ELSA-2013-2546
- ULN >
- Oracle Linux Errata repository >
- ELSA-2013-2546
ELSA-2013-2546 - Unbreakable Enterprise Kernel security and bug fix update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2013-09-16 |
Description
[2.6.39-400.209.1]
- Revert 'stop mig handler when lockres in progress ,and return -EAGAIN' (Srinivas Eeda) [Orabug: 16924802]
- ocfs2/dlm: Fix list traversal in dlm_process_recovery_data (Srinivas Eeda) [Orabug: 17432400]
- ocfs2/dlm: ocfs2 dlm umount skip migrating lockres (Srinivas Eeda) [Orabug: 16859627]
[2.6.39-400.208.1]
- Btrfs: make the chunk allocator completely tree lockless (Josef Bacik) [Orabug: 17334251]
- mpt2sas: protect mpt2sas_ioc_list access with lock (Jerry Snitselaar) [Orabug: 17383579]
- mptsas: update to 4.28.20.02 (Jerry Snitselaar) [Orabug: 17294806]
- RDS: protocol negotiation fails during reconnect (Bang Nguyen) [Orabug: 17375389]
- config:remove LM80 modules to void blindly loading cause crash (ethan.zhao) [Orabug: 16976462]
[2.6.39-400.207.0]
- Update lpfc version for 8.3.7.26.3p driver release (Gairy Grannum) [Orabug: 17340816]
- lpfc 8.3.36: Update DIF support for passthru/strip/insert (James Smart) [Orabug: 17340816]
- Update lpfc version for 8.3.7.26.1p driver release (Gairy Grannum) [Orabug: 17376967]
- lpfc: whitespace fix (Vaios Papadimitriou) [Orabug: 17376967]
- Update copyrights for 8.3.41 modifications (James Smart) [Orabug: 17376967]
- Add first burst support to driver (James Smart) [Orabug: 17376967]
- Fixed the format of some log message fields (James Smart) [Orabug: 17376967]
- Add first burst support to driver (James Smart) [Orabug: 17376967]
- Fixed not able to perform PCI function reset when board was not in online mode (James Smart) [Orabug: 17376967]
- Fixed failure in setting SLI3 board mode (James Smart) [Orabug: 17376967]
- Fixed SLI3 failing FCP write on check-condition no-sense with residual zero (James Smart) [Orabug: 17376967]
- Fixed support for 128 byte WQEs (James Smart) [Orabug: 17376967]
- Ensure driver properly zeros unused fields in SLI4 mailbox commands (James Smart) [Orabug: 17376967]
- Fixed max value of lpfc_lun_queue_depth (James Smart) [Orabug: 17376967]
- Fixed Receive Queue varied frame size handling (James Smart) [Orabug: 17376967]
- Fix mailbox byteswap issue on PPC (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Update Copyrights to 2013 for 8.3.38, 8.3.39, and 8.3.40 modifications (James Smart) [Orabug: 17376967]
- Fixed freeing of iocb when internal loopback times out (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed a race condition between SLI host and port failed FCF rediscovery (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed issue mailbox wait routine failed to issue dump memory mbox command (James Smart) [Orabug: 17376967]
- treewide: Fix typos in kernel messages (Masanari Iida) [Orabug: 17376967]
- lpfc 8.3.40: Fixed system panic due to unsafe walking and deleting linked list (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed FCoE connection list vlan identifier and add FCF list debug (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Clarified the behavior of the lpfc_max_luns module parameter (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fix to allow OCM to report FEC status (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed a missing return code in a logging message (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed some logging message fields (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed list corruption when lpfc_drain_tx runs (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fix inconsistent list removal causes crash (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed system panic during handling unsolicited receive buffer error condition (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fixed crash during FCoE failover testing. (James Smart) [Orabug: 17376967]
- lpfc 8.3.40: Fix lpfc_used_cpu to be more dynamic (James Smart) [Orabug: 17376967]
- sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17371930] {CVE-2013-2206}
- Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371037] {CVE-2012-6544}
- Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370887] {CVE-2012-6544}
- Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371061] {CVE-2012-6544}
- sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371114] {CVE-2013-2206}
- af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370761] {CVE-2013-2237}
- dm: allow error target to replace either bio-based and request-based targets (Joe Jin) [Orabug: 17357884]
- Btrfs: handle a bogus chunk tree nicely (Josef Bacik) [Orabug: 17361069]
- OFED: Move R2 field to bottom of mlx4_caps for backward compatibility (Yuval Shaia) [Orabug: 17303785]
- RDS: double free rdma_cm_id (Bang Nguyen) [Orabug: 17192816]
- xen: initialize xen panic handler for PVHVM (Vaughan Cao) [Orabug: 17200031]
- sg: push file descriptor list locking down to per-device locking (Vaughan Cao) [Orabug: 16835013]
- sg: checking sdp->detached isnt protected when open (Vaughan Cao) [Orabug: 16835013]
- sg: no need sg_open_exclusive_lock (Vaughan Cao) [Orabug: 16835013]
- sg: use rwsem to solve race during exclusive open (Vaughan Cao) [Orabug: 16835013]
- sg: remove sg_mutex (Jorn Engel) [Orabug: 16835013]
- sg: completely protect sfds (Jorn Engel) [Orabug: 16835013]
- sg: protect sdp->exclude (Jorn Engel) [Orabug: 16835013]
- sg: prevent unwoken sleep (Jorn Engel) [Orabug: 16835013]
- sg: remove closed flag (Jorn Engel) [Orabug: 16835013]
- sg: use wait_event_interruptible() (Jorn Engel) [Orabug: 16835013]
- sg: remove while (1) non-loop (Jorn Engel) [Orabug: 16835013]
- sg: remove unnecessary indentation (Jorn Engel) [Orabug: 16835013]
- RDS: ActiveBonding IP exclusion filter (Bang Nguyen) [Orabug: 17075950]
- RDS: Reconnect stalls for 15s (Bang Nguyen) [Orabug: 17277974]
- sk_buff: fix kabi broken for add new for union (Joe Jin) [Orabug: 14500568]
- tcp: fix skb_availroom() (Eric Dumazet) [Orabug: 14500568]
- tcp: avoid order-1 allocations on wifi and tx path (Eric Dumazet) [Orabug: 14500568]
- tcp: Reallocate headroom if it would overflow csum_start (Thomas Graf) [Orabug: 14500568]
- tcp: take care of misalignments (Eric Dumazet) [Orabug: 14500568]
- RDS: Reconnect causes panic at completion phase (Bang Nguyen) [Orabug: 17213597]
- RDS: added stats to track and display receive side memory usage (Venkat Venkatsubra) [Orabug: 17045536]
- RDS: RDS reconnect stalls (Bang Nguyen) [Orabug: 1731355]
- ext4: fix race between sync and completed io work (Jeff Moyer) [Orabug: 16908825]
- ext4: optimize locking for end_io extent conversion (Theodore Tso) [Orabug: 16908825]
- ext4: remove unnecessary call to waitqueue_active() (Theodore Tso) [Orabug: 16908825]
- ext4: Use correct locking for ext4_end_io_nolock() (Tao Ma) [Orabug: 16908825]
- xen/pci: Track PVHVM PIRQs. (Zhenzhong Duan) [Orabug: 16908825]
- ocfs2_prep_new_orphaned_file return ret (Xiaowei.Hu) [Orabug: 16823825]
- Revert 'Btrfs: remove ->dirty_inode' (Guangyu Sun) [Orabug: 16841843]
- bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16750157]
- net: fix incorrect credentials passing (Linus Torvalds) [Orabug: 16836975] {CVE-2013-1979}
- tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16836958] {CVE-2013-1929}
- USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16836943] {CVE-2013-1860}
- ext3: Fix format string issues (Lars-Peter Clausen) [Orabug: 16836934] {CVE-2013-1848}
- cnic: dont use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16780307]
- Revert 'drm/i915: correctly order the ring init sequence' (Guangyu Sun) [Orabug: 16486689]
- x86/boot-image: Dont leak phdrs in arch/x86/boot/compressed/misc.c::Parse_elf() (Jesper Juhl) [Orabug: 16833437]
- spec: add /boot/vmlinuz*.hmac needed for fips mode (John Haxby) [Orabug: 16807114]
- perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094}
- spec: ol6 add multipath version deps (Maxim Uvarov) [Orabug: 16763586]
[2.6.39-400.206.0]
- ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (Hannes Frederic Sowa) [Orabug: 17296421] {CVE-2013-4163}
- fib_trie: potential out of bounds access in trie_show_stats() (Jerry Snitselaar) [Orabug: 16840280]
- aacraid: update from 1.1-7 to 1.2-0 (Jerry Snitselaar) [Orabug: 17296044]
- qlcnic: update from 5.2.29.45 to 5.2.43 (Jerry Snitselaar) [Orabug: 17267102]
- net: init perm_addr in register_netdevice() (Jiri Pirko) [Orabug: 17280581]
- config: disable THP for OL6 builds (Jerry Snitselaar) [Orabug: 17279055]
- ACPI / memhotplug: Fix a stale pointer in error path (Toshi Kani) [Orabug: 17271787]
