[El-errata] ELSA-2012-2003 Important: Oracle Linux 5 Unbreakable Enterprise kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Mar 12 10:17:00 PDT 2012


Oracle Linux Security Advisory ELSA-2012-2003

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-uek-2.6.32-300.11.1.el5uek.i686.rpm
kernel-uek-debug-2.6.32-300.11.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.32-300.11.1.el5uek.i686.rpm
kernel-uek-headers-2.6.32-300.11.1.el5uek.i686.rpm
kernel-uek-devel-2.6.32-300.11.1.el5uek.i686.rpm
kernel-uek-doc-2.6.32-300.11.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.32-300.11.1.el5uek.noarch.rpm
ofa-2.6.32-300.11.1.el5uek-1.5.1-4.0.53.i686.rpm
ofa-2.6.32-300.11.1.el5uekdebug-1.5.1-4.0.53.i686.rpm
mlnx_en-2.6.32-300.11.1.el5uek-1.5.7-2.i686.rpm
mlnx_en-2.6.32-300.11.1.el5uekdebug-1.5.7-2.i686.rpm

x86_64:
kernel-uek-firmware-2.6.32-300.11.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.32-300.11.1.el5uek.noarch.rpm
kernel-uek-2.6.32-300.11.1.el5uek.x86_64.rpm
kernel-uek-headers-2.6.32-300.11.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.32-300.11.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.32-300.11.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.32-300.11.1.el5uek.x86_64.rpm
ofa-2.6.32-300.11.1.el5uek-1.5.1-4.0.53.x86_64.rpm
ofa-2.6.32-300.11.1.el5uekdebug-1.5.1-4.0.53.x86_64.rpm
mlnx_en-2.6.32-300.11.1.el5uek-1.5.7-2.x86_64.rpm
mlnx_en-2.6.32-300.11.1.el5uekdebug-1.5.7-2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-uek-2.6.32-300.11.1.el5uek.src.rpm
http://oss.oracle.com/ol5/SRPMS-updates/ofa-2.6.32-300.11.1.el5uek-1.5.1-4.0.53.src.rpm
http://oss.oracle.com/ol5/SRPMS-updates/mlnx_en-2.6.32-300.11.1.el5uek-1.5.7-2.src.rpm


Users with Oracle Linux Premier Support can now use Ksplice to patch 
against this Security Advisory.

We recommend that all users of Oracle Linux 5 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to 
take any additional action.

Description of changes:

* CVE-2012-0207: Denial of service bug in IGMP.

The IGMP subsystem's compatibility handling of v2 packets had a bug in
the computation of a delay field which could result in division by
zero (causing a kernel panic).


* CVE-2012-0045: Denial of service in KVM system call emulation.

A bug in the system call emulation for allowed local users on a 32-bit
KVM guest system to cause the guest system to panic.


* CVE-2012-0038: In-memory corruption in XFS ACL processing.

A missing check in xfs_acl_from_disk on the number of XFS ACLs could
result in in-memory corruption and a kernel panic.


* CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.

Starting PIT timers in the absence of irqchip support could cause a
NULL pointer dereference and kernel OOPs.


* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.


* CVE-2011-4132: Denial of service in Journaling Block Device layer.

A flaw in the way the Journaling Block Device (JBD) layer handled an
invalid log first block value allowed an attacker to mount a malicious
ext3 or ext4 image that would crash the system.


* CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.

Nick Bowler reported an issue in the GHASH message digest
algorithm. ghash_update can pass a NULL pointer to gf128mul_4k_lle in some
cases, leading to a NULL pointer dereference (kernel OOPS).


* CVE-2011-4077: Buffer overflow in xfs_readlink.

A flaw in the way the XFS filesystem implementation handled links with
pathnames larger than MAXPATHLEN allowed an attacker to mount a
malicious XFS image that could crash the system or result in privilege
escalation.

[2.6.32-300.11.1.el5uek]
- [fs] xfs: Fix possible memory corruption in xfs_readlink (Carlos 
Maiolino) {CVE-2011-4077}
- [scsi] increase qla2xxx firmware ready time-out (Joe Jin)
- [scsi] qla2xxx: Module parameter to control use of async or sync port 
login (Joe Jin)
- [net] tg3: Fix single-vector MSI-X code (Joe Jin)
- [net] qlge: fix size of external list for TX address descriptors (Joe Jin)
- [net] e1000e: Avoid wrong check on TX hang (Joe Jin)
- crypto: ghash - Avoid null pointer dereference if no key is set (Nick 
Bowler) {CVE-2011-4081}
- jbd/jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) 
{CVE-2011-4132}
- KVM: Device assignment permission checks (Joe Jin) {CVE-2011-4347}
- KVM: x86: Prevent starting PIT timers in the absence of irqchip 
support (Jan Kiszka) {CVE-2011-4622}
- xfs: validate acl count (Joe Jin) {CVE-2012-0038}
- KVM: x86: fix missing checks in syscall emulation (Joe Jin) 
{CVE-2012-0045}
- KVM: x86: extend "struct x86_emulate_ops" with "get_cpuid" (Joe Jin) 
{CVE-2012-0045}
- igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Ben 
Hutchings) {CVE-2012-0207}
- ipv4: correct IGMP behavior on v3 query during v2-compatibility mode 
(David Stevens)
- fuse: fix fuse request unique id (Srinivas Eeda) [orabug 13816349]




More information about the El-errata mailing list