[El-errata] ELSA-2011-0007 Important: Oracle Linux 6 kernel security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Mar 17 16:04:41 PDT 2011
Oracle Linux Security Advisory ELSA-2011-0007
https://rhn.redhat.com/errata/RHSA-2011-0007.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
kernel-headers-2.6.32-71.14.1.el6.i686.rpm
x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/el6/SRPMS-updates/kernel-2.6.32-71.14.1.el6.src.rpm
The following packages were rebuilt to be in sync with the updated
kernel version (no changes other than updating the version number):
i386:
perf-2.6.32-71.14.1.el6.noarch.rpm
x86_64:
perf-2.6.32-71.14.1.el6.noarch.rpm
Description of changes:
[2.6.32-71.14.1.0.1.el6]
- replace Red Hat with Oracle in files genkey and kernel.spec
[2.6.32-71.14.1.el6]
- [kvm] x86: zero kvm_vcpu_events->interrupt.pad (Marcelo Tosatti)
[665471 665409] {CVE-2010-4525}
[2.6.32-71.13.1.el6]
"email_6.RHSA-2011-0007" 178L, 11970C written
- [scsi] lpfc: Fixed crashes for NULL pnode dereference (Rob Evers)
[660589 635733]
[2.6.32-71.12.1.el6]
- [netdrv] igb: only use vlan_gro_receive if vlans are registered
(Stefan Assmann) [652804 660192] {CVE-2010-4263}
- [net] core: neighbour update Oops (Jiri Pirko) [660591 658518]
- [scsi] lpfc: Set heartbeat timer off by default (Rob Evers) [660244
655935]
- [scsi] lpfc: Fixed crashes for BUG_ONs hit in the lpfc_abort_handler
(Rob Evers) [659611 645882]
[2.6.32-71.11.1.el6]
- [kernel] posix-cpu-timers: workaround to suppress the problems with mt
exec (Oleg Nesterov) [656267 656268] {CVE-2010-4248}
- [fs] bio: take care not overflow page count when mapping/copying user
data (Danny Feng) [652530 652531] {CVE-2010-4162}
- [net] can-bcm: fix minor heap overflow (Danny Feng) [651846 651847]
{CVE-2010-3874}
- [net] filter: make sure filters dont read uninitialized memory (Jiri
Pirko) [651704 651705] {CVE-2010-4158}
- [net] inet_diag: Make sure we actually run the same bytecode we
audited (Jiri Pirko) [651268 651269] {CVE-2010-3880}
- [v4l] ivtvfb: prevent reading uninitialized stack memory (Mauro
Carvalho Chehab) [648832 648833] {CVE-2010-4079}
- [drm] via/ioctl.c: prevent reading uninitialized stack memory (Dave
Airlie) [648718 648719] {CVE-2010-4082}
- [char] nozomi: clear data before returning to userspace on TIOCGICOUNT
(Mauro Carvalho Chehab) [648705 648706] {CVE-2010-4077}
- [serial] clean data before filling it on TIOCGICOUNT (Mauro Carvalho
Chehab) [648702 648703] {CVE-2010-4075}
- [net] af_unix: limit unix_tot_inflight (Neil Horman) [656761 656762]
{CVE-2010-4249}
- [block] check for proper length of iov entries in
blk_rq_map_user_iov() (Danny Feng) [652958 652959] {CVE-2010-4163}
- [net] Limit sendto()/recvfrom()/iovec total length to INT_MAX (Jiri
Pirko) [651894 651895] {CVE-2010-4160}
- [netdrv] mlx4: Add OFED-1.5.2 patch to increase log_mtts_per_seg (Jay
Fenlason) [643815 637284]
- [kernel] kbuild: fix external module compiling (Aristeu Rozanski)
[658879 655231]
- [net] bluetooth: Fix missing NULL check (Jarod Wilson) [655667 655668]
{CVE-2010-4242}
- [kernel] ipc: initialize structure memory to zero for compat functions
(Danny Feng) [648694 648695] {CVE-2010-4073}
- [kernel] shm: fix information leak to userland (Danny Feng) [648688
648689] {CVE-2010-4072}
- [md] dm: remove extra locking when changing device size (Mike Snitzer)
[653900 644380]
- [block] read i_size with i_size_read() (Mike Snitzer) [653900 644380]
- [kbuild] don't sign out-of-tree modules (Aristeu Rozanski) [655122 653507]
[2.6.32-71.10.1.el6]
- [fs] xfs: prevent reading uninitialized stack memory (Dave Chinner)
[630808 630809] {CVE-2010-3078}
- [net] fix rds_iovec page count overflow (Jiri Pirko) [647423 647424]
{CVE-2010-3865}
- [scsi] Fix megaraid_sas driver SLAB memory leak detected with
