[El-errata] ELSA-2011-0498 Important: Oracle Linux 6 kernel security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 12 09:43:23 PDT 2011
Oracle Linux Security Advisory ELSA-2011-0498
https://rhn.redhat.com/errata/RHSA-2011-0498.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.32-71.29.1.el6.i686.rpm
kernel-debug-2.6.32-71.29.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.29.1.el6.i686.rpm
kernel-devel-2.6.32-71.29.1.el6.i686.rpm
kernel-doc-2.6.32-71.29.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.29.1.el6.noarch.rpm
kernel-headers-2.6.32-71.29.1.el6.i686.rpm
x86_64:
kernel-2.6.32-71.29.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.29.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.29.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.29.1.el6.x86_64.rpm
kernel-doc-2.6.32-71.29.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.29.1.el6.noarch.rpm
kernel-headers-2.6.32-71.29.1.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-71.29.1.el6.src.rpm
The following packages were rebuilt to be in sync with the updated
kernel version (no changes other than updating the version number):
i386:
perf-2.6.32-71.29.1.el6.noarch.rpm
x86_64:
perf-2.6.32-71.29.1.el6.noarch.rpm
SRPMS:
Description of changes:
[2.6.32-71.29.1.el6]
- [mm] Revert "[mm] pdpte registers are not flushed when PGD entry is
changed in x86 PAE mode" (Larry Woodman) [695256 691310]
[2.6.32-71.28.1.el6]
- [net] bonding: fix jiffy comparison issues (Andy Gospodarek) [698109
696337]
- [drm] radeon/kms: check AA resolve registers on r300 + regression fix
(Dave Airlie) [680001 680002] {CVE-2011-1016}
- [infiniband] uverbs: Handle large number of entries in poll CQ (Eugene
Teo) [688429 696137] {CVE-2011-1044 CVE-2010-4649}
- [net] sctp: fix the INIT/INIT-ACK chunk length calculation (Thomas
Graf) [695386 690743] {CVE-2011-1573}
- [net] CAN: Use inode instead of kernel address for /proc file (Danny
Feng) [664560 664561] {CVE-2010-4565}
- [fs] inotify: fix double free/corruption of stuct user (Eric Paris)
[656831 656832] {CVE-2010-4250}
- [net] netfilter: ipt_CLUSTERIP: fix buffer overflow (Jiri Pirko)
[689341 689342]
- [net] bonding: change test for presence of VLANs (Jiri Pirko) [696487
683496]
- [scsi] scsi_dh: fix reference counting in scsi_dh_activate error path
(Mike Snitzer) [696889 680140]
- [net] enable VLAN NULL tagging (Neil Horman) [683810 633571]
- [scsi] scsi_dh: propagate SCSI device deletion (Mike Snitzer) [698114
669411]
- [fs] inotify: stop kernel memory leak on file creation failure (Eric
Paris) [656831 656832] {CVE-2010-4250}
[2.6.32-71.27.1.el6]
- [scsi] megaraid: give FW more time to recover from reset (Tomas Henzl)
[695322 692673]
- [netdrv] ixgbe: fix for 82599 erratum on Header Splitting (Andy
Gospodarek) [683820 669231]
- [sound] ALSA: hda - nvhdmi: Add missing codec IDs, unify names
(Jaroslav Kysela) [683817 636922]
- [mm] pdpte registers are not flushed when PGD entry is changed in x86
PAE mode (Larry Woodman) [695256 691310]
- [net] fix ebtables stack infoleak (Eugene Teo) [681322 681323]
{CVE-2011-1080}
- [drm] fix unsigned vs signed comparison issue in modeset ctl ioctl
(Don Howard) [679927 679928] {CVE-2011-1013}
- [pci] Enable ASPM state clearing regardless of policy (Alex
Williamson) [694073 681017]
- [pci] Disable ASPM if BIOS asks us to (Alex Williamson) [694073 681017]
- [mm] do not keep kswapd awake for an unreclaimable zone (Johannes
Weiner) [694186 633825]
[2.6.32-71.26.1.el6]
- [net] bnep: fix buffer overflow (Don Howard) [681315 681316]
{CVE-2011-1079}
- [scsi] aic94xx: world-writable sysfs update_bios file (Don Howard)
[679306 679307]
- [x86] tc1100-wmi: world-writable sysfs wireless and jogdial files (Don
Howard) [679306 679307]
- [x86] acer-wmi: world-writable sysfs threeg file (Don Howard) [679306
679307]
- [mfd] ab3100: world-writable debugfs *_priv files (Don Howard) [679306
679307]
- [v4l] sn9c102: world-wirtable sysfs files (Don Howard) [679306 679307]
- [x86] Fix EFI pagetable to map whole memory (Takao Indoh) [670850 664364]
- [kernel] CAP_SYS_MODULE bypass via CAP_NET_ADMIN (Phillip Lougher)
[681772 681773] {CVE-2011-1019}
- [kernel] failure to revert address limit override in OOPS error path
(Dave Anderson) [659572 659573] {CVE-2010-4258}
- [fs] xfs: zero proper structure size for geometry calls (Phillip
Lougher) [677267 677268] {CVE-2011-0711}
- [fs] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
(Phillip Lougher) [677267 677268] {CVE-2011-0711}
- [tty] tty_audit: fix tty_audit_add_data live lock on audit disabled
(Danny Feng) [684275 680126]
- [kernel] proc: protect mm start_code/end_code in /proc/pid/stat
(Eugene Teo) [684572 684573] {CVE-2011-0726}
- [net] dccp oops (Eugene Teo) [682957 682958] {CVE-2011-1093}
- [firmware] dcdbas: force SMI to happen when expected (Shyam Iyer)
[683440 664832]
- [security] ima: fix add LSM rule bug (Eric Paris) [667914 667915]
{CVE-2011-0006}
- [sound] caiaq: Fix possible string buffer overflow (Jaroslav Kysela)
[678475 678476] {CVE-2011-0712}
- [net] ixgbe: add option to control interrupt mode (Andy Gospodarek)
[670114 670110 622640 637332]
[2.6.32-71.25.1.el6]
- [net] bridge: do not learn from exact matches (Jiri Pirko) [691777 623199]
More information about the El-errata
mailing list