3817 [32:9.8.2-0.11.rc1] - fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165) [32:9.8.2-0.10.rc1] - fix CVE-2012-1667 [32:9.8.2-0.9.rc1] - fix race condition in the resolver module - nslookup: return non-zero exit code when fail to get answer (#816164) [32:9.8.2-0.8.rc1] - initscript: don't umount /var/named when didn't mount it [32:9.8.2-0.7.rc1] - don't fail when logfile cannot be opened (#809084) [32:9.8.2-0.6.rc1] - fix multilib regression in bind-devel (#800053) [32:9.8.2-0.5.rc1] - fix errors reported by Coverity - be more strict when caching NS RRsets (CVE-2012-1033) [32:9.8.2-0.4.rc1] - load dynamic-db plugins later (#795414) [32:9.8.2-0.3.rc1] - decrease severity of various errors related to outside DNS environment (#788870) - fixed various bind-chroot packaging errors (#789886) - use portreserve to reserve rndc control port (#790682) [32:9.8.2-0.2.rc1] - harden dns_zone_setmasterswithkeys() to avoid INSIST failures - build with '--enable-fixed-rrset' - fix potential memory leak in code which processes rndc authentication (#749582) - generate rndc.key during (#768798) - nslookup: improve handling of AA responses with recursion off - removed obsolete bind97-rh714049.patch patch [32:9.8.2-0.1.rc1] - update to 9.8.2rc1 - patches merged - bind97-rh754398.patch - bind97-rh700097.patch - bind97-rh734502.patch - bind97-rh746694-1.patch - bind97-rh746694-2.patch - bind97-rh739406-1.patch - bind97-rh739406-2.patch - ship DNSKEY for root zone in default configuration [32:9.7.3-10.P3] - disable atomic ops on ppc* because they caused named to hang/crash [32:9.7.3-9.P3] - fix race condition in resolver.c:validated() - improve error handling in zone.c:zone_refreshkeys() to avoid hang during shutdown [32:9.7.3-8.P3] - fix DOS against recursive servers (#754398) [32:9.7.3-7.P3] - fix memory leak in nsupdate when using SIG(0) keys [32:9.7.3-6.P3] - load/unload dyndb plugins on appropriate places to avoid crashes (#725577) - nsupdate could have failed if server has multiple IPs and the first was unreachable (#714049) - nsupdate returned zero when target zone didn't exist (#700097) - readd configtest target to initscript - print 'the working directory is not writable' as debug message - fix some Coverity warnings [32:9.7.3-5.P3] - fix rare race condition in request.c [32:9.7.3-4.P3] - update to 9.7.3-P3 (CVE-2011-2464) [32:9.7.3-3.P1] - update to 9.7.3-P1 (CVE-2011-1910) [32:9.7.3-2] - don't generate rndc.key during installation [32:9.7.3-1] - update to 9.7.3 (CVE-2011-0414) - patches merged - bind97-gsstsig.patch - bind97-rh664401.patch - bind97-rh623638.patch [32:9.7.2-8.P3] - regenerate fixed nsupdate manual page [32:9.7.2-7.P3] - improve host/dig resolv.conf parser (#rh669163) - improve internal test suite - don't mention that HMAC-MD5 is the only one TSIG algorighm in nsupdate manpage - initscript: sybsys name is always named, not named-sdb [32:9.7.2-6.P3] - named could die on exit after negotiating a GSS-TSIG key (#653486) - fix typo in initscript [32:9.7.2-5.P3] - include root zone DNSKEY in the bind package (#667375) [32:9.7.2-4.P3] - solve conflict between i686 and x86_64 bind-devel packages (#658045) - fix 'service named status' when used with named-sdb - fix 'krb5-self' update-policy rule processing (#664401) - don't check MD5, size and mtime of sysconfig/named [32:9.7.2-3.P3] - use same atomic operations on both ppc and ppc64 (#623638) - add new option DISABLE_ZONE_CHECKING to sysconfig/named (#623673) - document dig exit codes - add Requires: bind-libs to bind subpkgs - remove statement about system-config-bind from named.8 manpage (#660676) [32:9.7.2-2.P3] - host utility now honors 'attempts', 'timeout' and 'debug' options in resolv.conf (#622764) - initscript should kill only the 'correct' named process (#622785) - attempt to reconnect to PostgreSQL during each query if the initial connection failed (#623190) [32:9.7.2-1.P3] - update to 9.7.2-P3 (#623122) - patch bind97-managed-keyfile.patch replaced by bind97-compat-keysdir.patch - patches merged - bind97-rh554316.patch - bind97-rh576906.patch [32:9.7.0-5.P2] - update to 9.7.0-P2 [32:9.7.0-4.P1] - fix occassional crash on keytable.c:286 (#554316) - active query might be destroyed in resume_dslookup() which triggered REQUIRE failure (#507429) [32:9.7.0-3.P1] - update to 9.7.0-P1 release [32:9.7.0-2] - improve automatic DNSSEC reconfiguration trigger - initscript now returns 2 in case that action doesn't exist (#523435) - enable/disable chroot when bind-chroot is installed/uninstalled [32:9.7.0-1] - update to production 9.7.0 release [32:9.7.0-0.14.rc2] - obsolete dnssec-conf - automatically update configuration from old dnssec-conf based - improve default configuration; enable DLV by default - remove obsolete triggerpostun from bind-libs subpackage [32:9.7.0-0.13.rc2] - update to 9.7.0rc2 bugfix release (CVE-2010-0097 and CVE-2010-0290) [32:9.7.0-0.12.rc1] - initscript LSB related fixes (#523435) - revert the 'DEBUG' feature (#510283), it causes too many problems (#545128) [32:9.7.0-0.11.rc1] - disable PKCS11 support. PKCS11 support in openssl is not available in RHEL6 [32:9.7.0-0.10.rc1] - update to 9.7.0rc1 - bind97-headers.patch merged - update default configuration [32:9.7.0-0.9.b3] - update to 9.7.0b3 [32:9.7.0-0.8.b2] - install isc/namespace.h header [32:9.7.0-0.7.b2] - update to 9.7.0b2 [32:9.7.0-0.6.b1] - update to 9.7.0b1 - add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC keys [32:9.7.0-0.5.a3] - don't package named-bootconf utility, it is very outdated and unneeded [32:9.7.0-0.4.a3] - determine file size via instead of 32_details 32_list 32_list_to_copy 32_list_to_copy_details 32_list_to_copy_details.out 32_list_to_copy_details.out_1 32_list_to_remove_and_ln 64_details 64_list 64_list_to_copy 64_list_to_copy_details 64_list_to_copy_details.out 64_list_to_copy_details.out_1 64_list_to_remove_and_ln 6.6 67_32_list 67_32_list_1 67_64_list 67_64_list_1 67_src_list 67_src_list_1 bak baselist baselist.out ctllist.ELBA-2020-5554-6 ctllist.ELSA-2022-9117-6 ctllist.RHBA-2020-3543-6 ctllist.RHSA-2019-3756-6 i386_rpms k next.ctllist.ELSA-2015-3055-6 pending sav.ctllist.RHBA-2017-3213-6a src_32_list_to_copy_details src_32_list_to_copy_details.out src_32_list_to_copy_details.out_1 src_64_list_to_copy_details src_64_list_to_copy_details.out src_64_list_to_copy_details.out_1 src_details src_list src_list_to_copy src_list_to_copy_32 src_list_to_copy_64 src_list_to_remove_and_ln src_list_to_remove_and_ln_64 src_rpms x86_64_rpms (#523682) [32:9.7.0-0.3.a3] - update to 9.7.0a3 [32:9.7.0-0.2.a2] - improve chroot related documentation (#507795) - add NetworkManager dispatcher script to reload named when network interface is activated/deactivated (#490275) - don't set/unset named_write_master_zones SELinux boolean every time in initscript, modify it only when it's actually needed [32:9.7.0-0.1.a2] - update to 9.7.0a2 - merged patches - bind-96-db_unregister.patch - bind96-rh507469.patch [32:9.6.1-9.P1] - next attempt to fix the postun trigger (#520385) - remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch [32:9.6.1-8.P1] - rebuilt with new openssl [32:9.6.1-7.P1] - update the patch for dynamic loading of database backends [32:9.6.1-6.P1] - 9.6.1-P1 release (CVE-2009-0696) - fix postun trigger (#513016, hopefully) [32:9.6.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [32:9.6.1-4] - remove useless bind-9.3.3rc2-rndckey.patch [32:9.6.1-3] - fix broken symlinks in bind-libs (#509635) - fix typos in /etc/sysconfig/named (#509650) - add DEBUG option to /etc/sysconfig/named (#510283) [32:9.6.1-2] - improved 'chroot automount' patches (#504596) - host should fail if specified server doesn't respond (#507469) [32:9.6.1-1] - 9.6.1 release - simplify chroot maintenance. Important files and directories are mounted into chroot (see /etc/sysconfig/named for more info, #504596) - fix doc/named.conf.default perms [32:9.6.1-0.4.rc1] - 9.6.1rc1 release [32:9.6.1-0.3.b1] - update the patch for dynamic loading of database backends - create %{_libdir}/bind directory - copy default named.conf to doc directory, shared with s-c-bind (atkac) [32:9.6.1-0.2.b1] - update the patch for dynamic loading of database backends - fix dns_db_unregister() - useradd now takes '-N' instead of '-n' (atkac, #495726) - print nicer error msg when zone file is actually a directory (atkac, #490837) [32:9.6.1-0.1.b1] - 9.6.1b1 release - patches merged - bind-96-isc_header.patch - bind-95-rh469440.patch - bind-96-realloc.patch - bind9-fedora-0001.diff - use -version-number instead of -version-info libtool param [32:9.6.0-11.1.P1] - logrotate configuration file now points to /var/named/data/named.run by default (#489986) [32:9.6.0-11.P1] - fall back to insecure mode when no supported DNSSEC algorithm is found instead of SERVFAIL - don't fall back to non-EDNS0 queries when DO bit is set [32:9.6.0-10.P1] - enable DNSSEC only if it is enabled in sysconfig/dnssec [32:9.6.0-9.P1] - add DNSSEC support to initscript, enabled it per default - add requires dnssec-conf [32:9.6.0-8.P1] - fire away libbind, it is now separate package [32:9.6.0-7.P1] - fixed some read buffer overflows (upstream) [32:9.6.0-6.P1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [32:9.6.0-5.P1] - update the patch for dynamic loading of database backends - include iterated_hash.h [32:9.6.0-4.P1] - rebuild for dependencies [32:9.6.0-3.P1] - rebuild against new openssl [32:9.6.0-2.P1] - 9.6.0-P1 release (CVE-2009-0025) [32:9.6.0-1] - Happy new year - 9.6.0 release [32:9.6.0-0.7.rc2] - 9.6.0rc2 release - bind-96-rh475120.patch merged [32:9.6.0-0.6.rc1] - add patch for dynamic loading of database backends [32:9.6.0-0.5.1.rc1] - allow to reuse address for non-random query-source ports (#475120) [32:9.6.0-0.5.rc1] - 9.6.0rc1 release - patches merged - bind-9.2.0rc3-varrun.patch - bind-95-sdlz-include.patch - bind-96-libxml2.patch - fixed rare use-after-free problem in host utility (#452060) - enabled chase of DNSSEC signature chains in dig [32:9.6.0-0.4.1.b1] - improved sample config file (#473586) [32:9.6.0-0.4.b1] - reverted previous change, koji doesn't like it [32:9.6.0-0.3.b1] - build bind-chroot as noarch [32:9.6.0-0.2.1.b1] - updates due libtool 2.2.6 - don't pass -DLDAP_DEPRECATED to cpp, handle it directly in sources [32:9.6.0-0.2.b1] - make statistics http server working, patch backported from 9.6 HEAD [32:9.6.0-0.1.b1] - 9.6.0b1 release - don't build ODBC and Berkeley DB DLZ drivers - end of bind-chroot-admin script, copy config files to chroot manually - /proc doesn't have to be mounted to chroot - temporary use libbind from 9.5 series, noone has been released for 9.6 yet [32:9.5.1-0.8.4.b2] - dig/host: use only IPv4 addresses when -4 option is specified (#469440) [32:9.5.1-0.8.2.b2] - removed unneeded bind-9.4.1-ldap-api.patch [32:9.5.1-0.8.1.b2] - ship dns/{s,}dlz.h and isc/radix.h in bind-devel [32:9.5.1-0.8.b2] - removed bind-9.4.0-dnssec-directory.patch, it is wrong [32:9.5.1-0.7.b2] - 9.5.1b2 release - patches merged - bind95-rh454783.patch - bind-9.5-edns.patch - bind95-rh450995.patch - bind95-rh457175.patch [32:9.5.1-0.6.b1] - IDN output strings didn't honour locale settings (#461409) [32:9.5.1-0.5.b1] - disable transfer stats on DLZ zones (#454783) [32:9.5.1-0.4.b1] - add forgotten patch for #457175 - build with -O2 [32:9.5.1-0.3.b1] - static libraries are no longer supported - IP acls weren't merged correctly (#457175) - use fPIE on sparcv9/sparc64 (Dennis Gilmore) - add sparc64 to list of 64bit arches in spec (Dennis Gilmore) [32:9.5.1-0.2.b1] - updated patches due new rpm (--fuzz=0 patch parameter) [32:9.5.1-0.1.1.b1] - use %patch0 for Patch0 (#455061) - correct source address (#455118) [32:9.5.1-0.1.b1] - 9.5.1b1 release (CVE-2008-1447) - dropped bind-9.5-recv-race.patch because upstream doesn't want it [32:9.5.0-37.1] - update default named.conf statements (#452708) [32:9.5.0-37] - some compat changes to fix building on RHEL4 [32:9.5.0-36.3] - fixed typo in %posttrans script [32:9.5.0-36.2] - parse inner acls correctly (#450995) [32:9.5.0-36.1] - removed dns-keygen utility in favour of rndc-confgen -a (#449287) - some minor sample fixes (#449274) [32:9.5.0-36] - updated to 9.5.0 final - use getifaddrs to find available interfaces [32:9.5.0-35.rc1] - make /var/run/named writable by named (#448277) - fixed one non-utf8 file [32:9.5.0-34.rc1] - fixes needed to pass package review (#225614) [32:9.5.0-33.1.rc1] - bind-chroot now depends on bind (#446477) [32:9.5.0-33.rc1] - updated to 9.5.0rc1 - merged patches - bind-9.5-libcap.patch - make binaries readable by others (#427826) [32:9.5.0-32.b3] - reverted 'any' patch, upstream says not needed - log EDNS failure only when we really switch to plain EDNS (#275091) - detect configuration file better [32:9.5.0-31.1.b3] - addresses 0.0.0.0 and ::0 really match any (#275091, comment #28) [32:9.5.0-31.b3] - readded bind-9.5-libcap.patch - added bind-9.5-recv-race.patch from F8 branch (#400461) [32:9.5.0-30.1.b3] - build Berkeley DB DLZ backend [32:9.5.0-30.b3] - 9.5.0b3 release - dropped patches (upstream) - bind-9.5-transfer-segv.patch - bind-9.5-mudflap.patch - bind-9.5.0-generate-xml.patch - bind-9.5-libcap.patch [32:9.5.0-29.3.b2] - fixed named.conf.sample file (#437569) [32:9.5.0-29.2.b2] - fixed URLs [32:9.5.0-29.1.b2] - BuildRequires cleanup [32:9.5.0-29.b2] - rebuild without mudflap (#434159) [32:9.5.0-28.b2] - port named to use libcap library, enable threads (#433102) - removed some unneeded Requires [32:9.5.0-27.b2] - removed conditional build with libefence (use -fmudflapth instead) - fixed building of DLZ stuff (#432497) - do not build Berkeley DB DLZ backend - temporary build with --disable-linux-caps and without threads (#433102) - update named.ca file to affect IPv6 changes in root zone [32:9.5.0-26.b2] - build with -D_GNU_SOURCE (#431734) - improved fix for #253537, posttrans script is now used - improved fix for #400461 - 9.5.0b2 - bind-9.3.2b1-PIE.patch replaced by bind-9.5-PIE.patch - only named, named-sdb and lwresd are PIE - bind-9.5-sdb.patch has been updated - bind-9.5-libidn.patch has been updated - bind-9.4.0-sdb-sqlite-bld.patch replaced by bind-9.5-sdb-sqlite-bld.patch - removed bind-9.5-gssapi-header.patch (upstream) - removed bind-9.5-CVE-2008-0122.patch (upstream) - removed bind-9.2.2-nsl.patch - improved sdb_tools Makefile.in [32:9.5.0-25.b1] - fixed segfault during sending notifies (#400461) - rebuild with gcc 4.3 series [32:9.5.0-24.b1] - removed bind-9.3.2-prctl_set_dumpable.patch (upstream) - allow parallel building of