Wednesday, February 17, 2016

ELSA-2016-0185 Important: Oracle Linux 7 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2016-0185 http://linux.oracle.com/errata/ELSA-2016-0185.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:


  • x86_64: kernel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-abi-whitelists-3.10.0-327.10.1.el7.noarch.rpm
  • x86_64: kernel-debug-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-debug-devel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-devel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-doc-3.10.0-327.10.1.el7.noarch.rpm
  • x86_64: kernel-headers-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-tools-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-tools-libs-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: kernel-tools-libs-devel-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: perf-3.10.0-327.10.1.el7.x86_64.rpm
  • x86_64: python-perf-3.10.0-327.10.1.el7.x86_64.rpm
  • SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-327.10.1.el7.src.rpm


Description of changes:

  • [3.10.0-327.10.1.el7.OL7] Oracle Linux certificates (Alexey Petrenko)
  • [3.10.0-327.10.1.el7] [of] return NUMA_NO_NODE from fallback of_node_to_nid() (Thadeu Lima de Souza Cascardo) [1300614 1294398]
  • [3.10.0-327.10.1.el7] [net] openvswitch: do not allocate memory from offline numa node (Thadeu Lima de Souza Cascardo) [1300614 1294398]
  • [3.10.0-327.9.1.el7] [security] keys: Fix keyring ref leak in join_session_keyring() (David
  • Howells) [1298931 1298036] {CVE-2016-0728}
  • [3.10.0-327.8.1.el7] [md] dm: fix AB-BA deadlock in __dm_destroy() (Mike Snitzer) [1296566 1292481]
  • [3.10.0-327.8.1.el7] [md] revert "dm-mpath: fix stalls when handling invalid ioctls" (Mike
  • Snitzer) [1287552 1277194]
  • [3.10.0-327.8.1.el7] [cpufreq] intel_pstate: Fix limits->max_perf rounding error (Prarit
  • Bhargava) [1296276 1279617]
  • [3.10.0-327.8.1.el7] [cpufreq] intel_pstate: Fix limits->max_policy_pct rounding error (Prarit Bhargava) [1296276 1279617]
  • [3.10.0-327.8.1.el7] [cpufreq] revert "intel_pstate: fix rounding error in max_freq_pct" 
  • (Prarit Bhargava) [1296276 1279617]
  • [3.10.0-327.8.1.el7] [crypto] nx: 842 - Add CRC and validation support (Gustavo Duarte)
  • [1289451 1264905]
  • [3.10.0-327.8.1.el7] [powerpc] eeh: More relaxed condition for enabled IO path (Steve Best)
  • [1289101 1274731]
  • [3.10.0-327.8.1.el7] [security] keys: Don't permit request_key() to construct a new keyring (David Howells) [1275929 1273465] {CVE-2015-7872}
  • [3.10.0-327.8.1.el7] [security] keys: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [1275929 1273465] {CVE-2015-7872}
  • [3.10.0-327.8.1.el7] [security] keys: Fix race between key destruction and finding a keyring by name (David Howells) [1275929 1273465] {CVE-2015-7872}
  • [3.10.0-327.8.1.el7] [x86] paravirt: Replace the paravirt nop with a bona fide empty function (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Fix a paravirt stack-clobbering bug in the NMI code (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Use DF to avoid userspace RSP confusing nested NMI detection (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Reorder nested NMI checks (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Improve nested NMI comments (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.8.1.el7] [x86] nmi: Switch stacks on userspace NMI entry (Mateusz Guzik)
  • [1259582 1259583] {CVE-2015-5157}
  • [3.10.0-327.7.1.el7] [scsi] scsi_sysfs: protect against double execution of
  • __scsi_remove_device() (Vitaly Kuznetsov) [1292075 1273723]
  • [3.10.0-327.7.1.el7] [powerpc] mm: Recompute hash value after a failed update (Gustavo
  • Duarte) [1289452 1264920]
  • [3.10.0-327.7.1.el7] [misc] genwqe: get rid of atomic allocations (Hendrik Brueckner)
  • [1289450 1270244]
  • [3.10.0-327.7.1.el7] [mm] use only per-device readahead limit (Eric Sandeen) [1287550 1280355]
  • [3.10.0-327.7.1.el7] [net] ipv6: update ip6_rt_last_gc every time GC is run (Hannes Frederic Sowa) [1285370 1270092]
  • [3.10.0-327.7.1.el7] [kernel] tick: broadcast: Prevent livelock from event handler (Prarit
  • Bhargava) [1284043 1265283]
  • [3.10.0-327.7.1.el7] [kernel] clockevents: Serialize calls to clockevents_update_freq() in the core (Prarit Bhargava) [1284043 1265283]
  • [3.10.0-327.6.1.el7] [netdrv] bonding: propagate LRO disable to slave devices (Jarod
  • Wilson) [1292072 1266578]
  • [3.10.0-327.5.1.el7] [net] vsock: Fix lockdep issue (Dave Anderson) [1292372 1253971]
  • [3.10.0-327.5.1.el7] [net] vsock: sock_put wasn't safe to call in interrupt context (Dave
  • Anderson) [1292372 1253971]
Post a Comment