Описание
ELSA-2017-3315: kernel security and bug fix update (IMPORTANT)
- [3.10.0-693.11.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]
[3.10.0-693.11.1]
- [powerpc] perf: Fix book3s kernel to userspace backtraces (Gustavo Duarte) [1506143 1492669]
[3.10.0-693.10.1]
- [mm] mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd() (Rafael Aquini) [1505164 1472460]
- [mm] fix invalid node in alloc_migrate_target() (Rafael Aquini) [1505164 1472460]
- [mm] add !pte_present() check on existing hugetlb_entry callbacks (Rafael Aquini) [1505164 1472460]
- [fs] ceph: avoid accessing freeing inode in ceph_check_delayed_caps() (Ilya Dryomov) [1505163 1489426]
- [fs] nfsd: Fix general protection fault in release_lock_stateid() (J. Bruce Fields) [1505160 1500815]
- [fs] cifs: Reconnect expired SMB sessions (Leif Sahlberg) [1501526 1477052]
- [fs] cifs: Separate SMB2 header structure (Leif Sahlberg) [1501526 1429710]
[3.10.0-693.9.1]
- [fs] ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (Bill O'Donnell) [1504115 1458728]
- [fs] ext4: fix off-by-in loop termination in ext4_find_unwritten_pgoff() (Bill O'Donnell) [1501387 1469363]
- [fs] ext4: fix SEEK_HOLE (Bill O'Donnell) [1501387 1469363]
- [fs] xfs: Move handling of missing page into one place in xfs_find_get_desired_pgoff() (Bill O'Donnell) [1498736 1460446]
- [fs] xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() (Bill O'Donnell) [1498736 1460446]
- [fs] xfs: Fix missed holes in SEEK_HOLE implementation (Bill O'Donnell) [1498736 1460446]
- [fs] xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() (Eryu Guan) [1502731 1458997]
- [nvme] Test unit Ready broken for nvme drvices (David Milburn) [1502733 1478457]
- [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Mohammed Gamal) [1495763 1491843]
- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Mohammed Gamal) [1495763 1467258]
- [netdrv] netvsc: propagate MAC address change to VF slave (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: delay setup of VF device (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: make sure and unregister datapath (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: fix rtnl deadlock on unregister of vf (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: transparent VF management (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] hv_netvsc: Fix the carrier state error when data path is off (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] hv_netvsc: Fix the queue index computation in forwarding case (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: handle select_queue when device is being removed (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: report per-channel stats in ethtool statistics (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: account for packets/bytes transmitted after completion (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: group all per-channel state together (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: enhance transmit select_queue (Vitaly Kuznetsov) [1500321 1477784]
[3.10.0-693.8.1]
- [x86] kvm: x86: Fix potential preemption when get the current kvmclock timestamp (Marcelo Tosatti) [1503459 1496522]
- [x86] kvm: x86: remove irq disablement around KVM_SET_CLOCK/KVM_GET_CLOCK (Marcelo Tosatti) [1503459 1496522]
[3.10.0-693.7.1]
- [mm] page_cgroup: Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]
- Revert: [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]
[3.10.0-693.6.1]
- [netdrv] mlx5: Avoid using pending command interface slots (Don Dutile) [1497604 1463367]
- [x86] amd: Limit cpu_core_id fixup to families older than F17h (Suravee Suthikulpanit) [1497603 1477397]
- [x86] cpu/amd: Fix Zen SMT topology (Suravee Suthikulpanit) [1497603 1477397]
- [x86] cpu/amd: Bring back Compute Unit ID (Suravee Suthikulpanit) [1497603 1477397]
- [x86] cpu/amd: Fix Bulldozer topology (Suravee Suthikulpanit) [1497603 1477397]
- [x86] cpu/amd: Clean up cpu_llc_id assignment per topology feature (Suravee Suthikulpanit) [1497603 1477397]
- [x86] cpu: Get rid of compute_unit_id (Suravee Suthikulpanit) [1497603 1477397]
- [x86] amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (Suravee Suthikulpanit) [1497238 1477399]
- [net] ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER (Matteo Croce) [1497121 1468935]
- [fs] gfs2: Fix debugfs glocks dump (Andreas Grunbacher) [1497078 1493067]
- [fs] gfs2: Replace rhashtable_walk_init with rhashtable_walk_enter (Andreas Grunbacher) [1497078 1493067]
- [fs] gfs2: Deduplicate gfs2_{glocks,glstats}_open (Andreas Grunbacher) [1497078 1493067]
- [cpufreq] intel_pstate: Fix unsafe HWP MSR access (Steve Best) [1497058 1457552]
- [s390] af_iucv: correctly copy SKB data (add missing hunk from 04d0ec) (Hendrik Brueckner) [1494354 1459782]
- [sound] alsa: timer: Use common error handling code in alsa_timer_init() (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Adjust a condition check in snd_timer_resolution() (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Follow standard EXPORT_SYMBOL() declarations (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Wrap with spinlock for queue access (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Improve user queue reallocation (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Fix race between read and ioctl (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Info leak in snd_timer_user_tinterrupt() (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: remove some dead code (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Reject user params with too small ticks (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
kernel
3.10.0-693.11.1.el7
kernel-abi-whitelists
3.10.0-693.11.1.el7
kernel-debug
3.10.0-693.11.1.el7
kernel-debug-devel
3.10.0-693.11.1.el7
kernel-devel
3.10.0-693.11.1.el7
kernel-doc
3.10.0-693.11.1.el7
kernel-headers
3.10.0-693.11.1.el7
kernel-tools
3.10.0-693.11.1.el7
kernel-tools-libs
3.10.0-693.11.1.el7
kernel-tools-libs-devel
3.10.0-693.11.1.el7
perf
3.10.0-693.11.1.el7
python-perf
3.10.0-693.11.1.el7
Связанные CVE
Связанные уязвимости
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to ...
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.