- xhci: Avoid NULL pointer deref when host dies. (Sarah Sharp) [Orabug: 17271780]
- xhci: fix null pointer dereference on ring_doorbell_for_active_rings (Oleksij Rempel) [Orabug: 17271777]
- SCSI: sd: fix crash when UA received on DIF enabled device (Ewan D. Milne) [Orabug: 17271761]
- hrtimers: Move SMP function call to thread context (Thomas Gleixner) [Orabug: 17237808]
- lockd: protect nlm_blocked access in nlmsvc_retry_blocked (David Jeffery) [Orabug: 17237800]
- SCSI: megaraid_sas: fix memory leak if SGL has zero length entries (Bj?rn Mork) [Orabug: 17237796]
- vlan: fix a race in egress prio management (Eric Dumazet) [Orabug: 17237794]
- ifb: fix oops when loading the ifb failed (dingtianhong) [Orabug: 17237783]
- dummy: fix oops when loading the dummy failed (dingtianhong) [Orabug: 17237779]
- ifb: fix rcu_sched self-detected stalls (dingtianhong) [Orabug: 17237770]
- ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17237766]
- ipv6,mcast: always hold idev->lock before mca_lock (Amerigo Wang) [Orabug: 17237756]
- af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17237752] {CVE-2013-2234}
- perf: Fix perf_lock_task_context() vs RCU (Peter Zijlstra) [Orabug: 17237744]
- perf: Remove WARN_ON_ONCE() check in __perf_event_enable() for valid scenario (Jiri Olsa) [Orabug: 17237744]
- perf: Clone child context from parent context pmu (Jiri Olsa) [Orabug: 17237744]
- tracing: Use current_uid() for critical time tracing (Steven Rostedt (Red Hat)) [Orabug: 17237735]
- ext4: fix overflow when counting used blocks on 32-bit architectures (Jan Kara) [Orabug: 17231269]
- ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs (Jan Kara) [Orabug: 17231264]
- xhci: check for failed dma pool allocation (Mathias Nyman) [Orabug: 17231247]
- crypto: sanitize argument for format string (Kees Cook)
- drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17230700] {CVE-2013-2164}
- pch_uart: fix a deadlock when pch_uart as console (Liang Li) [Orabug: 17061700]
- UBIFS: fix a horrid bug (Artem Bityutskiy) [Orabug: 17061699]
- UBIFS: prepare to fix a horrid bug (Artem Bityutskiy) [Orabug: 17061697]
- dlci: validate the net device in dlci_del() (Zefan Li) [Orabug: 17061696]
- dlci: acquire rtnl_lock before calling __dev_get_by_name() (Zefan Li) [Orabug: 17061695]
- Bluetooth: Fix crash in l2cap_build_cmd() with small MTU (Anderson Lizardo) [Orabug: 17061694]
- fnic driver update from 1.5.0.41 to 1.5.0.45 (Maxim Uvarov) [Orabug: 17187644]
- mpt3sas: update from v02.100.00.00 to v3.00.00.00 (Sreekanth Reddy) [Orabug: 17249188]
- mpt3sas: enable build of mpt3sas driver (Jerry Snitselaar) [Orabug: 17187698]
- mpt3sas: Updated driver code to have a compatibility with UEK r2 u5 kernel (Sreekanth Reddy) [Orabug: 17187698]
- mpt3sas: Bump driver version to v02.100.00.00 (Sreekanth Reddy) [Orabug: 17187698]
- mpt3sas: when async scanning is enabled then while scanning, devices are removed but their transport layer entries are not removed
(Sreekanth Reddy) [Orabug: 17187698]
- mpt3sas: MPI2.5 Rev F v2.5.1.1 specification (Sreekanth Reddy) [Orabug: 17187698]
- mpt3sas: Infinite loops can occur if MPI2_IOCSTATUS_CONFIG_INVALID_PAGE is not returned (Sreekanth Reddy) [Orabug: 17187698]
- mpt3sas: fix for kernel panic when driver loads with HBA conected to non LUN 0 configured expander (Sreekanth Reddy) [Orabug: 1718
7698]
- mpt3sas: Updated the Hardware timing requirements (Sreekanth Reddy) [Orabug: 17187698]
- mpt3sas: 2013 source code copyright (Sreekanth Reddy) [Orabug: 17187698]
- mpt3sas: dont wank with fasync on ->release() (Al Viro) [Orabug: 17187698]
- mpt3sas: remove unused variables (Wei Yongjun) [Orabug: 17187698]
- mpt3sas: Remove unneeded version.h header inclusion (Sachin Kamat) [Orabug: 17187698]
- mpt3sas: cut and paste bug storing trigger mpi (Dan Carpenter) [Orabug: 17187698]
- mpt3sas: add new driver supporting 12GB SAS (Sreekanth Reddy) [Orabug: 17187698]
- scsi_transport_sas: add 12GB definitions for mpt3sas (Sreekanth Reddy) [Orabug: 17187698]
- miscdevice: Adding support for MPT3SAS_MINOR(222) (Sreekanth Reddy) [Orabug: 17187698]
[2.6.39-400.205.0]
- xen/time: remove blocked time accounting from xen 'clockchip' (Laszlo Ersek) [Orabug: 17073675]
- unix: fix a race condition in unix_release() (Paul Moore) [Orabug: 17209195]
- ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17215196] {CVE-2013-2232}
- block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230067] {CVE-2013-2851}
- libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230100] {CVE-2013-1059}
- config: add xsigo config options (Ajaykumar Hotchandani) [Orabug: 17248170]
- mpt2sas: update from 16.05.01.00 to 17.00.00.00 (Jerry Snitselaar) [Orabug: 17237402]
- qla4xxx: Updated driver version to 5.03.00.03.06.02-uek2 (Tej Parkash) [Orabug: 17220575]
- libiscsi: Add missing prints for session and connection sysfs attrs (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Export more firmware info in sysfs (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Only BIOS boot target entries should be at index 0 and 1. (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: discovery_parent_idx can be shown without any check. (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Set IPv6 traffic class if device type is IPv6. (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Use discovery_parent_idx instead of discovery_parent_type (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Allow removal of failed session using logout. (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575]
- libiscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575]
- scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575]
- libiscsi: Added new boot entries in the session sysfs (Eddie Wai) [Orabug: 17220575]
- iscsi class, qla4xxx: fix sess/conn refcounting when find fns are used (Mike Christie) [Orabug: 17220575]
- qla4xxx: Fix iocb_cnt calculation in qla4xxx_send_mbox_iocb() (Vikas Chaudhary) [Orabug: 17220575]
- scsi_transport_iscsi: fix error return code in iscsi_transport_init() (Wei Yongjun) [Orabug: 17220575]
- qla4xxx: Assign values using correct datatype (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Fix smatch warnings (Adheer Chandravanshi) [Orabug: 17220575]
- qla4xxx: Fix sparse warning for qla4xxx_sysfs_ddb_tgt_create (Vikas Chaudhary) [Orabug: 17220575]
- RDS: (Bang Nguyen) [Orabug: 17206167]
- neighbour: fix a race in neigh_destroy() (Eric Dumazet) [Orabug: 17230315]
- be2net: Updating version number (Sarveshwar Bandi) [Orabug: 17219620]
- be2net: Fix to avoid hardware workaround when not needed (Sarveshwar Bandi) [Orabug: 17219620]
- net/trivial: replace numeric with standard PM state macros (Yijing Wang) [Orabug: 17219620]
- be2net: Fix 32-bit DMA Mask handling (Somnath Kotur) [Orabug: 17219620]
- be2net: Implement initiate FW dump feature for Lancer (Somnath Kotur) [Orabug: 17219620]
- be2net: Fix crash on 2nd invocation of PCI AER/EEH error_detected hook (Somnath Kotur) [Orabug: 17219620]
- be2net: Mark checksum fail for IP fragmented packets (Somnath Kotur) [Orabug: 17219620]
- be2net: Trim padded packets for Lancer (Somnath Kotur) [Orabug: 17219620]
- be2net: Pad skb to meet min Tx pkt size in lancer (Somnath Kotur) [Orabug: 17219620]
- be2net: cleanup be_get_drvinfo() (Somnath Kotur) [Orabug: 17219620]
- be2net: refactor HW workarounds in be_xmit() (Sathya Perla) [Orabug: 17219620]
- be2net: bug fix on returning an invalid nic descriptor (Wei Yang) [Orabug: 17219620]
- be2net: Avoid double insertion of vlan tags. (Sarveshwar Bandi) [Orabug: 17219620]
- be2net: disable TX in be_close() (Sathya Perla) [Orabug: 17219620]
- be2net: fix EQ from getting full while cleaning RX CQ (Sathya Perla) [Orabug: 17219620]
- be2net: fix payload_len value for GET_MAC_LIST cmd req (Sathya Perla) [Orabug: 17219620]
- be2net: provision VF resources before enabling SR-IOV (Sathya Perla) [Orabug: 17219620]
- be2net: Fix to fail probe if MSI-X enable fails for a VF (Somnath Kotur) [Orabug: 17219620]
- be2net: avoid napi_disable() when it has not been enabled (Somnath Kotur) [Orabug: 17219620]
- be2net: Fix firmware download for Lancer (Somnath Kotur) [Orabug: 17219620]
- be2net: Fix to receive Multicast Packets when Promiscuous mode is enabled on certain devices (Ajit Khaparde) [Orabug: 17219620]
- be2net: Fix to show tx priority pause counter in ethtool -S (Ajit Khaparde) [Orabug: 17219620]
- be2net: Fix to use 32-bit stats to report rx_drops_no_fragment (Ajit Khaparde) [Orabug: 17219620]
- be2net: Fix to use version 2 of cq_create for SkyHawk-R devices (Ajit Khaparde) [Orabug: 17219620]
