<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Oracle Linux Security Advisory ELSA-2011-0263<br>
<br>
<a class="moz-txt-link-freetext"
href="https://rhn.redhat.com/errata/RHSA-2011-0263.html">https://rhn.redhat.com/errata/RHSA-2011-0263.html</a><br>
<br>
The following updated rpms for Oracle Linux 4 have been uploaded
to the Unbreakable Linux Network:<br>
<br>
i386:<br>
kernel-2.6.9-100.EL.i686.rpm<br>
kernel-devel-2.6.9-100.EL.i686.rpm<br>
kernel-doc-2.6.9-100.EL.noarch.rpm<br>
kernel-hugemem-2.6.9-100.EL.i686.rpm<br>
kernel-hugemem-devel-2.6.9-100.EL.i686.rpm<br>
kernel-smp-2.6.9-100.EL.i686.rpm<br>
kernel-smp-devel-2.6.9-100.EL.i686.rpm<br>
kernel-xenU-2.6.9-100.EL.i686.rpm<br>
kernel-xenU-devel-2.6.9-100.EL.i686.rpm<br>
<br>
x86_64:<br>
kernel-2.6.9-100.EL.x86_64.rpm<br>
kernel-devel-2.6.9-100.EL.x86_64.rpm<br>
kernel-doc-2.6.9-100.EL.noarch.rpm<br>
kernel-largesmp-2.6.9-100.EL.x86_64.rpm<br>
kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm<br>
kernel-smp-2.6.9-100.EL.x86_64.rpm<br>
kernel-smp-devel-2.6.9-100.EL.x86_64.rpm<br>
kernel-xenU-2.6.9-100.EL.x86_64.rpm<br>
kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm<br>
<br>
ia64:<br>
kernel-2.6.9-100.EL.ia64.rpm<br>
kernel-devel-2.6.9-100.EL.ia64.rpm<br>
kernel-doc-2.6.9-100.EL.noarch.rpm<br>
kernel-largesmp-2.6.9-100.EL.ia64.rpm<br>
kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm<br>
<br>
<br>
SRPMS:<br>
<a class="moz-txt-link-freetext"
href="http://oss.oracle.com/el4/SRPMS-updates/kernel-2.6.9-100.EL.src.rpm">http://oss.oracle.com/el4/SRPMS-updates/kernel-2.6.9-100.EL.src.rpm</a><br>
<br>
The following packages were rebuilt to be in sync with the updated
kernel version (no changes other than updating the version
number): <br>
<br>
i386:<br>
oracleasm-2.6.9-100.EL-2.0.5-1.el4.i686.rpm<br>
oracleasm-2.6.9-100.ELhugemem-2.0.5-1.el4.i686.rpm<br>
oracleasm-2.6.9-100.ELsmp-2.0.5-1.el4.i686.rpm<br>
oracleasm-2.6.9-100.ELxenU-2.0.5-1.el4.i686.rpm<br>
ocfs2-2.6.9-100.EL-1.2.9-1.el4.i686.rpm<br>
ocfs2-2.6.9-100.ELhugemem-1.2.9-1.el4.i686.rpm<br>
ocfs2-2.6.9-100.ELsmp-1.2.9-1.el4.i686.rpm<br>
ocfs2-2.6.9-100.ELxenU-1.2.9-1.el4.i686.rpm<br>
<br>
x86_64:<br>
oracleasm-2.6.9-100.EL-2.0.5-1.el4.x86_64.rpm<br>
oracleasm-2.6.9-100.ELlargesmp-2.0.5-1.el4.x86_64.rpm<br>
oracleasm-2.6.9-100.ELsmp-2.0.5-1.el4.x86_64.rpm<br>
oracleasm-2.6.9-100.ELxenU-2.0.5-1.el4.x86_64.rpm<br>
ocfs2-2.6.9-100.EL-1.2.9-1.el4.x86_64.rpm<br>
ocfs2-2.6.9-100.ELlargesmp-1.2.9-1.el4.x86_64.rpm<br>
ocfs2-2.6.9-100.ELsmp-1.2.9-1.el4.x86_64.rpm<br>
ocfs2-2.6.9-100.ELxenU-1.2.9-1.el4.x86_64.rpm<br>
<br>
ia64:<br>
oracleasm-2.6.9-100.EL-2.0.5-1.el4.ia64.rpm<br>
oracleasm-2.6.9-100.ELlargesmp-2.0.5-1.el4.ia64.rpm<br>
ocfs2-2.6.9-100.EL-1.2.9-1.el4.ia64.rpm<br>
ocfs2-2.6.9-100.ELlargesmp-1.2.9-1.el4.ia64.rpm<br>
<br>
<br>
SRPMS:<br>
<a class="moz-txt-link-freetext"
href="http://oss.oracle.com/el4/SRPMS-updates/oracleasm-2.6.9-100.EL-2.0.5-1.el4.src.rpm">http://oss.oracle.com/el4/SRPMS-updates/oracleasm-2.6.9-100.EL-2.0.5-1.el4.src.rpm</a><br>
<a class="moz-txt-link-freetext"
href="http://oss.oracle.com/el4/SRPMS-updates/ocfs2-2.6.9-100.EL-1.2.9-1.el4.src.rpm">http://oss.oracle.com/el4/SRPMS-updates/ocfs2-2.6.9-100.EL-1.2.9-1.el4.src.rpm</a><br>
<br>
Description of changes:<br>
<br>
[2.6.9-100]<br>
-cxgb3: prevent reading uninitialized stack memory to fix
xgb_extension_ioctl infoleak (Eugene Teo) [633153] {CVE-2010-3296}<br>
-mlx4: disable MSI-X by default (Andy Gospodarek) [530596]<br>