libdns library - CVE-2008-0122 [32:9.5.0-23.b1] - fixed initscript wait loop (#426382) - removed dependency on policycoreutils and libselinux (#426515) [32:9.5.0-22.b1] - fixed regression caused by libidn2 patch (#426348) [32:9.5.0-21.b1] - fixed typo in post section (CVE-2007-6283) [32:9.5.0-20.b1] - removed obsoleted triggers - CVE-2007-6283 [32:9.5.0-19.2.b1] - added dst/gssapi.h to -devel subpackage (#419091) - improved fix for (#417431) [32:9.5.0-19.1.b1] - fixed shutdown with initscript when rndc doesn't work (#417431) - fixed IDN patch (#412241) [32:9.5.0-19.b1] - 9.5.0b1 (#405281, #392491) [32:9.5.0-18.6.a7] - Rebuild for deps [32:9.5.0-18.5.a7] - build with -O0 [32:9.5.0-18.4.a7] - bind-9.5-random_ports.patch was removed because upstream doesn't like it. query-source{,v6} options are sufficient (#391931) - bind-chroot-admin called restorecon on /proc filesystem (#405281) [32:9.5.0-18.3.a7] - removed edns patch to keep compatibility with vanilla bind (#275091, comment #20) [32:9.5.0-18.2.a7] - use system port selector instead ISC's (#391931) [32:9.5.0-18.a7] - removed statement from initscript which passes -D to named [32:9.5.0-17.a7] - 9.5.0a7 - dropped patches (upstream) - bind-9.5-update.patch - bind-9.5-pool_badfree.patch - bind-9.5-_res_errno.patch [32:9.5.0-16.5.a6] - added bind-sdb again, contains SDB modules and DLZ modules - bind-9.3.1rc1-sdb.patch replaced by bind-9.5-sdb.patch [32:9.5.0-16.4.a6] - removed Requires: openldap, postgresql, mysql, db4, unixODBC - new L.ROOT-SERVERS.NET address [32:9.5.0-16.3.a6] - completely disable DBUS [32:9.5.0-16.2.a6] - minor cleanup in bind-chroot-admin [32:9.5.0-16.1.a6] - fixed typo in initscript [32:9.5.0-16.a6] - disabled DBUS (dhcdbd doesn't exist & #339191) [32:9.5.0-15.1.a6] - fixed missing va_end () functions (#336601) - fixed memory leak when dbus initialization fails [32:9.5.0-15.a6] - corrected named.5 SDB statement (#326051) [32:9.5.0-14.a6] - added edns patch again (#275091) [32:9.5.0-13.a6] - removed bind-9.3.3-edns.patch patch (see #275091 for reasons) [32:9.5.0-12.4.a6] - build with O2 - removed 'autotools' patch - bugfixing in bind-chroot-admin (#279901) [32:9.5.0-12.a6] - bind-9.5-2119_revert.patch and bind-9.5-fix_h_errno.patch are obsoleted by upstream bind-9.5-_res_errno.patch [32:9.5.0-11.9.a6] - fixed wrong resolver's dispatch pool cleanup (#275011, patch from tmraz redhat com) [32:9.5.0-11.3.a6] - initscript failure message is now printed correctly (#277981, Quentin Armitage (quentin armitage org uk) ) [32:9.5.0-11.2.a6] - temporary revert ISC 2119 change and add 'libbind-errno' patch (#254501) again [32:9.5.0-11.1.a6] - removed end dots from Summary sections (skasal@redhat.com) - fixed wrong file creation by autotools patch (skasal@redhat.com) [32:9.5.0-11.a6] - start using --disable-isc-spnego configure option - remove bind-9.5-spnego-memory_management.patch (source isn't compiled) [32:9.5.0-10.2.a6] - added new initscript option KEYTAB_FILE which specified where is located kerberos .keytab file for named service - obsolete temporary bind-9.5-spnego-memory_management.patch by bind-9.5-gssapictx-free.patch which conforms BIND coding standards (#251853) [32:9.5.0-10.a6] - dropped direct dependency to /etc/openldap/schema directory - changed hardcoded paths to macros - fired away code which configure LDAP server [32:9.5.0-9.1.a6] - named could crash with SRV record UPDATE (#251336) [32:9.5.0-9.a6] - disable 64bit dlz driver patch on alpha and ia64 (#251298) - remove wrong malloc functions from lib/dns/spnego.c (#251853) [32:9.5.0-8.2.a6] - changed licence from BSD-like to ISC [32:9.5.0-8.1.a6] - disabled named on all runlevels by default [32:9.5.0-8.a6] - minor next improvements on autotools patch - dig and host utilities now using libidn instead idnkit for IDN support [32:9.5.0-7.a6] - binutils/gcc bug rebuild (#249435) [32:9.5.0-6.a6] - updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and CVE-2007-2926 - fixed building on 64bits [31:9.5.0a5-5] - integrated 'autotools' patch for testing purposes (upstream will accept it in future, for easier building) [31:9.5.0a5-4.1] - fixed DLZ drivers building on 64bit systems [31:9.5.0a5-4] - fixed relation between logrotated and chroot-ed named [31:9.5.0a5-3.9] - removed bind-sdb package (default named has compiled SDB backend now) - integrated DLZ (Dynamically loadable zones) drivers - integrated GSS-TSIG support (RFC 3645) - build with -O0 (many new features, potential core dumps will be more useful) [31:9.5.0a5-3.2] - initscript should be ready for parallel booting (#246878) [31:9.5.0a5-3] - handle integer overflow in isc_time_secondsastimet function gracefully (#247856) [31:9.5.0a5-2.2] - moved chroot configfiles into chroot subpackage (#248306) [31:9.5.0a5-2] - minor changes in default configuration - fix h_errno assigment during resolver initialization (unbounded recursion, #245857) - removed wrong patch to #150288 [31:9.5.0a5-1] - updated to latest upstream [31:9.4.1-7] - marked caching-nameserver as obsolete (#244604) - fixed typo in initscript (causes that named doesn't detect NetworkManager correctly) - next cleanup in configuration - moved configfiles into config.tar - removed delay between start & stop in restart function in named.init [31:9.4.1-6] - major changes in initscript. Could be LSB compatible now - removed caching-nameserver subpackage. Move configs from this package to main bind package as default configuration and major configuration cleanup [31:9.4.1-5] - very minor compatibility change in bind-chroot-admin (line 215) - enabled IDN support by default and don't distribute IDN libraries - specfile cleanup - add dynamic directory to /var/named. This directory will be primarily used for dynamic DNS zones. ENABLE_ZONE_WRITE and SELinux's named_write_master_zones no longer exist [31:9.4.1-4] - removed ldap-api patch and start using deprecated API - fixed minor problem in bind-chroot-admin script (#241103) [31:9.4.1-3] - fixed bind-chroot-admin dynamic DNS handling (#239149) - updated zone-freeze patch to latest upstream - ldap sdb has been rewriten to latest api (#239802) [31:9.4.1-2.fc7] - test build on new build system [31:9.4.1-1.fc7] - updated to 9.4.1 which contains fix to CVE-2007-2241 [31:9.4.0-8.fc7] - improved 'zone freeze patch' - if multiple zone with same name exists no zone is freezed - minor cleanup in caching-nameserver's config file - fixed race-condition in dbus code (#235809) - added forgotten restorecon statement in bind-chroot-admin [31:9.4.0-7.fc7] - removed DEBUGINFO option because with this option (default) was bind builded with -O0 and without this flag no debuginfo package was produced. (I want faster bind => -O2 + debuginfo) - fixed zone finding (#236426) [31:9.4.0-6.fc7] - added idn support (still under development with upstream, disabled by default) [31:9.4.0-5.fc7] - dnssec-signzone utility now doesn't ignore -d parameter [31:9.4.0-4.fc7] - removed query-source[-v6] options from caching-nameserver config (#209954, increase security) - throw away idn. It won't be ready in fc7 [31:9.4.0-3.fc7] - prepared bind to merge review - added experimental idn support to bind-utils utils (not enabled by default yet) - change chroot policy in caching-nameserver post section - fixed bug in bind-chroot-admin - rootdir function is called properly now [31:9.4.0-2.fc7] - added experimental SQLite support (written by John Boyd <jaboydjr@netwalk.com>) - moved bind-chroot-admin script to chroot package - bind-9.3.2-redhat_doc.patch is always applied (#231738) [31:9.4.0-1.fc7] - updated to 9.4.0 - bind-chroot-admin now sets EAs correctly (#213926) - throw away next_server_on_referral and no_servfail_stops patches (fixed in 9.4.0) [31:9.3.4-7.fc7] - minor cleanup in bind-chroot-admin script [31:9.3.4-6.fc7] - fixed broken bind-chroot-admin script (#227995) [31:9.3.4-5.fc7] - bind-chroot-admin now uses correct chroot path (#227600) [31:9.3.4-4.fc7] - fixed conflict between bind-sdb and ldap - removed duplicated bind directory in bind-libs [31:9.3.4-3.fc7] - fixed building without libbind - fixed post section (selinux commands is now in if-endif statement) - prever macro has been removed from version [31:9.3.4-2.fc7] - redirected output from bind-chroot prep and %preun stages to /dev/null [31:9.3.4-1.fc7] - updated to version 9.3.4 which contains security bugfixes [31:9.3.3-5.fc7] - package bind-libbind-devel has been marked as obsolete [31:9.3.3-4.fc7] - package bind-libbind-devel has beed removed (libs has been moved to bind-devel & bind-libs) - Resolves: #214208 [31:9.3.3-3] - fixed a multi-lib issue - Resolves: rhbz#222717 [31:9.3.3-2] - added namedGetForwarders written in shell (#176100), created by Baris Cicek <baris@nerd.com.tr>. [31:9.3.3-1] - update to 9.3.3 final - fix for #219069: file included twice in src.rpm [31:9.3.3-0.1.rc3] - added back an interval to restart - renamed package, it should meet the N-V-R criteria - fix for #216185: bind-chroot-admin able to change root mode 750 - added fix from #215997: incorrect permissions on dnszone.schema - added a notice to init script when /etc/named.conf doesn't exist (#216075) [30:9.3.3-6] - fix for #200465: named-checkzone and co. cannot be run as non-root user - fix for #212348: chroot'd named causes df permission denied error - fix for #211249, #211083 - problems with stopping named - fix for #212549: init script does not unmount /proc filesystem - fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1, added edns-enable options to named configuration file which can suppress EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options) - fix for #212961: bind-chroot doesn't clean up its mess on %preun - update to 9.3.3rc3, removed already merged patches [30:9.3.3-5] - fix for #209359: bind-libs from compatlayer CD will not install on ia64 [30:9.3.3-4] - added fix for #210096: warning: group named does not exist - using root [30:9.3.3-3] - added fix from #209400 - Bind Init Script does not create the PID file always, created by Jeff Means - added timeout to stop section of init script. The default is 100 sec. and can be adjusted by NAMED_SHUTDOWN_TIMEOUT shell variable. [30:9.3.3-2] - removed chcon from %post script, replaced by restorecon (Bug 202547, comment no. 37) [30:9.3.3-1] - updated to the latest upstream (9.3.3rc2) [30:9.3.2-41] - added upstream patch for correct SIG handling - CVE-2006-4095 [30:9.3.2-40] - suppressed messages from bind-chroot-admin - cleared notes about bind-config [30:9.3.2-39] - added fix for #203522 - 'bind-chroot-admin -e' command fails [30:9.3.2-38] - fix for #203194 - tmpfile usage [30:9.3.2-37] - fix for #202542 - /usr/sbin/bind-chroot-admin: No such file or directory - fix for #202547 - file_contexts: invalid context [30:9.3.2-36] - added Provides: bind-config [30:9.3.2-35] - fix bug 197493: renaming subpackage bind-config to caching-nameserver [30:9.3.2-34] - fix bug 199876: make '%exclude libbbind.*' conditional on %{LIBBIND} [30:9.3.2-33] - fix #195881, perms are not packaged correctly [30:9.3.2-32] - fix addenda to bug 189789: determination of selinux enabled was still not 100% correct in bind-chroot-admin - fix addenda to bug 196398: make named.init test for NetworkManager being enabled AFTER testing for -D absence; named.init now supports a 'DISABLE_NAMED_DBUS' /etc/sysconfig/named setting to disable auto-enable of named dbus support if NetworkManager enabled. [30:9.3.2-30] - fix bug 196398 - Enable -D option automatically in initscript if NetworkManager enabled in any runlevel. - fix namedGetForwarders for new dbus - fix bug 195881 - libbind.so should be owned by bind-libbind-devel [30:9.3.2-28.FC6] - Rebuild against new dbus [30:9.3.2-27.FC6] - rebuild with fixed glibc-kernheaders [30:9.3.2-26.FC6.1] - rebuild [30:9.3.2-26.FC6] - fix bugs 191093, 189789 - backport selected fixes from upstream bind9 'v9_3_3b1' CVS version: ( see http://www.isc.org/sw/bind9.3.php 'Fixes' ): o change 2024 / bug 16027: named emitted spurious 'zone serial unchanged' messages on reload o change 2013 / bug 15941: handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully o change 2009 / bug 15808: coverity fixes o change 1997 / bug 15818: named was failing to replace negative cache entries when a positive one for the type was learnt o change 1994 / bug 15694: OpenSSL 0.9.8 support o change 1991 / bug 15813: The configuration data, once read, should be treated as readonly. o misc. validator fixes o misc. resolver fixes o misc. dns fixes o misc. isc fixes o misc. libbind fixes o misc. isccfg fix o misc. lwres fix o misc. named fixes o misc. dig fixes o misc. nsupdate fix o misc. tests fixes [30:9.3.2-24.FC6] - and actually put the devel symlinks in the right subpackage [30:9.3.2-23.FC6] - rebuild for -devel deps [30:9.3.2-22] - apply upstream patch for ncache_adderesult segfault bug 173961 addenda - fix bug 188382: rpm --verify permissions inconsistencies - fix bug 189186: use /sbin/service instead of initscript - rebuild for new gcc, glibc-kernheaders [30:9.3.2-20] - fix resolver.c ncache_adderesult segfault reported in addenda to bug 173961 (upstream bugs #15642, #15528 ?) - allow named ability to generate core dumps after setuid (upstream bug #15753) [30:9.3.2-18] - fix bug 187529: make bind-chroot-admin deal with subdirectories properly [30:9.3.2-16] - fix bug 187286: prevent host(1) printing duplicate 'is an alias for' messages for the default AAAA and MX lookups as well as for the A lookup (it now uses the CNAME returned for the A lookup for the AAAA and MX lookups). This is upstream bug #15702 fixed in the unreleased bind-9.3.3 - fix bug 187333: fix SOURCE24 and SOURCE25 transposition [30:9.3.2-14] - fix bug 186577: remove -L/usr/lib from libbind.pc and more .spec file cleanup - add '%doc' sample configuration files in /usr/share/doc/bind*/sample - rebuild with new gcc and glibc [30:9.3.2-12] - fix typo in initscript - fix Requires(post): policycoreutils in sub-packages [30.9.3.2-10] - fix bug 185969: more .spec file cleanup [30.9.3.2-8] - Do not allow package to be installed if named:25 userid creation fails - Give libbind a pkg-config file - remove restorecon from bind-chroot-admin (not required). - fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };) [30:9.3.2-7] - fix issues with bind-chroot-admin [30:9.3.2-6] - replace caching-nameserver with bind-config sub-package - fix bug 177595: handle case where is a link in initscript - fix bug 177001: bind-config creates symlinks OK now - fix bug 176388: named.conf is now never replaced by any RPM - fix bug 176248: remove