[El-errata] ELSA-2012-1061 Moderate: Oracle Linux 5 kernel security and bug fix update

Wed Jul 11 16:21:55 PDT 2012

Oracle Linux Security Advisory ELSA-2012-1061

https://rhn.redhat.com/errata/RHSA-2012-1061.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.18-308.11.1.el5.i686.rpm
kernel-PAE-2.6.18-308.11.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.11.1.el5.i686.rpm
kernel-debug-2.6.18-308.11.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.11.1.el5.i686.rpm
kernel-devel-2.6.18-308.11.1.el5.i686.rpm
kernel-doc-2.6.18-308.11.1.el5.noarch.rpm
kernel-headers-2.6.18-308.11.1.el5.i386.rpm
kernel-xen-2.6.18-308.11.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.11.1.el5.i686.rpm

x86_64:
kernel-2.6.18-308.11.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.11.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.11.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.11.1.el5.x86_64.rpm
kernel-doc-2.6.18-308.11.1.el5.noarch.rpm
kernel-headers-2.6.18-308.11.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.11.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.11.1.el5.x86_64.rpm

ia64:
kernel-2.6.18-308.11.1.el5.ia64.rpm
kernel-debug-2.6.18-308.11.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.11.1.el5.ia64.rpm
kernel-devel-2.6.18-308.11.1.el5.ia64.rpm
kernel-doc-2.6.18-308.11.1.el5.noarch.rpm
kernel-headers-2.6.18-308.11.1.el5.ia64.rpm
kernel-xen-2.6.18-308.11.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.11.1.el5.ia64.rpm

SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-2.6.18-308.11.1.el5.src.rpm

The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.18-308.11.1.el5-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.11.1.el5PAE-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.11.1.el5xen-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.11.1.el5debug-2.0.5-1.el5.i686.rpm
ocfs2-2.6.18-308.11.1.el5-1.4.10-1.el5.i686.rpm
ocfs2-2.6.18-308.11.1.el5PAE-1.4.10-1.el5.i686.rpm
ocfs2-2.6.18-308.11.1.el5xen-1.4.10-1.el5.i686.rpm
ocfs2-2.6.18-308.11.1.el5debug-1.4.10-1.el5.i686.rpm

x86_64:
oracleasm-2.6.18-308.11.1.el5-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.11.1.el5xen-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.11.1.el5debug-2.0.5-1.el5.x86_64.rpm
ocfs2-2.6.18-308.11.1.el5-1.4.10-1.el5.x86_64.rpm
ocfs2-2.6.18-308.11.1.el5xen-1.4.10-1.el5.x86_64.rpm
ocfs2-2.6.18-308.11.1.el5debug-1.4.10-1.el5.x86_64.rpm

ia64:
oracleasm-2.6.18-308.11.1.el5-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.11.1.el5xen-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.11.1.el5debug-2.0.5-1.el5.ia64.rpm
ocfs2-2.6.18-308.11.1.el5-1.4.10-1.el5.ia64.rpm
ocfs2-2.6.18-308.11.1.el5xen-1.4.10-1.el5.ia64.rpm
ocfs2-2.6.18-308.11.1.el5debug-1.4.10-1.el5.ia64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-308.11.1.el5-2.0.5-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-308.11.1.el5-1.4.10-1.el5.src.rpm

Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.

We recommend that all users of  Oracle Linux 5 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

Description of changes:

* CVE-2012-3375: Denial of service due to epoll resource leak in error path.

The upstream fix for CVE-2011-1083 introduced a flaw in the way
the Linux kernel's Event Poll (epoll) subsystem handled resource clean up
when an ELOOP error code was returned. A local, unprivileged user could use
this flaw to cause a denial of service.

* Arithmetic overflow in clock source calculations.

An insufficiently designed calculation in the CPU accelerator in the
previous kernel caused an arithmetic overflow in the sched_clock()
function when system uptime exceeded 208.5 days. This overflow led to
a kernel panic on the systems using the Time Stamp Counter (TSC) or
Virtual Machine Interface (VMI) clock source. This update corrects the
aforementioned calculation so that this arithmetic overflow and kernel
panic can no longer occur under these circumstances.

[2.6.18-308.11.1.el5]
- [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226]
- [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy 
Gospodarek) [832169 830226]
- [net] ixgbe: reverting setup redirection table for multiple packet 
buffers (Andy Gospodarek) [832169 830226]

[2.6.18-308.10.1.el5]
- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo 
Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86_64: Do not execute sysret with a non-canonical return 
address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) 
[824969 824970] {CVE-2012-2934}
- [scsi] qla2xxx: Use ha->pdev->revision in 4Gbps MSI-X check. (Chad 
Dupuis) [816373 800653]
- [fs] sunrpc: do array overrun check in svc_recv before page alloc (J. 
Bruce Fields) [820358 814626]
- [fs] knfsd: fix an NFSD bug with full size non-page-aligned reads (J. 
Bruce Fields) [820358 814626]
- [fs] sunrpc: fix oops due to overrunning server's page array (J. Bruce 
Fields) [820358 814626]
- [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 
817131]
- [x86_64] sched: Avoid unnecessary overflow in sched_clock (Prarit 
Bhargava) [824654 818787]
- [net] sunrpc: Don't use list_for_each_entry_safe in rpc_wake_up (Steve 
Dickson) [817571 809937]
- [s390] qeth: add missing wake_up call (Hendrik Brueckner) [829059 790900]

[2.6.18-308.9.1.el5]
- [fs] jbd: clear b_modified before moving the jh to a different 
transaction (Josef Bacik) [827205 563247]