[El-errata] ELSA-2011-0263 Important: Oracle Linux 4.9 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 24 13:43:23 PST 2011


Oracle Linux Security Advisory ELSA-2011-0263

https://rhn.redhat.com/errata/RHSA-2011-0263.html

The following updated rpms for Oracle Linux 4 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.9-100.EL.i686.rpm
kernel-devel-2.6.9-100.EL.i686.rpm
kernel-doc-2.6.9-100.EL.noarch.rpm
kernel-hugemem-2.6.9-100.EL.i686.rpm
kernel-hugemem-devel-2.6.9-100.EL.i686.rpm
kernel-smp-2.6.9-100.EL.i686.rpm
kernel-smp-devel-2.6.9-100.EL.i686.rpm
kernel-xenU-2.6.9-100.EL.i686.rpm
kernel-xenU-devel-2.6.9-100.EL.i686.rpm

x86_64:
kernel-2.6.9-100.EL.x86_64.rpm
kernel-devel-2.6.9-100.EL.x86_64.rpm
kernel-doc-2.6.9-100.EL.noarch.rpm
kernel-largesmp-2.6.9-100.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpm
kernel-smp-2.6.9-100.EL.x86_64.rpm
kernel-smp-devel-2.6.9-100.EL.x86_64.rpm
kernel-xenU-2.6.9-100.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm

ia64:
kernel-2.6.9-100.EL.ia64.rpm
kernel-devel-2.6.9-100.EL.ia64.rpm
kernel-doc-2.6.9-100.EL.noarch.rpm
kernel-largesmp-2.6.9-100.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/kernel-2.6.9-100.EL.src.rpm

The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.9-100.EL-2.0.5-1.el4.i686.rpm
oracleasm-2.6.9-100.ELhugemem-2.0.5-1.el4.i686.rpm
oracleasm-2.6.9-100.ELsmp-2.0.5-1.el4.i686.rpm
oracleasm-2.6.9-100.ELxenU-2.0.5-1.el4.i686.rpm
ocfs2-2.6.9-100.EL-1.2.9-1.el4.i686.rpm
ocfs2-2.6.9-100.ELhugemem-1.2.9-1.el4.i686.rpm
ocfs2-2.6.9-100.ELsmp-1.2.9-1.el4.i686.rpm
ocfs2-2.6.9-100.ELxenU-1.2.9-1.el4.i686.rpm

x86_64:
oracleasm-2.6.9-100.EL-2.0.5-1.el4.x86_64.rpm
oracleasm-2.6.9-100.ELlargesmp-2.0.5-1.el4.x86_64.rpm
oracleasm-2.6.9-100.ELsmp-2.0.5-1.el4.x86_64.rpm
oracleasm-2.6.9-100.ELxenU-2.0.5-1.el4.x86_64.rpm
ocfs2-2.6.9-100.EL-1.2.9-1.el4.x86_64.rpm
ocfs2-2.6.9-100.ELlargesmp-1.2.9-1.el4.x86_64.rpm
ocfs2-2.6.9-100.ELsmp-1.2.9-1.el4.x86_64.rpm
ocfs2-2.6.9-100.ELxenU-1.2.9-1.el4.x86_64.rpm

ia64:
oracleasm-2.6.9-100.EL-2.0.5-1.el4.ia64.rpm
oracleasm-2.6.9-100.ELlargesmp-2.0.5-1.el4.ia64.rpm
ocfs2-2.6.9-100.EL-1.2.9-1.el4.ia64.rpm
ocfs2-2.6.9-100.ELlargesmp-1.2.9-1.el4.ia64.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/oracleasm-2.6.9-100.EL-2.0.5-1.el4.src.rpm
http://oss.oracle.com/el4/SRPMS-updates/ocfs2-2.6.9-100.EL-1.2.9-1.el4.src.rpm

Description of changes:

