ELSA-2011-0007

ELSA-2011-0007 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2011-02-12

Description



[2.6.32-71.14.1.0.1.el6]
- replace Red Hat with Oracle in files genkey and kernel.spec

[2.6.32-71.14.1.el6]
- [kvm] x86: zero kvm_vcpu_events->interrupt.pad (Marcelo Tosatti) [665471 665409] {CVE-2010-4525}

[2.6.32-71.13.1.el6]
email_6.RHSA-2011-0007 178L, 11970C written
- [scsi] lpfc: Fixed crashes for NULL pnode dereference (Rob Evers) [660589 635733]

[2.6.32-71.12.1.el6]
- [netdrv] igb: only use vlan_gro_receive if vlans are registered (Stefan Assmann) [652804 660192] {CVE-2010-4263}
- [net] core: neighbour update Oops (Jiri Pirko) [660591 658518]
- [scsi] lpfc: Set heartbeat timer off by default (Rob Evers) [660244 655935]
- [scsi] lpfc: Fixed crashes for BUG_ONs hit in the lpfc_abort_handler (Rob Evers) [659611 645882]

[2.6.32-71.11.1.el6]
- [kernel] posix-cpu-timers: workaround to suppress the problems with mt exec (Oleg Nesterov) [656267 656268] {CVE-2010-4248}
- [fs] bio: take care not overflow page count when mapping/copying user data (Danny Feng) [652530 652531] {CVE-2010-4162}
- [net] can-bcm: fix minor heap overflow (Danny Feng) [651846 651847] {CVE-2010-3874}
- [net] filter: make sure filters dont read uninitialized memory (Jiri Pirko) [651704 651705] {CVE-2010-4158}
- [net] inet_diag: Make sure we actually run the same bytecode we audited (Jiri Pirko) [651268 651269] {CVE-2010-3880}
- [v4l] ivtvfb: prevent reading uninitialized stack memory (Mauro Carvalho Chehab) [648832 648833] {CVE-2010-4079}
- [drm] via/ioctl.c: prevent reading uninitialized stack memory (Dave Airlie) [648718 648719] {CVE-2010-4082}
- [char] nozomi: clear data before returning to userspace on TIOCGICOUNT (Mauro Carvalho Chehab) [648705 648706] {CVE-2010-4077}
- [serial] clean data before filling it on TIOCGICOUNT (Mauro Carvalho Chehab) [648702 648703] {CVE-2010-4075}
- [net] af_unix: limit unix_tot_inflight (Neil Horman) [656761 656762] {CVE-2010-4249}
- [block] check for proper length of iov entries in blk_rq_map_user_iov() (Danny Feng) [652958 652959] {CVE-2010-4163}
- [net] Limit sendto()/recvfrom()/iovec total length to INT_MAX (Jiri Pirko) [651894 651895] {CVE-2010-4160}
- [netdrv] mlx4: Add OFED-1.5.2 patch to increase log_mtts_per_seg (Jay Fenlason) [643815 637284]
- [kernel] kbuild: fix external module compiling (Aristeu Rozanski) [658879 655231]
- [net] bluetooth: Fix missing NULL check (Jarod Wilson) [655667 655668] {CVE-2010-4242}
- [kernel] ipc: initialize structure memory to zero for compat functions (Danny Feng) [648694 648695] {CVE-2010-4073}
- [kernel] shm: fix information leak to userland (Danny Feng) [648688 648689] {CVE-2010-4072}
- [md] dm: remove extra locking when changing device size (Mike Snitzer) [653900 644380]
- [block] read i_size with i_size_read() (Mike Snitzer) [653900 644380]
- [kbuild] don't sign out-of-tree modules (Aristeu Rozanski) [655122 653507]

