[Oraclevm-errata] OVMSA-2012-0042 M: Oracle VM 3.1 kernel-uek security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon Oct 22 09:31:00 PDT 2012

Oracle VM Security Advisory OVMSA-2012-0042

The following updated rpms for Oracle VM 3.1 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Fix bug number for commit "cciss: Update HPSA_BOUNDARY" (Joe Jin)
   [Orabug: 14681166]

- cciss: Update HPSA_BOUNDARY. (Joe Jin) [Orabug: 14319765]

- KVM: introduce kvm_for_each_memslot macro (Maxim Uvarov) [Bugdb: 13966]
- dl2k: Clean up rio_ioctl (Jeff Mahoney) [Orabug: 14126896] {CVE-2012-2313}
- NFSv4: include bitmap in nfsv4 get acl data (Andy Adamson)  
- KVM: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [Bugdb: 13966]
- net: sock: validate data_len before allocating skb in 
   (Jason Wang) [Bugdb: 13966] {CVE-2012-2136}
- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race
   condition (Andrea Arcangeli) [Bugdb: 13966] {CVE-2012-2373}
- KVM: lock slots_lock around device assignment (Alex Williamson) [Bugdb:
   13966] {CVE-2012-2121}
- KVM: unmap pages from the iommu when slots are removed (Maxim Uvarov) 
   13966] {CVE-2012-2121}
- fcaps: clear the same personality flags as suid when fcaps are used (Eric
   Paris) [Bugdb: 13966] {CVE-2012-2123}
- tilegx: enable SYSCALL_WRAPPERS support (Chris Metcalf)  {CVE-2009-0029}
- drm/i915: fix integer overflow in i915_gem_do_execbuffer() (Xi Wang) 
   14107456] {CVE-2012-2384}
- drm/i915: fix integer overflow in i915_gem_execbuffer2() (Xi Wang) 
   14107445] {CVE-2012-2383}
- [dm] do not forward ioctls from logical volumes to the underlying 
device (Joe
   Jin)  {CVE-2011-4127}
- [block] fail SCSI passthrough ioctls on partition devices (Joe Jin)
- [block] add and use scsi_blk_cmd_ioctl (Joe Jin) [Orabug: 14056755]
- KVM: Ensure all vcpus are consistent with in-kernel irqchip settings (Avi
   Kivity) [Bugdb: 13871] {CVE-2012-1601}
- regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter 
- regset: Prevent null pointer reference on readonly regsets (H. Peter 
- cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton)
- mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode
   (Andrea Arcangeli)  {CVE-2012-1179}
- ext4: fix undefined behavior in ext4_fill_flex_info() (Xi Wang)

- ocfs2: clear unaligned io flag when dio fails (Junxiao Bi) [Orabug: 
- aio: make kiocb->private NUll in init_sync_kiocb() (Junxiao Bi) [Orabug:
- igb: Fix for Alt MAC Address feature on 82580 and later devices (Carolyn
   Wyborny) [Orabug: 14258706]
- igb: Alternate MAC Address Updates for Func2&3 (Akeem G. Abodunrin) 
- igb: Alternate MAC Address EEPROM Updates (Akeem G. Abodunrin) [Orabug:
- cciss: only enable cciss_allow_hpsa when for ol5 (Joe Jin) [Orabug: 
- Revert "cciss: remove controllers supported by hpsa" (Joe Jin) [Orabug:
- [scsi] hpsa: add all support devices for ol5 (Joe Jin) [Orabug: 14106006]
- Disable VLAN 0 tagging for none VLAN traffic (Adnan Misherfi) [Orabug:
- x86: Add Xen kexec control code size check to linker script (Daniel Kiper)
- drivers/xen: Export vmcoreinfo through sysfs (Daniel Kiper)
- x86/xen/enlighten: Add init and crash kexec/kdump hooks (Maxim Uvarov)
- x86/xen: Add kexec/kdump makefile rules (Daniel Kiper)
- x86/xen: Add x86_64 kexec/kdump implementation (Daniel Kiper)
- x86/xen: Add placeholder for i386 kexec/kdump implementation (Daniel 
- x86/xen: Register resources required by kexec-tools (Daniel Kiper)
- x86/xen: Introduce architecture dependent data for kexec/kdump (Daniel 
- xen: Introduce architecture independent data for kexec/kdump (Daniel 
- x86/kexec: Add extra pointers to transition page table PGD, PUD, PMD 
and PTE
   (Daniel Kiper)
- kexec: introduce kexec_ops struct (Daniel Kiper)

- SPEC: replace DEFAULTKERNEL from kernel-ovs to kernel-uek

More information about the Oraclevm-errata mailing list