[2.6.9-100]
-cxgb3: prevent reading uninitialized stack memory to fix 
xgb_extension_ioctl infoleak (Eugene Teo) [633153] {CVE-2010-3296}
-mlx4: disable MSI-X by default (Andy Gospodarek) [530596]
-ext3: call fs's invalidatepage instead of block_invalidatepage (Josef 
Bacik) [488611]
-av7110: check for negative array offset (Mauro Carvalho Chehab) 
[672400] {CVE-2011-0521}
-ext3: don't dirty unmapped data buffers (Josef Bacik) [488611]
-net: clear heap allocations for privileged ethtool actions (Jiri Pirko) 
[672431] {CVE-2010-4655}

[2.6.9-99]
-bonding: fix active backup failover due to jiffie wrap (Andy 
Gospodarek) [641112]

[2.6.9-98]
-sound: fix a buffer overflow in the oss mixer (David Howells) [667619] 
{CVE-2010-4527}

[2.6.9-97]
-fs: fix filesystem corruption on ext2 (Alexander Viro) [662839]
-sky2: fix oops in sky2_xmit_frame after tx timeout (Don Howard) [614559]
-netdump: fix netdump failures on large memory systems (Neil Horman) 
[488557]

[2.6.9-96]
-usb: ehci amd periodic frame list table quirk (Don Zickus) [651334]
-fs: truncate blocks outside i_size after O_DIRECT write error (Eric 
Sandeen) [665067]

[2.6.9-95]
-jbd: skip buffers that have a different jh (Josef Bacik) [488611]
-unix: fix local socket dos (Neil Horman) [656758] {CVE-2010-4249}
-s390x: qdio: fix zfcp stall with more than 63 active qdio devices 
(Hendrik Brueckner) [662130]
-ehci-hcd: fix fatal error during bootup (Don Zickus) [656447]

[2.6.9-94]
-modules: sysctl to block module loading (Jerome Marchand) [645220]
-redhat: added config_security_dmesg_restrict option (Frantisek Hrbata) 
[653252]
-kernel: restrict unprivileged access to kernel syslog (Frantisek 
Hrbata) [653252]
-sysctl: introduce ctl_unnumbered definition in sysctl.h (Frantisek 
Hrbata) [653252]
-usb: allow usbstorage to have luns greater than 2TB (Don Zickus) [658824]
-serial: clean data before filling it (Mauro Carvalho Chehab) [648809] 
{CVE-2010-4075}
-sched: fix task starvation on Hyperthreaded cpus (Vitaly Mayatskikh) 
[488089]
-s390: sclp: handle zero length event buffers (Hans-Joachim Picht) [487692]

[2.6.9-93]
-kernel: failure to revert address limit override in oops error path 
(Dave Anderson) [659569] {CVE-2010-4258}
-nfsv4: fix oops in nfs4_kill_super (Jeff Layton) [660448]
-net: filter: make sure filters dont read uninitialized memory (Jiri 
Pirko) [651701] {CVE-2010-4158}
-net: limit sendto()/recvfrom()/iovec total length to INT_MAX (Jiri 
Pirko) [651924] {CVE-2010-3859}
-bluetooth: fix missing null check (Jarod Wilson) [655663] {CVE-2010-4242}
-ipc: initialize structure memory to zero for compat functions (Xiaotian 
Feng) [648811] {CVE-2010-4073}
-ipc: shm: fix information leak to userland (Xiaotian Feng) [648817] 
{CVE-2010-4072}
-netfront: default to copying instead of flipping (Laszlo Ersek) [653505]
-net: packet: fix information leak to userland (Jiri Pirko) [649896] 
{CVE-2010-3876}
-scsi: gdth: integer overflow in ioc_general (Frantisek Hrbata) [651174] 
{CVE-2010-4157}
-sys_semctl: semctl fix kernel stack leakage (Xiaotian Feng) [648794] 
{CVE-2010-4083}
-alsa: rme9652: prevent reading uninitialized stack memory (Stanislaw 
Gruszka) [648807] {CVE-2010-4080}
-fs: only return EIO once on msync/fsync after IO failure (Rik van Riel) 
[645633]
-xen: virtio_net: add get_drvinfo() to virtio_net (Laszlo Ersek) [647196]
-xen: netfront: add get_drvinfo() to netfront (Laszlo Ersek) [647187]
-kernel: fix possible integer overflow in mm/fremap.c (Larry Woodman) 
[637045]

