[El-errata] ELSA-2012-0690 Important: Oracle Linux 5 kernel security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 31 10:01:09 PDT 2012
Oracle Linux Security Advisory ELSA-2012-0690
https://rhn.redhat.com/errata/RHSA-2012-0690.html
The following updated rpms for Oracle Linux 5 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.el5.i386.rpm
kernel-xen-2.6.18-308.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.i686.rpm
x86_64:
kernel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.x86_64.rpm
ia64:
kernel-2.6.18-308.8.1.el5.ia64.rpm
kernel-debug-2.6.18-308.8.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.ia64.rpm
kernel-devel-2.6.18-308.8.1.el5.ia64.rpm
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm
kernel-headers-2.6.18-308.8.1.el5.ia64.rpm
kernel-xen-2.6.18-308.8.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.ia64.rpm
SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-2.6.18-308.8.1.el5.src.rpm
The following packages were rebuilt to be in sync with the updated
kernel version (no changes other than updating the version number):
i386:
oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.el5PAE-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.el5xen-2.0.5-1.el5.i686.rpm
oracleasm-2.6.18-308.8.1.el5debug-2.0.5-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5PAE-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5xen-1.4.9-1.el5.i686.rpm
ocfs2-2.6.18-308.8.1.el5debug-1.4.9-1.el5.i686.rpm
x86_64:
oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.1.el5xen-2.0.5-1.el5.x86_64.rpm
oracleasm-2.6.18-308.8.1.el5debug-2.0.5-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.el5xen-1.4.9-1.el5.x86_64.rpm
ocfs2-2.6.18-308.8.1.el5debug-1.4.9-1.el5.x86_64.rpm
ia64:
oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.1.el5xen-2.0.5-1.el5.ia64.rpm
oracleasm-2.6.18-308.8.1.el5debug-2.0.5-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.el5xen-1.4.9-1.el5.ia64.rpm
ocfs2-2.6.18-308.8.1.el5debug-1.4.9-1.el5.ia64.rpm
SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-308.8.1.el5-2.0.5-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-308.8.1.el5-1.4.9-1.el5.src.rpm
Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.
We recommend that all users of Oracle Linux 5 install these updates.
Users of Ksplice Uptrack can install these updates by running :
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
Description of changes:
* CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.
The length of packet fragments to be sent wasn't validated before use,
leading to heap overflow. A user having access to TUN/TAP virtual
device could use this flaw to crash the system or to potentially
escalate their privileges.
[2.6.18-308.8.1.el5]
- [net] sock: validate data_len before allocating skb in
sock_alloc_send_pskb() (Jason Wang) [816290 816106] {CVE-2012-2136}
- [net] tg3: Fix VLAN tagging assignments (John Feeney) [817691 797011]
- [net] ixgbe: do not stop stripping VLAN tags in promiscuous mode (Andy
Gospodarek) [809791 804800]
- [s390] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik
Brueckner) [810123 808489]
- [x86] unwind information fix for the vsyscall DSO (Prarit Bhargava)
[807930 805799]
[2.6.18-308.7.1.el5]
- [fs] epoll: Don't limit non-nested epoll paths (Jason Baron) [809380
804778]
[2.6.18-308.6.1.el5]
- [scsi] fc class: fix scanning when devs are offline (Mike Christie)
[816684 799530]
- [md] dm-multipath: delay retry of bypassed pg (Mike Christie) [816684
799530]
- [net] bonding: properly unset current_arp_slave on slave link up
(Veaceslav Falico) [811927 800575]
- [net] bonding: remove {master,vlan}_ip and query devices instead (Andy
Gospodarek) [810321 772216]
[2.6.18-308.5.1.el5]
- [scsi] skip sense logging for some ATA PASS-THROUGH cdbs (David
Milburn) [807265 788777]
More information about the El-errata
mailing list