[El-errata] ELSA-2013-2520 Important: Oracle Linux 5 Unbreakable Enterprise kernel Security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Apr 25 07:59:30 PDT 2013


Oracle Linux Security Advisory ELSA-2013-2520

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-uek-2.6.32-400.26.2.el5uek.i686.rpm
kernel-uek-debug-2.6.32-400.26.2.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.32-400.26.2.el5uek.i686.rpm
kernel-uek-headers-2.6.32-400.26.2.el5uek.i686.rpm
kernel-uek-devel-2.6.32-400.26.2.el5uek.i686.rpm
kernel-uek-doc-2.6.32-400.26.2.el5uek.noarch.rpm
kernel-uek-firmware-2.6.32-400.26.2.el5uek.noarch.rpm
ofa-2.6.32-400.26.2.el5uek-1.5.1-4.0.58.i686.rpm
ofa-2.6.32-400.26.2.el5uekdebug-1.5.1-4.0.58.i686.rpm
mlnx_en-2.6.32-400.26.2.el5uek-1.5.7-2.i686.rpm
mlnx_en-2.6.32-400.26.2.el5uekdebug-1.5.7-2.i686.rpm

x86_64:
kernel-uek-firmware-2.6.32-400.26.2.el5uek.noarch.rpm
kernel-uek-doc-2.6.32-400.26.2.el5uek.noarch.rpm
kernel-uek-2.6.32-400.26.2.el5uek.x86_64.rpm
kernel-uek-headers-2.6.32-400.26.2.el5uek.x86_64.rpm
kernel-uek-devel-2.6.32-400.26.2.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.32-400.26.2.el5uek.x86_64.rpm
kernel-uek-debug-2.6.32-400.26.2.el5uek.x86_64.rpm
ofa-2.6.32-400.26.2.el5uek-1.5.1-4.0.58.x86_64.rpm
ofa-2.6.32-400.26.2.el5uekdebug-1.5.1-4.0.58.x86_64.rpm
mlnx_en-2.6.32-400.26.2.el5uek-1.5.7-2.x86_64.rpm
mlnx_en-2.6.32-400.26.2.el5uekdebug-1.5.7-2.x86_64.rpm

ia64:


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-uek-2.6.32-400.26.2.el5uek.src.rpm
http://oss.oracle.com/ol5/SRPMS-updates/ofa-2.6.32-400.26.2.el5uek-1.5.1-4.0.58.src.rpm
http://oss.oracle.com/ol5/SRPMS-updates/mlnx_en-2.6.32-400.26.2.el5uek-1.5.7-2.src.rpm



Description of changes:

kernel-uek
[2.6.32-400.26.2.el5uek]
- mm/hotplug: correctly add new zone to all other nodes' zone lists 
(Jiang Liu) [Orabug: 16603569] {CVE-2012-5517}
- ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg 
Nesterov) [Orabug: 16405868] {CVE-2013-0871}
- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL 
(Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}
- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() 
(Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}
- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson 
Lizardo) [Orabug: 16711062] {CVE-2013-0349}
- dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 
16711040] {CVE-2013-1827}
- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) 
[Orabug: 16425435] {CVE-2013-1774}
- keys: fix race with concurrent install_user_keyrings() (David Howells) 
[Orabug: 16493369] {CVE-2013-1792}
- KVM: Fix bounds checking in ioapic indirect register reads 
(CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798}
- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME 
(CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796}
- net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 
16675501] {CVE-2012-6547}
- atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 
16675501] {CVE-2012-6546}
- atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 
16675501] {CVE-2012-6546}
- xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) 
[Orabug: 16675501] {CVE-2012-6537}
- xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) 
[Orabug: 16675501] {CVE-2012-6537}
- xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) 
[Orabug: 16675501] {CVE-2013-6537}
- xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) 
[Orabug: 16675501] {CVE-2013-1826}
- xfrm_user: return error pointer instead of NULL (Mathias Krause) 
[Orabug: 16675501] {CVE-2013-1826}




More information about the El-errata mailing list