[El-errata] ELSA-2012-0721-1 Important: Oracle Linux 5 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Jun 15 18:07:08 PDT 2012 

Oracle Linux Security Advisory ELSA-2012-0721-1

https://rhn.redhat.com/errata/RHSA-2012-0721.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.18-308.8.2.0.1.el5.i686.rpm
kernel-PAE-2.6.18-308.8.2.0.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.8.2.0.1.el5.i686.rpm
kernel-debug-2.6.18-308.8.2.0.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.8.2.0.1.el5.i686.rpm
kernel-devel-2.6.18-308.8.2.0.1.el5.i686.rpm
kernel-doc-2.6.18-308.8.2.0.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.2.0.1.el5.i386.rpm
kernel-xen-2.6.18-308.8.2.0.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.8.2.0.1.el5.i686.rpm

x86_64:
kernel-2.6.18-308.8.2.0.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.8.2.0.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.8.2.0.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.8.2.0.1.el5.x86_64.rpm
kernel-doc-2.6.18-308.8.2.0.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.2.0.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.8.2.0.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.8.2.0.1.el5.x86_64.rpm

ia64:
kernel-2.6.18-308.8.2.0.1.el5.ia64.rpm
kernel-debug-2.6.18-308.8.2.0.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.8.2.0.1.el5.ia64.rpm
kernel-devel-2.6.18-308.8.2.0.1.el5.ia64.rpm
kernel-doc-2.6.18-308.8.2.0.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.2.0.1.el5.ia64.rpm
kernel-xen-2.6.18-308.8.2.0.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.8.2.0.1.el5.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-2.6.18-308.8.2.0.1.el5.src.rpm

The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.18-308.8.2.0.1.el5-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.2.0.1.el5PAE-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.2.0.1.el5xen-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.2.0.1.el5debug-2.0.5-1.el5.i686.rpm
ocfs2-2.6.18-308.8.2.0.1.el5-1.4.10-1.el5.i686.rpm
ocfs2-2.6.18-308.8.2.0.1.el5PAE-1.4.10-1.el5.i686.rpm
ocfs2-2.6.18-308.8.2.0.1.el5xen-1.4.10-1.el5.i686.rpm
ocfs2-2.6.18-308.8.2.0.1.el5debug-1.4.10-1.el5.i686.rpm

x86_64:
oracleasm-2.6.18-308.8.2.0.1.el5-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.2.0.1.el5xen-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.2.0.1.el5debug-2.0.5-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.2.0.1.el5-1.4.10-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.2.0.1.el5xen-1.4.10-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.2.0.1.el5debug-1.4.10-1.el5.x86_64.rpm

ia64:
oracleasm-2.6.18-308.8.2.0.1.el5-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.2.0.1.el5xen-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.2.0.1.el5debug-2.0.5-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.2.0.1.el5-1.4.10-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.2.0.1.el5xen-1.4.10-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.2.0.1.el5debug-1.4.10-1.el5.ia64.rpm


SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-308.8.2.0.1.el5-2.0.5-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-308.8.2.0.1.el5-1.4.10-1.el5.src.rpm

Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.

We recommend that all users of Oracle Linux 5 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

Description of changes:

This Security Advisory, does not make any changes to the Linux kernel.
This errata update only updates the Xen Hypervisor, which is not part
of the Linux kernel.

Customers running Xen hosts will need to reboot to get the latest
hypervisor updates.

kernel:

[2.6.18-308.8.2.0.1.el5]
- [net] bonding: fix carrier detect when bond is down [orabug 12377284]
- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]
- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong 
Duan)
- [x86] use dynamic vcpu_info remap to support more than 32 vcpus 
(Zhenzhong Duan)
- [x86] Fix lvt0 reset when hvm boot up with noapic param
- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, 
Chris Mason)
   [orabug 12342275]
- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 
12561346]
- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]
- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) 
[orabug 12740042]
- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) 
[orabug 12687646]
- [scsi] fix scsi hotplug and rescan race [orabug 10260172]
- fix filp_close() race (Joe Jin) [orabug 10335998]
- make xenkbd.abs_pointer=1 by default [orabug 67188919]
- [xen] check to see if hypervisor supports memory reservation change
   (Chuck Anderson) [orabug 7556514]
- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf 
(John Sobecki)
   [orabug 10315433]
- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]
- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]
- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]
- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]
   RDS: Fix BUG_ONs to not fire when in a tasklet
   ipoib: Fix lockup of the tx queue
   RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)
   RDS: Properly unmap when getting a remote access error (Tina Yang)
   RDS: Fix locking in rds_send_drop_to()
- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)
   [orabug 9107465]
+- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)
   [orabug 9764220]
- Support 256GB+ memory  for pv guest (Mukesh Rathor) [orabug 9450615]
- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,
   Guru Anbalagane) [orabug 6124033]
- [ipmi] make  configurable timeouts for kcs of ipmi [orabug 9752208]
- [ib] fix memory corruption (Andy Grover) [orabug 9972346]

[2.6.18-308.8.2.el5]
- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo 
Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86_64: Do not execute sysret with a non-canonical return 
address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) 
[824969 824970]

ocfs2:

[1.4.10]
- ocfs2/dlm: Cleanup mlogs in dlmthread.c dlmast.c and dlmdomain.c
- ocfs2/dlm: make existing convertion precedent over new lock
- ocfs2/dlm: Cleanup dlmdebug.c
- ocfs2/dlm: Minor cleanup
- ocfs2/dlm: Hard code the values for enums
- ocfs2: Wakeup down convert thread just after clearing OCFS2 LOCK 
UPCONVERT FINISHING
- ocfs2/dlm: Take inflight reference count for remotely mastered 
resources too
- ocfs2/dlm: dlmlock remote needs to account for remastery
- ocfs2: Add some trace log for orphan scan
- ocfs2: Remove unused old id in ocfs2_commit_cache
- ocfs2: Remove obsolete comments before ocfs2_start_trans
- ocfs2: Initialize the bktcnt variable properly and call it bucket_count
- ocfs2: Use cpu to le16 for e leaf clusters in 
ocfs2_bg_discontig_add_extent
- ocfs2: validate bg free bits count after update
- ocfs2: cluster Pin the remote node item in configfs
- ocfs2: Release buffer head in case of error in ocfs2_double_lock
- ocfs2: optimize ocfs2 check dir entry with unlikely() annotations
- ocfs2: Little refactoring against ocfs2 iget
- ocfs2: Initialize data ac might be used uninitializ
- ocfs2 Skip mount recovery for hard ro mounts
- ocfs2: make direntry invalid when deleting it
- ocfs2: commit trans in error
- ocfs2: Fix deadlock when allocating page
- ocfs2: Avoid livelock in ocfs2 readpage

More information about the El-errata mailing list