[El-errata] ELSA-2012-0690 Important: Oracle Linux 5 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu May 31 10:01:09 PDT 2012


Oracle Linux Security Advisory ELSA-2012-0690

https://rhn.redhat.com/errata/RHSA-2012-0690.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.el5.i386.rpm
kernel-xen-2.6.18-308.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.i686.rpm

x86_64:
kernel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.x86_64.rpm

ia64:
kernel-2.6.18-308.8.1.el5.ia64.rpm
kernel-debug-2.6.18-308.8.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.ia64.rpm
kernel-devel-2.6.18-308.8.1.el5.ia64.rpm
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.el5.ia64.rpm
kernel-xen-2.6.18-308.8.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-2.6.18-308.8.1.el5.src.rpm

The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.el5PAE-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.el5xen-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.el5debug-2.0.5-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5PAE-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5xen-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5debug-1.4.9-1.el5.i686.rpm

x86_64:
oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.1.el5xen-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.1.el5debug-2.0.5-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.el5xen-1.4.9-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.el5debug-1.4.9-1.el5.x86_64.rpm

ia64:
oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.1.el5xen-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.1.el5debug-2.0.5-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.el5xen-1.4.9-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.el5debug-1.4.9-1.el5.ia64.rpm


SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.src.rpm

Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.

We recommend that all users of Oracle Linux 5 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

Description of changes:

* CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.

The length of packet fragments to be sent wasn't validated before use,
leading to heap overflow. A user having access to TUN/TAP virtual
device could use this flaw to crash the system or to potentially
escalate their privileges.

[2.6.18-308.8.1.el5]
- [net] sock: validate data_len before allocating skb in 
sock_alloc_send_pskb() (Jason Wang) [816290 816106] {CVE-2012-2136}
- [net] tg3: Fix VLAN tagging assignments (John Feeney) [817691 797011]
- [net] ixgbe: do not stop stripping VLAN tags in promiscuous mode (Andy 
Gospodarek) [809791 804800]
- [s390] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik 
Brueckner) [810123 808489]
- [x86] unwind information fix for the vsyscall DSO (Prarit Bhargava) 
[807930 805799]

[2.6.18-308.7.1.el5]
- [fs] epoll: Don't limit non-nested epoll paths (Jason Baron) [809380 
804778]

[2.6.18-308.6.1.el5]
- [scsi] fc class: fix scanning when devs are offline (Mike Christie) 
[816684 799530]
- [md] dm-multipath: delay retry of bypassed pg (Mike Christie) [816684 
799530]
- [net] bonding: properly unset current_arp_slave on slave link up 
(Veaceslav Falico) [811927 800575]
- [net] bonding: remove {master,vlan}_ip and query devices instead (Andy 
Gospodarek) [810321 772216]

[2.6.18-308.5.1.el5]
- [scsi] skip sense logging for some ATA PASS-THROUGH cdbs (David 
Milburn) [807265 788777]






More information about the El-errata mailing list