Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
217
security advisorykernel securitycritical updateOracle Linux 7 Critical Advisory: Kernel Security Fixes Available
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-13044 https://linux.oracle.com/errata/ELSA-2023-13044.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.326.6.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.326.6.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.326.6.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.326.6.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.326.6.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.326.6.el7uek.x86_64.rpm aarch64: kernel-uek-5.4.17-2136.326.6.el7uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.326.6.el7uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.326.6.el7uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.326.6.el7uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.326.6.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.326.6.el7uek.aarch64.rpm kernel-uek-tools-libs-5.4.17-2136.326.6.el7uek.aarch64.rpm perf-5.4.17-2136.326.6.el7uek.aarch64.rpm python-perf-5.4.17-2136.326.6.el7uek.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.326.6.el7uek.src.rpm Related CVEs: CVE-2023-5178 Description of changes: [5.4.17-2136.326.6.el7uek] - Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5.el7uek] - Revert "tracing: Increase trace array ref count on enable and filter files" (Sherry Yang) [Orabug: 36059945] - xen/blkback: Force flush and secure discard support flags (Boris Ostrovsky) [Orabug: 36050498] - Revert "PCI: acpiphp: Reassign resources on bridge if necessary" (Dongli Zhang) [Orabug: 36049644] - Revert "PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus" (Dongli Zhang) [Orabug: 36049644] [5.4.17-2136.326.4.el7uek] - Revert "mmc: core: Capture correct oemid-bits for eMMC cards" (DominiqueMartinet) - media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil) - perf/core: Fix potential NULL deref (Peter Zijlstra) - i2c: aspeed: Fix i2c bus hang in slave read (Jian Zhang) - virtio-mmio: fix memory leak of vm_dev (Maximilian Heyne) - net/rds: Use proper peer port number even when not connected (Greg Jumper) [Orabug: 35065319] - Use inflight IO in io acct of high latency devices (Gulam Mohamed) [Orabug: 35475691] - nvmet-tcp: Fix a possible UAF in queue intialization setup (Sagi Grimberg) [Orabug: 36028026] {CVE-2023-5178} [5.4.17-2136.326.3.el7uek] - LTS tag: v5.4.259 (Sherry Yang) - xfrm6: fix inet6_dev refcount underflow problem (Zhang Changzhong) - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD) - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime PM for remove (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime disable on probe (Tony Lindgren) - ASoC: pxa: fix a memory leak in probe() (Dan Carpenter) - gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen) - s390/pci: fix iommu bitmap allocation (Niklas Schnelle) - perf: Disallow mis-matched inherited group reads (Peter Zijlstra) - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu) - USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoît Monin) - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda) - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L) - Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (Andy Shevchenko) - mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman) - mmc: core: sdio: hold retuning if sdio in 1-bit mode (Haibo Chen) - mtd: physmap-core: Restore map_rom fallback (Geert Uytterhoeven) - mtd: spinand: micron: correct bitmask for ecc status (Martin Kurbanov) - mtd: rawnand:qcom: Unmap the right resource upon probe failure (Bibek Kumar Patro) - Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz) - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (Rahul Rameshbabu) - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c (Josef Bacik) - drm: panel-orientation-quirks: Add quirk for One Mix 2S (Kai Uwe Broulik) - sky2: Make sure there is at least one frag_addr available (Kees Cook) - regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()" (MichaÅ MirosÅaw) - wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg) - wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong) - Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz) - Bluetooth: Avoid redundant authentication (Ying Hsu) - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke) - tracing: relax trace_event_eval_update() execution with cond_resched() (Clément Léger) - ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal) - gpio: timberdale: Fix potential deadlock on &tgpio-> lock (Chengfeng Ye) - overlayfs: set ctime when setting mtime and atime (Jeff Layton) - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit) - btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (Filipe Manana) - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (Hans de Goede) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (Paul Menzel) - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (Tamim Khan) - ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks (Hans de Goede) - ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA (Tamim Khan) - ACPI: resource: Add ASUS modelS5402ZA to quirks (Kellen Renshaw) - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (Tamim Khan) - ACPI: resources: Add DMI-based legacy IRQ override quirk (Hui Wang) - ACPI: Drop acpi_dev_irqresource_disabled() (John Garry) - resource: Add irqresource_disabled() (John Garry) - net: pktgen: Fix interface flags printing (Gavrilov Ilia) - netfilter: nft_set_rbtree: .deactivate fails if element has expired (Pablo Neira Ayuso) - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (Geert Uytterhoeven) - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Pedro Tammela) - i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt) - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter) - ipv4: fib: annotate races around nh-> nh_saddr_genid and nh-> nh_saddr (Eric Dumazet) - tun: prevent negative ifindex (Eric Dumazet) - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb (Eric Dumazet) - tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell) - net: rfkill: gpio: prevent value glitch during probe (Josua Mayer) - net: ipv6: fix return value check in esp_remove_trailer (Ma Ke) - net: ipv4: fix return value check in esp_remove_trailer (Ma Ke) - xfrm: interface: use DEV_STATS_INC() (Eric Dumazet) - xfrm: fix a data-race in xfrm_gen_index() (Eric Dumazet) - qed: fix LL2 RX buffer allocation (Manish Chopra) - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) - KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson) - regmap: fix NULL deref on lookup (Johan Hovold) - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski) - ice: fix over-shifted variable (Jesse Brandeburg) - Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann) - Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz) - Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy) - Bluetooth: Fix a refcnt underflowproblem for hci_conn (Ziyang Xuan) - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) - Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi) - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Cañuelo) - Documentation: sysctl: align cells in second content column (Bagas Sanjaya) - dev_forward_skb: do not scrub skb mark within the same name space (Nicolas Dichtel) - ravb: Fix use-after-free issue in ravb_tx_timeout_work() (Yoshihiro Shimoda) - powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() (Christophe Leroy) - powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE (Christophe Leroy) - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (Duoming Zhou) - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD)) - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati) - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta) - pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov) - cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutný) - Input: xpad - add PXN V900 support (Matthias Berndt) - Input: psmouse - fix fast_reconnect function for PS/2 mode (Jeffery Miller) - Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco) - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) - libceph: use kernel_connect() (Jordan Rife) - mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia) - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl) - iio: pressure: dps310: Adjust Timeout Settings (Lakshmi Yadlapati) - iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell) - usb: musb: Modify the "HWVers" register address (Xingxing Luo) - usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo) - usb: dwc3: Soft reset phy on probe for host (Thinh Nguyen) - net: usb: dm9601: fix uninitialized variable use indm9601_mdio_read (Javier Carrasco) - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng) - dmaengine: stm32-mdma: abort resume if no ongoing transfer (Amelie Delaunay) - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) - nfc: nci: assert requested protocol is valid (Jeremy Cline) - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (Eric Dumazet) - ixgbe: fix crash with empty VF macvlan list (Dan Carpenter) - drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze) - xen-netback: use default TX queue size for vifs (Roger Pau Monne) - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type (Dan Carpenter) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu) - ravb: Fix up dma_free_coherent() call in ravb_remove() (Yoshihiro Shimoda) - drm/msm/dsi: skip the wait for video mode done if not applicable (Abhinav Kumar) - drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey) - quota: Fix slow quotaoff (Jan Kara) - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede) - pwm: hibvt: Explicitly set .polarity in .get_state() (Uwe Kleine-König) - lib/test_meminit: fix off-by-one error in test_pages() (Greg Kroah-Hartman) - RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev) - LTS tag: v5.4.258 (Sherry Yang) - xen/events: replace evtchn_rwlock with RCU (Juergen Gross) - ima: rework CONFIG_IMA dependency block (Arnd Bergmann) - NFS: Fix a race in __nfs_list_for_each_server() (Trond Myklebust) - parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin) - RDMA/mlx5: Fix NULL string error (Shay Drory) - RDMA/siw: Fix connection failure handling (Bernard Metzler) - RDMA/uverbs: Fix typo of sizeof argument (Konstantin Meskhidze) - RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky) - gpio: pxa: disable pinctrl calls for MMP_GPIO (Duje MihanoviÄ) - gpio: aspeed: fix the GPIOnumber passed to pinctrl_gpio_set_config() (Bartosz Golaszewski) - IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET) - RDMA/core: Require admin capabilities to set system parameters (Leon Romanovsky) - cpupower: add Makefile dependencies for install targets (Ivan Babrou) - sctp: update hb timer immediately after users change hb_interval (Xin Long) - sctp: update transport state when processing a dupcook packet (Xin Long) - tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell) - tcp: fix quick-ack counting to count actual ACKs of new data (Neal Cardwell) - net: stmmac: dwmac-stm32: fix resume on STM32 MCU (Ben Wolsieffer) - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (Xin Long) - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells) - net: fix possible store tearing in neigh_periodic_work() (Eric Dumazet) - modpost: add missing else to the "of" check (Mauricio Faria de Oliveira) - NFSv4: Fix a nfs4_state_manager() race (Trond Myklebust) - NFS: Add a helper nfs_client_for_each_server() (Trond Myklebust) - NFS4: Trace state recovery operation (Chuck Lever) - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald) - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (Felix Fietkau) - drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina) - wifi: iwlwifi: dbg_ini: fix structure packing (Arnd Bergmann) - ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng) - net: prevent rewrite of msg_name in sock_sendmsg() (Jordan Rife) - wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva) - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (Gustavo A. R. Silva) - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu) - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC(Greg Ungerer) - ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer) - ata: libata-core: Do not register PM operations for SAS ports (Damien Le Moal) - ata: libata-core: Fix port and device removal (Damien Le Moal) - ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal) - net: thunderbolt: Fix TCPv6 GSO checksum calculation (Mika Westerberg) - btrfs: properly report 0 avail for very full file systems (Josef Bacik) - i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit) - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel) - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (Kailang Yang) - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian) - serial: 8250_port: Check IRQ data before use (Andy Shevchenko) - Smack:- Use overlay inode label in smack_inode_copy_up() (Vishal Goel) - smack: Retrieve transmuting information in smack_inode_getsecurity() (Roberto Sassu) - smack: Record transmuting in smk_transmuted (Roberto Sassu) - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (Stefan Assmann) - i40e: always propagate error value in i40e_set_vsi_promisc() (Stefan Assmann) - i40e: improve locking of mac_filter_hash (Stefan Assmann) - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg) - watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg) - nvme-pci: do not set the NUMA node of device if it has none (Pratyush Yadav) - fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann) - ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - powerpc/watchpoints: Annotate atomic context in more places (Benjamin Gray) - bpf: Clarify error expectations from bpf_clone_redirect (Stanislav Fomichev) - spi: nxp-fspi: reset the FLSHxCR1 registers (Han Xu) - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel) - ring-buffer: Avoidsoftlockup in ring_buffer_resize() (Zheng Yejian) - selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian) - parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller) - parisc: drivers: Fix sparse warning (Helge Deller) - parisc: iosapic.c: Fix sparse warnings (Helge Deller) - parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller) - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (Wenhua Lin) - xtensa: boot/lib: fix function prototypes (Max Filippov) - xtensa: boot: don't add include-dirs (Randy Dunlap) - xtensa: iss/network: make functions static (Randy Dunlap) - xtensa: add default definition for XCHAL_HAVE_DIV32 (Max Filippov) - bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up (Tony Lindgren) - ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot (Tony Lindgren) - clk: tegra: fix error return case for recalc_rate (Timo Alho) - ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel) - drm/amd/display: prevent potential division by zero errors (Hamza Mahfooz) - drm/amd/display: Fix LFC multiplier changing erratically (Anthony Koo) - drm/amd/display: Reinstate LFC optimization (Amanda Liu) - scsi: qla2xxx: Fix deletion race condition (Quinn Tran) - Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (Werner Sembach) - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang) - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET) - team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) - net: bridge: use DEV_STATS_INC() (Eric Dumazet) - net: hns3: add 5ms delay before clear firmware reset irq source (Jie Wang) - powerpc/perf/hv-24x7: Update domain value check (Kajol Jain) - ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng) - i40e: Fix VF VLAN offloading when port VLAN is configured (Ivan Vecera) - i40e: Fix warning message and call stack during rmmod i40edriver (Karen Sornek) - ASoC: imx-audmix: Fix return error with devm_clk_get() (Shengjiu Wang) - selftests: tls: swap the TX and RX sockets in some tests (Sabrina Dubroca) - selftests/tls: Add {} to avoid static checker warning (Kees Cook) - bpf: Avoid deadlock when using queue and stack maps from NMI (Toke Høiland-Jørgensen) - netfilter: nf_tables: disallow element removal on anonymous sets (Pablo Neira Ayuso) - ASoC: meson: spdifin: start hw on dai probe (Jerome Brunet) - ext4: do not let fstrim block system suspend (Jan Kara) - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (Jan Kara) - ext4: replace the traditional ternary conditional operator with with max()/min() (Kemeng Shi) - ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) - ext4: change s_last_trim_minblks type to unsigned long (Lukas Czerner) - ext4: scope ret locally in ext4_try_to_trim_range() (Lukas Bulwahn) - ext4: add new helper interface ext4_try_to_trim_range() (Wang Jianchao) - ext4: remove the 'group' parameter of ext4_trim_extent (Wang Jianchao) - ata: libahci: clear pending interrupt status (Szuying Chen) - tracing: Increase trace array ref count on enable and filter files (Steven Rostedt (Google)) - SUNRPC: Mark the cred for revalidation if the server rejects it (Trond Myklebust) - NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust) [5.4.17-2136.326.2.el7uek] - mm/memcg: optimize memory.numa_stat like memory.stat (Shakeel Butt) [Orabug: 35879962] [5.4.17-2136.326.1.el7uek] - mm: fix munmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843809] - mm: fix mmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843809] - mm: reinstall placeholder mappings before downgrading mmap lock (Anthony Yznaga) [Orabug: 35843809] - mm: mapping over a reserved va range may unmap twice (Anthony Yznaga) [Orabug: 35843809] - mm: fix update of total_vm for reserved va placeholders (Anthony Yznaga) [Orabug: 35843809] - mm: enable merging of reserved vaplaceholders (Anthony Yznaga) [Orabug: 35843809] - rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35916078] - rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35926165] _______________________________________________ El-errata mailing list