[2.6.9-92]
-mm: revert patch to reduce large file latency during writebacks (Larry 
Woodman) [488070]

[2.6.9-91]
-mm: prevent panic when setting /proc/sys/vm/nr_hugepages (Larry 
Woodman) [647567]
-net: sctp: do not reset the packet during sctp_packet_config() (Jiri 
Pirko) [637865] {CVE-2010-3432}
-scsi: fix panic in sysfs_hash_and_remove() when scsi device is removed 
(Mark Goodwin) [533299]

[2.6.9-90]
-kernel: prevent heap corruption in snd_ctl_new() (Jerome Marchand) 
[638482] {CVE-2010-3442}
-forcedeth: latest bugfixes from upstream (Ivan Vecera) [552953]
-forcedeth: remove CONFIG_FORCEDETH_NAPI=y from config-generic (Ivan 
Vecera) [552953]

[2.6.9-89.45]
-scsi: scsi_do_req submitted commands (tape) never complete when device 
goes (Rob Evers) [636289]
-scsi: log msg when getting unit attention (Mike Christie) [585430]
-jbd: fix panic in jbd when running bashmemory (Josef Bacik) [488611]
-qla2xxx: work around hypertransport sync flood error on sun x4200 with 
qla2xxx (Chad Dupuis) [621621]
-aio: implement request batching for better merging and throughput (Jeff 
Moyer) [508377]
-fs: a bunch of patches to fix various nfsd/iget() races (Alexander 
Viro) [189918]
-net: bonding: add debug module option (Jiri Pirko) [247116]
-fix fd leaks if pipe() is called with an invalid address (Amerigo Wang) 
[509627]

[2.6.9-89.44]
-ide-scsi: fix deadlock in ide-scsi error handler (Doug Ledford) [526966]
-mlx4_core: allocate sufficient memory for interrupt table (Doug 
Ledford) [530596]
-mptbase: panic with domain validation while rebuilding after the disk 
is replaced (Rob Evers) [476874]
-fs: buffer: __block_write_full_page simplification by removing last_bh 
logic (Jeff Moyer) [472752]
-fs: buffer: __block_write_full_page speedup by removing get_bh() and 
put_bh() (Jeff Moyer) [472752]
-fs: buffer: __block_write_full_page race fix (Jeff Moyer) [472752]
-kernel: fix integer overflow in groups_search (Jerome Marchand) [457519]
-cifs: remove bogus check in ntlm session setup code (Jeff Layton) [604786]
-cifs: when renaming don't try to unlink negative dentry (Jeff Layton) 
[500904]
-autofs4: fix lookup deadlock when user space uses a signal (Ian Kent) 
[477017]
-fs: make sure data stored into inode is properly seen before unlocking 
new inode (Eric Sandeen) [563920]
-ipc: hard_msgmax should be higher not lower on 64bit (Amerigo Wang) 
[525815]
-fs: fix file truncations when both suid and write permissions set 
(Amerigo Wang) [525398]
-block: fix rcu accesses in partition statistics (Jerome Marchand) [517523]
-kernel headers: fix missing defintion that causes build break (Neil 
Horman) [504593]

