[El-errata] ELSA-2012-0481 Moderate: Oracle Linux 6 kernel security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Apr 23 13:20:34 PDT 2012


Oracle Linux Security Advisory ELSA-2012-0481

https://rhn.redhat.com/errata/RHSA-2012-0481.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.32-220.13.1.el6.i686.rpm
kernel-debug-2.6.32-220.13.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.13.1.el6.i686.rpm
kernel-devel-2.6.32-220.13.1.el6.i686.rpm
kernel-doc-2.6.32-220.13.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm
kernel-headers-2.6.32-220.13.1.el6.i686.rpm
perf-2.6.32-220.13.1.el6.i686.rpm
python-perf-2.6.32-220.13.1.el6.i686.rpm

x86_64:
kernel-2.6.32-220.13.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.13.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.13.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.13.1.el6.x86_64.rpm
kernel-doc-2.6.32-220.13.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm
kernel-headers-2.6.32-220.13.1.el6.x86_64.rpm
2.6.32-220.13.1.el6.x86_64.rpm
python-perf-2.6.32-220.13.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-220.13.1.el6.src.rpm

Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.

We recommend that all users of  Oracle Linux 6 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


Description of changes:

* CVE-2012-0879: Denial of service in CLONE_IO.

CLONE_IO reference counting error could be exploited by an
unprivileged local user to cause denial of service.


* Fix crash on discard in the software RAID driver.

The IO module in the software RAID subsystem didn't properly handle 
DISCARD messages
when using a configuration which has disk mirroring on top of a DISCARD 
enabled
hardware. This would lead to kernel BUGs.


* Bad access control permissions to dmesg_restrict sysctl.

The root user without the CAP_SYS_ADMIN capability was able to reset the
contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to
0.  Consequently, the unprivileged root user could bypass the protection
of the "dmesg_restrict" file and read the kernel ring buffer.


* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.

Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.


* CVE-2012-1090: Denial of service in the CIFS filesystem reference 
counting.

Under certain circumstances, the CIFS filesystem would open a file on
lookup. If the file was determined later to be a FIFO or any other
special file the file handle would be leaked, leading to reference
counting mismatch and a kernel OOPS on unmount.

An unprivileged local user could use this flaw to crash the system.


* Inode corruption in XFS inode lookup.

The XFS inode cache did not correctly initialize the inode before
insertion into the cache which could result in corruption when racing
with an inode lookup.

[2.6.32-220.13.1.el6]
- Revert: [fs] NFSv4: include bitmap in nfsv4 get acl data (Sachin 
Prabhu) [753231 753232] {CVE-2011-4131}

[2.6.32-220.12.1.el6]
- [net] net_sched: qdisc_alloc_handle() can be too slow (Jiri Pirko) 
[805458 785891]
- [fs] procfs: add hidepid= and gid= mount options (Jerome Marchand) 
[770651 770652]
- [fs] procfs: parse mount options (Jerome Marchand) [770651 770652]
- [fs] fuse: add O_DIRECT support (Josef Bacik) [800552 753798]
- [kernel] sysctl: restrict write access to dmesg_restrict (Phillip 
Lougher) [749248 749251]
- [block] dm io: fix discard support (Mike Snitzer) [799943 758404]
- [net] netlink: wrong size was calculated for vfinfo list blob (Andy 
Gospodarek) [790338 772136]
- [netdrv] mlx4_en: fix endianness with blue frame support (Steve Best) 
[789911 750166]
- [usb] Fix deadlock in hid_reset when Dell iDRAC is reset (Shyam Iyer) 
[797205 782374]
- [virt] vmxnet3: Cap the length of the pskb_may_pull on transmit (bz 
790673) (Neil Horman) [801723 790673]
- [scsi] megaraid_sas: Fix instance access in megasas_reset_timer (Tomas 
Henzl) [790341 759318]
- [netdrv] macvtap: Fix the minor device number allocation (Steve Best) 
[796828 786518]
- [net] tcp: bind() fix autoselection to share ports (Flavio Leitner) 
[787764 784671]
- [fs] cifs: change oplock break slow work to very slow work (Jeff 
Layton) [789373 772874]
- [net] sunrpc: remove xpt_pool (J. Bruce Fields) [795338 753301]
- [net] Potential null skb->dev dereference (Flavio Leitner) [795335 769590]
- [net] pkt_sched: Fix sch_sfq vs tcf_bind_filter oops (Jiri Pirko) 
[786873 667925]
- [net] mac80211: cancel auth retries when deauthenticating (John 
Linville) [797241 754356]

[2.6.32-220.11.1.el6]
- [netdrv] igb: reset PHY after recovering from PHY power down 
(Frantisek Hrbata) [789371 737714]
- [drm] Ivybridge force wake fixes (Dave Airlie) [790007 786272]
- [fs] xfs: fix inode lookup race (Dave Chinner) [804961 796277]
- [kernel] regset: Return -EFAULT, not -EIO, on host-side memory fault 
(Jerome Marchand) [799212 799213] {CVE-2012-1097}
- [kernel] regset: Prevent null pointer reference on readonly regsets 
(Jerome Marchand) [799212 799213] {CVE-2012-1097}
- [block] Fix io_context leak after failure of clone with CLONE_IO 
(Vivek Goyal) [796846 791125] {CVE-2012-0879}
- [block] Fix io_context leak after clone with CLONE_IO (Vivek Goyal) 
[796846 791125] {CVE-2012-0879}
- [fs] cifs: fix dentry refcount leak when opening a FIFO on lookup 
(Sachin Prabhu) [798298 781893] {CVE-2012-1090}
- [fs] NFSv4: include bitmap in nfsv4 get acl data (Sachin Prabhu) 
[753231 753232] {CVE-2011-4131}
- [mm] fix nrpages assertion (Josef Bacik) [797182 766861]
- [mm] Eliminate possible panic in page compaction code (Larry Woodman) 
[802430 755885]
- [mm] Prevent panic on 2-node x3850 X5 w/2 MAX5 memory drawers panics 
while running certification tests caused by page list corruption (Larry 
Woodman) [802430 755885]
- [sched] Fix cgroup movement of waking process (Larry Woodman) [795326 
773517]
- [sched] Fix cgroup movement of forking process (Larry Woodman) [795326 
773517]
- [sched] Fix cgroup movement of newly created process (Larry Woodman) 
[795326 773517]
- [sched] Fix ->min_vruntime calculation in dequeue_entity() (Larry 
Woodman) [795326 773517]
- [sched] cgroup: Fixup broken cgroup movement (Larry Woodman) [795326 
773517]
- [kernel] Prevent system deadlock when moving tasks between cgroups 
(Larry Woodman) [789060 773522]
- [kernel] sched: fix {s,u}time values decrease (Stanislaw Gruszka) 
[789061 748559]
- [mm] mempolicy.c: refix mbind_range() vma issue (Motohiro Kosaki) 
[802379 727700]
- [mm] mempolicy.c: fix pgoff in mbind vma merge (Motohiro Kosaki) 
[802379 727700]

[2.6.32-220.10.1.el6]
- [sched] Fix Kernel divide by zero panic in find_busiest_group() (Larry 
Woodman) [801718 785959]

[2.6.32-220.9.1.el6]
- [x86] Fix c-state transitions when !NOHZ (Prarit Bhargava) [798572 767753]
- [x86] tsc: Skip TSC synchronization checks for tsc=reliable (Prarit 
Bhargava) [798572 767753]

[2.6.32-220.8.1.el6]
- [fs] nfs: don't try to migrate pages with active requests (Jeff 
Layton) [790905 739811]






More information about the El-errata mailing list