ELSA-2017-0036

Опубликовано: 10 янв. 2017

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2017-0036: kernel security and bug fix update (IMPORTANT)

[2.6.32-642.13.1]

[net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390805 1390046] {CVE-2016-7117}
[net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1396479 1381585]
[net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379527 1379529] {CVE-2016-6828}
[net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
[net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
[net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
[net] ipv6: Don't change dst->flags using assignments (Marcelo Leitner) [1391974 1389478]
[scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1392818 1383078]
[netdrv] sfc: report supported link speeds on SFP connections (Jarod Wilson) [1388168 1384621]
[drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1392875 1342114]
[hv] avoid vfree() on crash (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: handle various crash scenarios (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: Support kexec on ws2012 r2 and above (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: Support handling messages on multiple CPUs (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: avoid wait_for_completion() on crash (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: don't loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1385482 1333167]
[hv] vmbus: Force all channel messages to be delivered on CPU 0 (Vitaly Kuznetsov) [1385482 1333167]
[scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1396272 1374743]
[fs] nfs4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done (Steve Dickson) [1385480 1376467]
[firmware] dmi_scan: DMI information in sysfs is missing on SMBIOS 3.0 based systems (Steve Best) [1393464 1353807]

[2.6.32-642.12.1]

[netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1392799 1384212]

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel

2.6.32-642.13.1.el6

kernel-abi-whitelists

2.6.32-642.13.1.el6

kernel-debug

2.6.32-642.13.1.el6

kernel-debug-devel

2.6.32-642.13.1.el6

kernel-devel

2.6.32-642.13.1.el6

kernel-doc

2.6.32-642.13.1.el6

kernel-firmware

2.6.32-642.13.1.el6

kernel-headers

2.6.32-642.13.1.el6

perf

2.6.32-642.13.1.el6

python-perf

2.6.32-642.13.1.el6

Oracle Linux i686

kernel

2.6.32-642.13.1.el6

kernel-abi-whitelists

2.6.32-642.13.1.el6

kernel-debug

2.6.32-642.13.1.el6

kernel-debug-devel

2.6.32-642.13.1.el6

kernel-devel

2.6.32-642.13.1.el6

kernel-doc

2.6.32-642.13.1.el6

kernel-firmware

2.6.32-642.13.1.el6

kernel-headers

2.6.32-642.13.1.el6

perf

2.6.32-642.13.1.el6

python-perf

2.6.32-642.13.1.el6

Связанные CVE

CVE-2016-6828

CVE-2016-7117

CVE-2016-4998

Ссылки на источники

Связанные уязвимости

ELSA-2017-0086

oracle-oval

больше 8 лет назад

ELSA-2017-0086: kernel security, bug fix, and enhancement update (IMPORTANT)

CVE-2016-6828

CVSS3: 5.5

ubuntu

больше 8 лет назад

The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.

CVE-2016-6828

CVSS3: 4.4

redhat

почти 9 лет назад

CVE-2016-6828

CVSS3: 5.5

nvd

больше 8 лет назад

CVE-2016-6828

CVSS3: 5.5

debian

больше 8 лет назад

The tcp_check_send_head function in include/net/tcp.h in the Linux ker ...