[2.6.9-89.43]
-aacraid: fix file system going into read only mode (Rob Evers) [624713]
-blkfront: xen domu, raid1, lvm, iscsi target export with blockio bug 
(Paolo Bonzini) [490148]
-cciss: change version from 2.6.20.RH2 to 2.6.20.RH3 (Tomas Henzl) [594086]
-cciss: added printk in do_cciss_request before BUG() (Tomas Henzl) [594086]
-cciss: fix a nulll pointer dereference in complete_command() (Tomas 
Henzl) [594086]
-cciss: fix an issue when sending command with no data (Tomas Henzl) 
[594086]
-mm: honor __GFP_NOFAIL flag in __alloc_pages() (Lachlan McIlroy) [605455]
-xen: fix crashing of x86 hvm guest on x86_64 (Radim Kr?má?) [637658]
-xen: hide xenbus warnings on hvm guest shutdown (Radim Kr?má?) [505081]
-powernow-k8: fix errant print statement during voltage transitions 
(Bhavna Sarathy) [217829]
-fusion: add sleep before subsequent tur in scan function (Tomas Henzl) 
[495236]
-bonding: fix a race condition in calls to slave mii ioctls (Flavio 
Leitner) [621209]
-s390x: cio: vary off on chpid 00 causes unexpected recovery actions 
(Hendrik Brueckner) [619855]
-netfilter: arp_tables: fix unaligned accesses caused by casting strings 
to long (Jiri Pirko) [591638]
-net: neigh: fix state transition incomplete->failed via netlink request 
(Jiri Pirko) [485904]
-x86_64: floating point state corruption after handling the signal (Oleg 
Nesterov) [564381]
-pidhashing: enforce pid_max_limit in sysctls and lower pid_max_limit on 
32bit systems (Jiri Pirko) [525941]
-s390: cio: linux does not boot through xautolog with conmode 3270 
(Hans-Joachim Picht) [526282]
-net: fix proc net ip_conntrack seq_file operations (Danny Feng) [524884]
-ia64: swiotlb: fix swiotlb pci_map_sg error handling (Tomas Henzl) [525427]
-xen: try harder to balloon up under memory pressure (Andrew Jones) [507847]
-mm: fix bogus memory node assumption in huge page allocation (AMEET M. 
PARANJAPE) [506827]
-kernel: binfmt_misc c: avoid potential kernel stack overflow (Vitaly 
Mayatskikh) [459466]
-net: fix ipvs wrr scheduler bug of updating current weight (Vitaly 
Mayatskikh) [462717]

[2.6.9-89.42]
-net: actually copy input_dev to new sk_buff in skb_clone (Andy 
Gospodarek) [616710]
-net: fix reception of completely page backed sk_buffs (Andy Gospodarek) 
[500921]
-net: fix various snmp counter issues (Thomas Graf) [500889]
-xen: can enter tickless mode with rcu pending and hang (Paolo Bonzini) 
[427998]
-xen: fix occasional deadlocks in xen netfront (Paolo Bonzini) [480937]
-xen: xenbus suspend_mutex remains locked on trans fail (Paolo Bonzini) 
[456649]
-ext2: put explicit checks to not divide by zero (Josef Bacik) [500181]
-usb: ehci split iso fixes, full speed audio etc (Don Zickus) [624117]
-xenbus: implement O_NONBLOCK for /proc/xen/xenbus (Paolo Bonzini) [607261]
-nfs: initialize nfs_open_context list member at allocation time (Jeff 
Layton) [634632]
-cifs: fix dentry hash calculation for case insensitive mounts (Jeff 
Layton) [562949]
-cifs: fix length calculation for converted unicode readdir names (Jeff 
Layton) [562949]

[2.6.9-89.41]
-bonding: fix ALB mode to balance traffic on vlans (Flavio Leitner) [640803]

[2.6.9-89.40]
-bonding: interface doesn t issue igmp report on slave interface during 
failover (Flavio Leitner) [637556]