- be2net: FLR must be first cmd issued to Lancer FW (Kalesh AP) [Orabug: 17219620]
- be2net: Use GET_FUNCTION_CONFIG V1 cmd (Kalesh AP) [Orabug: 17219620]
- be2net: Fix to show wol disabled/enabled state correctly. (Sarveshwar Bandi) [Orabug: 17219620]
- be2net: Fixed memory leak (Suresh Reddy) [Orabug: 17219620]
- be2net: Avoid diagnostic test in certain versions of firmware to avoid NIC freeze. (Suresh Reddy) [Orabug: 17219620]
- be2net: Renamed rx_address_mismatch_errors to rx_address_filtered (Suresh Reddy) [Orabug: 17219620]
- be2net: Add support for setting and getting rx flow hash options (Suresh Reddy) [Orabug: 17219620]
- be2net: Fix PVID tag offload for packets with inline VLAN tag. (Ajit Khaparde) [Orabug: 17219620]
- be2net: fix a Tx stall bug caused by a specific ipv6 packet (Ajit Khaparde) [Orabug: 17219620]
- be2net: Remove an incorrect pvid check in Tx (Ajit Khaparde) [Orabug: 17219620]
- be2net: enable IOMMU pass through for be2net (Craig Hada) [Orabug: 17219620]
- be2net: Use GET_PROFILE_CONFIG V1 cmd for BE3-R (Vasundhara Volam) [Orabug: 17219620]
- be2net: Avoid flashing BE3 UFI on BE3-R chip. (Vasundhara Volam) [Orabug: 17219620]
- be2net: Dont log 'Out of MCCQ wrbs' error (Vasundhara Volam) [Orabug: 17219620]
- be2net: Use TXQ_CREATE_V2 cmd (Vasundhara Volam) [Orabug: 17219620]
- be2net: take care of __vlan_put_tag return value (Ivan Vecera) [Orabug: 17219620]
- be2net: remove unused variable 'sge' (Ivan Vecera) [Orabug: 17219620]
- megaraid: update from 6.505 to 6.600.18.00 (Jerry Snitselaar) [Orabug: 17187623]
- xsigo: Kconfig and Makefile updates (Ajaykumar Hotchandani) [Orabug: 17248170]
- xsigo: Integrate 7489 release in UEK2 (Ajaykumar Hotchandani) [Orabug: 17248170]
- fs writeback: fix race in mark inode dirty.patch (Srinivas Eeda) [Orabug: 17198525]
- sxge: Check link state before xmit (Joe Jin) [Orabug: 17201198]
- writeback: Fix periodic writeback after fs mount (Srinivas Eeda) [Orabug: 17185874]
- spec: use _target_cpu in suffix for devel dir (Jerry Snitselaar) [Orabug: 17181059]
- mm: leave hugepage pmd (Guru Anbalagane) [Orabug: 17186750]
- Disable THP config (Guru Anbalagane) [Orabug: 17186750]
- RDS: Fix a bug in QoS protocol negotiation (Bang Nguyen) [Orabug: 17079972]
- RDS: alias failover is not working properly (Bang Nguyen) [Orabug: 17177994]
- rdma_cm: CMA_QUERY_HANDLER: BAD STATUS -110 and -22 (Chien-Hua Yen) [Orabug: 16708786]
- [RDS] add NETFILTER suppport (Ahmed Abbas) [Orabug: 17082619]
[2.6.39-400.204.0]
- be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364]
- xen-netfront: use skb_partial_csum_set() to simplify the codes (Li RongQing)
- xen-netfront: split event channels support for Xen frontend driver (Wei Liu)
- xen-netfront: avoid leaking resources when setup_netfront fails (Wei Liu)
- xen-netfront: reduce gso_max_size to account for max TCP header (Wei Liu)
- xen-netfront: frags -> slots in log message (Wei Liu)
- xen-netfront: frags -> slots in xennet_get_responses (Wei Liu)
- xen-netfront: remove unused variable 'extra' (Wei Liu)
- xen/netfront: improve truesize tracking (Ian Campbell)
- xen-netfront: remove __dev* attributes (Bill Pemberton)
- xen/netfront: handle compound page fragments on transmit (Ian Campbell)
- xen-netfront: use __pskb_pull_tail to ensure linear area is big enough on RX (Ian Campbell)
- ocfs2: xattr: fix inlined xattr reflink (Junxiao Bi) [Orabug: 15914937]
- futex: Revert 'futex: Mark get_robust_list as deprecated' (Thomas Gleixner) [Orabug: 16818441]
- xen: do not disable netfront in dom0 (Marek Marczykowski)
- xen-netfront: correct MAX_TX_TARGET calculation. (Wei Liu)
- xen-netback: xenbus.c: use more current logging styles (Wei Liu)
- xen: Use more current logging styles (Joe Perches)
- xen-netback: double free on unload (Dan Carpenter)
- xen-netback: dont de-reference vif pointer after having called xenvif_put() (Jan Beulich)
- xen-netback: split event channels support for Xen backend driver (Wei Liu)
- xen-netback: enable user to unload netback module (Wei Liu)
- xen-netback: remove dead code (Wei Liu)
- xen-netback: better names for thresholds (Wei Liu)
- xen-netback: avoid allocating variable size array on stack (Wei Liu)
- xen-netback: remove redundent parameter in netbk_count_requests (Wei Liu)
[2.6.39-400.203.0]
- xen/netback: correctly calculate required slots of skb. (Annie Li) [Orabug: 16934362]
- RDS: Local address resolution may be delayed after IP has moved. RDS to update local ARP cache directly to speed it up. (Bang Nguy
en) [Orabug: 16979994]
- mlx4: fix data corruption in hugetlb_user_mr (Chien Yen) [Orabug: 16772016]
- fix compilation blk-core.c with missing rate-limit header (Maxim Uvarov)
- block: rate-limit the error message from failing commands (Yi Zou) [Orabug: 15918663]
- Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk)
- xen/pciback: Fix for backport compilation issues. (Konrad Rzeszutek Wilk)
- Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk)
- xen-blkfront: use a different scatterlist for each request (Roger Pau Monne)
- xen-blkback: check the number of iovecs before allocating a bios (Roger Pau Monne)
- xen-blkfront: set blk_queue_max_hw_sectors correctly (Roger Pau Monne)
- xen-blkback: workaround compiler bug in gcc 4.1 (Roger Pau Monne)
- xen/blkback: Check for insane amounts of request on the ring (v6). (Konrad Rzeszutek Wilk)
- xen/io/ring.h: new macro to detect whether there are too many requests on the ring (Jan Beulich)
- xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140}
- xen/blkback: Fix backporting of printk_ratelimit. (Konrad Rzeszutek Wilk)
- xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140}
- xen/blkback: Use physical sector size for setup (Stefan Bader)
- xen-blkback/sysfs: Move the parameters for the persistent grant features (Konrad Rzeszutek Wilk)
- xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments. (Konrad Rzeszutek Wilk)
- xen-blkfront: use a different scatterlist for each request (Roger Pau Monne)
- xen-blkback: allocate list of pending reqs in small chunks (Roger Pau Monne)
- xen-block: implement indirect descriptors (Roger Pau Monne)
- xen-blkback: expand map/unmap functions (Roger Pau Monne)
- xen-blkback: make the queue of free requests per backend (Roger Pau Monne)
- xen-blkback: move pending handles list from blkbk to pending_req (Roger Pau Monne)
- xen-blkback: implement LRU mechanism for persistent grants (Roger Pau Monne)
- xen-blkback: use balloon pages for all mappings (Roger Pau Monne)
- xen-blkback: print stats about persistent grants (Roger Pau Monne)
[2.6.39-400.202.0]
- l2tp: Fix sendmsg() return value (Guillaume Nault)
- l2tp: Fix PPP header erasure and memory leak (Guillaume Nault) [Orabug: 17030957]
- packet: packet_getname_spkt: make sure string is always 0-terminated (Daniel Borkmann) [Orabug: 17030956]
- net: sctp: fix NULL pointer dereference in socket destruction (Daniel Borkmann) [Orabug: 17030954]
- ip_tunnel: fix kernel panic with icmp_dest_unreach (Eric Dumazet) [Orabug: 17030953]
- netlabel: improve domain mapping validation (Paul Moore) [Orabug: 17030951]
- ipv6: fix possible crashes in ip6_cork_release() (Eric Dumazet) [Orabug: 17030950]
- tcp: fix tcp_md5_hash_skb_data() (Eric Dumazet) [Orabug: 17030948]
- fmr: D-NFS/RDM (FMR) patches for OFED (abhishek varshney) [Orabug: 16966484]
- lpfc: Update lpfc version for 8.3.7.10.7p driver release (James Smart) [Orabug: 17026768]
- lpfc: Fix starting reference tag when calculating BG error (James Smart) [Orabug: 17026768]
- lpfc: Fix BlockGuard error checking (James Smart) [Orabug: 17026768]
- tg3: update from broadcom version 3.129d to 3.131d (Jerry Snitselaar) [Orabug: 17024939]
- mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer (Aneesh Kumar K.V) [Orabug: 17025306]
- mac80211: close AP_VLAN interfaces before unregistering all (Johannes Berg) [Orabug: 17025303]
- batman-adv: Only write requested number of byte to user buffer (Sven Eckelmann) [Orabug: 17025019]
- x25: Validate incoming call user data lengths (Matthew Daley) [Orabug: 17025021]
- aoe: reserve enough headroom on skbs (Eric Dumazet) [Orabug: 17025018]
- perf,x86: fix kernel crash with PEBS/BTS after suspend/resume (Stephane Eranian) [Orabug: 17024915]
- dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17024912] {CVE-2013-2634}
- e1000e driver update from 2.3.2 to 2.4.14 (Maxim Uvarov) Merge Intel drivers update.
- ixgbe driver update from 3.14.5 to 3.15.1 (Maxim Uvarov) Merge Intel drivers update.
- igbvf driver update from 2.0.4 to 2.3.2 (Maxim Uvarov) Merge Intel drivers update.
- igb driver update from 4.1.2 to 4.3.0 (Maxim Uvarov) Merge Intel drivers update.
- spec: change version to 400.200.0 for ol5 (Maxim Uvarov)
- RDS: restore two-sided reconnect with the lower IP node having a constant 100 ms backoff. (Bang Nguyen) [Orabug: 16710287]
- scsi_prep_fn() check for empty queue (Maxim Uvarov) [Orabug: 17015328]
- x86: Fix typo in kexec register clearing (Kees Cook) [Orabug: 16992876]
- mm: migration: add migrate_entry_wait_huge() (Naoya Horiguchi) [Orabug: 16992874]
- swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [Orabug: 16992871]
- b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 16992869] {CVE-2013-2852}
- nohz: Fix update_ts_time_stat idle accounting (Michal Hocko) [Orabug: 16985182]
- tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 16963984]
- drm: fix a use-after-free when GPU acceleration disabled (Huacai Chen) [Orabug: 16963983]
- cifs: fix potential buffer overrun when composing a new options string (Jeff Layton) [Orabug: 16963818]
- drivers/block/brd.c: fix brd_lookup_page() race (Brian Behlendorf) [Orabug: 16963816]
- mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (Xiao Guangrong) [Orabug: 16963814]
- klist: del waiter from klist_remove_waiters before wakeup waitting process (wang, biao) [Orabug: 16963813]
- ocfs2: goto out_unlock if ocfs2_get_clusters_nocache() failed in ocfs2_fiemap() (Joseph Qi) [Orabug: 16963812]
- fat: fix possible overflow for fat_clusters (OGAWA Hirofumi) [Orabug: 16963811]
- cifs: only set ops for inodes in I_NEW state (Jeff Layton) [Orabug: 16963810]
- usermodehelper: check subprocess_info->path != NULL (Oleg Nesterov) [Orabug: 16909862]
- ipv6: do not clear pinet6 field (Eric Dumazet) [Orabug: 16909856]
- macvlan: fix passthru mode race between dev removal and rx path (Jiri Pirko) [Orabug: 16909854]
- bridge: fix race with topology change timer (stephen hemminger) [Orabug: 16909638]
- tick: Cleanup NOHZ per cpu data on cpu down (Thomas Gleixner) [Orabug: 16909637]
- timer: Dont reinitialize the cpu base lock during CPU_UP_PREPARE (Tirupathi Reddy) [Orabug: 16909635]
- x86/mm: account for PGDIR_SIZE alignment (Jerry Hoemann) [Orabug: 16903170]
- kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() (Chen Gang) [Orabug: 16903120]
- clockevents: Set dummy handler on CPU_DEAD shutdown (Thomas Gleixner) [Orabug: 16902369]
- cgroup: fix an off-by-one bug which may trigger BUG_ON() (Li Zefan) [Orabug: 16902267]
- hrtimer: Add expiry time overflow check in hrtimer_interrupt (Prarit Bhargava) [Orabug: 16902194]
- hrtimer: Fix ktime_add_ns() overflow on 32bit architectures (David Engraf) [Orabug: 16902186]
- fs/fscache/stats.c: fix memory leak (Anurup m) [Orabug: 16901677]
- Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 16888256] {CVE-2013-3225}
- Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 16888251] {CVE-2013-3224}
- atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 16888219] {CVE-2013-3222}
- net: sctp: sctp_auth_key_put: use kzfree instead of kfree (Daniel Borkmann) [Orabug: 16888213]
- Btrfs: make sure nbytes are right after log replay (Josef Bacik) [Orabug: 16864338]
- Revert 'sysfs: fix race between readdir and lseek' (Jiri Kosina) [Orabug: 16858013]
- crypto: algif - suppress sending source address information in recvmsg (Mathias Krause) [Orabug: 16864292]
- sched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s (Tejun Heo) [Orabug: 16864274]
- kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 16864214]
- Revert '8021q: fix a potential use-after-free' (Greg Kroah-Hartman) [Orabug: 16858417]
- hrtimer: Dont reinitialize a cpu_base lock on CPU_UP (Michael Bohan) [Orabug: 16864124]
- PM / reboot: call syscore_shutdown() after disable_nonboot_cpus() (Huacai Chen) [Orabug: 16863936]
- tracing: Fix double free when function profile init failed (Namhyung Kim) [Orabug: 16863887]
- mm: prevent mmap_cache race in find_vma() (Jan Stancek) [Orabug: 16863788]
- block: avoid using uninitialized value in from queue_var_store (Arnd Bergmann) [Orabug: 16863776]
- bonding: get netdev_rx_handler_unregister out of locks (Veaceslav Falico) [Orabug: 16863608]
- net: add a synchronize_net() in netdev_rx_handler_unregister() (Eric Dumazet) [Orabug: 16863608]
- 8021q: fix a potential use-after-free (Cong Wang) [Orabug: 16858417]
- efivars: Handle duplicate names from get_next_variable() (Matt Fleming) [Orabug: 16858386]
- efivars: explicitly calculate length of VariableName (Matt Fleming) [Orabug: 16858386]
- loop: prevent bdev freeing while device in use (Anatol Pomozov) [Orabug: 16858270]
- Btrfs: limit the global reserve to 512mb (Josef Bacik) [Orabug: 16858090]
- sysfs: handle failure path correctly for readdir() (Ming Lei) [Orabug: 16858013]
- sysfs: fix race between readdir and lseek (Ming Lei) [Orabug: 16858013]
Related CVEs
| CVE-2013-2164 |
| CVE-2013-2234 |
| CVE-2012-6549 |
| CVE-2013-1772 |
| CVE-2013-2140 |
| CVE-2013-3076 |
| CVE-2013-4163 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 5 (i386) | kernel-uek-2.6.39-400.209.1.el5uek.src.rpm | c123e9a64931d9f67dff1ea28ec313c9 | ELSA-2020-5936 |
| kernel-uek-2.6.39-400.209.1.el5uek.i686.rpm | 28d74aa3bc57bc7b5baaf91ce9b1dfd6 | ELSA-2020-5936 | |
| kernel-uek-debug-2.6.39-400.209.1.el5uek.i686.rpm | b449ba19b11955faf82b1eca57dde77c | ELSA-2020-5936 | |
| kernel-uek-debug-devel-2.6.39-400.209.1.el5uek.i686.rpm | dc3749184eae7b35d1bfad7cf52a43df | ELSA-2020-5936 | |
| kernel-uek-devel-2.6.39-400.209.1.el5uek.i686.rpm | 8705c4b767fbe1f5ad8c8f87f4f3dd45 | ELSA-2020-5936 | |
| kernel-uek-doc-2.6.39-400.209.1.el5uek.noarch.rpm | 82f8ff0506700a5ff931d095141a268c | ELSA-2020-5936 | |
| kernel-uek-firmware-2.6.39-400.209.1.el5uek.noarch.rpm | 391b1c92bb3496a7beecf40c185a6ebe | ELSA-2020-5936 | |
| Oracle Linux 5 (x86_64) | kernel-uek-2.6.39-400.209.1.el5uek.src.rpm | c123e9a64931d9f67dff1ea28ec313c9 | ELSA-2020-5936 |
| kernel-uek-2.6.39-400.209.1.el5uek.x86_64.rpm | d1b4aa19713a5b516e518e6dfbb05889 | ELSA-2020-5936 | |
| kernel-uek-debug-2.6.39-400.209.1.el5uek.x86_64.rpm | b8c9a01b65be5f21683b099c192a65c9 | ELSA-2020-5936 | |
| kernel-uek-debug-devel-2.6.39-400.209.1.el5uek.x86_64.rpm | 3cedca3354eb390da7159f04e8bee8e8 | ELSA-2020-5936 | |
| kernel-uek-devel-2.6.39-400.209.1.el5uek.x86_64.rpm | 15c5e4ef36c06594e4f2bf967aede4c7 | ELSA-2020-5936 | |
| kernel-uek-doc-2.6.39-400.209.1.el5uek.noarch.rpm | 82f8ff0506700a5ff931d095141a268c | ELSA-2020-5936 | |
| kernel-uek-firmware-2.6.39-400.209.1.el5uek.noarch.rpm | 391b1c92bb3496a7beecf40c185a6ebe | ELSA-2020-5936 | |
| Oracle Linux 6 (i386) | kernel-uek-2.6.39-400.209.1.el6uek.src.rpm | 9ba3916ea09eec6c92575f6caf4d966c | ELSA-2021-9215 |
| kernel-uek-2.6.39-400.209.1.el6uek.i686.rpm | 523834368dd9341386c9cd0eebad6516 | ELSA-2021-9215 | |
| kernel-uek-debug-2.6.39-400.209.1.el6uek.i686.rpm | 46c35401cd12d026aad91e06c32cd63f | ELSA-2021-9215 | |
| kernel-uek-debug-devel-2.6.39-400.209.1.el6uek.i686.rpm | 33599f798b4971bfd9f3efb7c07b4f47 | ELSA-2021-9215 | |
| kernel-uek-devel-2.6.39-400.209.1.el6uek.i686.rpm | 701cd6d2bf4081c638e2d6140cfe2f24 | ELSA-2021-9215 | |
| kernel-uek-doc-2.6.39-400.209.1.el6uek.noarch.rpm | 6960df1ab0ec9fa117136a541d3ca0cc | ELSA-2021-9215 | |
| kernel-uek-firmware-2.6.39-400.209.1.el6uek.noarch.rpm | 19c84ea436006d4c2da22642612ee519 | ELSA-2021-9215 | |
| Oracle Linux 6 (x86_64) | kernel-uek-2.6.39-400.209.1.el6uek.src.rpm | 9ba3916ea09eec6c92575f6caf4d966c | ELSA-2021-9215 |
| kernel-uek-2.6.39-400.209.1.el6uek.x86_64.rpm | 4c0f88c371e3f99ad0bdecac28110572 | ELSA-2021-9215 | |
| kernel-uek-debug-2.6.39-400.209.1.el6uek.x86_64.rpm | dcfc6d7f991093ee0052966f152a3e77 | ELSA-2021-9215 | |
| kernel-uek-debug-devel-2.6.39-400.209.1.el6uek.x86_64.rpm | ab757468314374cb091cea12c7cca11b | ELSA-2021-9215 | |
| kernel-uek-devel-2.6.39-400.209.1.el6uek.x86_64.rpm | bd7bd6e9325d89d70e694e1d4317a3dc | ELSA-2021-9215 | |
| kernel-uek-doc-2.6.39-400.209.1.el6uek.noarch.rpm | 6960df1ab0ec9fa117136a541d3ca0cc | ELSA-2021-9215 | |
| kernel-uek-firmware-2.6.39-400.209.1.el6uek.noarch.rpm | 19c84ea436006d4c2da22642612ee519 | ELSA-2021-9215 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