unecessary creation of rpmsave links - fix bug 174925: no replacement of named.conf - fix bug 173963: existing named.conf never modified - major .spec file cleanup [30:9.3.2-4.1] - bump again for double-long bug on ppc(64) [30:9.3.2-4] - regenerate redhat_doc patch for non-DBUS builds - allow dbus builds to work with dbus version < 0.6 (bz #179816) [30:9.3.2-3] - try supporting without dbus support [30:9.3.2-2.1] - Rebuild for new gcc, glibc, glibc-kernheaders [30:9.3.2-2] - fix bug 177854: temporary fix for broken kernel-2.6.15-1854+ /proc/net/if_inet6 format [30:9.3.2-1] - Upgrade to 9.3.2, released today [28:9.3.2rc1-2] - fix bug 176100: do not Require: perl just for namedGetForwarders ! * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [28:9.3.2rc-1] - Upgrade to upstream version 9.3.2rc1 - fix namedSetForwarders -> namedGetForwarders SOURCE14 typo [24:9.3.1-26] - rebuild for new dbus 0.6 dependency; remove use of DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT [24:9.3.1-24] - allow D-BUS support to work in bind-chroot environment: workaround latest selinux policy by mounting /var/run/dbus/ under chroot instead of /var/run/dbus/system-bus-socket [24:9.3.1-22] - fix bug 172632 - remove .la files - ship namedGetForwarders and namedSetForwarders scripts - fix detection of -D option in chroot [24:9.3.1-21] - rebuilt with new openssl [24.9.3.1-20] - Allow the -D enable D-BUS option to be used within bind-chroot . - fix bug 171226: supply some documentation for pgsql SDB . [24:9.3.1-18] - fix bug 169969: do NOT call dbus_svc_dispatch() in dbus_mgr_init_dbus() - task->state != task_ready and will cause Abort in task.c if process is waiting for NameOwnerChanged to do a SetForwarders [24:9.3.1-16] - Fix reconnecting to dbus-daemon after it stops & restarts . [24:9.3.1-14] - When forwarder nameservers are changed with D-BUS, flush the cache. [24:9.3.1-12] - fix bug 168302: use %{__cc} for compiling dns-keygen - fix bug 167682: bind-chroot directory permissions - fix issues with -D dbus option when dbus service not running or disabled [24:9.3.1-12] - fix bug 167062: named should be started after syslogd by default [24:9.3.1-11] - fix bug 166227: host: don't do default AAAA and MX lookups with '-t a' option [24:9.3.1-10] - Build with D-BUS patch by default; D-BUS support enabled with named -D option - Enable D-BUS for named_sdb also - fix sdb pgsql's zonetodb.c: must use isc_hash_create() before dns_db_create() - update fix for bug 160914 : test for RD=1 and ARCOUNT=0 also before trying next server - fix named.init script to handle named_sdb properly - fix named.init script checkconfig() to handle named '-c' option and make configtest, test, check configcheck synonyms [24:9.3.1-8] - fix named.init script bugs 163598, 163409, 151852(addendum) [24:9.3.1-7] - fix bug 160914: resolver utilities should try next server on empty referral (now that glibc bug 162625 is fixed) host and nslookup now by default try next server on SERVFAIL (host now has '-s' option to disable, and nslookup given '[no]fail' option similar to dig's [no]fail option). - rebuild and re-test with new glibc & gcc (all tests passed). [24:9.3.1-6] - fix bug 157950: dig / host / nslookup should reject invalid resolv.conf files and not use uninitialized garbage nameserver values (ISC bug 14841 raised). [24:9.3.1-4_FC4] - Fix SDB LDAP [24:9.3.1-4] - Fix bug 157601: give named.init a configtest function - Fix bug 156797: named.init should check SELinux booleans.local before booleans - Fix bug 154335: if no controls in named.conf, stop named with -TERM sig, not rndc - Fix bug 155848: add NOTES section to named.8 man-page with info on all Red Hat BIND quirks and SELinux DDNS / slave zone file configuration - D-BUS patches NOT applied until dhcdbd is in FC [24:9.3.1-4_dbus] - Enhancement to allow dynamic forwarder table management and - DHCP forwarder auto-configuration with D-BUS [24:9.3.1-2_FC4] - Rebuild for bind-sdb libpq.so.3 dependency - fix bug 150981: don't install libbind man-pages if no libbind - fix bug 151852: mount proc on /proc to allow sysconf(...) to work and correct number of CPUs to be determined [24:9.3.1-1_FC4] - Upgrade to ISC BIND 9.3.1 (final release) released today. [22.9.3.1rc1-5] - fix bug 150288: h_errno not being accessed / set correctly in libbind - add libbind man-pages from bind-8.4.6 [22:9.3.1rc1-4] - Rebuild with gcc4 / glibc-2.3.4-14. [22:9.3.1rc1-3] - configure with --with-pic to get PIC libraries [22:9.3.1rc1-2] - fix bug 149183: don't use getifaddrs() . [22:9.3.1rc1-1] - Upgrade to 9.3.1rc1 - Add Simplified Database Backend (SDB) sub-package ( bind-sdb ) - add named_sdb - ldap + pgsql + dir database backend support with - 'ENABLE_SDB' named.sysconfig option - Add BIND resolver library & includes sub-package ( libbind-devel) - fix bug 147824 / 147073 / 145664: ENABLE_ZONE_WRITE in named.init - fix bug 146084 : shutup restorecon [22:9.3.0-2] - Fix bug 143438: named.init will now make correct ownership of /var/named - based on 'named_write_master_zones' SELinux boolean. - Fix bug 143744: dig & nsupdate IPv6 timeout (dup of 140528) [9.3.0-1] - Upgrade BIND to 9.3.0 in Rawhide / FC4 (bugs 134529, 133654...) [20:9.2.4-4] - Fix bugs 140528 and 141113: - 2 second timeouts when IPv6 not configured and root nameserver's - AAAA addresses are queried [20:9.2.4-2] - Fix bug 136243: bind-chroot %post must run restorecon -R /var/named/chroot - Fix bug 135175: named.init must return non-zero if named is not run - Fix bug 134060: bind-chroot %post must use mktemp, not /tmp/named - Fix bug 133423: bind-chroot %files entries should have been %dirs [20:9.2.4-1] - BIND 9.2.4 (final release) released - source code actually - identical to 9.2.4rc8, with only version number change. [10:9.2.4rc8-14] - Upgrade to upstream bind-9.2.4rc8 . - Progress: Finally! Hooray! ISC bind now distributes: - o named.conf(5) and nslookup(8) manpages - 'bind-manpages.bz2' source can now disappear - (could this have something to do with ISC bug I raised about this?) - o 'deprecation_msg' global has vanished - bind-9.2.3rc3-deprecation_msg_shut_up.diff.bz2 can disappear [10:9.2.4rc8-14] - Fix bug 106572/132385: copy /etc/localtime to chroot on start [10:9.2.4rc7-12_EL3] - Fix bug 132303: if ROOTDIR line was replaced after upgrade from - bind-chroot-9.2.2-21, restart named [10:9.2.4rc7-11_EL3] - Fix bug 131803: replace ROOTDIR line removed by broken - bind-chroot 9.2.2-21's '%postun'; added %triggerpostun for bind-chroot [10:9.2.4rc7-10_EL3] - Fix bugs 130121 & 130981 for RHEL-3 [10:9.2.4rc7-10] - Fix bug 130121: add '%ghost' entries for files included in previous - bind-chroot & not in current - ie. named.conf, rndc.key, dev/* - - that RPM removed after upgrade . * Thu Aug 26 2004 Jason Vas Dias <jvdias@redhat.com> - Fix bug 130981: add '-t' option to named-checkconf invocation in - named.init if chroot installed. * Wed Aug 25 2004 Jason Vas Dias <jvdias@redhat.com> - Remove resolver(5) manpage now in man-pages (bug 130792); - Don't create /dev/ entries in bind-chroot if already there (bug 127556); - fix bind-devel Requires (bug 130919) - Set default location for dumpdb & stats files to /var/named/data * Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - Fix devel Requires for bug 130738 & fix version * Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - Fix errors on clean install if named group does not exist - (bug 130777) * Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - Upgrade to bind-9.2.4rc7; applied initscript fix - for bug 102035. * Mon Aug 09 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 129289: bind-chroot install / deinstall - on install, existing config files 'safe_replace'd - with links to chroot copies; on uninstall, moved back. * Fri Aug 06 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 129258: '/var/tmp' typo in spec * Wed Jul 28 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 127124 : 'Requires: kernel >= 2.4' - causes problems with Linux VServers * Tue Jul 27 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 127555 : chroot tar missing var/named/slaves * Fri Jul 16 2004 Jason Vas Dias <jvdias@redhat.com> - Upgraded to ISC version 9.2.4rc6 * Fri Jul 16 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed named.init generation of error messages on - 'service named stop' and 'service named reload' - as per bug 127775 [9.2.3-19] - Bump for rhel 3.0 U3 [9.2.3-18] - remove disable-linux-caps [9.2.3-17] - Update RHEL3 to latest bind * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [9.2.3-15] - Remove device files from chroot, Named uses the system one [9.2.3-14] - Move RFC to devel package [9.2.3-13] - Fix location of restorecon [9.2.3-12] - Tighten security on config files. Should be owned by root [9.2.3-11] - Update key patch to include conf-keygen [9.2.3-10] - fix chroot to only happen once. - fix init script to do kill insteall of killall [9.2.3-9] - Add fix for SELinux security context * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> - rebuilt * Sat Feb 28 2004 Florian La Roche <Florian.LaRoche@redhat.de> - run ldconfig for libs subrpm * Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com> - Use ':' instead of '.' as separator for chown. [9.2.3-7] - Add COPYRIGHT * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [9.2.3-5] - Add defattr to libs [9.2.3-4] - Break out library package [9.2.3-3] - Fix condrestart [9.2.3-2] - Move libisc and libdns to bind from bind-util [9.2.3-1] - Move to 9.2.3 [9.2.2.P3-10] - Add PIE support [9.2.2.P3-9] - Add /var/named/slaves directory * Sun Oct 12 2003 Florian La Roche <Florian.LaRoche@redhat.de> - do not link against libnsl, not needed for Linux [9.2.2.P3-6] - Fix local time in log file [9.2.2.P3-5] - Try again [9.2.2.P3-4] - Fix handling of chroot -/dev/random [9.2.2.P3-3] - Stop hammering stuff on update of chroot environment [9.2.2.P3-2] - Fix chroot directory to grab all subdirectories [9.2.2.P3-1] - New patch to support for 'delegation-only' [9.2.2-23] - patch support for 'delegation-only' [9.2.2-22] - Update to build on RHL [9.2.2-21] - Install libraries as exec so debug info will be pulled [9.2.2-20] - Remove BSDCOMPAT (BZ 99454) [9.2.2-19] - Update to build on RHL [9.2.2-18] - Change protections on /var/named and /var/chroot/named [9.2.2-17] - Update to build on RHL [9.2.2-16] - Update to build on RHEL * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> - rebuilt [9.2.2-14] - Update to build on RHEL [9.2.2-13] - Fix config description of named.conf in chroot - Change named.init script to check for existence of /etc/sysconfig/network [9.2.2-12] - Update to build on RHEL [9.2.2-11] - Update to build on RHEL [9.2.2-10] - Fix echo OK on starting/stopping service [9.2.2-9] - Update to build on RHEL [9.2.2-8] - Fix echo on startup [9.2.2-7] - Fix problems with chroot environment - Eliminate posix threads [9.2.2-6] - Fix build problems [9.2.2-5] - Fix build on beehive [9.2.2-4] - build bind-chroot kit [9.2.2-3] - Change configure to use proper threads model [9.2.2-2] - update to 9.2.2 [9.2.2-1] - update to 9.2.2 [9.2.1-16] - Put a sleep in restart to make sure stop completes * Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt [9.2.1-14] - Separate /etc/rndc.key to separate file [9.2.1-13] - Use openssl's pkgconfig data, if available, at build-time. [9.2.1-12] - Fix log rotate to use service named reload - Change service named reload to give success/failure message [73770] - Fix File checking [75710] - Begin change to automatically run in CHROOT environment [9.2.1-10] - Fix startup script to work like all others. [9.2.1-9] - Fix configure to build on x86_64 platforms * Wed Aug 07 2002 Karsten Hopp <karsten@redhat.de> - fix #70583, doesn't build on IA64 [9.2.1-8] - bind-utils shouldn't require bind [9.2.1-7] - fix name of pidfine in logrotate script (#68842) - fix owner of logfile in logrotate script (#41391) - fix nslookup and named.conf man pages (output on stderr) (#63553, #63560, #63561, #54889, #57457) - add rfc1912 (#50005) - gzip all rfc's - fix typo in keygen.c (#54870) - added missing manpages (#64065) - shutdown named properly with rndc stop (#62492) - /sbin/nologin instead of /bin/false (#68607) - move nsupdate to bind-utils (where the manpage already was) (#66209, #66381) - don't kill initscript when rndc fails (reload) (#58750) [9.2.1-5] - Fix #65975 * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Thu May 23 2002 Tim Powers <timp@redhat.com> - automated rebuild [9.2.1-2] - Move libisccc, lib isccfg and liblwres from bind-utils to bind, they're not required if you aren't running a nameserver. * Fri May 03 2002 Florian La Roche <Florian.LaRoche@redhat.de> - update to 9.2.1 release [9.2.0-8] - Merge 30+ bug fixes from 9.2.1rc1 code [9.2.0-7] - Don't exit if /etc/named.conf doesn't exist if we're running chroot (#60868) - Revert Elliot's changes, we do require specific glibc/glibc-kernheaders versions or bug #58335 will be back. 