CONFIG_DEBUG_SLAB (Shyam Iyer) [649436 633836]
- [usb] serial/mos*: prevent reading uninitialized stack memory (Don
Zickus) [648697 648698] {CVE-2010-4074}
- [kernel] ecryptfs_uid_hash() buffer overflow (Jerome Marchand) [626320
611388] {CVE-2010-2492}
- [sound] seq/oss - Fix double-free at error path of snd_seq_oss_open()
(Jaroslav Kysela) [630554 630555] {CVE-2010-3080}
- [virt] virtio-net: init link state correctly (Jason Wang) [653340 646369]
- [netdrv] prevent reading uninitialized memory in hso driver (Thomas
Graf) [633143 633144] {CVE-2010-3298}
[2.6.32-71.9.1.el6]
- [fs] Do not mix FMODE_ and O_ flags with break_lease() and may_open()
(Harshula Jayasuriya) [648408 642677]
- [fs] aio: check for multiplication overflow in do_io_submit (Jeff
Moyer) [629450 629451] {CVE-2010-3067}
- [net] fix info leak from kernel in ethtool operation (Neil Horman)
[646727 646728] {CVE-2010-3861}
- [net] packet: fix information leak to userland (Jiri Pirko) [649899
649900] {CVE-2010-3876}
- [net] clean up info leak in act_police (Neil Horman) [636393 636394]
{CVE-2010-3477}
- [mm] Prevent Out Of Memory when changing cpuset's mems on NUMA (Larry
Woodman) [651996 597127]
[2.6.32-71.8.1.el6]
- [mm] remove false positive THP pmd_present BUG_ON (Andrea Arcangeli)
[647391 646384]
[2.6.32-71.7.1.el6]
- [drm] ttm: fix regression introduced in
dfb4a4250168008c5ac61e90ab2b86f074a83a6c (Dave Airlie) [646994 644896]
[2.6.32-71.6.1.el6]
- [block] fix a potential oops for callers of elevator_change (Jeff
Moyer) [644926 641408]
[2.6.32-71.5.1.el6]
- [security] IMA: require command line option to enabled (Eric Paris)
[644636 643667]
- [net] Fix priv escalation in rds protocol (Neil Horman) [642899
642900] {CVE-2010-3904}
- [v4l] Remove compat code for VIDIOCSMICROCODE (Mauro Carvalho Chehab)
[642472 642473] {CVE-2010-2963}
- [kernel] tracing: do not allow llseek to set_ftrace_filter (Jiri Olsa)
[631625 631626] {CVE-2010-3079}
- [virt] xen: hold mm->page_table_lock in vmalloc_sync (Andrew Jones)
[644038 643371]
- [fs] xfs: properly account for reclaimed inodes (Dave Chinner) [642680
641764]
- [drm] fix ioctls infoleak (Danny Feng) [626319 621437] {CVE-2010-2803}
- [netdrv] wireless extensions: fix kernel heap content leak (John
Linville) [628437 628438] {CVE-2010-2955}
- [netdrv] niu: buffer overflow for ETHTOOL_GRXCLSRLALL (Danny Feng)
[632071 632072] {CVE-2010-3084}
- [mm] add debug checks for mapcount related invariants (Andrea
Arcangeli) [642679 622327 644037 642570]
- [mm] move VM_BUG_ON inside the page_table_lock of zap_huge_pmd (Andrea
Arcangeli) [642679 622327 644037 642570]
- [mm] compaction: handle active and inactive fairly in
too_many_isolated (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] start_khugepaged after setting transparent_hugepage_flags (Andrea
Arcangeli) [642679 622327 644037 642570]
- [mm] fix hibernate memory corruption (Andrea Arcangeli) [644037 642570]
- [mm] ksmd wait_event_freezable (Andrea Arcangeli) [642679 622327
644037 642570]
- [mm] khugepaged wait_event_freezable (Andrea Arcangeli) [642679 622327
644037 642570]
- [mm] unlink_anon_vmas in __split_vma in case of error (Andrea
Arcangeli) [642679 622327 644037 642570]
- [mm] fix memleak in copy_huge_pmd (Andrea Arcangeli) [642679 622327
644037 642570]
- [mm] fix hang on anon_vma->root->lock (Andrea Arcangeli) [642679
622327 644037 642570]
- [mm] avoid breaking huge pmd invariants in case of vma_adjust failures
(Andrea Arcangeli) [642679 622327 644037 642570]
[2.6.32-71.4.1.el6]
- [scsi] fcoe: set default FIP mode as FIP_MODE_FABRIC (Mike Christie)
[641457 636233]
- [virt] KVM: Fix fs/gs reload oops with invalid ldt (Avi Kivity)
[639884 639885] {CVE-2010-3698}
- [drm] i915: prevent arbitrary kernel memory write (Jerome Marchand)