[2.6.32-71.10.1.el6]
- [fs] xfs: prevent reading uninitialized stack memory (Dave Chinner) [630808 630809] {CVE-2010-3078}
- [net] fix rds_iovec page count overflow (Jiri Pirko) [647423 647424] {CVE-2010-3865}
- [scsi] Fix megaraid_sas driver SLAB memory leak detected with CONFIG_DEBUG_SLAB (Shyam Iyer) [649436 633836]
- [usb] serial/mos*: prevent reading uninitialized stack memory (Don Zickus) [648697 648698] {CVE-2010-4074}
- [kernel] ecryptfs_uid_hash() buffer overflow (Jerome Marchand) [626320 611388] {CVE-2010-2492}
- [sound] seq/oss - Fix double-free at error path of snd_seq_oss_open() (Jaroslav Kysela) [630554 630555] {CVE-2010-3080}
- [virt] virtio-net: init link state correctly (Jason Wang) [653340 646369]
- [netdrv] prevent reading uninitialized memory in hso driver (Thomas Graf) [633143 633144] {CVE-2010-3298}

[2.6.32-71.9.1.el6]
- [fs] Do not mix FMODE_ and O_ flags with break_lease() and may_open() (Harshula Jayasuriya) [648408 642677]
- [fs] aio: check for multiplication overflow in do_io_submit (Jeff Moyer) [629450 629451] {CVE-2010-3067}
- [net] fix info leak from kernel in ethtool operation (Neil Horman) [646727 646728] {CVE-2010-3861}
- [net] packet: fix information leak to userland (Jiri Pirko) [649899 649900] {CVE-2010-3876}
- [net] clean up info leak in act_police (Neil Horman) [636393 636394] {CVE-2010-3477}
- [mm] Prevent Out Of Memory when changing cpuset's mems on NUMA (Larry Woodman) [651996 597127]

[2.6.32-71.8.1.el6]
- [mm] remove false positive THP pmd_present BUG_ON (Andrea Arcangeli) [647391 646384]

[2.6.32-71.7.1.el6]
- [drm] ttm: fix regression introduced in dfb4a4250168008c5ac61e90ab2b86f074a83a6c (Dave Airlie) [646994 644896]

[2.6.32-71.6.1.el6]
- [block] fix a potential oops for callers of elevator_change (Jeff Moyer) [644926 641408]

[2.6.32-71.5.1.el6]
- [security] IMA: require command line option to enabled (Eric Paris) [644636 643667]
- [net] Fix priv escalation in rds protocol (Neil Horman) [642899 642900] {CVE-2010-3904}
- [v4l] Remove compat code for VIDIOCSMICROCODE (Mauro Carvalho Chehab) [642472 642473] {CVE-2010-2963}
- [kernel] tracing: do not allow llseek to set_ftrace_filter (Jiri Olsa) [631625 631626] {CVE-2010-3079}
- [virt] xen: hold mm->page_table_lock in vmalloc_sync (Andrew Jones) [644038 643371]
- [fs] xfs: properly account for reclaimed inodes (Dave Chinner) [642680 641764]
- [drm] fix ioctls infoleak (Danny Feng) [626319 621437] {CVE-2010-2803}
- [netdrv] wireless extensions: fix kernel heap content leak (John Linville) [628437 628438] {CVE-2010-2955}
- [netdrv] niu: buffer overflow for ETHTOOL_GRXCLSRLALL (Danny Feng) [632071 632072] {CVE-2010-3084}
- [mm] add debug checks for mapcount related invariants (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] move VM_BUG_ON inside the page_table_lock of zap_huge_pmd (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] compaction: handle active and inactive fairly in too_many_isolated (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] start_khugepaged after setting transparent_hugepage_flags (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] fix hibernate memory corruption (Andrea Arcangeli) [644037 642570]
- [mm] ksmd wait_event_freezable (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] khugepaged wait_event_freezable (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] unlink_anon_vmas in __split_vma in case of error (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] fix memleak in copy_huge_pmd (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] fix hang on anon_vma->root->lock (Andrea Arcangeli) [642679 622327 644037 642570]
- [mm] avoid breaking huge pmd invariants in case of vma_adjust failures (Andrea Arcangeli) [642679 622327 644037 642570]