Dec 15, 2023
•Critical
Oracle
100
security advisorysystem patchessuse slesSUSE SLES 15.5: SUSE-CU-2023:952-1 Moderate: Container Security Advisory
The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:952-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.4.19 , suse/sles/15.5/virt-exportserver:0.58.0.1.217 Container Release : 1.217 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features,check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fixavx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - kubevirt-virt-exportserver-0.58.0-150500.4.19 updated - container:sles15-image-15.0.0-34.15 updated . SUSE Package Notification addresses the security patch for suse/sles/15.5/virt-database, outlining key improvements.. SUSE Container, security update advisory, curl security fix, system patches. . LinuxSecurity.com Team
Apr 05, 2023
SuSE
217
security advisorykernel updatesecurity fixOracle Linux 7: ELSA-2022-9028 Important Kernel Update - Critical
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9028 https://linux.oracle.com/errata/ELSA-2022-9028.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.302.7.2.1.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.302.7.2.1.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.302.7.2.1.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.302.7.2.1.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.302.7.2.1.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.302.7.2.1.el7uek.x86_64.rpm aarch64: kernel-uek-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.302.7.2.1.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm kernel-uek-tools-libs-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm perf-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm python-perf-5.4.17-2136.302.7.2.1.el7uek.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.302.7.2.1.el7uek.src.rpm Related CVEs: CVE-2022-0185 Description of changes: [5.4.17-2136.302.7.2.1.el7uek] - vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33761451] {CVE-2022-0185} _______________________________________________ El-errata mailing list
Jan 19, 2022
•Important
Oracle
89
security advisorycriticalFedoraFedora 32: FEDORA-2020-4336d63533 Critical: Kernel Boot Hang, NIC Issues
The 5.6.13 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-4336d63533 2020-05-20 03:18:46.261096 --------------------------------------------------------------------------------Name : kernel Product : Fedora 32 Version : 5.6.13 Release : 300.fc32 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.6.13 stable kernel update contains a number of important fixes across the tree --------------------------------------------------------------------------------ChangeLog: * Thu May 14 2020 Justin M. Forbes - 5.6.13-300 - Linux v5.6.13 - Fix boot hang caused by buggy TPM support (rhbz 1779611) - Fix CVE-2020-12655 (rhbz 1832543 1832545) * Thu May 14 2020 Peter Robinson - Fix for NIC issues on Jetson Xavier AGX * Tue May 12 2020 Justin M. Forbes - Fix CVE-2020-10711 (rhbz 1825116 1834778) --------------------------------------------------------------------------------References: [ 1 ] Bug #1825116 - CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic https://bugzilla.redhat.com/show_bug.cgi?id=1825116 [ 2 ] Bug #1832543 - CVE-2020-12655 kernel: sync of excessive duration via an XFS v5 image with crafted metadata https://bugzilla.redhat.com/show_bug.cgi?id=1832543 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-4336d63533' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 19, 2020
•Critical
Fedora
100
security advisorydenial of servicesecurity updateSUSE: 2015:2292-1 Critical: Kernel Denial of Service Fixes Details
An update that solves 7 vulnerabilities and has 54 fixes is An update that solves 7 vulnerabilities and has 54 fixes is An update that solves 7 vulnerabilities and has 54 fixes is now available. now available.. SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2292-1 Rating: important References: #758040 #814440 #904348 #921949 #924493 #926238 #933514 #936773 #939826 #939926 #940776 #941113 #941202 #943959 #944296 #947241 #947478 #949100 #949192 #949706 #949744 #949936 #950013 #950580 #950750 #950998 #951110 #951165 #951440 #951638 #951864 #952384 #952666 #953717 #953826 #953830 #953971 #953980 #954635 #954986 #955136 #955148 #955224 #955354 #955422 #955533 #955644 #956047 #956053 #956147 #956284 #956703 #956711 #956717 #956801 #956876 #957395 #957546 #958504 #958510 #958647 Cross-References: CVE-2015-0272 CVE-2015-2925 CVE-2015-5156 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8215 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 54 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive various security and bugfixes. Following features were added: - hwrng: Add adriver for the hwrng found in power7+ systems (fate#315784). Following security bugs were fixed: - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. (bsc#955354) - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#926238). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). The following non-security bugs were fixed: - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#954986, LTC#131684). - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: kill closure locking usage (bnc#951638). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor request_write() (bnc#951638). - bcache: Use blkdev_issue_discard() (bnc#951638). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix truncation of compressed and inlined extents (bnc#956053). - btrfs: Set relative data on clear btrfs_block_group_cache-> pinned (bsc#958647). - btrfs: Set relative data on clear btrfs_block_group_cache-> pinned (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395). - cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (bsc#950580). - dlm: make posix locks interruptible, (bsc#947241). - dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL (bsc#949744). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s-> lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drm: Allocate new master object when client becomes master(bsc#956876, bsc#956801). - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: clean up backlight conditional build (bsc#941113). - drm/i915: debug print on backlight register (bsc#941113). - drm/i915: do full backlight setup at enable time (bsc#941113). - drm/i915: do not save/restore backlight registers in KMS (bsc#941113). - drm/i915: Eliminate lots of WARNs when there's no backlight present (bsc#941113). - drm/i915: fix gen2-gen3 backlight set (bsc#941113,bsc#953971). - drm/i915: Fix gen3 self-refresh watermarks (bsc#953830,bsc#953971). - drm/i915: Fix missing backlight update during panel disablement (bsc#941113). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - drm/i915: gather backlight information at setup (bsc#941113). - drm/i915: handle backlight through chip specific functions (bsc#941113). - drm/i915: Ignore "digital output" and "not HDMI output" bits for eDP detection (bsc#949192). - drm/i915: make asle notifications update backlight on all connectors (bsc#941113). - drm/i915: make backlight info per-connector (bsc#941113). - drm/i915: move backlight level setting in enable/disable to hooks (bsc#941113). - drm/i915: move opregion asle request handling to a work queue (bsc#953826). - drm/i915: nuke get max backlight functions (bsc#941113). - drm/i915/opregion: fix build error on CONFIG_ACPI=n (bsc#953826). - drm/i915: restore backlight precision when converting from ACPI (bsc#941113). - drm/i915/tv: add -> get_config callback (bsc#953830). - drm/i915: use backlight legacy combination mode also for i915gm/i945gm (bsc#941113). - drm/i915: use the initialized backlight max value instead of reading it (bsc#941113). - drm/i915: vlv does not have pipe field in backlight registers (bsc#941113). - fanotify: fix notification of groups with inode & mount marks (bsc#955533). - Fix remove_and_add_spares removes drive added as spare in slot_store (bsc#956717). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). in the non-RT kernel to minimize the differences. - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ixgbe: fix broken PFC with X550 (bsc#951864). - ixgbe: use correct fcoe ddp max check (bsc#951864). - kabi: Fix spurious kabi change in mm/util.c. - kABI: protect struct ahci_host_priv. - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635). - kabi: Restore kabi in struct se_cmd (bsc#954635). - kabi: Restore kabi in struct se_subsystem_api (bsc#954635). - ktime: add ktime_after and ktime_before helper (bsc#904348). - mm: factor commit limit calculation (VM Performance). - mm: get rid of "vmalloc_info" from /proc/meminfo (VM Performance). - mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault (Automatic NUMA Balancing (fate#315482)). - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959). - mm: vmscan: never isolate more pages than necessary (VM Performance). - Move ktime_after patch to the networking section - nfsrdma: Fix regression in NFSRDMA server (bsc#951110). - pci: Drop "setting latency timer" messages (bsc#956047). - pci: Update VPD size with correct length (bsc#924493). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problemof perf_event_intel_uncore (bsc#955136). - pm, hinernate: use put_page in release_swap_writer (bnc#943959). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Re-add copy_page_vector_to_user() - ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors. - rpm/kernel-binary.spec.in: Always build zImage for ARM - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs. - rpm/kernel-binary.spec.in: Drop the %build_src_dir macro It is the parent directory of the O= directory. - rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags} - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now. - rpm/kernel-binary.spec.in: Use upstream script to support config.addon - s390/dasd: fix disconnected device with valid path mask (bnc#954986, LTC#132707). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#954986, LTC#132706). - s390/dasd: fix list_del corruption after lcu changes (bnc#954986, LTC#133077). - sched: Call select_idle_sibling() when not affine_sd (Scheduler Performance). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395). - sched/numa: Check all nodes when placing a pseudo-interleaved group (Automatic NUMA Balancing (fate#315482)). - sched/numa: Fix math underflow in task_tick_numa() (Automatic NUMA Balancing (fate#315482)). - sched/numa: Only consider less busy nodes as numa balancingdestinations (Automatic NUMA Balancing (fate#315482)). - sched: Put expensive runtime debugging checks under a separate Kconfig entry (Scheduler performance). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - sunrpc/cache: make cache flushing more reliable (bsc#947478). - sunrpc: Fix oops when trace sunrpc_task events in nfs client (bnc#956703). - supported.conf: Support peak_pci and sja1000: These 2 CAN drivers are supported in the RT kernel for a long time so we can also support them - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use "se_dev_entry" when allocating UAs (bsc#933514). - Update config files. (bnc#955644) - Update kabi files with sbc_parse_cdb symbol change (bsc#954635). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - x86/efi: Fix invalid parameter error when getting hibernation key (fate#316350, bsc#956284). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86/mm: Add parenthesis for TLB tracepoint size calculation (VM Performance (Reduce IPIs during reclaim)). - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148). - x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate() (bsc#953717). - xen: fix boot crash in EC2 settings (bsc#956147). - xen: refresh patches.xen/xen-x86_64-m2p-strict (bsc#956147). - xen: Update Xen patches to 3.12.50. - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need anioend (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from get_blocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using generic_file_direct_write() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546). - zfcp: fix fc_host port_type with NPIV (bnc#954986, LTC#132479). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-985=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-985=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-985=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-985=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-985=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-985=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-extra-3.12.51-60.20.2 kernel-default-extra-debuginfo-3.12.51-60.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-60.20.1 kernel-obs-build-debugsource-3.12.51-60.20.1 - SUSE Linux Enterprise SoftwareDevelopment Kit 12-SP1 (noarch): kernel-docs-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.51-60.20.2 kernel-default-base-3.12.51-60.20.2 kernel-default-base-debuginfo-3.12.51-60.20.2 kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-devel-3.12.51-60.20.2 kernel-syms-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.51-60.20.2 kernel-xen-base-3.12.51-60.20.2 kernel-xen-base-debuginfo-3.12.51-60.20.2 kernel-xen-debuginfo-3.12.51-60.20.2 kernel-xen-debugsource-3.12.51-60.20.2 kernel-xen-devel-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.51-60.20.2 kernel-macros-3.12.51-60.20.2 kernel-source-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.51-60.20.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-60.20.2 kernel-ec2-debuginfo-3.12.51-60.20.2 kernel-ec2-debugsource-3.12.51-60.20.2 kernel-ec2-devel-3.12.51-60.20.2 kernel-ec2-extra-3.12.51-60.20.2 kernel-ec2-extra-debuginfo-3.12.51-60.20.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-1-4.1 kgraft-patch-3_12_51-60_20-xen-1-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.51-60.20.2 kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-devel-3.12.51-60.20.2 kernel-default-extra-3.12.51-60.20.2 kernel-default-extra-debuginfo-3.12.51-60.20.2 kernel-syms-3.12.51-60.20.2 kernel-xen-3.12.51-60.20.2 kernel-xen-debuginfo-3.12.51-60.20.2 kernel-xen-debugsource-3.12.51-60.20.2 kernel-xen-devel-3.12.51-60.20.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.51-60.20.2 kernel-macros-3.12.51-60.20.2 kernel-source-3.12.51-60.20.2 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-5156.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8215.html https://bugzilla.suse.com/show_bug.cgi?id=758040 https://bugzilla.suse.com/show_bug.cgi?id=814440 https://bugzilla.suse.com/show_bug.cgi?id=904348 https://bugzilla.suse.com/show_bug.cgi?id=921949 https://bugzilla.suse.com/show_bug.cgi?id=924493 https://bugzilla.suse.com/show_bug.cgi?id=926238 https://bugzilla.suse.com/show_bug.cgi?id=933514 https://bugzilla.suse.com/show_bug.cgi?id=936773 https://bugzilla.suse.com/show_bug.cgi?id=939826 https://bugzilla.suse.com/show_bug.cgi?id=939926 https://bugzilla.suse.com/show_bug.cgi?id=940776 https://bugzilla.suse.com/show_bug.cgi?id=941113 https://bugzilla.suse.com/show_bug.cgi?id=941202 https://bugzilla.suse.com/show_bug.cgi?id=943959 https://bugzilla.suse.com/show_bug.cgi?id=944296 https://bugzilla.suse.com/show_bug.cgi?id=947241 https://bugzilla.suse.com/show_bug.cgi?id=947478 https://bugzilla.suse.com/show_bug.cgi?id=949100 https://bugzilla.suse.com/show_bug.cgi?id=949192 https://bugzilla.suse.com/show_bug.cgi?id=949706 https://bugzilla.suse.com/show_bug.cgi?id=949744 https://bugzilla.suse.com/show_bug.cgi?id=949936 https://bugzilla.suse.com/show_bug.cgi?id=950013 https://bugzilla.suse.com/show_bug.cgi?id=950580 https://bugzilla.suse.com/show_bug.cgi?id=950750 https://bugzilla.suse.com/show_bug.cgi?id=950998 https://bugzilla.suse.com/show_bug.cgi?id=951110 https://bugzilla.suse.com/show_bug.cgi?id=951165 https://bugzilla.suse.com/show_bug.cgi?id=951440 https://bugzilla.suse.com/show_bug.cgi?id=951638 https://bugzilla.suse.com/show_bug.cgi?id=951864 https://bugzilla.suse.com/show_bug.cgi?id=952384 https://bugzilla.suse.com/show_bug.cgi?id=952666 https://bugzilla.suse.com/show_bug.cgi?id=953717 https://bugzilla.suse.com/show_bug.cgi?id=953826 https://bugzilla.suse.com/show_bug.cgi?id=953830 https://bugzilla.suse.com/show_bug.cgi?id=953971 https://bugzilla.suse.com/show_bug.cgi?id=953980 https://bugzilla.suse.com/show_bug.cgi?id=954635 https://bugzilla.suse.com/show_bug.cgi?id=954986 https://bugzilla.suse.com/show_bug.cgi?id=955136 https://bugzilla.suse.com/show_bug.cgi?id=955148 https://bugzilla.suse.com/show_bug.cgi?id=955224 https://bugzilla.suse.com/show_bug.cgi?id=955354 https://bugzilla.suse.com/show_bug.cgi?id=955422 https://bugzilla.suse.com/show_bug.cgi?id=955533 https://bugzilla.suse.com/show_bug.cgi?id=955644 https://bugzilla.suse.com/show_bug.cgi?id=956047 https://bugzilla.suse.com/show_bug.cgi?id=956053 https://bugzilla.suse.com/show_bug.cgi?id=956147 https://bugzilla.suse.com/show_bug.cgi?id=956284 https://bugzilla.suse.com/show_bug.cgi?id=956703 https://bugzilla.suse.com/show_bug.cgi?id=956711 https://bugzilla.suse.com/show_bug.cgi?id=956717 https://bugzilla.suse.com/show_bug.cgi?id=956801 https://bugzilla.suse.com/show_bug.cgi?id=956876 https://bugzilla.suse.com/show_bug.cgi?id=957395 https://bugzilla.suse.com/show_bug.cgi?id=957546 https://bugzilla.suse.com/show_bug.cgi?id=958504 https://bugzilla.suse.com/show_bug.cgi?id=958510 https://bugzilla.suse.com/show_bug.cgi?id=958647 . CentOS Security Release: Addressing 5 severe vulnerabilities in the Unix Kernel along with 40 significant upgrades. Ensure your safety!. SUSE Linux, Kernel, Denial of Service, Security Fixes. . Severity: Important. LinuxSecurity.com Team
Dec 17, 2015
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!