[637690 637691] {CVE-2010-2962}
- [scsi] libfc: adds flogi retry in case DID is zero in RJT (Mike
Christie) [641456 633907]
- [kernel] prevent heap corruption in snd_ctl_new() (Jerome Marchand)
[638485 638486] {CVE-2010-3442}
- [scsi] lpfc: lpfc driver oops during rhel6 installation with snapshot
12/13 and emulex FC (Rob Evers) [641907 634703]
- [fs] ext4: Always journal quota file modifications (Eric Sandeen)
[641454 624909]
- [mm] fix split_huge_page error like mapcount 3 page_mapcount 2 (Andrea
Arcangeli) [641258 640611]
- [block] Fix pktcdvd ioctl dev_minor range check (Jerome Marchand)
[638088 638089] {CVE-2010-3437}
- [drm] ttm: Fix two race conditions + fix busy codepaths (Dave Airlie)
[642045 640871]
- [drm] Prune GEM vma entries (Dave Airlie) [642043 640870]
- [virt] ksm: fix bad user data when swapping (Andrea Arcangeli) [641459
640579]
- [virt] ksm: fix page_address_in_vma anon_vma oops (Andrea Arcangeli)
[641460 640576]
- [net] sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (Jiri
Pirko) [640461 640462] {CVE-2010-3705}
- [mm] Move vma_stack_continue into mm.h (Mike Snitzer) [641483 638525]
- [net] sctp: Do not reset the packet during sctp_packet_config() (Jiri
Pirko) [637681 637682] {CVE-2010-3432}
- [mm] vmstat incorrectly reports disk IO as swap in (Steve Best)
[641458 636978]
- [scsi] fcoe: Fix NPIV (Neil Horman) [641455 631246]
[2.6.32-71.3.1.el6]
- [block] prevent merges of discard and write requests (Mike Snitzer)
[639412 637805]
- [drm] nouveau: correct INIT_DP_CONDITION subcondition 5 (Ben Skeggs)
[638973 636678]
- [drm] nouveau: enable enhanced framing only if DP display supports it
(Ben Skeggs) [638973 636678]
- [drm] nouveau: fix required mode bandwidth calculation for DP (Ben
Skeggs) [638973 636678]
- [drm] nouveau: disable hotplug detect around DP link training (Ben
Skeggs) [638973 636678]
- [drm] nouveau: set DP display power state during DPMS (Ben Skeggs)
[638973 636678]
- [mm] remove "madvise" from possible
/sys/kernel/mm/redhat_transparent_hugepage/enabled options (Larry
Woodman) [636116 634500]
- [netdrv] cxgb3: don't flush the workqueue if we are called from the
workqueue (Doug Ledford) [634973 631547]
- [netdrv] cxgb3: deal with fatal parity error status in interrupt
handler (Doug Ledford) [634973 631547]
- [netdrv] cxgb3: now that we define fatal parity errors, make sure they
are cleared (Doug Ledford) [634973 631547]
- [netdrv] cxgb3: Add define for fatal parity error bit manipulation
(Doug Ledford) [634973 631547]
- [virt] Emulate MSR_EBC_FREQUENCY_ID (Jes Sorensen) [633966 629836]
- [virt] Define MSR_EBC_FREQUENCY_ID (Jes Sorensen) [633966 629836]
- [kernel] initramfs: Fix initramfs size calculation (Hendrik Brueckner)
[637087 626956]
- [kernel] initramfs: Generalize initramfs_data.xxx.S variants (Hendrik
Brueckner) [637087 626956]
- [drm] radeon/kms: fix sideport detection on newer rs880 boards (Dave
Airlie) [634984 626454]
- [block] switch s390 tape_block and mg_disk to elevator_change() (Mike
Snitzer) [633864 632631]
- [block] add function call to switch the IO scheduler from a driver
(Mike Snitzer) [633864 632631]
[2.6.32-71.2.1.el6]
- [misc] make compat_alloc_user_space() incorporate the access_ok()
(Xiaotian Feng) [634465 634466] {CVE-2010-3081}
- [x86] kernel: fix IA32 System Call Entry Point Vulnerability (Xiaotian
Feng) [634451 634452] {CVE-2010-3301}
[2.6.32-71.1.1.el6]
- [security] Make kernel panic in FIPS mode if modsign check fails
(David Howells) [633865 625914]
- [virt] Guests on AMD with CPU type 6 and model >= 8 trigger errata
read of MSR_K7_CLK_CTL (Jes Sorensen) [632292 629066]
- [x86] UV: use virtual efi on SGI systems (George Beshers) [633964 627653]
More information about the El-errata
mailing list