'It compiles, therefore it works' isn't always true. [9.2.0-6] - Fix BuildRequires (we don't need specific glibc/glibc-kernheaders versions). - Use _smp_mflags [9.2.0-4] - rebuild, require recent autoconf, automake (#58335) * Fri Jan 25 2002 Tim Powers <timp@redhat.com> - rebuild against new libssl * Wed Jan 09 2002 Tim Powers <timp@redhat.com> - automated rebuild [9.2.0-1] - 9.2.0 [9.2.0-0.rc10.2] - 9.2.0rc10 [9.2.0-0.rc8.2] - Fix up rndc.conf (#55574) [9.2.0-0.rc8.1] - rc8 - Enforce --enable-threads [9.2.0-0.rc7.1] - 9.2.0rc7 - Use rndc status for 'service named status', it's supposed to actually work in 9.2.x. [9.2.0-0.rc5.1] - 9.2.0rc5 - Fix rpm --rebuild with ancient libtool versions (#53938, #54257) [9.2.0-0.rc4.1] - 9.2.0rc4 [9.2.0-0.rc3.1] - 9.2.0rc3 - remove ttl patch, I don't think we need this for 8.0. - remove dig.1.bz2 from the bind8-manpages tar file, 9.2 has a new dig man page - add lwres* man pages to -devel [9.1.3-4] - Make sure /etc/rndc.conf isn't world-readable even after the %post script inserted a random key (#53009) [9.1.3-3] - Add build dependencies (#49368) - Make sure running service named start several times doesn't create useless processes (#47596) - Work around the named parent process returning 0 even if the config file is broken (it's parsed later by the child processes) (#45484) [9.1.3-2] - Don't use rndc status, it's not yet implemented (#48839) * Sun Jul 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - update to 9.1.3 release [9.1.3-0.rc3.1] - Fix up rndc configuration and improve security (#46586) [9.1.3-0.rc2.2] - Sync with caching-nameserver-7.1-6 [9.1.3-0.rc2.1] - Update to rc2 [9.1.3-0.rc1.3] - Remove resolv.conf(5) man page, it's now in man-pages [9.1.3-0.rc1.2] - Add named.conf man page from bind 8.x (outdated, but better than nothing, - Rename the rndc key (#42895) - Add dnssec* man pages [9.1.3-0.rc1.1] - 9.1.3rc1 - s/Copyright/License/ [9.1.2-1] - 9.1.2 final. No changes between 9.1.2-0.rc1.1 and this one, except for the version number, though. [9.1.2-0.rc1.1] - 9.1.2rc1 [9.1.1-1] - 9.1.1 [9.1.0-10] - Merge fixes from 9.1.1rc5 [9.1.0-9] - Work around bind 8 -> bind 9 migration problem when using buggy zone files: accept zones without a TTL, but spew out a big fat warning. (#31393) * Thu Mar 08 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add fixes from rc4 * Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - rebuild in new environment * Thu Mar 01 2001 Bernhard Rosenkraenzer <bero@redhat.com> - killall -HUP named if rndc reload fails (#30113) * Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Merge some fixes from 9.1.1rc3 * Tue Feb 20 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Don't use the standard rndc key from the documentation, instead, create a random one at installation time (#26358) - Make /etc/rndc.conf readable by user named only, it contains secret keys * Tue Feb 20 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.1 probably won't be out in time, revert to 9.1.0 and apply fixes from 9.1.1rc2 - bind requires bind-utils (#28317) * Tue Feb 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Update to rc2, fixes 2 more bugs - Fix build with glibc >= 2.2.1-7 * Thu Feb 08 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Update to 9.1.1rc1; fixes 17 bugs (14 of them affecting us; 1 was fixed in a Red Hat patch already, 2 others are portability improvements) * Wed Feb 07 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Remove initscripts 5.54 requirement (#26489) * Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add named-checkconf, named-checkzone (#25170) * Mon Jan 29 2001 Trond Eivind Glomsrod <teg@redhat.com> - use echo, not gprintf * Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix problems with Patch from Daniel Roesen <droesen@entire-systems.com> Bug #24890 * Thu Jan 18 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0 final * Sat Jan 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0rc1 - i18nify init script - bzip2 source to save space * Thu Jan 11 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix %postun script * Tue Jan 09 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0b3 * Mon Jan 08 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add named.conf man page from bind8 (#23503) * Sun Jan 07 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Make /etc/rndc.conf and /etc/sysconfig/named noreplace - Make devel require bind = %{version} rather than just bind * Sun Jan 07 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix init script for real * Sat Jan 06 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix init script when ROOTDIR is not set * Thu Jan 04 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add hooks for setting up named to run chroot (RFE #23246) - Fix up requirements * Fri Dec 29 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0b2 * Wed Dec 20 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Move run files to /var/run/named/ - /var/run isn't writable by the user we're running as. (Bug #20665) * Tue Dec 19 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix reverse lookups (#22272) - Run ldconfig in %post utils * Tue Dec 12 2000 Karsten Hopp <karsten@redhat.de> - fixed logrotate script (wrong path to kill) - include header files in -devel package - bugzilla #22049, #19147, 21606 * Fri Dec 08 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0b1 (9.1.0 is in our timeframe and less buggy) * Mon Nov 13 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.0.1 * Mon Oct 30 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix initscript (Bug #19956) - Add sample rndc.conf (Bug #19956) - Fix build with tar 1.13.18 * Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Add some missing man pages (taken from bind8) (Bug #18794) * Sun Sep 17 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.0.0 final * Wed Aug 30 2000 Bernhard Rosenkraenzer <bero@redhat.com> - rc5 - fix up nslookup * Thu Aug 24 2000 Bernhard Rosenkraenzer <bero@redhat.com> - rc4 * Thu Jul 13 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.0.0rc1 * Wed Jul 12 2000 Prospector <bugzilla@redhat.com> - automatic rebuild * Sun Jul 09 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add 'exit 0' for uninstall case * Fri Jul 07 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add prereq init.d and cleanup install section * Fri Jun 30 2000 Trond Eivind Glomsrod <teg@redhat.com> - fix the init script * Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com> - make libbind.a and nslookup.help readable again by setting INSTALL_LIB to '' * Mon Jun 26 2000 Bernhard Rosenkranzer <bero@redhat.com> - Fix up the initscript (Bug #13033) - Fix build with current glibc (Bug #12755) - /etc/rc.d/init.d -> /etc/init.d - use %{_mandir} rather than /usr/share/man * Mon Jun 19 2000 Bill Nottingham <notting@redhat.com> - fix conflict with man-pages - remove compatibilty chkconfig links - initscript munging * Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com> - modify logrotate setup to use PID file - temporarily disable optimization by unsetting at build-time - actually bump the release this time * Sun Jun 04 2000 Bernhard Rosenkraenzer <bero@redhat.com> - FHS compliance * Mon Apr 17 2000 Nalin Dahyabhai <nalin@redhat.com> - clean up restart patch * Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com> - provide /var/named (fix for bugs #9847, #10205) - preserve args when restarted via ndc(8) (bug #10227) - make resolv.conf(5) a link to resolver(5) (bug #10245) - fix SYSTYPE bug in all makefiles - move creation of named user from %post into %pre * Mon Feb 28 2000 Bernhard Rosenkranzer <bero@redhat.com> - Fix TTL (patch from ISC, Bug #9820) * Wed Feb 16 2000 Bernhard Rosenkranzer <bero@redhat.com> - fix typo in spec (it's %post, without a leading blank) introduced in -6 - change SYSTYPE to linux * Fri Feb 11 2000 Bill Nottingham <notting@redhat.com> - pick a standard < 100 uid/gid for named * Fri Feb 04 2000 Elliot Lee <sopwith@redhat.com> - Pass named a '-u named' parameter by default, and add/remove user. * Thu Feb 03 2000 Bernhard Rosenkraenzer <bero@redhat.com> - fix host mx bug (Bug #9021) * Mon Jan 31 2000 Cristian Gafton <gafton@redhat.com> - rebuild to fix dependencies - man pages are compressed * Wed Jan 19 2000 Bernhard Rosenkraenzer <bero@redhat.com> - It's /usr/bin/killall, not /usr/sbin/killall (Bug #8063) * Mon Jan 17 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix up location of named-bootconf.pl and make it executable (Bug #8028) - bind-devel requires bind * Mon Nov 15 1999 Bernhard Rosenkraenzer <bero@redhat.com> - update to 8.2.2-P5 * Wed Nov 10 1999 Bill Nottingham <notting@redhat.com> - update to 8.2.2-P3 * Tue Oct 12 1999 Cristian Gafton <gafton@redhat.com> - add patch to stop a cache only server from complaining about lame servers on every request. * Fri Sep 24 1999 Preston Brown <pbrown@redhat.com> - use real stop and start in named.init for restart, not ndc restart, it has problems when named has changed during a package update... (# 4890) * Fri Sep 10 1999 Bill Nottingham <notting@redhat.com> - chkconfig --del in %preun, not %postun * Mon Aug 16 1999 Bill Nottingham <notting@redhat.com> - initscript munging * Mon Jul 26 1999 Bill Nottingham <notting@redhat.com> - fix installed chkconfig links to match init file * Sat Jul 03 1999 Jeff Johnson <jbj@redhat.com> - conflict with new (in man-1.24) man pages (#3876,#3877). * Tue Jun 29 1999 Bill Nottingham <notting@redhat.com> - fix named.logrotate (wrong %SOURCE) * Fri Jun 25 1999 Jeff Johnson <jbj@redhat.com> - update to 8.2.1. - add named.logrotate (#3571). - hack around egcs-1.1.2 -m486 bug (#3413, #3485). - vet file list. * Fri Jun 18 1999 Bill Nottingham <notting@redhat.com> - don't run by default * Sun May 30 1999 Jeff Johnson <jbj@redhat.com> - nslookup fixes (#2463). - missing files (#3152). * Sat May 01 1999 Stepan Kasal <kasal@math.cas.cz> - nslookup patched: to count numRecords properly to fix subsequent calls to ls -d to parse 'view' and 'finger' commands properly the view hack updated for bind-8 (using sed) * Wed Mar 31 1999 Bill Nottingham <notting@redhat.com> - add ISC patch - add quick hack to make host not crash - add more docs * Fri Mar 26 1999 Cristian Gafton <gafton@redhat.com> - add probing information in the init file to keep linuxconf happy - dont strip libbind * Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> - auto rebuild in the new build environment (release 3) * Wed Mar 17 1999 Preston Brown <pbrown@redhat.com> - removed 'done' output at named shutdown. * Tue Mar 16 1999 Cristian Gafton <gafton@redhat.com> - version 8.2 * Wed Dec 30 1998 Cristian Gafton <gafton@redhat.com> - patch to use the __FDS_BITS macro - build for glibc 2.1 * Wed Sep 23 1998 Jeff Johnson <jbj@redhat.com> - change named.restart to /usr/sbin/ndc restart * Sat Sep 19 1998 Jeff Johnson <jbj@redhat.com> - install man pages correctly. - change K10named to K45named. * Wed Aug 12 1998 Jeff Johnson <jbj@redhat.com> - don't start if /etc/named.conf doesn't exist. * Sat Aug 08 1998 Jeff Johnson <jbj@redhat.com> - autmagically create /etc/named.conf from /etc/named.boot in %post - remove echo in %post * Wed Jun 10 1998 Jeff Johnson <jbj@redhat.com> - merge in 5.1 mods * Sun Apr 12 1998 Manuel J. Galan <manolow@step.es> - Several essential modifications to build and install correctly. - Modified 'ndc' to avoid deprecated use of '-' * Mon Dec 22 1997 Scott Lampert <fortunato@heavymetal.org> - Used buildroot - patched bin/named/ns_udp.c to use <libelf/nlist.h> for include on Redhat 5.0 instead of <nlist.h> IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-5741 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [0.14-11.0.1] - precalculate buffer size in base64 functions [Orabug: 33835910][CVE-2021-45417] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-45417 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [2.1.23-15.0.1.2] - Escape password for SQL insert/update commands [CVE-2022-24407][Orabug: 33936121] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24407 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 6 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [2.2.15-69.0.3] - core: Simpler connection close logic [CVE-2022-22720][Orabug: 33991577] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22720 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.61.2] - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34023956] [4.1.12-124.61.1] - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835812] {CVE-2022-0330} - drm/i915: Reduce locking in execlist command submission (Chris Wilson) [Orabug: 33835812] {CVE-2022-0330} - ipv4: make exception cache less predictible (Eric Dumazet) [Orabug: 33894531] {CVE-2021-20322} - route: also update fnhe_genid when updating a route cache (Xin Long) [Orabug: 33894531] {CVE-2021-20322} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - sctp: add vtag check in sctp_sf_violation (Xin Long) [Orabug: 33924717] {CVE-2021-3772} - sctp: use init_tag from inithdr for ABORT chunk (Xin Long) [Orabug: 33924717] {CVE-2021-3772} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962995] {CVE-2022-26966} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-20322 CVE-2021-3772 CVE-2022-26966 CVE-2020-36516 CVE-2022-0330 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.1e-58] - fix CVE-2019-1559 - 0-byte record padding oracle [1.0.1e-57] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher [1.0.1e-55] - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts [1.0.1e-54] - fix handling of ciphersuites present after the FALLBACK_SCSV ciphersuite entry (#1386350) [1.0.1e-53] - add README.legacy-settings [1.0.1e-52] - deprecate and disable verification of insecure hash algorithms - disallow DH keys with less than 1024 bits in TLS client - remove support for weak and export ciphersuites - use correct digest when exporting keying material in TLS1.2 (#1376741) [1.0.1e-50] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates [1.0.1e-49] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-42] - fix regression caused by mistake in fix for CVE-2015-1791 [1.0.1e-41] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-40] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-39] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-38] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-37] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-36] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-35] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-34] - copy digest algorithm when handling SNI context switch - improve documentation of ciphersuites - patch by Hubert Kario - add support for setting Kerberos service and keytab in s_server and s_client [1.0.1e-33] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records [1.0.1e-32] - use FIPS approved method for computation of d in RSA [1.0.1e-31] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:6:10:userspace_ksplice_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.62.3] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679806] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679806] - af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) [Orabug: 33679806] {CVE-2021-0920} - net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 33679806] [4.1.12-124.62.2] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012926] {CVE-2022-1016} - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (Nikola Livic) [Orabug: 34020970] {CVE-2021-4157} [4.1.12-124.62.1] - Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) [Orabug: 33014054] {CVE-2021-3573} - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617221] {CVE-2021-4002} - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870269] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870269] {CVE-2022-0617} - phonet: refcount leak in pep_sock_accep (Hangyu Hua) [Orabug: 33962762] {CVE-2021-45095} - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997139] {CVE-2021-4149} - quota: correct error number in free_dqentry() (Zhang Yi) [Orabug: 33997256] {CVE-2021-45868} - quota: check block number when reading the block in quota file (Zhang