ELSA-2011-0263

ELSA-2011-0263 - Oracle Linux 4.9 kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2011-02-23

Description



[2.6.9-100]
-cxgb3: prevent reading uninitialized stack memory to fix xgb_extension_ioctl infoleak (Eugene Teo) [633153] {CVE-2010-3296}
-mlx4: disable MSI-X by default (Andy Gospodarek) [530596]
-ext3: call fs invalidatepage instead of block_invalidatepage (Josef Bacik) [488611]
-av7110: check for negative array offset (Mauro Carvalho Chehab) [672400] {CVE-2011-0521}
-ext3: don not dirty unmapped data buffers (Josef Bacik) [488611]
-net: clear heap allocations for privileged ethtool actions (Jiri Pirko) [672431] {CVE-2010-4655}

[2.6.9-99]
-bonding: fix active backup failover due to jiffie wrap (Andy Gospodarek) [641112]

[2.6.9-98]
-sound: fix a buffer overflow in the oss mixer (David Howells) [667619] {CVE-2010-4527}

[2.6.9-97]
-fs: fix filesystem corruption on ext2 (Alexander Viro) [662839]
-sky2: fix oops in sky2_xmit_frame after tx timeout (Don Howard) [614559]
-netdump: fix netdump failures on large memory systems (Neil Horman) [488557]

[2.6.9-96]
-usb: ehci amd periodic frame list table quirk (Don Zickus) [651334]
-fs: truncate blocks outside i_size after O_DIRECT write error (Eric Sandeen) [665067]

[2.6.9-95]
-jbd: skip buffers that have a different jh (Josef Bacik) [488611]
-unix: fix local socket dos (Neil Horman) [656758] {CVE-2010-4249}
-s390x: qdio: fix zfcp stall with more than 63 active qdio devices (Hendrik Brueckner) [662130]
-ehci-hcd: fix fatal error during bootup (Don Zickus) [656447]

[2.6.9-94]
-modules: sysctl to block module loading (Jerome Marchand) [645220]
-redhat: added config_security_dmesg_restrict option (Frantisek Hrbata) [653252]
-kernel: restrict unprivileged access to kernel syslog (Frantisek Hrbata) [653252]
-sysctl: introduce ctl_unnumbered definition in sysctl.h (Frantisek Hrbata) [653252]
-usb: allow usbstorage to have luns greater than 2TB (Don Zickus) [658824]
-serial: clean data before filling it (Mauro Carvalho Chehab) [648809] {CVE-2010-4075}
-sched: fix task starvation on Hyperthreaded cpus (Vitaly Mayatskikh) [488089]
-s390: sclp: handle zero length event buffers (Hans-Joachim Picht) [487692]

[2.6.9-93]
-kernel: failure to revert address limit override in oops error path (Dave Anderson) [659569] {CVE-2010-4258}
-nfsv4: fix oops in nfs4_kill_super (Jeff Layton) [660448]
-net: filter: make sure filters dont read uninitialized memory (Jiri Pirko) [651701] {CVE-2010-4158}
-net: limit sendto()/recvfrom()/iovec total length to INT_MAX (Jiri Pirko) [651924] {CVE-2010-3859}
-bluetooth: fix missing null check (Jarod Wilson) [655663] {CVE-2010-4242}
-ipc: initialize structure memory to zero for compat functions (Xiaotian Feng) [648811] {CVE-2010-4073}
-ipc: shm: fix information leak to userland (Xiaotian Feng) [648817] {CVE-2010-4072}
-netfront: default to copying instead of flipping (Laszlo Ersek) [653505]
-net: packet: fix information leak to userland (Jiri Pirko) [649896] {CVE-2010-3876}
-scsi: gdth: integer overflow in ioc_general (Frantisek Hrbata) [651174] {CVE-2010-4157}
-sys_semctl: semctl fix kernel stack leakage (Xiaotian Feng) [648794] {CVE-2010-4083}
-alsa: rme9652: prevent reading uninitialized stack memory (Stanislaw Gruszka) [648807] {CVE-2010-4080}
-fs: only return EIO once on msync/fsync after IO failure (Rik van Riel) [645633]
-xen: virtio_net: add get_drvinfo() to virtio_net (Laszlo Ersek) [647196]
-xen: netfront: add get_drvinfo() to netfront (Laszlo Ersek) [647187]
-kernel: fix possible integer overflow in mm/fremap.c (Larry Woodman) [637045]

[2.6.9-92]
-mm: revert patch to reduce large file latency during writebacks (Larry Woodman) [488070]

