-
Thu Apr 13 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.34.el7uek]
- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171]
- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171]
- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171]
- KVM: x86: fix emulation of "MOV SS, null selector" (Paolo Bonzini) [Orabug: 25719659] {CVE-2017-2583} {CVE-2017-2583}
- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}
- ext4: reserve code points for the project quota feature (Theodore Ts'o) [Orabug: 25719728] {CVE-2016-10208}
- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719728] {CVE-2016-10208}
- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719793] {CVE-2017-5986}
- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720805] {CVE-2017-6214}
- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25720839] {CVE-2017-6347}
- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25720839] {CVE-2017-6347}
- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839] {CVE-2017-6347}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}
- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877509] {CVE-2016-7910}
-
Thu Mar 30 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.33.el7uek]
- Revert "x86/mm: Expand the exception table logic to allow new handling options" (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}
- Revert "fix minor infoleak in get_user_ex()" (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}
-
Wed Mar 29 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.32.el7uek]
- x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644}
-
Wed Mar 29 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.31.el7uek]
- rebuild bumping release
-
Thu Mar 23 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.30.el7uek]
- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}
- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088}
- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187}
-
Tue Mar 14 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.29.el7uek]
- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636}
- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636}
- If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783]
- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783]
- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633}
- usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951}
- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjørn Mork) [Orabug: 25463898] {CVE-2016-3951}
- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951}
- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}
- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596}
- crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147}
- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}
- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krčmář) [Orabug: 25507213] {CVE-2016-9756}
- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645}
- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645}
- tipc: check minimum bearer MTU (Michal Kubeček) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632}
- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178}
- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425}
- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425}
- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}
- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}
- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}
- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345}
- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847]
- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970}
- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}
- ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897}
- mpt3sas: Don't spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035]
- xen-netfront: cast grant table reference first to type int (Dongli Zhang)
- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)
-
Thu Feb 23 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.28.el7uek]
- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598257] {CVE-2017-6074}
-
Fri Feb 03 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.27.el7uek]
- vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] {CVE-2016-9083} {CVE-2016-9084}
- Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] {CVE-2016-9576}
- kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] {CVE-2016-8630}
- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] {CVE-2016-8646}
- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] {CVE-2016-4482}
- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] {CVE-2016-4485}
-
Fri Jan 27 2017 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-61.1.26.el7uek]
- xen-netback: fix extra_info handling in xenvif_tx_err() (Paul Durrant) [Orabug: 25445336]
- net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug: 25458076]
- tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076]
- xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel) [Orabug: 25430143]
-
Wed Jan 11 2017 Brian Maly <brian.maly@oracle.com> [4.1.12-61.1.25.el7uek]
- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042}
- nvme: Limit command retries (Keith Busch) [Orabug: 25374751]
- fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977]
- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828}
- tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666}
- i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290]
- packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655}
- netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806}
- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794}
- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793}