[2.6.32-71.4.1.el6]
- [scsi] fcoe: set default FIP mode as FIP_MODE_FABRIC (Mike Christie) [641457 636233]
- [virt] KVM: Fix fs/gs reload oops with invalid ldt (Avi Kivity) [639884 639885] {CVE-2010-3698}
- [drm] i915: prevent arbitrary kernel memory write (Jerome Marchand) [637690 637691] {CVE-2010-2962}
- [scsi] libfc: adds flogi retry in case DID is zero in RJT (Mike Christie) [641456 633907]
- [kernel] prevent heap corruption in snd_ctl_new() (Jerome Marchand) [638485 638486] {CVE-2010-3442}
- [scsi] lpfc: lpfc driver oops during rhel6 installation with snapshot 12/13 and emulex FC (Rob Evers) [641907 634703]
- [fs] ext4: Always journal quota file modifications (Eric Sandeen) [641454 624909]
- [mm] fix split_huge_page error like mapcount 3 page_mapcount 2 (Andrea Arcangeli) [641258 640611]
- [block] Fix pktcdvd ioctl dev_minor range check (Jerome Marchand) [638088 638089] {CVE-2010-3437}
- [drm] ttm: Fix two race conditions + fix busy codepaths (Dave Airlie) [642045 640871]
- [drm] Prune GEM vma entries (Dave Airlie) [642043 640870]
- [virt] ksm: fix bad user data when swapping (Andrea Arcangeli) [641459 640579]
- [virt] ksm: fix page_address_in_vma anon_vma oops (Andrea Arcangeli) [641460 640576]
- [net] sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (Jiri Pirko) [640461 640462] {CVE-2010-3705}
- [mm] Move vma_stack_continue into mm.h (Mike Snitzer) [641483 638525]
- [net] sctp: Do not reset the packet during sctp_packet_config() (Jiri Pirko) [637681 637682] {CVE-2010-3432}
- [mm] vmstat incorrectly reports disk IO as swap in (Steve Best) [641458 636978]
- [scsi] fcoe: Fix NPIV (Neil Horman) [641455 631246]

[2.6.32-71.3.1.el6]
- [block] prevent merges of discard and write requests (Mike Snitzer) [639412 637805]
- [drm] nouveau: correct INIT_DP_CONDITION subcondition 5 (Ben Skeggs) [638973 636678]
- [drm] nouveau: enable enhanced framing only if DP display supports it (Ben Skeggs) [638973 636678]
- [drm] nouveau: fix required mode bandwidth calculation for DP (Ben Skeggs) [638973 636678]
- [drm] nouveau: disable hotplug detect around DP link training (Ben Skeggs) [638973 636678]
- [drm] nouveau: set DP display power state during DPMS (Ben Skeggs) [638973 636678]
- [mm] remove madvise from possible /sys/kernel/mm/redhat_transparent_hugepage/enabled options (Larry Woodman) [636116 634500]
- [netdrv] cxgb3: don't flush the workqueue if we are called from the workqueue (Doug Ledford) [634973 631547]
- [netdrv] cxgb3: deal with fatal parity error status in interrupt handler (Doug Ledford) [634973 631547]
- [netdrv] cxgb3: now that we define fatal parity errors, make sure they are cleared (Doug Ledford) [634973 631547]
- [netdrv] cxgb3: Add define for fatal parity error bit manipulation (Doug Ledford) [634973 631547]
- [virt] Emulate MSR_EBC_FREQUENCY_ID (Jes Sorensen) [633966 629836]
- [virt] Define MSR_EBC_FREQUENCY_ID (Jes Sorensen) [633966 629836]
- [kernel] initramfs: Fix initramfs size calculation (Hendrik Brueckner) [637087 626956]
- [kernel] initramfs: Generalize initramfs_data.xxx.S variants (Hendrik Brueckner) [637087 626956]
- [drm] radeon/kms: fix sideport detection on newer rs880 boards (Dave Airlie) [634984 626454]
- [block] switch s390 tape_block and mg_disk to elevator_change() (Mike Snitzer) [633864 632631]
- [block] add function call to switch the IO scheduler from a driver (Mike Snitzer) [633864 632631]

