[El-errata] ELSA-2007-0347 Important: Enterprise Linux 5 kernel security and bug fix update

[el-errata at oss.oracle.com]

Enterprise Linux Security Advisory ELSA-2007-0347

https://rhn.redhat.com/errata/RHSA-2007-0347.html

The following updated rpms for Enterprise Linux 5 have been uploaded to 
the Unbreakable Linux Network:

i386:
kernel-2.6.18-8.1.4.0.1.el5.i686.rpm
kernel-PAE-2.6.18-8.1.4.0.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-8.1.4.0.1.el5.i686.rpm
kernel-devel-2.6.18-8.1.4.0.1.el5.i686.rpm
kernel-doc-2.6.18-8.1.4.0.1.el5.noarch.rpm
kernel-headers-2.6.18-8.1.4.0.1.el5.i386.rpm
kernel-xen-2.6.18-8.1.4.0.1.el5.i686.rpm
kernel-xen-devel-2.6.18-8.1.4.0.1.el5.i686.rpm

x86_64:
kernel-2.6.18-8.1.4.0.1.el5.x86_64.rpm
kernel-devel-2.6.18-8.1.4.0.1.el5.x86_64.rpm
kernel-doc-2.6.18-8.1.4.0.1.el5.noarch.rpm
kernel-headers-2.6.18-8.1.4.0.1.el5.x86_64.rpm
kernel-xen-2.6.18-8.1.4.0.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-8.1.4.0.1.el5.x86_64.rpm


SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/kernel-2.6.18-8.1.4.0.1.el5.src.rpm

The following packages were rebuilt to be in sync with the updated kernel version (no changes other than updating the version number):

i386:
oracleasm-2.6.18-8.1.4.0.1.el5-2.0.4-1.el5.i686.rpm
oracleasm-2.6.18-8.1.4.0.1.el5PAE-2.0.4-1.el5.i686.rpm
oracleasm-2.6.18-8.1.4.0.1.el5xen-2.0.4-1.el5.i686.rpm
ocfs2-2.6.18-8.1.4.0.1.el5-1.2.6-1.el5.i686.rpm
ocfs2-2.6.18-8.1.4.0.1.el5PAE-1.2.6-1.el5.i686.rpm
ocfs2-2.6.18-8.1.4.0.1.el5xen-1.2.6-1.el5.i686.rpm


x86_64:
oracleasm-2.6.18-8.1.4.0.1.el5-2.0.4-1.el5.x86_64.rpm
oracleasm-2.6.18-8.1.4.0.1.el5xen-2.0.4-1.el5.x86_64.rpm
ocfs2-2.6.18-8.1.4.0.1.el5-1.2.6-1.el5.x86_64.rpm
ocfs2-2.6.18-8.1.4.0.1.el5xen-1.2.6-1.el5.x86_64.rpm



SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-8.1.4.0.1.el5-2.0.4-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-8.1.4.0.1.el5-1.2.6-1.el5.src.rpm


Description of changes:

[2.6.18-8.1.4.0.1.el5]
-Fix bonding primary=ethX so it picks correct network (Bert Barbe) [IT 
101532] [ORA 5136660]
-Add entropy module option to e1000 (John Sobecki) [ORA 6045759]
-Add entropy module option to bnx2 (John Sobecki) [ORA 6045759]

[2.6.18.8.1.4.el5]
- [ipv6] Fix routing regression. (David S. Miller ) [238046]
- [mm] Gdb does not accurately output the backtrace. (Dave Anderson ) 
[235511]
- [NMI] change watchdog timeout to 30 seconds (Larry Woodman ) [237655]
- [dlm] fix mode munging (David Teigland ) [238731]
- [net] kernel-headers: missing include of types.h (Neil Horman ) [238749]
- [net] fib_semantics.c out of bounds check (Thomas Graf ) [238948] 
{CVE-2007-2172}
- [net] disallow RH0 by default (Thomas Graf ) [238949] {CVE-2007-2242}
- [net] Fix user OOPS'able bug in FIB netlink (David S. Miller ) 
[238960] {CVE-2007-1861}
- [net] IPv6 fragments bypass in nf_conntrack netfilter code (Thomas 
Graf ) [238947] {CVE-2007-1497}
- [net] ipv6_fl_socklist is inadvertently shared (David S. Miller ) 
[238944] {CVE-2007-1592}
- [net] Various NULL pointer dereferences in netfilter code (Thomas Graf 
) [238946] {CVE-2007-1496}

[2.6.18-8.1.3.el5]
- [s390] page_mkclean causes data corruption on s390 (Jan Glauber ) [236605]

[2.6.18-8.1.2.el5]
- [utrace] exploit and unkillable cpu fixes (Roland McGrath ) [228816] 
(CVE-2007-0771)
- [net] IPV6 security holes in ipv6_sockglue.c - 2 (David S. Miller ) 
[232257] {CVE-2007-1000}
- [net] IPV6 security holes in ipv6_sockglue.c (David S. Miller ) 
[232255] {CVE-2007-1388}
- [audit] GFP_KERNEL allocations in non-blocking context fix (Alexander 
Viro ) [233157]

[2.6.18-8.1.1.el5]
- [cpufreq] Remove __initdata from tscsync (Prarit Bhargava ) [229887]
- [security] Fix key serial number collision problem (David Howells ) 
[229883] {CVE-2007-0006}
- [fs] Don't core dump read-only binarys (Don Howard ) [229885] 
{CVE-2007-0958}
- [xen] Enable booting on machines with > 64G (Chris Lalancette) [230117]
- Fix potential buffer overflow in cardman 4040 cmx driver (Don Howard) 
[229884] {CVE-2007-0005}