[2.6.9-91]
-mm: prevent panic when setting /proc/sys/vm/nr_hugepages (Larry Woodman) [647567]
-net: sctp: do not reset the packet during sctp_packet_config() (Jiri Pirko) [637865] {CVE-2010-3432}
-scsi: fix panic in sysfs_hash_and_remove() when scsi device is removed (Mark Goodwin) [533299]

[2.6.9-90]
-kernel: prevent heap corruption in snd_ctl_new() (Jerome Marchand) [638482] {CVE-2010-3442}
-forcedeth: latest bugfixes from upstream (Ivan Vecera) [552953]
-forcedeth: remove CONFIG_FORCEDETH_NAPI=y from config-generic (Ivan Vecera) [552953]

[2.6.9-89.45]
-scsi: scsi_do_req submitted commands (tape) never complete when device goes (Rob Evers) [636289]
-scsi: log msg when getting unit attention (Mike Christie) [585430]
-jbd: fix panic in jbd when running bashmemory (Josef Bacik) [488611]
-qla2xxx: work around hypertransport sync flood error on sun x4200 with qla2xxx (Chad Dupuis) [621621]
-aio: implement request batching for better merging and throughput (Jeff Moyer) [508377]
-fs: a bunch of patches to fix various nfsd/iget() races (Alexander Viro) [189918]
-net: bonding: add debug module option (Jiri Pirko) [247116]
-fix fd leaks if pipe() is called with an invalid address (Amerigo Wang) [509627]

[2.6.9-89.44]
-ide-scsi: fix deadlock in ide-scsi error handler (Doug Ledford) [526966]
-mlx4_core: allocate sufficient memory for interrupt table (Doug Ledford) [530596]
-mptbase: panic with domain validation while rebuilding after the disk is replaced (Rob Evers) [476874]
-fs: buffer: __block_write_full_page simplification by removing last_bh logic (Jeff Moyer) [472752]
-fs: buffer: __block_write_full_page speedup by removing get_bh() and put_bh() (Jeff Moyer) [472752]
-fs: buffer: __block_write_full_page race fix (Jeff Moyer) [472752]
-kernel: fix integer overflow in groups_search (Jerome Marchand) [457519]
-cifs: remove bogus check in ntlm session setup code (Jeff Layton) [604786]
-cifs: when renaming don not try to unlink negative dentry (Jeff Layton) [500904]
-autofs4: fix lookup deadlock when user space uses a signal (Ian Kent) [477017]
-fs: make sure data stored into inode is properly seen before unlocking new inode (Eric Sandeen) [563920]
-ipc: hard_msgmax should be higher not lower on 64bit (Amerigo Wang) [525815]
-fs: fix file truncations when both suid and write permissions set (Amerigo Wang) [525398]
-block: fix rcu accesses in partition statistics (Jerome Marchand) [517523]
-kernel headers: fix missing defintion that causes build break (Neil Horman) [504593]

[2.6.9-89.43]
-aacraid: fix file system going into read only mode (Rob Evers) [624713]
-blkfront: xen domu, raid1, lvm, iscsi target export with blockio bug (Paolo Bonzini) [490148]
-cciss: change version from 2.6.20.RH2 to 2.6.20.RH3 (Tomas Henzl) [594086]
-cciss: added printk in do_cciss_request before BUG() (Tomas Henzl) [594086]
-cciss: fix a nulll pointer dereference in complete_command() (Tomas Henzl) [594086]
-cciss: fix an issue when sending command with no data (Tomas Henzl) [594086]
-mm: honor __GFP_NOFAIL flag in __alloc_pages() (Lachlan McIlroy) [605455]
-xen: fix crashing of x86 hvm guest on x86_64 (Radim Krcmar) [637658]
-xen: hide xenbus warnings on hvm guest shutdown (Radim Krcmar) [505081]
-powernow-k8: fix errant print statement during voltage transitions (Bhavna Sarathy) [217829]
-fusion: add sleep before subsequent tur in scan function (Tomas Henzl) [495236]
-bonding: fix a race condition in calls to slave mii ioctls (Flavio Leitner) [621209]
-s390x: cio: vary off on chpid 00 causes unexpected recovery actions (Hendrik Brueckner) [619855]
-netfilter: arp_tables: fix unaligned accesses caused by casting strings to long (Jiri Pirko) [591638]
-net: neigh: fix state transition incomplete->failed via netlink request (Jiri Pirko) [485904]
-x86_64: floating point state corruption after handling the signal (Oleg Nesterov) [564381]
-pidhashing: enforce pid_max_limit in sysctls and lower pid_max_limit on 32bit systems (Jiri Pirko) [525941]
-s390: cio: linux does not boot through xautolog with conmode 3270 (Hans-Joachim Picht) [526282]
-net: fix proc net ip_conntrack seq_file operations (Danny Feng) [524884]
-ia64: swiotlb: fix swiotlb pci_map_sg error handling (Tomas Henzl) [525427]
-xen: try harder to balloon up under memory pressure (Andrew Jones) [507847]
-mm: fix bogus memory node assumption in huge page allocation (AMEET M. PARANJAPE) [506827]
-kernel: binfmt_misc c: avoid potential kernel stack overflow (Vitaly Mayatskikh) [459466]
-net: fix ipvs wrr scheduler bug of updating current weight (Vitaly Mayatskikh) [462717]

[2.6.9-89.42]
-net: actually copy input_dev to new sk_buff in skb_clone (Andy Gospodarek) [616710]
-net: fix reception of completely page backed sk_buffs (Andy Gospodarek) [500921]
-net: fix various snmp counter issues (Thomas Graf) [500889]
-xen: can enter tickless mode with rcu pending and hang (Paolo Bonzini) [427998]
-xen: fix occasional deadlocks in xen netfront (Paolo Bonzini) [480937]
-xen: xenbus suspend_mutex remains locked on trans fail (Paolo Bonzini) [456649]
-ext2: put explicit checks to not divide by zero (Josef Bacik) [500181]
-usb: ehci split iso fixes, full speed audio etc (Don Zickus) [624117]
-xenbus: implement O_NONBLOCK for /proc/xen/xenbus (Paolo Bonzini) [607261]
-nfs: initialize nfs_open_context list member at allocation time (Jeff Layton) [634632]
-cifs: fix dentry hash calculation for case insensitive mounts (Jeff Layton) [562949]
-cifs: fix length calculation for converted unicode readdir names (Jeff Layton) [562949]

[2.6.9-89.41]
-bonding: fix ALB mode to balance traffic on vlans (Flavio Leitner) [640803]

[2.6.9-89.40]
-bonding: interface doesn t issue igmp report on slave interface during failover (Flavio Leitner) [637556]

[2.6.9-89.39]
-net: fix info leak in police code (Neil Horman) [636390] {CVE-2010-3477}
-aio: check for multiplication overflow in io_submit (Jeff Moyer) [629447] {CVE-2010-3067}
-fs: buffer.c: fix race in __block_prepare_write (Jeff Moyer) [480404]
-3c59x: fix deadlock in irq handler tx path when netconsole in use (Neil Horman) [557380]
-udp: use memory barrier in datagram_poll (Flavio Leitner) [546251]

[2.6.9-89.38]
-compat: make compat_alloc_user_space incorporate the access_ok (Xiaotian Feng) [634462] {CVE-2010-3081}
-ext3: ensure inode is deleted from orphan list in ext3_direct_io() (Lachlan McIlroy) [629143]
-sb800: add quirk for iso on amd sb800 (Pete Zaitcev) [537447]

[2.6.9-89.37]
-virtio_net: Fix MAX_PACKET_LEN to support 802.1Q VLANs (Michael S. Tsirkin) [607533]
-do_generic_mapping_read: clear page errors when issuing a fresh read of the page (Rik van Riel) [481371]
-ide: backport VIA PCI chipset ids to via82cxxx driver (Mauro Carvalho Chehab) [504778]
-nfsd4: relax new lock seqid check (Jeff Layton) [577369]
-igb: fix transmission of jumbo frames with mtu>=2100 (Stefan Assmann) [494597]
-net: fix tcp conntrack to handle the half opened connection correctly (Jiri Pirko) [531914]
-net: fix promisc refcounting for interfaces listening for multicast traffic (Neil Horman) [481292]
-sctp: assign tsns earlier to avoid reordering (Neil Horman) [532045]
-cciss: switch to using hlist to fix panic (Tomas Henzl) [479090]
-nfs: statfs error handling and error message fix (Jeff Layton) [520018]
-kthreads: fix kthread_create vs kthread_stop race (Oleg Nesterov) [519006]