[2.6.32-71.2.1.el6]
- [misc] make compat_alloc_user_space() incorporate the access_ok() (Xiaotian Feng) [634465 634466] {CVE-2010-3081}
- [x86] kernel: fix IA32 System Call Entry Point Vulnerability (Xiaotian Feng) [634451 634452] {CVE-2010-3301}

[2.6.32-71.1.1.el6]
- [security] Make kernel panic in FIPS mode if modsign check fails (David Howells) [633865 625914]
- [virt] Guests on AMD with CPU type 6 and model >= 8 trigger errata read of MSR_K7_CLK_CTL (Jes Sorensen) [632292 629066]
- [x86] UV: use virtual efi on SGI systems (George Beshers) [633964 627653]


Related CVEs


CVE-2010-2492
CVE-2010-2803
CVE-2010-2955
CVE-2010-2962
CVE-2010-3067
CVE-2010-3078
CVE-2010-3079
CVE-2010-3080
CVE-2010-3081
CVE-2010-3084
CVE-2010-3298
CVE-2010-3301
CVE-2010-3432
CVE-2010-3437
CVE-2010-3442
CVE-2010-3477
CVE-2010-3698
CVE-2010-3705
CVE-2010-3861
CVE-2010-3865
CVE-2010-3874
CVE-2010-3876
CVE-2010-3880
CVE-2010-3904
CVE-2010-4072
CVE-2010-4073
CVE-2010-4074
CVE-2010-4075
CVE-2010-4077
CVE-2010-4079
CVE-2010-4080
CVE-2010-4081
CVE-2010-4082
CVE-2010-4083
CVE-2010-4158
CVE-2010-4160
CVE-2010-4162
CVE-2010-4163
CVE-2010-4242
CVE-2010-4248
CVE-2010-4249
CVE-2010-4263
CVE-2010-4525
CVE-2010-4668

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) kernel-2.6.32-71.14.1.el6.src.rpmcd66d051025535222f94f50536aa0447ELSA-2021-9212
kernel-2.6.32-71.14.1.el6.i686.rpme74f05b1a7dc4a67ba37846b45148c68ELSA-2021-9212
kernel-debug-2.6.32-71.14.1.el6.i686.rpm28bc41aa7811a84d2e1cddf826fb0681ELSA-2021-9212
kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm9f608f262d5bc8a3b6f9a88784c05d02ELSA-2021-9212
kernel-devel-2.6.32-71.14.1.el6.i686.rpm9f56692a7e1a6ecad8d111a3c89f1766ELSA-2021-9212
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm321b6244885814299545a38e49c94da2ELSA-2021-9212
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm203f8181c4d8ff3d65018d8cd34dc85dELSA-2021-9212
kernel-headers-2.6.32-71.14.1.el6.i686.rpm9caeed04b9e8bbed8da430c60f4b929eELSA-2021-9212
perf-2.6.32-71.14.1.el6.noarch.rpme0e5bc978b5da1eaa73cfc03bbb92833ELSA-2021-9212
Oracle Linux 6 (x86_64) kernel-2.6.32-71.14.1.el6.src.rpmcd66d051025535222f94f50536aa0447ELSA-2021-9212
kernel-2.6.32-71.14.1.el6.x86_64.rpmfa8ca811a78b385b70b8310a4c77e973ELSA-2021-9212
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpme83f2ea97a025f38d118dcdbf95a964bELSA-2021-9212
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm8fa1cbd500e64f898fb6a930c47dd8feELSA-2021-9212
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpme80ae84d1d0f95f1201d0ef7fadfdea5ELSA-2021-9212
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm321b6244885814299545a38e49c94da2ELSA-2021-9212
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm203f8181c4d8ff3d65018d8cd34dc85dELSA-2021-9212
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm1f5729cb5ade96811b16384128fe45f2ELSA-2021-9212
perf-2.6.32-71.14.1.el6.noarch.rpme0e5bc978b5da1eaa73cfc03bbb92833ELSA-2021-9212



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete