[El-errata] ELSA-2009-1548 Important: Enterprise Linux 5 kernel security and bug fix update

Wed Nov 4 10:20:36 PST 2009

Enterprise Linux Security Advisory ELSA-2009-1548

https://rhn.redhat.com/errata/RHSA-2009-1548.html

The following updated rpms for Enterprise Linux 5 have been uploaded to 
the Unbreakable Linux Network:

i386:
kernel-2.6.18-164.6.1.0.1.el5.i686.rpm
kernel-PAE-2.6.18-164.6.1.0.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.6.1.0.1.el5.i686.rpm
kernel-debug-2.6.18-164.6.1.0.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.6.1.0.1.el5.i686.rpm
kernel-devel-2.6.18-164.6.1.0.1.el5.i686.rpm
kernel-doc-2.6.18-164.6.1.0.1.el5.noarch.rpm
kernel-headers-2.6.18-164.6.1.0.1.el5.i386.rpm
kernel-xen-2.6.18-164.6.1.0.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.6.1.0.1.el5.i686.rpm

x86_64:
kernel-2.6.18-164.6.1.0.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.6.1.0.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.6.1.0.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.6.1.0.1.el5.x86_64.rpm
kernel-doc-2.6.18-164.6.1.0.1.el5.noarch.rpm
kernel-headers-2.6.18-164.6.1.0.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.6.1.0.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.6.1.0.1.el5.x86_64.rpm

ia64:
kernel-2.6.18-164.6.1.0.1.el5.ia64.rpm
kernel-debug-2.6.18-164.6.1.0.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-164.6.1.0.1.el5.ia64.rpm
kernel-devel-2.6.18-164.6.1.0.1.el5.ia64.rpm
kernel-doc-2.6.18-164.6.1.0.1.el5.noarch.rpm
kernel-headers-2.6.18-164.6.1.0.1.el5.ia64.rpm
kernel-xen-2.6.18-164.6.1.0.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-164.6.1.0.1.el5.ia64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/kernel-2.6.18-164.6.1.0.1.el5.src.rpm

The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.18-164.6.1.0.1.el5-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-164.6.1.0.1.el5PAE-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-164.6.1.0.1.el5xen-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-164.6.1.0.1.el5debug-2.0.5-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5-1.4.4-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5PAE-1.4.4-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5xen-1.4.4-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5debug-1.4.4-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5-1.4.4-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5PAE-1.4.4-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5xen-1.4.4-1.el5.i686.rpm
ocfs2-2.6.18-164.6.1.0.1.el5debug-1.4.4-1.el5.i686.rpm

x86_64:
oracleasm-2.6.18-164.6.1.0.1.el5-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-164.6.1.0.1.el5xen-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-164.6.1.0.1.el5debug-2.0.5-1.el5.x86_64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5-1.4.4-1.el5.x86_64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5xen-1.4.4-1.el5.x86_64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5debug-1.4.4-1.el5.x86_64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5-1.4.4-1.el5.x86_64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5xen-1.4.4-1.el5.x86_64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5debug-1.4.4-1.el5.x86_64.rpm

ia64:
oracleasm-2.6.18-164.6.1.0.1.el5-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-164.6.1.0.1.el5xen-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-164.6.1.0.1.el5debug-2.0.5-1.el5.ia64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5-1.4.4-1.el5.ia64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5xen-1.4.4-1.el5.ia64.rpm
ocfs2-2.6.18-164.6.1.0.1.el5debug-1.4.4-1.el5.ia64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-164.6.1.0.1.el5-2.0.5-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-164.6.1.0.1.el5-1.4.4-1.el5.src.rpm

Description of changes:

[2.6.18-164.6.1.0.1.el5]
- [xen] check to see if hypervisor supports memory reservation change 
(Chuck Anderson) [orabug 7556514]
- Add entropy support to igb ( John Sobecki) [orabug 7607479]
- [nfs] convert ENETUNREACH to ENOTCONN  [orabug 7689332]
- [NET] Add xen pv/bonding  netconsole support (Tina yang) [orabug 
6993043] [bz 7258]
- [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839]
- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]
- [nfsd] fix failure of file creation from hpux client (Wen gang Wang) 
[orabug 7579314]

[2.6.18-164.6.1.el5]
- [fs] fix pipe null pointer dereference (Jeff Moyer) [530938 530939] 
{CVE-2009-3547}
- [security] require root for mmap_min_addr (Eric Paris ) [518142 
518143] {CVE-2009-2695}
- [net] lvs: adjust sync protocol handling for ipvsadm -2 (Neil Horman ) 
[528645 524129]
- [xen] allow booting with broken serial hardware (Chris Lalancette ) 
[524153 518338]

[2.6.18-164.5.1.el5]
- [fs] eCryptfs: prevent lower dentry from going negative (Eric Sandeen 
) [527834 527835] {CVE-2009-2908}
- [nfs] v4: reclaimer thread stuck in an infinite loop (Sachin S. Prabhu 
) [529162 526888]
- [net] r8169: avoid losing MSI interrupts (Ivan Vecera ) [529366 514589]
- [scsi] st.c: memory use after free after MTSETBLK ioctl (David Jeffery 
) [528133 520192]
- [net] r8169: balance pci_map/unmap pair, use hw padding (Ivan Vecera ) 
[529143 515857] {CVE-2009-3613}

[2.6.18-164.4.1.el5]
- [net] bonding: set primary param via sysfs (Jiri Pirko ) [517971 499884]
- [scsi] fusion: re-enable mpt_msi_enable option (Tomas Henzl ) [526963 
520820]
- [net] ipt_recent: sanity check hit count (Amerigo Wang ) [527434 523982]
- [net] ipv4: ip_append_data handle NULL routing table (Jiri Pirko ) 
[527436 520297]
- [nfs] fix cache invalidation problems in nfs_readdir (Jeff Layton ) 
[526960 511170]
- [net] tc: fix unitialized kernel memory leak (Jiri Pirko ) [520994 520863]

[2.6.18-164.3.1.el5]
- [nfs] knfsd: fix NFSv4 O_EXCL creates (Jeff Layton ) [522163 524521] 
{CVE-2009-3286}