[El-errata] ELSA-2012-1064 Important: Oracle Linux 6 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jul 11 15:42:08 PDT 2012


Oracle Linux Security Advisory ELSA-2012-1064

https://rhn.redhat.com/errata/RHSA-2012-1064.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.32-279.1.1.el6.i686.rpm
kernel-debug-2.6.32-279.1.1.el6.i686.rpm
kernel-debug-devel-2.6.32-279.1.1.el6.i686.rpm
kernel-devel-2.6.32-279.1.1.el6.i686.rpm
kernel-doc-2.6.32-279.1.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm
kernel-headers-2.6.32-279.1.1.el6.i686.rpm
perf-2.6.32-279.1.1.el6.i686.rpm
python-perf-2.6.32-279.1.1.el6.i686.rpm

x86_64:
kernel-2.6.32-279.1.1.el6.x86_64.rpm
kernel-debug-2.6.32-279.1.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.1.1.el6.x86_64.rpm
kernel-devel-2.6.32-279.1.1.el6.x86_64.rpm
kernel-doc-2.6.32-279.1.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm
kernel-headers-2.6.32-279.1.1.el6.x86_64.rpm
perf-2.6.32-279.1.1.el6.x86_64.rpm
python-perf-2.6.32-279.1.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-279.1.1.el6.src.rpm


Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.

We recommend that all users of  Oracle Linux 6 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

Description of changes:

* ext4 filesystem corruption on fallocate.

Attempting to fallocate() a file over 4GB with insufficient space on an
ext4 filesystem could result in corruption of the filesystem image.

* CVE-2012-2745: Denial-of-service in kernel key management.

A potential double-free of the replacement session keyring on fork()
could result in a denial-of-service by a local, unprivileged user.

* CVE-2012-2744: Remote denial-of-service in IPv6 connection tracking.

A flaw in the IPv6 connection tracking netfilter module could allow a
remote attacker to trigger a NULL pointer dereference and
denial-of-service with specially crafted IPv6 packets.

[2.6.32-279.1.1.el6]
- [kernel] Prevent keyctl new_session from causing a panic (David 
Howells) [833433 827424] {CVE-2012-2745}
- [net] ipv6/netfilter: fix null pointer dereference in 
nf_ct_frag6_reasm() (Petr Matousek) [833410 833412] {CVE-2012-2744}
- [fs] nfs: Map minor mismatch error to protocol not support error 
(Steve Dickson) [832365 796352]
- [fs] ext4: Fix overflow caused by missing cast in ext4_fallocate() 
(Lukas Czerner) [833034 830209]
- [ata] libata: Add 2GB ATA Flash Disk/ADMA428M to DMA blacklist (Prarit 
Bhargava) [832363 812904]
- [netdrv] r8169: fix typo in firmware filenames (Ivan Vecera) [832359 
829211]





More information about the El-errata mailing list