[El-errata] ELSA-2012-0690-1 Important: Oracle Linux 5 kernel security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 31 10:01:02 PDT 2012
Oracle Linux Security Advisory ELSA-2012-0690-1
https://rhn.redhat.com/errata/RHSA-2012-0690.html
The following updated rpms for Oracle Linux 5 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.18-308.8.1.0.1.el5.i686.rpm
kernel-PAE-2.6.18-308.8.1.0.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.8.1.0.1.el5.i686.rpm
kernel-debug-2.6.18-308.8.1.0.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.8.1.0.1.el5.i686.rpm
kernel-devel-2.6.18-308.8.1.0.1.el5.i686.rpm
kernel-doc-2.6.18-308.8.1.0.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.0.1.el5.i386.rpm
kernel-xen-2.6.18-308.8.1.0.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.8.1.0.1.el5.i686.rpm
x86_64:
kernel-2.6.18-308.8.1.0.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.8.1.0.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.8.1.0.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.8.1.0.1.el5.x86_64.rpm
kernel-doc-2.6.18-308.8.1.0.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.0.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.8.1.0.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.8.1.0.1.el5.x86_64.rpm
ia64:
kernel-2.6.18-308.8.1.0.1.el5.ia64.rpm
kernel-debug-2.6.18-308.8.1.0.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.8.1.0.1.el5.ia64.rpm
kernel-devel-2.6.18-308.8.1.0.1.el5.ia64.rpm
kernel-doc-2.6.18-308.8.1.0.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.0.1.el5.ia64.rpm
kernel-xen-2.6.18-308.8.1.0.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.8.1.0.1.el5.ia64.rpm
SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-2.6.18-308.8.1.0.1.el5.src.rpm
The following packages were rebuilt to be in sync with the updated
kernel version (no changes other than updating the version number):
i386:
oracleasm-2.6.18-308.8.1.0.1.el5-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.0.1.el5PAE-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.0.1.el5xen-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.0.1.el5debug-2.0.5-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.0.1.el5-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.0.1.el5PAE-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.0.1.el5xen-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.0.1.el5debug-1.4.9-1.el5.i686.rpm
x86_64:
oracleasm-2.6.18-308.8.1.0.1.el5-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.1.0.1.el5xen-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.1.0.1.el5debug-2.0.5-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.0.1.el5-1.4.9-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.0.1.el5xen-1.4.9-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.0.1.el5debug-1.4.9-1.el5.x86_64.rpm
ia64:
oracleasm-2.6.18-308.8.1.0.1.el5-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.1.0.1.el5xen-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.1.0.1.el5debug-2.0.5-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.0.1.el5-1.4.9-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.0.1.el5xen-1.4.9-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.0.1.el5debug-1.4.9-1.el5.ia64.rpm
SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-308.8.1.0.1.el5-2.0.5-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-308.8.1.0.1.el5-1.4.9-1.el5.src.rpm
Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.
We recommend that all users of Oracle Linux 5 install these updates.
Users of Ksplice Uptrack can install these updates by running :
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
Description of changes:
* CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.
The length of packet fragments to be sent wasn't validated before use,
leading to heap overflow. A user having access to TUN/TAP virtual
device could use this flaw to crash the system or to potentially
escalate their privileges.
[2.6.18-308.8.1.0.1.el5]
- [net] bonding: fix carrier detect when bond is down [orabug 12377284]
- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]
- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong
Duan)
- [x86] use dynamic vcpu_info remap to support more than 32 vcpus
(Zhenzhong Duan)
- [x86] Fix lvt0 reset when hvm boot up with noapic param
- [scsi] remove printk's when doing I/O to a dead device (John Sobecki,
Chris Mason)
[orabug 12342275]
- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug
12561346]
- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]
- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang)
[orabug 12740042]
- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin)
[orabug 12687646]
- [scsi] fix scsi hotplug and rescan race [orabug 10260172]
- fix filp_close() race (Joe Jin) [orabug 10335998]
- make xenkbd.abs_pointer=1 by default [orabug 67188919]
- [xen] check to see if hypervisor supports memory reservation change
(Chuck Anderson) [orabug 7556514]
- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf
(John Sobecki)
[orabug 10315433]
- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]
- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]
- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]
- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]
RDS: Fix BUG_ONs to not fire when in a tasklet
ipoib: Fix lockup of the tx queue
RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)
RDS: Properly unmap when getting a remote access error (Tina Yang)
RDS: Fix locking in rds_send_drop_to()
- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)
[orabug 9107465]
- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)
[orabug 9764220]
- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]
- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,
Guru Anbalagane) [orabug 6124033]
- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]
- [ib] fix memory corruption (Andy Grover) [orabug 9972346]
[2.6.18-308.8.1.el5]
- [net] sock: validate data_len before allocating skb in
sock_alloc_send_pskb() (Jason Wang) [816290 816106] {CVE-2012-2136}
- [net] tg3: Fix VLAN tagging assignments (John Feeney) [817691 797011]
- [net] ixgbe: do not stop stripping VLAN tags in promiscuous mode (Andy
Gospodarek) [809791 804800]
- [s390] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik
Brueckner) [810123 808489]
- [x86] unwind information fix for the vsyscall DSO (Prarit Bhargava)
[807930 805799]
[2.6.18-308.7.1.el5]
- [fs] epoll: Don't limit non-nested epoll paths (Jason Baron) [809380
804778]
[2.6.18-308.6.1.el5]
- [scsi] fc class: fix scanning when devs are offline (Mike Christie)
[816684 799530]
- [md] dm-multipath: delay retry of bypassed pg (Mike Christie) [816684
799530]
- [net] bonding: properly unset current_arp_slave on slave link up
(Veaceslav Falico) [811927 800575]
- [net] bonding: remove {master,vlan}_ip and query devices instead (Andy
Gospodarek) [810321 772216]
[2.6.18-308.5.1.el5]
- [scsi] skip sense logging for some ATA PASS-THROUGH cdbs (David
Milburn) [807265 788777]
More information about the El-errata
mailing list