Yi) [Orabug: 33997256] {CVE-2021-45868} - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (Eric Dumazet) [Orabug: 34006847] {CVE-2021-4203} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3573 CVE-2021-4002 CVE-2021-45868 CVE-2022-0617 CVE-2021-4149 CVE-2021-4203 CVE-2021-0920 CVE-2021-45095 CVE-2022-1016 CVE-2021-4157 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.0.1-13.0.1] - Prevent integer overflow in storeRawNames [CVE-2022-25315][Orabug: 34059442] - Add missing validation of encoding [CVE-2022-25235][Orabug: 34059442] - Protect against malicious namespace declarations [CVE-2022-25236][Orabug: 34059442] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25236 CVE-2022-25235 CVE-2022-25315 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [0:1.2.14-6.4.2] - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 - [Orabug: 33868008] [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23307 CVE-2017-5645 CVE-2022-23305 CVE-2022-23302 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.62.3.1] - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34152701] {CVE-2022-21499} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.64.1] - iscsi-target: Fix the issue with shutdown_session removal (Gulam Mohamed) [Orabug: 29661566] - scsi: target: fix hang when multiple threads try to destroy the same iscsi session (Gulam Mohamed) [Orabug: 29661566] - scsi: target: remove boilerplate code (Gulam Mohamed) [Orabug: 29661566] - iscsi-target: remove usage of ->shutdown_session (Gulam Mohamed) [Orabug: 29661566] - Drop the left-over iscsi-target hack (Gulam Mohamed) [Orabug: 29661566] - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048290] {CVE-2022-28388} - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048329] {CVE-2022-28390} - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218641] {CVE-2022-1652} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1652 CVE-2022-28388 CVE-2022-28390 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [1.2.3-29.0.1] - Fix a bug that can crash deflate when using Z_FIXED [CVE-2018-25032][Orabug: 34161396] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [4.1.12-124.65.1] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825689] {CVE-2022-0492} - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34091904] - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34091904] - ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34091904] - uek: kabi: new kABI symbols by USM and fix kABI files (Saeed Mirzamohammadi) [Orabug: 34233929] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) [Orabug: 34247343] {CVE-2022-32250} - netfilter: nf_tables: fix memory leak if expr init fails (Liping Zhang) [Orabug: 34247343] - floppy: disable FDRAWCMD by default (Willy Tarreau) [Orabug: 34308428] {CVE-2022-33981} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-33981 CVE-2022-32250 CVE-2022-0492 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [3:1.17-33.31.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [3:1.17-33.31.0.2] - update Intel microcode bundle to 20210608 [3:1.17-33.31.0.1] - recognize the 'force-intel' file path available on EL7+ [orabug 31655792] - disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792] - merge Oracle changes for early load via dracut - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - remove other caveat support to be compatible with early load logic - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21127 CVE-2022-21166 CVE-2022-21125 CVE-2022-21123 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 6 [2.2.15-69.0.4] - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34317859] [2.2.15-69.0.3] - core: Simpler connection close logic [CVE-2022-22720][Orabug: 33991577] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31813 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.65.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] {CVE-2022-2588} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.2.15-69.0.5] - handle large writes in ap_rputs [CVE-2022-28614][Orabug: 34317854] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28614 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.66.3] - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [Orabug: 33981149] {CVE-2022-1011} - vt: drop old FONT ioctls (Jiri Slaby) [Orabug: 34408794] {CVE-2021-33656} - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) [Orabug: 34408910] {CVE-2021-33655} - fbcon: Disallow setting font bigger than screen size (Helge Deller) [Orabug: 34408910] {CVE-2021-33655} - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419974] {CVE-2022-21546} - scsi/eh: fix hang adding ehandler wakeups after decrementing host_busy (Gulam Mohamed) [Orabug: 33349684] [Orabug: 34492498] [4.1.12-124.66.2] - mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501997] {CVE-2019-9213} - ACPICA: Reference Counts: increase max to 0x4000 for large servers (Erik Schmauss) - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit (Eric W. Biederman) [Orabug: 33917058] {CVE-2020-36516} - ipv4: igmp: guard against silly MTU values (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - inet: constify ip_dont_fragment() arguments (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - ip: constify ip_build_and_send_pkt() socket argument (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Eric Biggers) [Orabug: 34433461] {CVE-2020-36557} - vt: vt_ioctl: fix race in VT_RESIZEX (Eric Dumazet) [Orabug: 34433476] {CVE-2020-36558} - VT_RESIZEX: get rid of field-by-field copyin (Al Viro) [Orabug: 34433476] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] [Orabug: 34484730] {CVE-2022-2588} [4.1.12-124.66.1] - net: fix uninit-value in __hw_addr_add_ex() (Eric Dumazet) [Orabug: 34395887] - mac80211: silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34396283] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1011 CVE-2020-36558 CVE-2020-36516 CVE-2022-2588 CVE-2021-33655 CVE-2021-33656 CVE-2022-21546 CVE-2020-36557 CVE-2019-9213 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.6.32-754.35.1.0.6.OL6] [[:digit]o_epoll_ctl(): clean the failure exits up a bit (Marc Zyngier) {CVE-2020-0466} [Orabug: 34086960] - epoll: Keep a reference on files added to the check list (Al Viro) {CVE-2020-0466} [Orabug: 34086960] - fix regression in 'epoll: Keep a reference on files added to the check list (Al Viro) {CVE-2021-1048} [Orabug: 34086960] - net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 34086960] - af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) {CVE-2021-0920} [Orabug: 34086960] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) {CVE-2021-4155} [Orabug: 34086960] - cgroup-v1: Require capabilities to set release_agent (Waiman Long) {CVE-2022-0492} [Orabug: 34086960] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0492 CVE-2020-0466 CVE-2021-0920 CVE-2021-4155 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 rsyslog [5.8.10-12.0.2] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] rsyslog7 [7.4.10-7.0.1] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24903 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 6 [2.6.32-754.35.1.0.7.OL6] - bluetooth: eliminate the potential race condition when removing the HCI controller (Lin Ma) {CVE-2021-32399} [Orabug: 33763116] - RDMA/ucma: Put a lock around every call to the rdma_cm layer (Jason Gunthorpe) [Orabug: 33763116] - RDMA/cma: Add missing locking to rdma_accept() (Leon Romanovsky) [Orabug: 33763116] - RDMA/ucma: Fix the locking of ctx->file (Leon Romanovsky) [Orabug: 33763116] - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (Jason Gunthorpe) {CVE-2020-36385} [Orabug: 33763116] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-32399 CVE-2020-36385 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.67.3] - media: imon: Fix null-ptr-deref in imon_probe (Arvind Yadav) [Orabug: 31225377] {CVE-2017-16537} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914703] {CVE-2020-14390} - inet: use bigger hash table for IP ID generation (Eric Dumazet) [Orabug: 33778986] {CVE-2021-45486} - ipv4: speedup ip_idents_reserve() (Eric Dumazet) [Orabug: 33778986] [4.1.12-124.67.2] - media: v4l: ioctl: Fix memory leak in video_usercopy (Sakari Ailus) [Orabug: 32759975] {CVE-2021-30002} - usbnet: silence an unnecessary warning (Oliver Neukum) [Orabug: 23589045] - futex: Remove requirement for lock_page() in get_futex_key() (Mel Gorman) [Orabug: 29048998] {CVE-2018-9422} - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) [Orabug: 33784271] {CVE-2021-43976} - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566754] {CVE-2022-3028} - ext4: fix kernel infoleak via ext4_extent_header (Anirudh Rayabharam) [Orabug: 34579226] {CVE-2022-0850} - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn) [Orabug: 34594265] {CVE-2022-2964} - net: usb: ax88179_178a: initialize local variables before use (Phillip Potter) [Orabug: 34594265] - net: usb: ax88179_178a: fix packet alignment padding (Jeremy Kerr) [Orabug: 34594265] - ax88179_178a: Check for supported Wake-on-LAN modes (Florian Fainelli) [Orabug: 34594265] - Net Driver: Add Cypress GX3 VID=04b4 PID=3610. (Allan Chou) [Orabug: 34594265] [4.1.12-124.67.1] - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (Eric Biggers) [Orabug: 27902747] {CVE-2017-7472} - KEYS: prevent creating a different user's keyrings (Eric Biggers) [Orabug: 29013653] {CVE-2017-18270} - scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350699] {CVE-2020-12770} - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) [Orabug: 34503626] {CVE-2022-36879} - ext4: verify dir block before splitting it (Jan Kara) [Orabug: 34555416] {CVE-2022-1184} - dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) [Orabug: 34555434] {CVE-2022-2503} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2020-12770 CVE-2017-7472 CVE-2021-45486 CVE-2017-16537 CVE-2022-3028 CVE-2022-0850 CVE-2022-2503 CVE-2021-43976 CVE-2022-2964 CVE-2017-18270 CVE-2018-9422 CVE-2020-14390 CVE-2021-30002 CVE-2022-1184 CVE-2022-36879 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.0.1-13.0.2] - Ensure raw tagnames are safe exiting internalEntityParser [CVE-2022-40674][Orabug: 34694174] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [1.95.8-8.0.1] - Ensure raw tagnames are safe exiting internalEntityParser [CVE-2022-40674][Orabug: 34708578] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [1.2.3-29.0.3] - Fix for CVE-2022-37474 [Orabug: 34759428] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 6 [2.6.32-754.49.1.OL6] - x86/speculation: Use generic retpoline by default on AMD {CVE-2021-26401} [Orabug: 34986011] MODERATE Copyright 2023 Oracle, Inc. CVE-2021-26401 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [1:1.8.0.10-12.0.1] - Fix possible remote code execution vulnerability [CVE-2022-41853][Orabug: 34820687] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-41853 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [1.10.3-65.0.1] - Fix integer overflows in PAC parsing (CVE-2022-42898) [Orabug: 34843511] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-42898 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.71.3] - USB: core: Prevent nested device-reset calls (Alan Stern) [Orabug: 34951641] {CVE-2022-4662} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896} - Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg) [Orabug: 34833307] - ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner) [Orabug: 34190035] [4.1.12-124.71.2] - scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34970763] - check-kabi provides exception on broken symbols (Alok Tiwari) [Orabug: 34742865] - KABI validation broken on UEK4 for symbols change (Alok Tiwari) [Orabug: 34742865] - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) [Orabug: 34719829] {CVE-2022-3564} - Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik) [Orabug: 34719829] {CVE-2022-3564} [4.1.12-124.71.1] - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) [Orabug: 34951662] {CVE-2022-42895} {CVE-2022-42895} - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) [Orabug: 34951546] {CVE-2022-3628} - tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719347] {CVE-2022-3524} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3628 CVE-2022-3524 CVE-2022-42896 CVE-2022-42895 CVE-2022-4662 CVE-2022-3564 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 8 [1.8.6p3-29.0.4.el6_10.3] - Fixed Privilege escalation CVE-2023-22809 for sudoedit [Orabug: 35037922] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-22809 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.72.2] - net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983616] {CVE-2023-23455} - Bluetooth: L2CAP: Fix u8 overflow (Sungwoo Kim) [Orabug: 34880763] {CVE-2022-45934} [4.1.12-124.72.1] - target: Invoke transport_lun_remove_cmd() to remove tmr form the list (Gulam Mohamed) [Orabug: 34812128] [Orabug: 35062711] - scsi: target: core: Remove from tmr_list during LUN unlink (Gulam Mohamed) [Orabug: 34812128] [Orabug: 35062711] - target: Inline transport_cmd_check_stop() (Gulam Mohamed) [Orabug: 34812128] [Orabug: 35062711] - target: Stop execution if CMD_T_STOP has been set (Gulam Mohamed) [Orabug: 34812128] [Orabug: 35062711] - drivers: net: slip: fix NPD bug in sl_tx_timeout() (Duoming Zhou) [Orabug: 35005738] {CVE-2022-41858} - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Zheyu Ma) [Orabug: 34555529] {CVE-2022-2873} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23455 CVE-2022-45934 CVE-2022-41858 CVE-2022-2873 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.73.2] - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [Orabug: 35181628] {CVE-2023-1095} - sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) [Orabug: 35181461] {CVE-2023-1074} - HID: check empty report_list in hid_validate_values() (Pietro Borrello) [Orabug: 35181168] {CVE-2023-1073} - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (Will Deacon) [Orabug: 35180270] {CVE-2020-0404} [4.1.12-124.73.1] - mm/mincore.c: make mincore() more conservative (Jiri Kosina) [Orabug: 35133279] {CVE-2019-5489} - mm: introduce vma_is_anonymous(vma) helper (Oleg Nesterov) [Orabug: 35133279] - Revert 'Change mincore() to count 'mapped' pages rather than 'cached' pages' (Linus Torvalds) [Orabug: 35124616] - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005831] {CVE-2023-0394} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1095 CVE-2023-0394 CVE-2019-5489 CVE-2020-0404 CVE-2023-1073 CVE-2023-1074 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [3.44.0-7.0.3] - Back