[2.6.9-89.39]
-net: fix info leak in police code (Neil Horman) [636390] {CVE-2010-3477}
-aio: check for multiplication overflow in io_submit (Jeff Moyer) 
[629447] {CVE-2010-3067}
-fs: buffer.c: fix race in __block_prepare_write (Jeff Moyer) [480404]
-3c59x: fix deadlock in irq handler tx path when netconsole in use (Neil 
Horman) [557380]
-udp: use memory barrier in datagram_poll (Flavio Leitner) [546251]

[2.6.9-89.38]
-compat: make compat_alloc_user_space incorporate the access_ok 
(Xiaotian Feng) [634462] {CVE-2010-3081}
-ext3: ensure inode is deleted from orphan list in ext3_direct_io() 
(Lachlan McIlroy) [629143]
-sb800: add quirk for iso on amd sb800 (Pete Zaitcev) [537447]

[2.6.9-89.37]
-virtio_net: Fix MAX_PACKET_LEN to support 802.1Q VLANs (Michael S. 
Tsirkin) [607533]
-do_generic_mapping_read: clear page errors when issuing a fresh read of 
the page (Rik van Riel) [481371]
-ide: backport VIA PCI chipset ids to via82cxxx driver (Mauro Carvalho 
Chehab) [504778]
-nfsd4: relax new lock seqid check (Jeff Layton) [577369]
-igb: fix transmission of jumbo frames with mtu>=2100 (Stefan Assmann) 
[494597]
-net: fix tcp conntrack to handle the half opened connection correctly 
(Jiri Pirko) [531914]
-net: fix promisc refcounting for interfaces listening for multicast 
traffic (Neil Horman) [481292]
-sctp: assign tsns earlier to avoid reordering (Neil Horman) [532045]
-cciss: switch to using hlist to fix panic (Tomas Henzl) [479090]
-nfs: statfs error handling and error message fix (Jeff Layton) [520018]
-kthreads: fix kthread_create vs kthread_stop race (Oleg Nesterov) [519006]

[2.6.9-89.36]
-nfsd4: fix share conflict tests in nfs_check_open() (Jeff Layton) [510184]
-nfsd4: move open owner checks from nfsd4_process_open2 into new 
function (Jeff Layton) [510184]
-nfsd4: renew lease on seqid modifying operations (Jeff Layton) [508752]
-ahci: add SATA GEN3 related messages (David Milburn) [512715]
-igmp: fix ip_mc_sf_allow() race due to a lock problem (Flavio Leitner) 
[562904]
-xen: don't recreate xenfb thread on every restore (Chris Lalancette) 
[543823]
-bcm5709: update firmware for bcm5709 from version 4.4.23 to 4.6.15 
(John Feeney) [532858]
-net: apply broken_stats workaround to 5706 and 5708 (Flavio Leitner) 
[515274]
-nfsd: fix races when cleaning up after last nfsd thread exits (Jeff 
Layton) [501500]
-nfs: nfsd returns nfs4_ok when the owner opens a file with permission 
set to 000 (Peter Staubach) [507527]
-nfsv4: send the delegation stateid for setattr calls (Jeff Layton) [502884]
-nfsv4: fix up races in nfs4_proc_setattr (Jeff Layton) [502884]
-nfsv4: don t reuse expired nfs4_state_owner structs (Jeff Layton) [502884]
-nfsv4: fix a credential reference leak in nfs4_get_state_owner (Jeff 
Layton) [502884]
-nfsv4: poll more aggressively when handling nfs4err_delay (Jeff Layton) 
[502884]
-nfsv4: flush nfsv4 work workqueue before killing superblock (Jeff 
Layton) [501335]
-nfsv4: only queue nfs4_close_state job when called by rpciod (Jeff 
Layton) [501335]
-nfsv4: switch nfs4 workqueue to a per client queue (Jeff Layton) [501335]
-nfs: mounted nfsv4/krb5 export inaccessible following an nfs server 
reboot (Harshula) [514684]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/el-errata/attachments/20110224/1bb4304b/attachment.html 


More information about the El-errata mailing list