-ext3: call fs's invalidatepage instead of block_invalidatepage
(Josef Bacik) [488611]<br>
-av7110: check for negative array offset (Mauro Carvalho Chehab)
[672400] {CVE-2011-0521}<br>
-ext3: don't dirty unmapped data buffers (Josef Bacik) [488611]<br>
-net: clear heap allocations for privileged ethtool actions (Jiri
Pirko) [672431] {CVE-2010-4655}<br>
<br>
[2.6.9-99]<br>
-bonding: fix active backup failover due to jiffie wrap (Andy
Gospodarek) [641112]<br>
<br>
[2.6.9-98]<br>
-sound: fix a buffer overflow in the oss mixer (David Howells)
[667619] {CVE-2010-4527}<br>
<br>
[2.6.9-97]<br>
-fs: fix filesystem corruption on ext2 (Alexander Viro) [662839]<br>
-sky2: fix oops in sky2_xmit_frame after tx timeout (Don Howard)
[614559]<br>
-netdump: fix netdump failures on large memory systems (Neil
Horman) [488557]<br>
<br>
[2.6.9-96]<br>
-usb: ehci amd periodic frame list table quirk (Don Zickus)
[651334]<br>
-fs: truncate blocks outside i_size after O_DIRECT write error
(Eric Sandeen) [665067]<br>
<br>
[2.6.9-95]<br>
-jbd: skip buffers that have a different jh (Josef Bacik) [488611]<br>
-unix: fix local socket dos (Neil Horman) [656758] {CVE-2010-4249}<br>
-s390x: qdio: fix zfcp stall with more than 63 active qdio devices
(Hendrik Brueckner) [662130]<br>
-ehci-hcd: fix fatal error during bootup (Don Zickus) [656447]<br>
<br>
[2.6.9-94]<br>
-modules: sysctl to block module loading (Jerome Marchand)
[645220]<br>
-redhat: added config_security_dmesg_restrict option (Frantisek
Hrbata) [653252]<br>
-kernel: restrict unprivileged access to kernel syslog (Frantisek
Hrbata) [653252]<br>
-sysctl: introduce ctl_unnumbered definition in sysctl.h
(Frantisek Hrbata) [653252]<br>
-usb: allow usbstorage to have luns greater than 2TB (Don Zickus)
[658824]<br>
-serial: clean data before filling it (Mauro Carvalho Chehab)
[648809] {CVE-2010-4075}<br>
-sched: fix task starvation on Hyperthreaded cpus (Vitaly
Mayatskikh) [488089]<br>
-s390: sclp: handle zero length event buffers (Hans-Joachim Picht)
[487692]<br>
<br>
[2.6.9-93]<br>
-kernel: failure to revert address limit override in oops error
path (Dave Anderson) [659569] {CVE-2010-4258}<br>
-nfsv4: fix oops in nfs4_kill_super (Jeff Layton) [660448]<br>
-net: filter: make sure filters dont read uninitialized memory
(Jiri Pirko) [651701] {CVE-2010-4158}<br>
-net: limit sendto()/recvfrom()/iovec total length to INT_MAX
(Jiri Pirko) [651924] {CVE-2010-3859}<br>
-bluetooth: fix missing null check (Jarod Wilson) [655663]
{CVE-2010-4242}<br>
-ipc: initialize structure memory to zero for compat functions
(Xiaotian Feng) [648811] {CVE-2010-4073}<br>
-ipc: shm: fix information leak to userland (Xiaotian Feng)
[648817] {CVE-2010-4072}<br>
-netfront: default to copying instead of flipping (Laszlo Ersek)
[653505]<br>
-net: packet: fix information leak to userland (Jiri Pirko)
[649896] {CVE-2010-3876}<br>
-scsi: gdth: integer overflow in ioc_general (Frantisek Hrbata)
[651174] {CVE-2010-4157}<br>
-sys_semctl: semctl fix kernel stack leakage (Xiaotian Feng)
[648794] {CVE-2010-4083}<br>
-alsa: rme9652: prevent reading uninitialized stack memory
(Stanislaw Gruszka) [648807] {CVE-2010-4080}<br>
-fs: only return EIO once on msync/fsync after IO failure (Rik van
Riel) [645633]<br>
-xen: virtio_net: add get_drvinfo() to virtio_net (Laszlo Ersek)
[647196]<br>
-xen: netfront: add get_drvinfo() to netfront (Laszlo Ersek)
[647187]<br>
-kernel: fix possible integer overflow in mm/fremap.c (Larry
Woodman) [637045]<br>
<br>
[2.6.9-92]<br>
-mm: revert patch to reduce large file latency during writebacks
(Larry Woodman) [488070]<br>
<br>
[2.6.9-91]<br>
-mm: prevent panic when setting /proc/sys/vm/nr_hugepages (Larry
Woodman) [647567]<br>
-net: sctp: do not reset the packet during sctp_packet_config()
(Jiri Pirko) [637865] {CVE-2010-3432}<br>
-scsi: fix panic in sysfs_hash_and_remove() when scsi device is
removed (Mark Goodwin) [533299]<br>
<br>
[2.6.9-90]<br>
-kernel: prevent heap corruption in snd_ctl_new() (Jerome
Marchand) [638482] {CVE-2010-3442}<br>
-forcedeth: latest bugfixes from upstream (Ivan Vecera) [552953]<br>
-forcedeth: remove CONFIG_FORCEDETH_NAPI=y from config-generic
(Ivan Vecera) [552953]<br>
<br>
[2.6.9-89.45]<br>
-scsi: scsi_do_req submitted commands (tape) never complete when
device goes (Rob Evers) [636289]<br>
-scsi: log msg when getting unit attention (Mike Christie)
[585430]<br>
-jbd: fix panic in jbd when running bashmemory (Josef Bacik)
[488611]<br>
-qla2xxx: work around hypertransport sync flood error on sun x4200
with qla2xxx (Chad Dupuis) [621621]<br>
-aio: implement request batching for better merging and throughput
(Jeff Moyer) [508377]<br>
-fs: a bunch of patches to fix various nfsd/iget() races
(Alexander Viro) [189918]<br>
-net: bonding: add debug module option (Jiri Pirko) [247116]<br>
-fix fd leaks if pipe() is called with an invalid address (Amerigo
Wang) [509627]<br>
<br>
[2.6.9-89.44]<br>
-ide-scsi: fix deadlock in ide-scsi error handler (Doug Ledford)
[526966]<br>
-mlx4_core: allocate sufficient memory for interrupt table (Doug
Ledford) [530596]<br>
-mptbase: panic with domain validation while rebuilding after the
disk is replaced (Rob Evers) [476874]<br>
-fs: buffer: __block_write_full_page simplification by removing
last_bh logic (Jeff Moyer) [472752]<br>
-fs: buffer: __block_write_full_page speedup by removing get_bh()
and put_bh() (Jeff Moyer) [472752]<br>
-fs: buffer: __block_write_full_page race fix (Jeff Moyer)
[472752]<br>
-kernel: fix integer overflow in groups_search (Jerome Marchand)
[457519]<br>
-cifs: remove bogus check in ntlm session setup code (Jeff Layton)
[604786]<br>
-cifs: when renaming don't try to unlink negative dentry (Jeff
Layton) [500904]<br>
-autofs4: fix lookup deadlock when user space uses a signal (Ian
Kent) [477017]<br>
-fs: make sure data stored into inode is properly seen before
unlocking new inode (Eric Sandeen) [563920]<br>
-ipc: hard_msgmax should be higher not lower on 64bit (Amerigo
Wang) [525815]<br>
-fs: fix file truncations when both suid and write permissions set
(Amerigo Wang) [525398]<br>
-block: fix rcu accesses in partition statistics (Jerome Marchand)
[517523]<br>
-kernel headers: fix missing defintion that causes build break
(Neil Horman) [504593]<br>
<br>
[2.6.9-89.43]<br>
-aacraid: fix file system going into read only mode (Rob Evers)
[624713]<br>
-blkfront: xen domu, raid1, lvm, iscsi target export with blockio
bug (Paolo Bonzini) [490148]<br>
-cciss: change version from 2.6.20.RH2 to 2.6.20.RH3 (Tomas Henzl)
[594086]<br>
-cciss: added printk in do_cciss_request before BUG() (Tomas
Henzl) [594086]<br>
-cciss: fix a nulll pointer dereference in complete_command()
(Tomas Henzl) [594086]<br>
-cciss: fix an issue when sending command with no data (Tomas
Henzl) [594086]<br>
-mm: honor __GFP_NOFAIL flag in __alloc_pages() (Lachlan McIlroy)
[605455]<br>
-xen: fix crashing of x86 hvm guest on x86_64 (Radim Kr?má?)
