[El-errata] ELSA-2011-2015 Important: Oracle Linux 5 Unbreakable Enterprise kernel security fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu May 12 09:43:10 PDT 2011


Oracle Linux Security Advisory ELSA-2011-2015

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-2.6.32-100.28.15.el5.noarch.rpm
kernel-uek-doc-2.6.32-100.28.15.el5.noarch.rpm
kernel-uek-2.6.32-100.28.15.el5.x86_64.rpm
kernel-uek-headers-2.6.32-100.28.15.el5.x86_64.rpm
kernel-uek-devel-2.6.32-100.28.15.el5.x86_64.rpm
kernel-uek-debug-devel-2.6.32-100.28.15.el5.x86_64.rpm
kernel-uek-debug-2.6.32-100.28.15.el5.x86_64.rpm
ofa-2.6.32-100.28.15.el5-1.5.1-4.0.28.x86_64.rpm
ofa-2.6.32-100.28.15.el5debug-1.5.1-4.0.28.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-uek-2.6.32-100.28.15.el5.src.rpm
http://oss.oracle.com/ol5/SRPMS-updates/ofa-2.6.32-100.28.15.el5-1.5.1-4.0.28.src.rpm


Description of changes:

[2.6.32-100.28.15.el5]
- sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set 
{CVE-2011-1573}
- dccp: fix oops on Reset after close {CVE-2011-1093}
- bridge: netfilter: fix information leak {CVE-2011-1080}
- Bluetooth: bnep: fix buffer overflow {CVE-2011-1079}
- net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules 
{CVE-2011-1019}
- ipip: add module alias for tunl0 tunnel device
- gre: add module alias for gre0 tunnel device
- drm/radeon/kms: check AA resolve registers on r300 {CVE-2011-1016}
- drm/radeon: fix regression with AA resolve checking {CVE-2011-1016}
- drm: fix unsigned vs signed comparison issue in modeset ctl ioctl 
{CVE-2011-1013}
- proc: protect mm start_code/end_code in /proc/pid/stat {CVE-2011-0726}
- ALSA: caiaq - Fix possible string-buffer overflow {CVE-2011-0712}
- xfs: zero proper structure size for geometry calls {CVE-2011-0711}
- xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 
{CVE-2011-0711}
- ima: fix add LSM rule bug {CVE-2011-0006}
- IB/uverbs: Handle large number of entries in poll CQ {CVE-2010-4649, 
CVE-2011-1044}
- CAN: Use inode instead of kernel address for /proc file {CVE-2010-4565}

[2.6.32-100.28.14.el5]
- IB/qib: fix qib compile warning.
- IB/core: Allow device-specific per-port sysfs files.
- dm crypt: add plain64 iv.
- firmware: add firmware for qib.
- Infiniband: Add QLogic PCIe QLE InfiniBand host channel adapters support.





More information about the El-errata mailing list