[El-errata] ELSA-2008-0972 Important: Enterprise Linux 4 kernel security and bug fix update

Errata Announcements for Enterprise Linux el-errata at oss.oracle.com
Thu Nov 20 12:44:58 PST 2008


Enterprise Linux Security Advisory ELSA-2008-0972

https://rhn.redhat.com/errata/RHSA-2008-0972.html

The following new bug fixes added by Oracle:

  . use lfence instead of cpuid instruction to implement memory barriers
  . Added netpoll support to xen netfront
  . Prevent attribute caching on nfs when actimeo=0
  . Prevent nmi_watchdog panic in shrink_zone during heavy swap usage


The following updated rpms for Enterprise Linux 4 have been uploaded to 
the Unbreakable Linux Network:

i386:
kernel-2.6.9-78.0.8.0.1.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.0.1.EL.i686.rpm
kernel-doc-2.6.9-78.0.8.0.1.EL.noarch.rpm
kernel-hugemem-2.6.9-78.0.8.0.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.0.1.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.0.1.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.0.1.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.0.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.0.1.EL.i686.rpm

x86_64:
kernel-2.6.9-78.0.8.0.1.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.0.1.EL.x86_64.rpm
kernel-doc-2.6.9-78.0.8.0.1.EL.noarch.rpm
kernel-largesmp-2.6.9-78.0.8.0.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.0.1.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.0.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.0.1.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.0.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.0.1.EL.x86_64.rpm

ia64:
kernel-2.6.9-78.0.8.0.1.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.0.1.EL.ia64.rpm
kernel-doc-2.6.9-78.0.8.0.1.EL.noarch.rpm
kernel-largesmp-2.6.9-78.0.8.0.1.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.0.1.EL.ia64.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/kernel-2.6.9-78.0.8.0.1.EL.src.rpm

The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.9-78.0.8.0.1.EL-2.0.5-1.el4.i686.rpm
oracleasm-2.6.9-78.0.8.0.1.ELhugemem-2.0.5-1.el4.i686.rpm
oracleasm-2.6.9-78.0.8.0.1.ELsmp-2.0.5-1.el4.i686.rpm
oracleasm-2.6.9-78.0.8.0.1.ELxenU-2.0.5-1.el4.i686.rpm
ocfs2-2.6.9-78.0.8.0.1.EL-1.2.9-1.el4.i686.rpm
ocfs2-2.6.9-78.0.8.0.1.ELhugemem-1.2.9-1.el4.i686.rpm
ocfs2-2.6.9-78.0.8.0.1.ELsmp-1.2.9-1.el4.i686.rpm
ocfs2-2.6.9-78.0.8.0.1.ELxenU-1.2.9-1.el4.i686.rpm

x86_64:
oracleasm-2.6.9-78.0.8.0.1.EL-2.0.5-1.el4.x86_64.rpm
oracleasm-2.6.9-78.0.8.0.1.ELlargesmp-2.0.5-1.el4.x86_64.rpm
oracleasm-2.6.9-78.0.8.0.1.ELsmp-2.0.5-1.el4.x86_64.rpm
oracleasm-2.6.9-78.0.8.0.1.ELxenU-2.0.5-1.el4.x86_64.rpm
ocfs2-2.6.9-78.0.8.0.1.EL-1.2.9-1.el4.x86_64.rpm
ocfs2-2.6.9-78.0.8.0.1.ELlargesmp-1.2.9-1.el4.x86_64.rpm
ocfs2-2.6.9-78.0.8.0.1.ELsmp-1.2.9-1.el4.x86_64.rpm
ocfs2-2.6.9-78.0.8.0.1.ELxenU-1.2.9-1.el4.x86_64.rpm

ia64:
oracleasm-2.6.9-78.0.8.0.1.EL-2.0.5-1.el4.ia64.rpm
oracleasm-2.6.9-78.0.8.0.1.ELlargesmp-2.0.5-1.el4.ia64.rpm
ocfs2-2.6.9-78.0.8.0.1.EL-1.2.9-1.el4.ia64.rpm
ocfs2-2.6.9-78.0.8.0.1.ELlargesmp-1.2.9-1.el4.ia64.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/oracleasm-2.6.9-78.0.8.0.1.EL-2.0.5-1.el4.src.rpm
http://oss.oracle.com/el4/SRPMS-updates/ocfs2-2.6.9-78.0.8.0.1.EL-1.2.9-1.el4.src.rpm

Description of changes:

[2.6.9-78.0.8.0.1.EL]
- fix entropy flag in bnx2 driver to generate entropy pool (John 
Sobecki)  [orabug 5931647]
- fix skb alignment that was causing sendto() to fail with EFAULT (Olaf 
Kirch) [orabug 6845794]
- fix  enomem due to larger mtu size page alloc (Zach Brown) [orabug 
5486128]
- fix per_cpu() api bug_on with rds (Zach Brown) [orabug 5760648]
- backout patch sysrq-b that queues upto keventd thread (Guru 
Anbalagane)  [orabug 6125546]
- netrx/netpoll race avoidance (Tina Yang) [orabug 6143381]
- fix guest spinning in xen (Herbert van den Bergh) [orabug 7004010]
- fix serial port lock recursion (Herbert van den Bergh) [orabug 6761872]
- [XEN] Fix elf_core_dump (Tina Yang) [orabug 6995928]
- fix in nfs_attribute_timeout() (Trond Myklebust) [orabug 7378108]
- [vm] Fix hang in shrink_zone for direct reclaim threads under heavy 
swapping load condition (John Sobecki,Chris Mason) [orabug 6086839]
- use lfence instead of cpuid instruction to implement memory barriers 
(Herbert van den Bergh) [orabug 7452412]
- add netpoll support to xen netfront (Tina Yang) [orabz 7261]

[2.6.9-78.0.8]
-pwc: fix kernel pwc driver dos (Eugene Teo) [308501 308511] {CVE-2007-5093}
-[s390] prevent ptrace padding area read write in 31 bit mode (Jarod 
Wilson) [437932 438148] {CVE-2008-1514}
-ext[234]: avoid printk floods in the face of directory corruption (Eric 
Sandeen) [459598 459599] {CVE-2008-3528}
-kernel: open call allows setgid bit when user is not in new file's 
group (Eugene Teo) [463685 463686] {CVE-2008-4210}
-cifs: fix o_append on directio mounts (Jeff Layton) [464494 461005]
-ixgbe: remove device id for unsupported device (Andy Gospodarek) 
[465735 456533]
-aacraid: remove quirk aac_quirk_scsi_32 for some controllers (Tomas 
Henzl) [468151 457552]
-mptfusion: mpt causes panic if a raid 1 is configured (Tomas Henzl) 
[465265 469236]
-cpufreq: support for affected_cpus (Brian Maly) [469647 465366]

[2.6.9-78.0.7]
-scsi: fix oops when removing devices from sym driver (Mike Christie) 
[455770 441545]
-netdump: fix up several netdump issues (Neil Horman) [466113 461014]
-mptfusion: fix outputting large amount of log message when issuing host 
reset (Tomas Henzl) [466217 4
55451]

[2.6.9-78.0.6]
-fix kernel snd_seq_oss_synth_make_info leak (Eugene Teo) [457998 
457999] {CVE-2008-3272}
-dio: zero struct dio with kzalloc instead of manually (Eugene Teo) 
[461089 461090] {CVE-2007-6716}
-ext3: fix ext3 block accounting (Josef Bacik) [464496 450900]
-fix regression in /proc/self/mem (Anton Arapov) [464747 460106]
-allocate usb and scsi hba structs together (Pete Zaitcev) [465232 441552]
-Fix do_wait() vs exec() race (Vitaly Mayatskikh) [466214 452706]






More information about the El-errata mailing list