[637658]<br>
-xen: hide xenbus warnings on hvm guest shutdown (Radim Kr?má?)
[505081]<br>
-powernow-k8: fix errant print statement during voltage
transitions (Bhavna Sarathy) [217829]<br>
-fusion: add sleep before subsequent tur in scan function (Tomas
Henzl) [495236]<br>
-bonding: fix a race condition in calls to slave mii ioctls
(Flavio Leitner) [621209]<br>
-s390x: cio: vary off on chpid 00 causes unexpected recovery
actions (Hendrik Brueckner) [619855]<br>
-netfilter: arp_tables: fix unaligned accesses caused by casting
strings to long (Jiri Pirko) [591638]<br>
-net: neigh: fix state transition incomplete->failed via
netlink request (Jiri Pirko) [485904]<br>
-x86_64: floating point state corruption after handling the signal
(Oleg Nesterov) [564381]<br>
-pidhashing: enforce pid_max_limit in sysctls and lower
pid_max_limit on 32bit systems (Jiri Pirko) [525941]<br>
-s390: cio: linux does not boot through xautolog with conmode 3270
(Hans-Joachim Picht) [526282]<br>
-net: fix proc net ip_conntrack seq_file operations (Danny Feng)
[524884]<br>
-ia64: swiotlb: fix swiotlb pci_map_sg error handling (Tomas
Henzl) [525427]<br>
-xen: try harder to balloon up under memory pressure (Andrew
Jones) [507847]<br>
-mm: fix bogus memory node assumption in huge page allocation
(AMEET M. PARANJAPE) [506827]<br>
-kernel: binfmt_misc c: avoid potential kernel stack overflow
(Vitaly Mayatskikh) [459466]<br>
-net: fix ipvs wrr scheduler bug of updating current weight
(Vitaly Mayatskikh) [462717]<br>
<br>
[2.6.9-89.42]<br>
-net: actually copy input_dev to new sk_buff in skb_clone (Andy
Gospodarek) [616710]<br>
-net: fix reception of completely page backed sk_buffs (Andy
Gospodarek) [500921]<br>
-net: fix various snmp counter issues (Thomas Graf) [500889]<br>
-xen: can enter tickless mode with rcu pending and hang (Paolo
Bonzini) [427998]<br>
-xen: fix occasional deadlocks in xen netfront (Paolo Bonzini)
[480937]<br>
-xen: xenbus suspend_mutex remains locked on trans fail (Paolo
Bonzini) [456649]<br>
-ext2: put explicit checks to not divide by zero (Josef Bacik)
[500181]<br>
-usb: ehci split iso fixes, full speed audio etc (Don Zickus)
[624117]<br>
-xenbus: implement O_NONBLOCK for /proc/xen/xenbus (Paolo Bonzini)
[607261]<br>
-nfs: initialize nfs_open_context list member at allocation time
(Jeff Layton) [634632]<br>
-cifs: fix dentry hash calculation for case insensitive mounts
(Jeff Layton) [562949]<br>
-cifs: fix length calculation for converted unicode readdir names
(Jeff Layton) [562949]<br>
<br>
[2.6.9-89.41]<br>
-bonding: fix ALB mode to balance traffic on vlans (Flavio
Leitner) [640803]<br>
<br>
[2.6.9-89.40]<br>
-bonding: interface doesn t issue igmp report on slave interface
during failover (Flavio Leitner) [637556]<br>
<br>
[2.6.9-89.39]<br>
-net: fix info leak in police code (Neil Horman) [636390]
{CVE-2010-3477}<br>
-aio: check for multiplication overflow in io_submit (Jeff Moyer)
[629447] {CVE-2010-3067}<br>
-fs: buffer.c: fix race in __block_prepare_write (Jeff Moyer)
[480404]<br>
-3c59x: fix deadlock in irq handler tx path when netconsole in use
(Neil Horman) [557380]<br>
-udp: use memory barrier in datagram_poll (Flavio Leitner)
[546251]<br>
<br>
[2.6.9-89.38]<br>
-compat: make compat_alloc_user_space incorporate the access_ok
(Xiaotian Feng) [634462] {CVE-2010-3081}<br>
-ext3: ensure inode is deleted from orphan list in
ext3_direct_io() (Lachlan McIlroy) [629143]<br>
-sb800: add quirk for iso on amd sb800 (Pete Zaitcev) [537447]<br>
<br>
[2.6.9-89.37]<br>
-virtio_net: Fix MAX_PACKET_LEN to support 802.1Q VLANs (Michael
S. Tsirkin) [607533]<br>
-do_generic_mapping_read: clear page errors when issuing a fresh
read of the page (Rik van Riel) [481371]<br>
-ide: backport VIA PCI chipset ids to via82cxxx driver (Mauro
Carvalho Chehab) [504778]<br>
-nfsd4: relax new lock seqid check (Jeff Layton) [577369]<br>
-igb: fix transmission of jumbo frames with mtu>=2100 (Stefan
Assmann) [494597]<br>
-net: fix tcp conntrack to handle the half opened connection
correctly (Jiri Pirko) [531914]<br>
-net: fix promisc refcounting for interfaces listening for
multicast traffic (Neil Horman) [481292]<br>
-sctp: assign tsns earlier to avoid reordering (Neil Horman)
[532045]<br>
-cciss: switch to using hlist to fix panic (Tomas Henzl) [479090]<br>
-nfs: statfs error handling and error message fix (Jeff Layton)
[520018]<br>
-kthreads: fix kthread_create vs kthread_stop race (Oleg Nesterov)
[519006]<br>
<br>
[2.6.9-89.36]<br>
-nfsd4: fix share conflict tests in nfs_check_open() (Jeff Layton)
[510184]<br>
-nfsd4: move open owner checks from nfsd4_process_open2 into new
function (Jeff Layton) [510184]<br>
-nfsd4: renew lease on seqid modifying operations (Jeff Layton)
[508752]<br>
-ahci: add SATA GEN3 related messages (David Milburn) [512715]<br>
-igmp: fix ip_mc_sf_allow() race due to a lock problem (Flavio
Leitner) [562904]<br>
-xen: don't recreate xenfb thread on every restore (Chris
Lalancette) [543823]<br>
-bcm5709: update firmware for bcm5709 from version 4.4.23 to
4.6.15 (John Feeney) [532858]<br>
-net: apply broken_stats workaround to 5706 and 5708 (Flavio
Leitner) [515274]<br>
-nfsd: fix races when cleaning up after last nfsd thread exits
(Jeff Layton) [501500]<br>
-nfs: nfsd returns nfs4_ok when the owner opens a file with
permission set to 000 (Peter Staubach) [507527]<br>
-nfsv4: send the delegation stateid for setattr calls (Jeff
Layton) [502884]<br>
-nfsv4: fix up races in nfs4_proc_setattr (Jeff Layton) [502884]<br>
-nfsv4: don t reuse expired nfs4_state_owner structs (Jeff Layton)
[502884]<br>
-nfsv4: fix a credential reference leak in nfs4_get_state_owner
(Jeff Layton) [502884]<br>
-nfsv4: poll more aggressively when handling nfs4err_delay (Jeff
Layton) [502884]<br>
-nfsv4: flush nfsv4 work workqueue before killing superblock (Jeff
Layton) [501335]<br>
-nfsv4: only queue nfs4_close_state job when called by rpciod
(Jeff Layton) [501335]<br>
-nfsv4: switch nfs4 workqueue to a per client queue (Jeff Layton)
[501335]<br>
-nfs: mounted nfsv4/krb5 export inaccessible following an nfs
server reboot (Harshula) [514684]</tt><br>
<!-- This signature was generated by the MyDesktop Oracle Business Signature utility version 3.5.7 -->
</body>
</html>