[2.6.9-89.36]
-nfsd4: fix share conflict tests in nfs_check_open() (Jeff Layton) [510184]
-nfsd4: move open owner checks from nfsd4_process_open2 into new function (Jeff Layton) [510184]
-nfsd4: renew lease on seqid modifying operations (Jeff Layton) [508752]
-ahci: add SATA GEN3 related messages (David Milburn) [512715]
-igmp: fix ip_mc_sf_allow() race due to a lock problem (Flavio Leitner) [562904]
-xen: don not recreate xenfb thread on every restore (Chris Lalancette) [543823]
-bcm5709: update firmware for bcm5709 from version 4.4.23 to 4.6.15 (John Feeney) [532858]
-net: apply broken_stats workaround to 5706 and 5708 (Flavio Leitner) [515274]
-nfsd: fix races when cleaning up after last nfsd thread exits (Jeff Layton) [501500]
-nfs: nfsd returns nfs4_ok when the owner opens a file with permission set to 000 (Peter Staubach) [507527]
-nfsv4: send the delegation stateid for setattr calls (Jeff Layton) [502884]
-nfsv4: fix up races in nfs4_proc_setattr (Jeff Layton) [502884]
-nfsv4: don t reuse expired nfs4_state_owner structs (Jeff Layton) [502884]
-nfsv4: fix a credential reference leak in nfs4_get_state_owner (Jeff Layton) [502884]
-nfsv4: poll more aggressively when handling nfs4err_delay (Jeff Layton) [502884]
-nfsv4: flush nfsv4 work workqueue before killing superblock (Jeff Layton) [501335]
-nfsv4: only queue nfs4_close_state job when called by rpciod (Jeff Layton) [501335]
-nfsv4: switch nfs4 workqueue to a per client queue (Jeff Layton) [501335]
-nfs: mounted nfsv4/krb5 export inaccessible following an nfs server reboot (Harshula) [514684]


Related CVEs


CVE-2010-4655
CVE-2011-0521
CVE-2010-4527

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 4 (i386) kernel-2.6.9-100.EL.src.rpm59b30e25b7914570a736f2834b65decdELBA-2011-1796
ocfs2-2.6.9-100.EL-1.2.9-1.el4.src.rpm6cd90255b77b7cdc016dff142a0fe023-
oracleasm-2.6.9-100.EL-2.0.5-1.el4.src.rpmf93d7cc19bf562b4bada4375359c4ac3-
kernel-2.6.9-100.EL.i686.rpmced155db4bf1d802c16cf9dca337068cELBA-2011-1796
kernel-devel-2.6.9-100.EL.i686.rpm2eb05defa1db2eda6e0e2c0c4f23665cELBA-2011-1796
kernel-doc-2.6.9-100.EL.noarch.rpm4a42d004508406635daf258f7cbc2763ELBA-2011-1796
kernel-hugemem-2.6.9-100.EL.i686.rpm9fd5a85524df120c6f1d997fce9064b8ELBA-2011-1796
kernel-hugemem-devel-2.6.9-100.EL.i686.rpm503b4a0a1b280fb926d598a5fdcd582aELBA-2011-1796
kernel-smp-2.6.9-100.EL.i686.rpmecc26ed7371b52b02a5e66442fa5df1fELBA-2011-1796
kernel-smp-devel-2.6.9-100.EL.i686.rpm385cb4bf0ecf49777559e0959f3cb184ELBA-2011-1796
kernel-xenU-2.6.9-100.EL.i686.rpmd69c6f8661021cace4cb946c06ee4a54ELBA-2011-1796
kernel-xenU-devel-2.6.9-100.EL.i686.rpmf9cc2484cc5e602504bba272fc46c854ELBA-2011-1796
ocfs2-2.6.9-100.EL-1.2.9-1.el4.i686.rpm256ff0f18dabac1862674819b5ad6e30-
ocfs2-2.6.9-100.ELhugemem-1.2.9-1.el4.i686.rpmd60e3390b2b8752189b36319a94bcda5-
ocfs2-2.6.9-100.ELsmp-1.2.9-1.el4.i686.rpm9f2a177eea2db0f9978f6c1031b29893-
ocfs2-2.6.9-100.ELxenU-1.2.9-1.el4.i686.rpmaaf1ed4d484eb423362a97d8fd73ed55-
oracleasm-2.6.9-100.EL-2.0.5-1.el4.i686.rpmf1fb19d8a955f2ad41efe8bdf0913f09-
oracleasm-2.6.9-100.ELhugemem-2.0.5-1.el4.i686.rpm744a9ced39e65451f7c323428c289f51-
oracleasm-2.6.9-100.ELsmp-2.0.5-1.el4.i686.rpm98424f30c310ffd55ededb4cfed9330d-
oracleasm-2.6.9-100.ELxenU-2.0.5-1.el4.i686.rpmbd5fabf8f1a7db743545683fe23e46cf-
Oracle Linux 4 (ia64) kernel-2.6.9-100.EL.src.rpm59b30e25b7914570a736f2834b65decdELBA-2011-1796
ocfs2-2.6.9-100.EL-1.2.9-1.el4.src.rpm6cd90255b77b7cdc016dff142a0fe023-
oracleasm-2.6.9-100.EL-2.0.5-1.el4.src.rpmf93d7cc19bf562b4bada4375359c4ac3-
kernel-2.6.9-100.EL.ia64.rpm9d663faf1676483f0285ea8d9b85de83ELBA-2011-1796
kernel-devel-2.6.9-100.EL.ia64.rpm1479782a86682953e79d7cbfe4b4ebe1ELBA-2011-1796
kernel-doc-2.6.9-100.EL.noarch.rpm4a42d004508406635daf258f7cbc2763ELBA-2011-1796
kernel-largesmp-2.6.9-100.EL.ia64.rpm23df712f9cb0e76124e4760f34691361ELBA-2011-1796
kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm6915798f7d4988ce2d31279ea9cc508fELBA-2011-1796
ocfs2-2.6.9-100.EL-1.2.9-1.el4.ia64.rpm80273de3ff6f1ef27ed33bbd662cd7b1-
ocfs2-2.6.9-100.ELlargesmp-1.2.9-1.el4.ia64.rpmbbb1d836a2182184ab958a0ec3773b8d-
oracleasm-2.6.9-100.EL-2.0.5-1.el4.ia64.rpm1080aacfaa753c0ad142f93ba630e008-
oracleasm-2.6.9-100.ELlargesmp-2.0.5-1.el4.ia64.rpma809e743a1043c7ca31e1120417584fe-
Oracle Linux 4 (x86_64) kernel-2.6.9-100.EL.src.rpm59b30e25b7914570a736f2834b65decdELBA-2011-1796
ocfs2-2.6.9-100.EL-1.2.9-1.el4.src.rpm6cd90255b77b7cdc016dff142a0fe023-
oracleasm-2.6.9-100.EL-2.0.5-1.el4.src.rpmf93d7cc19bf562b4bada4375359c4ac3-
kernel-2.6.9-100.EL.x86_64.rpme048c17b305a371b59bb64b87d320f4eELBA-2011-1796
kernel-devel-2.6.9-100.EL.x86_64.rpm74a092797355eed64cc55e33681d9c38ELBA-2011-1796
kernel-doc-2.6.9-100.EL.noarch.rpm4a42d004508406635daf258f7cbc2763ELBA-2011-1796
kernel-largesmp-2.6.9-100.EL.x86_64.rpm88f53ef264e6fc6f9164d4f93ce6bc3bELBA-2011-1796
kernel-largesmp-devel-2.6.9-100.EL.x86_64.rpme9d107290b4107540458a3e7dd855bd9ELBA-2011-1796
kernel-smp-2.6.9-100.EL.x86_64.rpmcdf22479cab4158aa68e41cc0e332479ELBA-2011-1796
kernel-smp-devel-2.6.9-100.EL.x86_64.rpm4949097bbee1973cc2838c93f88fce79ELBA-2011-1796
kernel-xenU-2.6.9-100.EL.x86_64.rpm8efd5518005b40cc27baedac87841619ELBA-2011-1796
kernel-xenU-devel-2.6.9-100.EL.x86_64.rpm84223a94ac3c8f53d5a1091a06892fcdELBA-2011-1796
ocfs2-2.6.9-100.EL-1.2.9-1.el4.x86_64.rpm358d165e007c8598d85d380f11f1d30a-
ocfs2-2.6.9-100.ELlargesmp-1.2.9-1.el4.x86_64.rpmd88a29660709534178428bb5b890553b-
ocfs2-2.6.9-100.ELsmp-1.2.9-1.el4.x86_64.rpm5069f8e936db3d8d54e021c57cd52bc2-
ocfs2-2.6.9-100.ELxenU-1.2.9-1.el4.x86_64.rpm30c9dc522fbd9ce91d5c28a7a5731f72-
oracleasm-2.6.9-100.EL-2.0.5-1.el4.x86_64.rpm9035279b023a406ea51d41c653713fe2-
oracleasm-2.6.9-100.ELlargesmp-2.0.5-1.el4.x86_64.rpm5fa122cdfdb508ad3ad6d48601de12c4-
oracleasm-2.6.9-100.ELsmp-2.0.5-1.el4.x86_64.rpm1acdce1b592bcb357027187416c42dd1-
oracleasm-2.6.9-100.ELxenU-2.0.5-1.el4.x86_64.rpm21bed4227c06b1ad0ae26f74088da304-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete