Whamcloud Community JIRA

Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us

9.4.14

940014

05-12-2023

[LU-8796] kernel upgrade [RHEL7.3 3.10.0-514.el7] https://jira.whamcloud.com/browse/LU-8796 Lustre <p>RHEL 7.3 was just announced as released. It is now officially GA as of 11/3/16.</p> <p>This mod represents switching our supported el7 version from RHEL 7.2 to RHEL 7.3</p> <p>Details of the kernel upgrade will follow in comments.</p> LU-8796

kernel upgrade [RHEL7.3 3.10.0-514.el7]

Bug Major Resolved Fixed Bob Glossman Bob Glossman Thu, 3 Nov 2016 14:26:41 +0000 Mon, 24 Apr 2017 16:33:01 +0000 Fri, 18 Nov 2016 16:35:29 +0000 Lustre 2.9.0 0 6 <p>Security Fix(es):</p> <ul> <li>It was found that the Linux kernel's IPv6 implementation mishandled socket<br/> options. A local attacker could abuse concurrent access to the socket options to<br/> escalate their privileges, or cause a denial of service (use-after-free and<br/> system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)</li> </ul> <ul> <li>Several Moderate and Low impact security issues were found in the Linux<br/> kernel. Space precludes documenting each of these issues in this advisory. Refer<br/> to the CVE links in the References section for a description of each of these<br/> vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812,<br/> CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,<br/> CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828,<br/> CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480,<br/> CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070,<br/> CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)</li> </ul> <p>Additional Changes:</p> <p>For detailed information on changes in this release, see the Red Hat Enterprise<br/> Linux 7.3 Release Notes at <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html" class="external-link" target="_blank" rel="nofollow noopener">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html</a></p> <p>Bugs fixed (<a href="https://bugzilla.redhat.com/):" class="external-link" target="_blank" rel="nofollow noopener">https://bugzilla.redhat.com/):</a></p> <p>1141249 - Xen guests may hang after migration or suspend/resume<br/> 1234586 - Backtrace after unclean shutdown with XFS v5 and project quotas<br/> 1267042 - XFS needs to better handle EIO and ENOSPC<br/> 1277863 - Test case failure: Screen - Resolution after no Screen Boot on Intel Valley View Gen7 <span class="error">[8086:0f31]</span><br/> 1278224 - panic in iscsi_target.c<br/> 1283341 - cannot mount RHEL7 NFS server with nfsvers=4.1,sec=krb5 but nfsvers=4.0,sec=krb5 works<br/> 1286261 - CVE-2015-8374 kernel: Information leak when truncating of compressed/inlined extents on BTRFS<br/> 1286500 - Tool thin_dump failing to show 'mappings'<br/> 1290475 - CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference<br/> 1292481 - device mapper hung tasks on an openshift/docker system<br/> 1295802 - CVE-2015-8746 kernel: when NFSv4 migration is executed, kernel oops occurs at NFS client<br/> 1297813 - CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted<br/> 1299662 - VFIO: include no-IOMMU mode - not supported<br/> 1300023 - soft lockup in nfs4_put_stid with 3.10.0-327.4.4.el7<br/> 1300237 - CVE-2016-2053 kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()<br/> 1301893 - CVE-2016-2069 kernel: race condition in the TLB flush logic<br/> 1302166 - MAC address of VF is not editable even when attached to host<br/> 1303532 - CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.<br/> 1305118 - XFS support for deferred dio completion<br/> 1307091 - fstrim failing on mdadm raid 5 device<br/> 1308444 - CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor<br/> 1308846 - CVE-2016-3070 kernel: Null pointer dereference in trace_writeback_dirty_page()<br/> 1312298 - CVE-2016-2117 kernel: Kernel memory leakage to ethernet frames due to buffer overflow in ethernet drivers<br/> 1313428 - CVE-2016-2847 kernel: pipe: limit the per-user amount of pages allocated in pipes<br/> 1318172 - CVE-2016-3156 kernel: ipv4: denial of service when destroying a network interface<br/> 1321096 - BUG: s390 socketcall() syscalls audited with wrong value in field a0<br/> 1326540 - CVE-2015-8845 CVE-2015-8844 kernel: incorrect restoration of machine specific registers from userspace<br/> 1329653 - CVE-2016-3699 kernel: ACPI table override allowed when securelevel is enabled<br/> 1333712 - CVE-2016-4581 kernel: Slave being first propagated copy causes oops in propagate_mnt<br/> 1334643 - CVE-2016-4569 kernel: Information leak in Linux sound module in timer.c<br/> 1335215 - CVE-2016-4578 kernel: Information leak in events in timer.c<br/> 1335889 - CVE-2016-4794 kernel: Use after free in array_map_alloc<br/> 1349539 - T460<span class="error">[p/s]</span> audio output on dock won't work<br/> 1349916 - CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode<br/> 1349917 - CVE-2016-5828 Kernel: powerpc: tm: crash via exec system call on PPC<br/> 1350509 - CVE-2016-5829 kernel: Heap buffer overflow in hiddev driver<br/> 1353533 - CVE-2016-6136 kernel: Race condition vulnerability in execve argv arguments<br/> 1354525 - CVE-2016-6327 kernel: infiniband: Kernel crash by sending ABORT_TASK command<br/> 1355654 - CVE-2016-6198 kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs<br/> 1361245 - <span class="error">[Hyper-V]</span><span class="error">[RHEL 7.2]</span> VMs panic when configured with Dynamic Memory as opposed to Static Memory<br/> 1362466 - CVE-2016-6480 kernel: scsi: aacraid: double fetch in ioctl_send_fib()<br/> 1364971 - CVE-2016-3841 kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.<br/> 1383395 - CVE-2015-8956 kernel: NULL dereference in RFCOMM bind callback</p> <p>Bob Glossman (bob.glossman@intel.com) uploaded a new patch: <a href="http://review.whamcloud.com/23560" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/23560</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-8796" title="kernel upgrade [RHEL7.3 3.10.0-514.el7]" class="issue-link" data-issue-key="LU-8796"><del>LU-8796</del></a> kernel: kernel upgrade RHEL7.3 <span class="error">[3.10.0-514.el7]</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: ae7755f445042d7aad82b7ee046839a068b1d504</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="http://review.whamcloud.com/23560/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/23560/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-8796" title="kernel upgrade [RHEL7.3 3.10.0-514.el7]" class="issue-link" data-issue-key="LU-8796"><del>LU-8796</del></a> kernel: kernel upgrade RHEL7.3 <span class="error">[3.10.0-514.el7]</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: 5763c175c9a1a330b664a01bc08f329b2bee54f7</p> <p>Landed for 2.9</p> Blocker LU-8534 Related LU-9310 Development Rank 1|hzyuc7: Rank (Obsolete) 9223372036854775807 Severity