[El-errata] ELSA-2007-0936 Important: Enterprise Linux 5 kernel security update

Sun Sep 30 11:48:55 PDT 2007

Enterprise Linux Security Advisory ELSA-2007-0936

https://rhn.redhat.com/errata/RHSA-2007-0936.html

The following updated rpms for Enterprise Linux 5 have been uploaded to 
the Unbreakable Linux Network:

i386:
kernel-2.6.18-8.1.14.0.2.el5.i686.rpm
kernel-PAE-2.6.18-8.1.14.0.2.el5.i686.rpm
kernel-PAE-devel-2.6.18-8.1.14.0.2.el5.i686.rpm
kernel-devel-2.6.18-8.1.14.0.2.el5.i686.rpm
kernel-doc-2.6.18-8.1.14.0.2.el5.noarch.rpm
kernel-headers-2.6.18-8.1.14.0.2.el5.i386.rpm
kernel-xen-2.6.18-8.1.14.0.2.el5.i686.rpm
kernel-xen-devel-2.6.18-8.1.14.0.2.el5.i686.rpm

x86_64:
kernel-2.6.18-8.1.14.0.2.el5.x86_64.rpm
kernel-devel-2.6.18-8.1.14.0.2.el5.x86_64.rpm
kernel-doc-2.6.18-8.1.14.0.2.el5.noarch.rpm
kernel-headers-2.6.18-8.1.14.0.2.el5.x86_64.rpm
kernel-xen-2.6.18-8.1.14.0.2.el5.x86_64.rpm
kernel-xen-devel-2.6.18-8.1.14.0.2.el5.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/kernel-2.6.18-8.1.14.0.2.el5.src.rpm

The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.18-8.1.14.0.2.el5-2.0.4-1.el5.i686.rpm
oracleasm-2.6.18-8.1.14.0.2.el5PAE-2.0.4-1.el5.i686.rpm
oracleasm-2.6.18-8.1.14.0.2.el5xen-2.0.4-1.el5.i686.rpm
ocfs2-2.6.18-8.1.14.0.2.el5-1.2.6-6.el5.i686.rpm
ocfs2-2.6.18-8.1.14.0.2.el5PAE-1.2.6-6.el5.i686.rpm
ocfs2-2.6.18-8.1.14.0.2.el5xen-1.2.6-6.el5.i686.rpm

x86_64:
oracleasm-2.6.18-8.1.14.0.2.el5-2.0.4-1.el5.x86_64.rpm
oracleasm-2.6.18-8.1.14.0.2.el5xen-2.0.4-1.el5.x86_64.rpm
ocfs2-2.6.18-8.1.14.0.2.el5-1.2.6-6.el5.x86_64.rpm
ocfs2-2.6.18-8.1.14.0.2.el5xen-1.2.6-6.el5.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-8.1.14.0.2.el5-2.0.4-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-8.1.14.0.2.el5-1.2.6-6.el5.src.rpm

Description of changes:

[2.6.18-8.1.14.0.2.el5]
- Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660]
- Add entropy module option to e1000/bnx2 (John Sobecki) [ORA 6045759]

[2.6.18-8.1.14.el5]
- Revert changes back to 2.6.18-8.1.10.
- [x86_64] Zero extend all registers after ptrace in 32bit entry path 
(Anton Arapov ) [297871] {CVE-2007-4573}

[2.6.18-8.1.12.el5]
- [x86_64] Don't leak NT bit into next task (Dave Anderson ) [298151] 
{CVE-2007-4574}
- [fs] Reset current->pdeath_signal on SUID binary execution (Peter 
Zijlstra ) [252307] {CVE-2007-3848}
- [misc] Bounds check ordering issue in random driver (Anton Arapov ) 
[275961] {CVE-2007-3105}
- [usb] usblcd: Locally triggerable memory consumption (Anton Arapov ) 
[276001] {CVE-2007-3513}
- [x86_64] Zero extend all registers after ptrace in 32bit entry path 
(Anton Arapov ) [297871] {CVE-2007-4573}
- [net] igmp: check for NULL when allocating GFP_ATOMIC skbs (Neil 
Horman ) [303281]

[2.6.18-8.1.11.el5]
- [xen] Guest access to MSR may cause system crash/data corruption 
(Bhavana Nagendra ) [253312] {CVE-2007-3733}
- [dlm] A TCP connection to DLM port blocks DLM operations (Patrick 
Caulfield ) [245922] {CVE-2007-3380}
- [ppc] 4k page mapping support for userspace in 64k kernels (Scott 
Moser ) [275841] {CVE-2007-3850}
- [ptrace] NULL pointer dereference triggered by ptrace (Anton Arapov ) 
[275981] {CVE-2007-3731}
- [fs] hugetlb: fix prio_tree unit (Konrad Rzeszutek ) [253929] 
{CVE-2007-4133}