port nss security update CVE-2023-0767 [Orabug: 35205543] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0767 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [1.0.1e-59.0.4] - Backport fixes for CVE-2023-0286 [Orabug: 35212597] [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.1e-58] - fix CVE-2019-1559 - 0-byte record padding oracle [1.0.1e-57] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher [1.0.1e-55] - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts [1.0.1e-54] - fix handling of ciphersuites present after the FALLBACK_SCSV ciphersuite entry (#1386350) [1.0.1e-53] - add README.legacy-settings [1.0.1e-52] - deprecate and disable verification of insecure hash algorithms - disallow DH keys with less than 1024 bits in TLS client - remove support for weak and export ciphersuites - use correct digest when exporting keying material in TLS1.2 (#1376741) [1.0.1e-50] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates [1.0.1e-49] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-42] - fix regression caused by mistake in fix for CVE-2015-1791 [1.0.1e-41] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-40] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-39] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-38] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-37] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-36] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-35] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-34] - copy digest algorithm when handling SNI context switch - improve documentation of ciphersuites - patch by Hubert Kario - add support for setting Kerberos service and keytab in s_server and s_client [1.0.1e-33] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records [1.0.1e-32] - use FIPS approved method for computation of d in RSA [1.0.1e-31] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document [1.0.0-8] - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode [1.0.0-7] - listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6 (#601612) - fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers (#619762) [1.0.0-6] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-5] - fix race in extension parsing code - CVE-2010-3864 (#649304) [1.0.0-4] - openssl man page fix (#609484) [1.0.0-3] - fix wrong ASN.1 definition of OriginatorInfo - CVE-2010-0742 (#598738) - fix information leak in rsa_verify_recover - CVE-2010-1633 (#598732) [1.0.0-2] - make CA dir readable - the private keys are in private subdir (#584810) - a few fixes from upstream CVS - make X509_NAME_hash_old work in FIPS mode (#568395) [1.0.0-1] - update to final 1.0.0 upstream release [1.0.0-0.22.beta5] - make TLS work in the FIPS mode [1.0.0-0.21.beta5] - gracefully handle zero length in assembler implementations of OPENSSL_cleanse (#564029) - do not fail in s_server if client hostname not resolvable (#561260) [1.0.0-0.20.beta5] - new upstream release [1.0.0-0.19.beta4] - fix CVE-2009-4355 - leak in applications incorrectly calling CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling [1.0.0-0.18.beta4] - add support for Intel AES-NI [1.0.0-0.17.beta4] - upstream fix compression handling on session resumption - various null checks and other small fixes from upstream - upstream changes for the renegotiation info according to the latest draft [1.0.0-0.16.beta4] - fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS [1.0.0-0.15.beta4] - add better error reporting for the unsafe renegotiation [1.0.0-0.14.beta4] - fix build on s390x [1.0.0-0.13.beta4] - disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot [1.0.0-0.12.beta4] - keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check [1.0.0-0.11.beta4] - update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final. [1.0.0-0.10.beta3] - fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342) [1.0.0-0.9.beta3] - fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION() [1.0.0-0.8.beta3] - fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127) [1.0.0-0.7.beta3] - temporarily disable x86_64 camellia assembler code (#521127) [1.0.0-0.6.beta3] - fix openssl dgst -dss1 (#520152) [1.0.0-0.5.beta3] - drop the compat symlink hacks [1.0.0-0.4.beta3] - constify SSL_CIPHER_description() [1.0.0-0.3.beta3] - fix WWW:Curl:Easy reference in tsget [1.0.0-0.2.beta3] - enable MD-2 [1.0.0-0.1.beta3] - update to new major upstream release [0.9.8k-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Bill Nottingham <notting@redhat.com> - do not build special 'optimized' versions for i686, as that's the base arch in Fedora now [0.9.8k-6] - abort if selftests failed and random number generator is polled - mention EVP_aes and EVP_sha2xx routines in the manpages - add README.FIPS - make CA dir absolute path (#445344) - change default length for RSA key generation to 2048 (#484101) [0.9.8k-5] - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572) [0.9.8k-4] - support compatibility DTLS mode for CISCO AnyConnect (#464629) [0.9.8k-3] - correct the SHLIB_VERSION define [0.9.8k-2] - add support for multiple CRLs with same subject - load only dynamic engine support in FIPS mode [0.9.8k-1] - update to new upstream release (minor bug fixes, security fixes and machine code optimizations only) [0.9.8j-10] - move libraries to /usr/lib (#239375) [0.9.8j-9] - add a static subpackage [0.9.8j-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [0.9.8j-7] - must also verify checksum of libssl.so in the FIPS mode - obtain the seed for FIPS rng directly from the kernel device - drop the temporary symlinks [0.9.8j-6] - drop the temporary triggerpostun and symlinking in post - fix the pkgconfig files and drop the unnecessary buildrequires on pkgconfig as it is a rpmbuild dependency (#481419) [0.9.8j-5] - add temporary triggerpostun to reinstate the symlinks [0.9.8j-4] - no pairwise key tests in non-fips mode (#479817) [0.9.8j-3] - even more robust test for the temporary symlinks [0.9.8j-2] - try to ensure the temporary symlinks exist [0.9.8j-1] - new upstream version with necessary soname bump (#455753) - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) - add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493) [0.9.8g-11] - do not add tls extensions to server hello for SSLv3 either [0.9.8g-10] - move root CA bundle to ca-certificates package [0.9.8g-9] - fix CVE-2008-0891 - server name extension crash (#448492) - fix CVE-2008-1672 - server key exchange message omit crash (#448495) [0.9.8g-8] - super-H arch support - drop workaround for bug 199604 as it should be fixed in gcc-4.3 [0.9.8g-7] - sparc handling [0.9.8g-6] - update to new root CA bundle from mozilla.org (r1.45) [0.9.8g-5] - Autorebuild for GCC 4.3 [0.9.8g-4] - merge review fixes (#226220) - adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846) [0.9.8g-3] - set default paths when no explicit paths are set (#418771) - do not add tls extensions to client hello for SSLv3 (#422081) [0.9.8g-2] - enable some new crypto algorithms and features - add some more important bug fixes from openssl CVS [0.9.8g-1] - update to latest upstream release, SONAME bumped to 7 [0.9.8b-17] - update to new CA bundle from mozilla.org [0.9.8b-16] - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) - add alpha sub-archs (#296031) [0.9.8b-15] - rebuild [0.9.8b-14] - use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys (#250577) - make ssl session cache id matching strict (#233599) [0.9.8b-13] - allow building on ARM architectures (#245417) - use reference timestamps to prevent multilib conflicts (#218064) - -devel package must require pkgconfig (#241031) [0.9.8b-12] - detect duplicates in add_dir properly (#206346) [0.9.8b-11] - the previous change still didn't make X509_NAME_cmp transitive [0.9.8b-10] - make X509_NAME_cmp transitive otherwise certificate lookup is broken (#216050) [0.9.8b-9] - aliasing bug in engine loading, patch by IBM (#213216) [0.9.8b-8] - CVE-2006-2940 fix was incorrect (#208744) [0.9.8b-7] - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940) [0.9.8b-6] - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) [0.9.8b-5] - set buffering to none on stdio/stdout FILE when bufsize is set (#200580) patch by IBM [0.9.8b-4.1] - rebuild with new binutils (#200330) [0.9.8b-4] - add a temporary workaround for sha512 test failure on s390 (#199604) * Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) - add patches for BN threadsafety, AES cache collision attack hazard fix and pkcs7 code memleak fix from upstream CVS [0.9.8b-3.1] - rebuild [0.9.8b-3] - dropped libica and ica engine from build * Wed Jun 21 2006 Joe Orton <jorton@redhat.com> - update to new CA bundle from mozilla.org; adds CA certificates from netlock.hu and startcom.org [0.9.8b-2] - fixed a few rpmlint warnings - better fix for #173399 from upstream - upstream fix for pkcs12 [0.9.8b-1] - upgrade to new version, stays ABI compatible - there is no more linux/config.h (it was empty anyway) [0.9.8a-6] - fix stale open handles in libica (#177155) - fix build if 'rand' or 'passwd' in buildroot path (#178782) - initialize VIA Padlock engine (#186857) [0.9.8a-5.2] - bump again for double-long bug on ppc(64) [0.9.8a-5.1] - rebuilt for new gcc4.1 snapshot and glibc changes [0.9.8a-5] - don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [0.9.8a-4] - fix build (-lcrypto was erroneusly dropped) of the updated libica - updated ICA engine to 1.3.6-rc3 [0.9.8a-3] - disable builtin compression methods for now until they work properly (#173399) [0.9.8a-2] - don't set -rpath for openssl binary [0.9.8a-1] - new upstream version - patches partially renumbered [0.9.7f-11] - updated IBM ICA engine library and patch to latest upstream version [0.9.7f-10] - fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803) [0.9.7f-9] - add *.so.soversion as symlinks in /lib (#165264) - remove unpackaged symlinks (#159595) - fixes from upstream (constant time fixes for DSA, bn assembler div on ppc arch, initialize memory on realloc) [0.9.7f-8] - Updated ICA engine IBM patch to latest upstream version. [0.9.7f-7] - fix CAN-2005-0109 - use constant time/memory access mod_exp so bits of private key aren't leaked by cache eviction (#157631) - a few more fixes from upstream 0.9.7g [0.9.7f-6] - use poll instead of select in rand (#128285) - fix Makefile.certificate to point to /etc/pki/tls - change the default string mask in ASN1 to PrintableString+UTF8String [0.9.7f-5] - update to revision 1.37 of Mozilla CA bundle [0.9.7f-4] - move certificates to _sysconfdir/pki/tls (#143392) - move CA directories to _sysconfdir/pki/CA - patch the CA script and the default config so it points to the CA directories [0.9.7f-3] - uninitialized variable mustn't be used as input in inline assembly - reenable the x86_64 assembly again [0.9.7f-2] - add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken - disable broken bignum assembly on x86_64 [0.9.7f-1] - reenable optimizations on ppc64 and assembly code on ia64 - upgrade to new upstream version (no soname bump needed) - disable thread test - it was testing the backport of the RSA blinding - no longer needed - added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903) [0.9.7e-3] - libcrypto shouldn't depend on libkrb5 (#135961) [0.9.7e-2] - rebuild [0.9.7e-1] - new upstream source, updated patches - added patch so we are hopefully ABI compatible with upcoming 0.9.7f * Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com> - Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq [0.9.7a-46] - generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32) [0.9.7a-45] - Fixed and updated libica-1.3.4-urandom.patch patch (#122967) [0.9.7a-44] - rebuild [0.9.7a-43] - rebuild [0.9.7a-42] - rebuild [0.9.7a-41] - remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040) [0.9.7a-40] - Include latest libica version with important bugfixes * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-38] - Updated ICA engine IBM patch to latest upstream version. [0.9.7a-37] - build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik) [0.9.7a-36] - handle %{_arch}=i486/i586/i686/athlon cases in the intermediate header (#124303) [0.9.7a-35] - add security fixes for CAN-2004-0079, CAN-2004-0112 * Tue Mar 16 2004 Phil Knirsch <pknirsch@redhat.com> - Fixed libica filespec. [0.9.7a-34] - ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix the intermediate header [0.9.7a-33] - add an intermediate <openssl/opensslconf.h> which points to the right arch-specific opensslconf.h on multilib arches * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-32] - Updated libica to latest upstream version 1.3.5. [0.9.7a-31] - Update ICA crypto engine patch from IBM to latest version. * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [0.9.7a-29] - rebuilt [0.9.7a-28] - Fixed libica build. * Wed Feb 04 2004 Nalin Dahyabhai <nalin@redhat.com> - add '-ldl' to link flags added for Linux-on-ARM (#99313) [0.9.7a-27] - updated ca-bundle.crt: removed expired GeoTrust roots, added freessl.com root, removed trustcenter.de Class 0 root [0.9.7a-26] - Fix link line for libssl (bug #111154). [0.9.7a-25] - add dependency on zlib-devel for the -devel package, which depends on zlib symbols because we enable zlib for libssl (#102962) [0.9.7a-24] - Use /dev/urandom instead of PRNG for libica. - Apply libica-1.3.5 fix for /dev/urandom in icalinux.c - Use latest ICA engine patch from IBM. [0.9.7a-22.1] - rebuild [0.9.7a-22] - rebuild (22 wasn't actually built, fun eh?) [0.9.7a-23] - re-disable optimizations on ppc64 * Tue Sep 30 2003 Joe Orton <jorton@redhat.com> - add a_mbstr.c fix for 64-bit platforms from CVS [0.9.7a-22] - add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged as not needing executable stacks [0.9.7a-21] - rebuild * Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> - re-enable optimizations on ppc64 * Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> - remove exclusivearch [0.9.7a-20] - only parse a client cert if one was requested - temporarily exclusivearch for %{ix86} * Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> - add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544) and heap corruption (CAN-2003-0545) - update RHNS-CA-CERT files - ease back on the number of threads used in the threading test [0.9.7a-19] - rebuild to fix gzipped file md5sums (#91211) [0.9.7a-18] - Updated libica to version 1.3.4. [0.9.7a-17] - rebuild [0.9.7a-10.9] - free the kssl_ctx structure when we free an SSL structure (#99066) [0.9.7a-16] - rebuild [0.9.7a-15] - lower thread test count on s390x [0.9.7a-14] - rebuild [0.9.7a-13] - disable assembly on arches where it seems to conflict with threading [0.9.7a-12] - Updated libica to latest upstream version 1.3.0 [0.9.7a-9.9] - rebuild [0.9.7a-11] - rebuild [0.9.7a-10] - ubsec: don't stomp on output data which might also be input data [0.9.7a-9] - temporarily disable optimizations on ppc64 * Mon Jun 09 2003 Nalin Dahyabhai <nalin@redhat.com> - backport fix for engine-used-for-everything from 0.9.7b - backport fix for prng not being seeded causing problems, also from 0.9.7b - add a check at build-time to ensure that RSA is thread-safe - keep perlpath from stomping on the libica configure scripts * Fri Jun 06 2003 Nalin Dahyabhai <nalin@redhat.com> - thread-safety fix for RSA blinding [0.9.7a-8] - rebuilt [0.9.7a-7] - Added libica-1.2 to openssl (featurerequest). [0.9.7a-6] - fix building with incorrect flags on ppc64 [0.9.7a-5] - add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's attack (CAN-2003-0131) [ 0.9.7a-4] - add patch to enable RSA blinding by default, closing a timing attack (CAN-2003-0147) [0.9.7a-3] - disable use of BN assembly module on x86_64, but continue to allow inline assembly (#83403) [0.9.7a-2] - disable EC algorithms [0.9.7a-1] - update to 0.9.7a [0.9.7-8] - add fix to guard against attempts to allocate negative amounts of memory - add patch for CAN-2003-0078, fixing a timing attack [0.9.7-7] - Add openssl-ppc64.patch [0.9.7-6] - EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(), to get the right behavior when passed uninitialized context structures (#83766) - build with -mcpu=ev5 on alpha family (#83828) * Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt [0.9.7-4] - Added IBM hw crypto support patch. * Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> - add missing builddep on sed [0.9.7-3] - debloat - fix broken manpage symlinks [0.9.7-2] - fix double-free in 'openssl ca' [0.9.7-1] - update to 0.9.7 final [0.9.7-0] - update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) * Wed Dec 11 2002 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) [0.9.6b-30] - add configuration stanza for x86_64 and use it on x86_64 - build for linux-ppc on ppc - start running the self-tests again [0.9.6b-29hammer.3] - Merge fixes from previous hammer packages, including general x86-64 and multilib [0.9.6b-29] - rebuild [0.9.6b-28] - update asn patch to fix accidental reversal of a logic check [0.9.6b-27] - update asn patch to reduce chance that compiler optimization will remove one of the added tests [0.9.6b-26] - rebuild [0.9.6b-25] - add patch to fix ASN.1 vulnerabilities [0.9.6b-24] - add backport of Ben Laurie's patches for OpenSSL 0.9.6d [0.9.6b-23] - own {_datadir}/ssl/misc * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Sun May 26 2002 Tim Powers <timp@redhat.com> - automated rebuild [0.9.6b-20] - free ride through the build system (whee!) [0.9.6b-19] - rebuild in new environment [0.9.6b-17, 0.9.6b-18] - merge RHL-specific bits into stronghold package, rename [stronghold-0.9.6c-2] - add support for Chrysalis Luna token * Tue Mar 26 2002 Gary Benson <gbenson@redhat.com> - disable AEP random number generation, other AEP fixes [0.9.6b-15] - only build subpackages on primary arches [0.9.6b-13] - on ia32, only disable use of assembler on i386 - enable assembly on ia64 [0.9.6b-11] - fix sparcv9 entry [stronghold-0.9.6c-1] - upgrade to 0.9.6c - bump BuildArch to i686 and enable assembler on all platforms - synchronise with shrimpy and rawhide - bump soversion to 3 * Wed Oct 10 2001 Florian La Roche <Florian.LaRoche@redhat.de> - delete BN_LLONG for s390x, patch from Oliver Paukstadt [0.9.6b-9] - update AEP driver patch * Mon Sep 10 2001 Nalin Dahyabhai <nalin@redhat.com> - adjust RNG disabling patch to match version of patch from Broadcom [0.9.6b-8] - disable the RNG in the ubsec engine driver [0.9.6b-7] - tweaks to the ubsec engine driver [0.9.6b-6] - tweaks to the ubsec engine driver [0.9.6b-5] - update ubsec engine driver from Broadcom [0.9.6b-4] - move man pages back to %{_mandir}/man?/foo.?ssl from %{_mandir}/man?ssl/foo.? - add an [ engine ] section to the default configuration file * Thu Aug 09 2001 Nalin Dahyabhai <nalin@redhat.com> - add a patch for selecting a default engine in SSL_library_init() [0.9.6b-3] - add patches for AEP hardware support - add patch to keep trying when we fail to load a cert from a file and there are more in the file - add missing prototype for ENGINE_ubsec() in engine_int.h [0.9.6b-2] - actually add hw_ubsec to the engine list * Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com> - add in the hw_ubsec driver from CVS [0.9.6b-1] - update to 0.9.6b * Thu Jul 05 2001 Nalin Dahyabhai <nalin@redhat.com> - move .so symlinks back to %{_libdir} * Tue Jul 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move shared libraries to /lib (#38410) * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com> - switch to engine code base * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com> - add a script for creating dummy certificates - move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.? * Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de> - add s390x support * Fri Jun 01 2001 Nalin Dahyabhai <nalin@redhat.com> - change two memcpy() calls to memmove() - don't define L_ENDIAN on alpha [stronghold-0.9.6a-1] - Add 'stronghold-' prefix to package names. - Obsolete standard openssl packages. * Wed May 16 2001 Joe Orton <jorton@redhat.com> - Add BuildArch: i586 as per Nalin's advice. * Tue May 15 2001 Joe Orton <jorton@redhat.com> - Enable assembler on ix86 (using new .tar.bz2 which does include the asm directories). * Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com> - make subpackages depend on the main package * Tue May 01 2001 Nalin Dahyabhai <nalin@redhat.com> - adjust the hobble script to not disturb symlinks in include/ (fix from Joe Orton) * Fri Apr 27 2001 Nalin Dahyabhai <nalin@redhat.com> - drop the m2crypo patch we weren't using * Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com> - configure using 'shared' as well * Sun Apr 08 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6a - use the build-shared target to build shared libraries - bump the soversion to 2 because we're no longer compatible with our 0.9.5a packages or our 0.9.6 packages - drop the patch for making rsatest a no-op when rsa null support is used - put all man pages into <section>ssl instead of <section> - break the m2crypto modules into a separate package * Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com> - use BN_LLONG on s390 * Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com> - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) * Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move c_rehash to the perl subpackage, because it's a perl script now * Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0 * Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de> - change hobble-openssl for disabling MD2 again * Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com> - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> - disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) * Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - fix s390 patch * Fri Dec 08 2000 Than Ngo <than@redhat.com> - added support s390 * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> - remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage * Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com> - always build with -mcpu=ev5 on alpha * Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com> - add a symlink from cert.pem to ca-bundle.crt * Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com> - add a ca-bundle file for packages like Samba to reference for CA certificates * Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com> - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) * Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com> - add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4 * Tue Sep 26 2000 Bill Nottingham <notting@redhat.com> - fix some issues in building when it's not installed * Wed Sep 06 2000 Nalin Dahyabhai <nalin@redhat.com> - make sure the headers we include are the ones we built with (aaaaarrgh!) * Fri Sep 01 2000 Nalin Dahyabhai <nalin@redhat.com> - add Richard Henderson's patch for BN on ia64 - clean up the changelog * Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com> - fix the building of python modules without openssl-devel already installed * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com> - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) by marking them as .PRECIOUS * Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com> - break out python extensions into a subpackage * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more * Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com> - disable MD2 support * Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com> - disable MDC2 support * Sun Jul 02 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the disabling of RC5, IDEA support - tweak the makefile * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> - strip binaries and libraries - rework certificate makefile to have the right parts for Apache * Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com> - use %{_perl} instead of /usr/bin/perl - disable alpha until it passes its own test suite * Fri Jun 09 2000 Nalin Dahyabhai <nalin@redhat.com> - move the passwd.1 man page out of the passwd package's way * Fri Jun 02 2000 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - move certificate makefile to another package - disable RC5, IDEA, RSA support - remove optimizations for now * Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package * Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs * Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ * Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - Fix build on non-x86 platforms * Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package * Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0286 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.74.2] - kvm: initialize all of the kvm_debugregs structure before sending it to userspace (Greg Kroah-Hartman) [Orabug: 35250098] {CVE-2023-1513} - staging: rtl8712: fix use after free bugs (Dan Carpenter) [Orabug: 35212876] {CVE-2022-4095} - staging: rtl8712: rtl8712_cmd.c: fixed comparison to null (Juliana Rodrigues) [Orabug: 35212876] {CVE-2022-4095} - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (Szymon Heidrich) [Orabug: 35037715] {CVE-2023-23559} [4.1.12-124.74.1] - seq_buf: Fix overflow in seq_buf_putmem_hex() (Yun Zhou) [Orabug: 35217595] {CVE-2023-28772} - net: mpls: fix stale pointer if allocation fails during device rename (Jakub Kicinski) [Orabug: 35181964] {CVE-2023-26545} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-26545 CVE-2023-28772 CVE-2022-4095 CVE-2023-23559 CVE-2023-1513 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [1.0.1e-59.0.4] - Backport fixes for CVE-2023-0286 [Orabug: 35212597] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0286 cpe:/a:oracle:linux:6:10:userspace_ksplice_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.75.3] - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (Gwangun Jung) [Orabug: 35354791] {CVE-2023-2248} [4.1.12-124.75.2] - prlimit: do_prlimit needs to have a speculation check (Greg Kroah-Hartman) [Orabug: 35354303] {CVE-2023-0458} - kernel/sys.c: fix potential Spectre v1 issue (Gustavo A. R. Silva) [Orabug: 35354303] - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (Zheng Wang) [Orabug: 35250898] {CVE-2023-1670} - net: sched: cbq: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983586] {CVE-2023-23454} [4.1.12-124.75.1] - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (Baisong Zhong) [Orabug: 35312830] {CVE-2023-28328} - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Mike Christie) [Orabug: 35312683] {CVE-2023-2162} - nvme: restrict management ioctls to admin (Keith Busch) [Orabug: 34619368] {CVE-2022-3169} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2162 CVE-2023-23454 CVE-2022-3169 CVE-2023-0458 CVE-2023-28328 CVE-2023-1670 CVE-2023-2248 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.6.32-754.35.1.0.8.el6.OL6] - Fix epoll: Keep a reference on files added to the check list (Julian Pidancet) {CVE-2020-0466} [Orabug: 34625224] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2020-0466 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [4.1.12-124.76.2] - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) [Orabug: 35493606] {CVE-2023-3159} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) [Orabug: 35448003] {CVE-2022-1679} - dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer) [Orabug: 35354880] {CVE-2023-2269} - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (Duoming Zhou) [Orabug: 35181652] {CVE-2023-1118} - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang) [Orabug: 35180779] {CVE-2022-3424} [4.1.12-124.76.1] - ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (Tudor Ambarus) [Orabug: 35457204] {CVE-2023-34256} - igmp: Add ip_mc_list lock in ip_check_mc_rcu (Liu Jian) [Orabug: 35448048] {CVE-2022-20141} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-3159 CVE-2023-2269 CVE-2023-1118 CVE-2022-3424 CVE-2023-34256 CVE-2022-1679 CVE-2022-20141 cpe:/a:oracle:linux:6:10:UEKR4_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.77.2] - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (Zheng Wang) [Orabug: 35514108] {CVE-2023-35824} - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (Takashi Iwai) [Orabug: 35477742] {CVE-2023-31084} - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (Mauro Carvalho Chehab) [Orabug: 35477742] {CVE-2023-31084} - media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820632] {CVE-2022-41218} - media: dvb: dmx: fixed coding style issues of spacing (devendra sharma) [Orabug: 34820632] [4.1.12-124.77.1] - ipvlan:Fix out-of-bounds caused by unclear skb->cb (t.feng) [Orabug: 35550146] {CVE-2023-3090} - memstick: r592: Fix UAF bug in r592_remove due to race condition (Zheng Wang) [Orabug: 35514146] {CVE-2023-3141} - fbcon: Check font dimension limits (Samuel Thibault) [Orabug: 35493679] {CVE-2023-3161} - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (Jisoo Jang) [Orabug: 35250538] {CVE-2023-1380} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1380 CVE-2023-3090 CVE-2023-31084 CVE-2023-3141 CVE-2023-35824 CVE-2023-3161 CVE-2022-41218 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.78.2] - xfrm: fix crash in XFRM_MSG_GETSA netlink handler (Vegard Nossum) [Orabug: 35598955] {CVE-2023-3106} - netfilter: nf_tables: validate registers coming from userspace (Harshvardhan Jha) [Orabug: 34012909] {CVE-2022-1015} [4.1.12-124.78.1] - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649493] {CVE-2023-3567} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-3567 CVE-2022-1015 CVE-2023-3106 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.78.4.1] - rds: Fix lack of reentrancy for connection reset with dst addr zero (Haakon Bugge) [Orabug: 35741584] {CVE-2023-22024} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-22024 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.79.2] - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814273] {CVE-2023-4206} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636291] {CVE-2023-3611} - rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge) [Orabug: 35741584] [Orabug: 35818110] {CVE-2023-22024} [4.1.12-124.79.1] - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754509] {CVE-2023-3772} - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) [Orabug: 35732892] {CVE-2023-4459} - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) [Orabug: 35732764] {CVE-2023-4387} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636313] {CVE-2023-3776} - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609787] {CVE-2023-35001} - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) [Orabug: 35382025] {CVE-2023-2513} - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) [Orabug: 35382025] {CVE-2023-2513} - netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) [Orabug: 34362008] {CVE-2022-34918} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-34918 CVE-2023-2513 CVE-2023-4387 CVE-2023-22024 CVE-2023-3772 CVE-2023-35001 CVE-2023-4206 CVE-2023-3611 CVE-2023-4459 CVE-2023-3776 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.80.1] - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) [Orabug: 35814478] {CVE-2023-40283} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814297] {CVE-2023-4208} - RDMA/core: net: fix kernel NULL error (Zhu Yanjun) [Orabug: 35723252] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-40283 CVE-2023-4208 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.81.2] - rebuild bumping release [4.1.12-124.81.1] - netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35923500] {CVE-2023-39193} - USB: ene_usb6250: Allocate enough memory for full object (Kees Cook) [Orabug: 35924058] {CVE-2023-45862} - netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35923470] {CVE-2023-39192} - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35707466] {CVE-2023-4207} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-39192 CVE-2023-45862 CVE-2023-4207 CVE-2023-39193 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.6.32-754.35.1.0.10.el6.OL6] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) {CVE-2022-4378} [Orabug: 35304147] - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) {CVE-2022-4378} [Orabug: 35304147] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4378 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [2.6.6-68.0.3] - ASCII newline and tab characters are stripped from the URL [CVE-2022-0391][Orabug: 35479836] - Start stripping C0 control and space chars in urlsplit [CVE-2023-24329][Orabug: 35479836] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-0391 CVE-2023-24329 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [5.3p1-124.0.2] - Fix for CVE-2016-6210 incomplete fix [Orabug: 29375502][CVE-2016-6210] [5.3p1-124.0.1] - Fix for CVE-2023-38408 [Orabug: 35672523] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38408 CVE-2016-6210 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [1:1.15.1-21.0.1] - Backport fix for CVE-2022-48174 [Orabug: 35819048] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-48174 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [7:3.4.14-15.0.1] - Fix stack buffer overflow when parsing Digest Authorization [CVE-2023-46847][Orabug: 36053795] CRITICAL Copyright 2024 Oracle, Inc. CVE-2023-46847 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [7:3.1.23-24.0.1] - Fix stack buffer overflow when parsing Digest Authorization [CVE-2023-46847][Orabug: 36053765] CRITICAL Copyright 2024 Oracle, Inc. CVE-2023-46847 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.82.2] - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959598] {CVE-2020-26555} - sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181560] {CVE-2023-1077} - sched/debug: Fix SCHED_WARN_ON() to return a value on !CONFIG_SCHED_DEBUG as well (Ingo Molnar) [Orabug: 35181560] - sched/debug: Add SCHED_WARN_ON() (Peter Zijlstra) [Orabug: 35181560] [4.1.12-124.82.1] - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924002] {CVE-2023-42752} - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814457] {CVE-2023-4921} - ixgbe: fix large MTU request from VF (Samasth Norway Ananda) [Orabug: 33752821] {CVE-2021-33098} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-42752 CVE-2021-33098 CVE-2023-1077 CVE-2020-26555 CVE-2023-4921 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.83.2] - Input: add bounds checking to input_set_capability() (Jeff LaBundy) [Orabug: 36192120] {CVE-2022-48619} - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() (Hangyu Hua) [Orabug: 36155598] {CVE-2023-7192} [4.1.12-124.83.1] - ext4: improve error recovery code paths in __ext4_remount() (Theodore Ts'o) [Orabug: 36229451] {CVE-2024-0775} - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) [Orabug: 36229396] {CVE-2023-51780} - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo) [Orabug: 36229182] {CVE-2021-34981} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-51780 CVE-2024-0775 CVE-2023-7192 CVE-2022-48619 CVE-2021-34981 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.84.2] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36251327] {CVE-2024-1086} [4.1.12-124.84.1] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334311] - kobject: Fix slab-out-of-bounds in fill_kobj_path() (Wang Hai) [Orabug: 35924076] {CVE-2023-45863} - kobject: Replace strncpy with memcpy (Guenter Roeck) [Orabug: 35924076] - net: xfrm: Fix xfrm_address_filter OOB read (Lin Ma) [Orabug: 35923517] {CVE-2023-39194} - net/xfrm: use kmemdup rather than duplicating its implementation (Andrzej Hajda) [Orabug: 35923517] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39194 CVE-2023-45863 CVE-2024-1086 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.85.1] - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Zheng Wang) [Orabug: 35282809] {CVE-2023-1989} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-1989 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.87.2.2] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [4.1.12-124.88.3] - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) [Orabug: 36806710] {CVE-2023-52813} - usbnet: sanity check for maxpacket (Oliver Neukum) [Orabug: 36806658] {CVE-2021-47495} - phonet: fix rtm_phonet_notify() skb allocation (Eric Dumazet) [Orabug: 36683487] {CVE-2024-36946} - wifi: nl80211: don't free NULL coalescing rule (Johannes Berg) [Orabug: 36683466] {CVE-2024-36941} - bna: ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36683433] {CVE-2024-36934} - bna: use memdup_user to copy userspace buffers (Ivan Vecera) [Orabug: 36683433] {CVE-2024-36934} - new helper: memdup_user_nul() (Al Viro) [Orabug: 36683433] {CVE-2024-36934} - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Ziyang Xuan) [Orabug: 36598047] {CVE-2024-27020} - netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Pablo Neira Ayuso) [Orabug: 36598047] {CVE-2024-27020} - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879159] {CVE-2024-41090} {CVE-2024-41091} [4.1.12-124.88.2] - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) [Orabug: 36802310] {CVE-2023-52528} - usbnet/smsc75xx: silence uninitialized variable warning (Dan Carpenter) {CVE-2023-52528} - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Thadeu Lima de Souza Cascardo) [Orabug: 36685663] {CVE-2023-52880} - netfilter: nf_tables: disallow anonymous set with timeout flag (Pablo Neira Ayuso) [Orabug: 36530112] {CVE-2024-26642} - ubi: Check for too small LEB size in VTBL code (Richard Weinberger) [Orabug: 36356637] {CVE-2024-25739} [4.1.12-124.88.1] - NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448} - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36941 CVE-2024-36934 CVE-2024-41091 CVE-2024-26642 CVE-2021-47495 CVE-2024-27020 CVE-2023-52880 CVE-2022-24448 CVE-2024-41090 CVE-2024-25739 CVE-2023-52528 CVE-2023-52813 CVE-2024-36946 cpe:/a:oracle:linux:6:10:UEKR4_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.89.4] - isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) [Orabug: 36940405] {CVE-2021-47284} - tracing: Restructure trace_clock_global() to never block (Steven Rostedt (VMware)) [Orabug: 36940388] {CVE-2021-46939} - udf: Fix NULL pointer dereference in udf_symlink function (Arturo Giusti) [Orabug: 36806640] {CVE-2021-47353} - media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere) [Orabug: 36802294] {CVE-2023-52445} - vt: fix memory overlapping when deleting chars in the buffer (Yangxi Xiang) [Orabug: 36802212] {CVE-2022-48627} - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678070] {CVE-2024-36016} - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 36654631] {CVE-2023-52628} - dm: call the resume method on internal suspend (Mikulas Patocka) [Orabug: 36544879] {CVE-2024-26880} - net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran) [Orabug: 36544783] {CVE-2024-26859} - x86, relocs: Ignore relocations in .notes section (Kees Cook) [Orabug: 36531115] {CVE-2024-26816} - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) [Orabug: 36531057] {CVE-2024-26805} - fbdev: savage: Error out if pixclock equals zero (Fullway Wang) [Orabug: 36530913] {CVE-2024-26778} - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) [Orabug: 36530519] {CVE-2024-26704} - sr9800: Add check for usbnet_get_endpoints (Chen Ni) [Orabug: 36530183] {CVE-2024-26651} - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) [Orabug: 36530047] {CVE-2024-26635} - netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) [Orabug: 36192155] {CVE-2023-6040} [4.1.12-124.89.3] - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) [Orabug: 36802321] {CVE-2023-52594} - batman-adv: Avoid infinite loop trying to resize local TT (Sven Eckelmann) [Orabug: 36643464] {CVE-2024-35982} - Bluetooth: Fix memory leak in hci_req_sync_complete() (Dmitry Antipov) [Orabug: 36643456] {CVE-2024-35978} - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Harshit Mogalapalli) [Orabug: 36643323] {CVE-2024-35944} - fbmon: prevent division by zero in fb_videomode_from_videomode() (Roman Smirnov) [Orabug: 36643194] {CVE-2024-35922} [4.1.12-124.89.2] - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) [Orabug: 36901390] {CVE-2023-52809} - net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) [Orabug: 36802200] {CVE-2021-47171} - i2c: i801: Don't generate an interrupt on bus reset (Jean Delvare) [Orabug: 36792714] {CVE-2021-47153} - pid: take a reference when initializing cad_pid (Mark Rutland) [Orabug: 36792687] {CVE-2021-47118} - drm/vmwgfx: Fix invalid reads in fence signaled events (Zack Rusin) [Orabug: 36691531] {CVE-2024-36960} - firewire: ohci: mask bus reset interrupts between ISR and bottom half (Adam Goldman) [Orabug: 36683507] {CVE-2024-36950} - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (Saurav Kashyap) [Orabug: 36683370] {CVE-2024-36919} - net: fix out-of-bounds access in ops_init (Thadeu Lima de Souza Cascardo) [Orabug: 36683115] {CVE-2024-36883} - netfilter: nf_tables: disallow timeout for anonymous sets (Pablo Neira Ayuso) [Orabug: 36654625] {CVE-2023-52620} - team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) [Orabug: 36654606] {CVE-2023-52574} [4.1.12-124.89.1] - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) [Orabug: 36806731] {CVE-2023-52881} - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Miko Larsson) [Orabug: 36806698] {CVE-2023-52703} - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) [Orabug: 36806668] {CVE-2023-52615} - mISDN: fix possible use-after-free in HFC_cleanup() (Zou Wei) [Orabug: 36806645] {CVE-2021-47356} - net: ti: fix UAF in tlan_remove_one (Pavel Skripkin) [Orabug: 36806628] {CVE-2021-47310} - net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) [Orabug: 36806622] {CVE-2021-47236} - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo) [Orabug: 36802300] {CVE-2023-52477} - USB: add quirk for devices with broken LPM (Alan Stern) [Orabug: 36802300] {CVE-2023-52477} - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu) [Orabug: 36544991] {CVE-2024-26903} - Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu) [Orabug: 36531042] {CVE-2024-26801} - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) [Orabug: 36530881] {CVE-2024-26772} - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) [Orabug: 36530348] {CVE-2024-26679} - ppp_async: limit MRU to 64K (Eric Dumazet) [Orabug: 36530335] {CVE-2024-26675} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2021-47284 CVE-2021-47353 CVE-2024-36950 CVE-2023-52477 CVE-2024-26651 CVE-2024-26805 CVE-2023-52615 CVE-2024-26704 CVE-2024-26880 CVE-2021-47153 CVE-2024-26635 CVE-2024-26903 CVE-2024-35978 CVE-2023-52628 CVE-2024-26816 CVE-2021-47118 CVE-2021-47310 CVE-2021-47356 CVE-2024-26801 CVE-2023-52574 CVE-2023-6040 CVE-2024-26675 CVE-2021-46939 CVE-2022-48627 CVE-2023-52703 CVE-2023-52881 CVE-2024-35944 CVE-2024-36883 CVE-2023-52594 CVE-2023-52809 CVE-2024-35982 CVE-2024-36919 CVE-2021-47236 CVE-2023-52445 CVE-2024-26679 CVE-2024-35922 CVE-2024-36016 CVE-2021-47171 CVE-2024-26772 CVE-2024-36960 CVE-2023-52620 CVE-2024-26778 CVE-2024-26859 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [2.6.32-754.53.1.OL6] - net/sched: sch_qfq: refactor parsing of netlink parameters [Orabug: 36517546] - net/sched: sch_qfq: account for stab overhead in qfq_enqueue {CVE-2023-3611} [Orabug: 36517546] - net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776} [Orabug: 36517546] - net: sched: sch_qfq: Fix UAF in qfq_dequeue() {CVE-2023-4921} [Orabug: 36517546] - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg {CVE-2023-31436} [Orabug: 36517546] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-3611 CVE-2023-3776 CVE-2023-31436 CVE-2023-4921 cpe:/a:oracle:linux:6:10:ELS