ELSA-2012-0743

ELSA-2012-0743 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2012-06-18

Description


[2.6.32-220.23.1.el6]
- [net] bond: Make LRO flag follow slave settings (Neil Horman) [831176 794647]

[2.6.32-220.22.1.el6]
- [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [824429 812108]

[2.6.32-220.21.1.el6]
- [security] fix compile error in commoncap.c (Eric Paris) [806725 806726] {CVE-2012-2123}
- [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806725 806726] {CVE-2012-2123}
- [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [822757 803936] {CVE-2012-2372}
- [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [816292 814504] {CVE-2012-2136}
- [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816154 816155] {CVE-2012-2137}
- [drm] integer overflow in drm_mode_dirtyfb_ioctl() (Dave Airlie) [773249 773250] {CVE-2012-0044}
- [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [824429 812108]
- [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [824429 812108]
- [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [823903 822697]
- [infiniband] mlx4: fix RoCE oops (Doug Ledford) [799946 749059]
- [mm] read_pmd_atomic: fix pmd_populate SMP race condition (Andrea Arcangeli) [822824 820762] {CVE-2012-2373}
- [infiniband] mlx4: check return code and bail on error (Doug Ledford) [799946 749059]
- [infiniband] mlx4: use locking when walking netdev list (Doug Ledford) [799946 749059]
- [mm] thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) [803808 800328] {CVE-2012-1179}

[2.6.32-220.20.1.el6]
- [vhost] net: fix possible NULL pointer dereference of vq->bufs (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: validate zerocopy vectors before building skb (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: put zerocopy page when fail to get all requested user pages (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: fix zerocopy offset calculation when building skb (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] bonding: remove entries for master_ip and vlan_ip and query devices instead (Andy Gospodarek) [816197 810299]
- [virt] KVM: lock slots_lock around device assignment (Alex Williamson) [814154 811653] {CVE-2012-2121}
- [virt] kvm: unmap pages from the iommu when slots are removed (Alex Williamson) [814154 811653] {CVE-2012-2121}
- [virt] xenfv: fix hangs when kdumping (Andrew Jones) [812953 811815]
- [s390x] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [810125 808487]
- [drm] i915: suspend fbdev device around suspend/hibernate (Dave Airlie) [818503 746169]
- [fs] tmpfs: fix off-by-one in max_blocks checks (Eric Sandeen) [809399 783497]
- [net] bonding: Allow Bonding driver to disable/enable LRO on slaves (Neil Horman) [818504 772317]
- [virt] xen-blkfront: conditionally drop name and minor adjustments for emulated scsi devs (Laszlo Ersek) [818505 729586]
- [virt] xen-blk: plug device number leak on error path in xlblk_init (Laszlo Ersek) [818505 729586]

[2.6.32-220.19.1.el6]
- [pci] Fix unbootable HP DL385G6 on 2.6.32-220 by properly disabling pcie aspm (Dave Wysochanski) [819614 769626]

[2.6.32-220.18.1.el6]
- [netdrv] iwlwifi: add option to disable 5Ghz band (Stanislaw Gruszka) [816226 812259]
- [netdrv] iwlwifi: cancel scan before nulify ctx->vif (Stanislaw Gruszka) [816225 801730]
- [netdrv] iwlwifi: do not nulify ctx->vif on reset (Stanislaw Gruszka) [816225 801730]
- [net] mac80211: workaround crash at ieee80211_mgd_probe_ap_send (Stanislaw Gruszka) [814657 808095]
- [net] bonding: 802.3ad - fix agg_device_up (Veaceslav Falico) [817466 806081]
- [scsi] st: fix memory leak with 1MB tape I/O (David Milburn) [816271 811703]


Related CVEs


CVE-2012-2121
CVE-2012-2136
CVE-2012-0044
CVE-2012-1179
CVE-2012-2119
CVE-2012-2123
CVE-2012-2137
CVE-2012-2372
CVE-2012-2373

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) kernel-2.6.32-220.23.1.el6.src.rpm2efe0244c47d4460f2a5e26bf9116978ELSA-2021-9212
kernel-2.6.32-220.23.1.el6.i686.rpm7eba029cde6f0a7a0d35ef26418a9617ELSA-2021-9212
kernel-debug-2.6.32-220.23.1.el6.i686.rpm924987a7bd376f2221a39b0f73f3dda7ELSA-2021-9212
kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm02bc70090c9bb1437150b03d4fb19c0eELSA-2021-9212
kernel-devel-2.6.32-220.23.1.el6.i686.rpmdb0be62c3725ce836b22dfd0eb8baa96ELSA-2021-9212
kernel-doc-2.6.32-220.23.1.el6.noarch.rpm802fc7aa4c04c4cb0e7053e43c5d3d90ELSA-2021-9212
kernel-firmware-2.6.32-220.23.1.el6.noarch.rpme43f0094ff5a8b811a4d523f506bd6ddELSA-2021-9212
kernel-headers-2.6.32-220.23.1.el6.i686.rpmb45769c04cdd51748fdd2d22c0e22db9ELSA-2021-9212
perf-2.6.32-220.23.1.el6.i686.rpm2d4c019fa2780f23861f6684f3eda46fELSA-2021-9212
python-perf-2.6.32-220.23.1.el6.i686.rpmb70d984fa362f6baf3e78c0b4e80a5edELSA-2021-9212
Oracle Linux 6 (x86_64) kernel-2.6.32-220.23.1.el6.src.rpm2efe0244c47d4460f2a5e26bf9116978ELSA-2021-9212
kernel-2.6.32-220.23.1.el6.x86_64.rpm1040df0f498977bb3b63c65dede975c2ELSA-2021-9212
kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm0a7df4ff0d786441817f7d7778b6e80eELSA-2021-9212
kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpmc58c1e8599c14d69441bdcddbbdf218fELSA-2021-9212
kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm317a1041731259c63eec059abf6efdaaELSA-2021-9212
kernel-doc-2.6.32-220.23.1.el6.noarch.rpm802fc7aa4c04c4cb0e7053e43c5d3d90ELSA-2021-9212
kernel-firmware-2.6.32-220.23.1.el6.noarch.rpme43f0094ff5a8b811a4d523f506bd6ddELSA-2021-9212
kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm379aa80f645dd8e2a38c12935aa20743ELSA-2021-9212
perf-2.6.32-220.23.1.el6.x86_64.rpm60617a357102b1317ee6be359618bc74ELSA-2021-9212
python-perf-2.6.32-220.23.1.el6.x86_64.rpmc973d722b3e7d8f3a57f79527d1ea083ELSA-2021-9212



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete