Oracle Errata System Oracle Linux 5.11 2024-09-21T18:57:03 Oracle Linux 5 [2.6.1-2.el5_1.1.0.1] - Added pegasus-enterprise.patch to allow detection of enterprise-release [2.6.1-2.el5_1.1] - Fix PAM authentication buffer overflow (CVE-2008-0003) Resolves: #427213 CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-0003 Oracle Linux 5 [1.32-15.4] - Fix integer overflows (#414611 / CVE-2007-5497) MODERATE Copyright 2008 Oracle, Inc. CVE-2007-5497 Oracle Linux 5 [2.2.3-12.el5_1.3.0.1] - use oracle index page oracle_index.html, update vstring and distro [2.2.3-12.el5_1.3] - further update to backport for CVE-2007-6421 (#427240) [2.2.3-12.el5_1.2] - updated backport for CVE-2007-6421 (#427240) [2.2.3-11.el5_1.1] - add security fixes for CVE-2007-6388, CVE-2007-6421 and CVE-2007-6422 (#427240) - add security fix for CVE-2007-4465, CVE-2007-5000 (#421631) - add security fix for mod_proxy_ftp UTF-7 XSS (#427745) MODERATE Copyright 2008 Oracle, Inc. CVE-2007-6422 CVE-2008-0005 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 Oracle Linux 5 [1.1.1-48.26.4.0.1] - Add Enterprise Linux detection [1.1.1-48.26.4] - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-5958.patch: Xorg / XFree86 file existence disclosure vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability IMPORTANT Copyright 2008 Oracle, Inc. CVE-2007-6428 CVE-2007-6427 CVE-2007-5958 CVE-2007-5760 CVE-2007-6429 Oracle Linux 5 [2.5.10-8.0.1] - Add patch libxml2-enterprise.patch, and other logo changes in tarball [2.5.10-8] - Patch to fix UTF-8 decoding problem CVE-2007-6284 - Resolves: rhbz#425930 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2007-6284 Oracle Linux 5 [7.4.19-1.el4_6.1] - Update to PostgreSQL 7.4.19 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 Resolves: #427135 MODERATE Copyright 2008 Oracle, Inc. CVE-2007-4769 CVE-2007-6600 CVE-2007-6067 CVE-2007-3278 CVE-2007-4772 CVE-2007-6601 Oracle Linux 5 [5.5.23-0jpp.3.0.3] - Patch for CVE-2007-5342 Resolves: bz# 427776 - Patch for CVE-2007-5461 Resolves: bz# 334561 MODERATE Copyright 2008 Oracle, Inc. CVE-2007-5461 CVE-2007-5342 Oracle Linux 5 wireshark-0.99.7-1.el5.0.1: [0.99.7-1.el5.0.1] - Add oracle-ocfs2-network.patch [0.99.7-1] - upgrade to 0.99.7 - switch to libsmi from net-snmp - disable ADNS due to its lack of Ipv6 support - Resolves: #397411 libsmi-0.4.5-2.el5: [0.4.5-2] - Handle rpath problems in 64-bit systems (#209522). [0.4.5-1] - Update to 0.4.5. [0.4.4-1] - Update to 0.4.4. [0.4.3-1] - First build. MODERATE Copyright 2008 Oracle, Inc. CVE-2007-6112 CVE-2007-6115 CVE-2007-6120 CVE-2007-6438 CVE-2007-6111 CVE-2007-6114 CVE-2007-6118 CVE-2007-6119 CVE-2007-6121 CVE-2007-6450 CVE-2007-6451 CVE-2007-6117 CVE-2007-6113 CVE-2007-6116 CVE-2007-6439 CVE-2007-6441 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 5 setroubleshoot: [2.0.5-3.0.1.el5] - replace missed references to bugzilla.redhat.com with linux.oracle.com [2.0.5-3] - Resolve: bug #436564: socket.getsockopt() on ppc generates exception Fix typo in original setroubleshoot-get_credentials.patch [2.0.5-2] - Resolve: bug #437857: python error in system shutdown - Resolve: bug #436564: socket.getsockopt() on ppc generates exception [2.0.5-1] - Resolve: bug #431768: parser error in xmlParseDoc() [2.0.3-3] - Resolve: bug #429179: notification-daemon crashes when a notification is removed from the display [2.0.3-2] - remove libuser-python dependency - Related: bug #224351 [2.0.2-1] - Resolve bug #428252: Problem with update/remove old version - Add code to validate xml database version, if file is incompatible it is not read, the next time the database is written it will be in the new version format. This means the database contents are not preserved across database version upgrades. - Remove postun trigger from spec file used to clear database between incompatible versions the new database version check during database read will handle this instead - bullet proof exit status in init script and rpm scriptlets - Resolve bug #247302: setroubleshoots autostart .desktop file fails to start under a KDE session - Resolve bug #376041: Cannot check setroubleshoot service status as non-root - Resolve bug #332281: remove obsolete translation - Resolve bug #344331: No description in gnome-session-properties - Resolve bug #358581: missing libuser-python dependency - Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin - Resolve bug #427260: German Translation - enhance the sealert man page [2.0.1-1] - make connection error message persist instead of timeout in browser - updated Brazilian Portuguese translation: Igor Pires Soares <igor@fedoraproject.org> - implement uid,username checks - rpc methods now check for authenticated state - fix html handling of summary string - add 'named' messages to status bar, make sure all messages either timeout or are named - fix ordering of menus, resolves bug #427418 - add 'hide quiet' to browser view filtering, resolves bug #427421 - tweak siginfo text formatting [2.0.0-1] - prepare for v2 test release - Completed most work for version 2 of setroubleshoot, prepare for test release - import Dans changes from the mainline primarily allow_postfix_local_write_mail_spool plugin - escape html, fix siginfo.format_html(), siginfo.format_text() - add async-error signal - change identity to just username - make sure set_filter user validation works and reports error in browser - fix generation of line numbers and host when connected to audispd - add permissive notification, resolves bug #231334: Wording doesnt change for permissive mode - resolves bug #244345: avc path information incomplete - get the uid,gid when a client connects to the server - set_filter now verifies the filter is owned by the user, - resolves bug #288261: setroubleshoot lack of user authentication - remove filter options which werent being used - change '@' in audit data hostname to '.' - remove restart dialog resolves bug #321171: sealerts dialog after update is higly confusing - fix rpc xml arg - fix handling of host value - tweak what fields are in signature - move data items which had been in 'avc' object into siginfo - clean up siginfo format - large parts of new audit data pipeline working, checkpoint - fix duplicate xml nodes when generating xml tree - audit event can now be xml serialized - switch from using ints for audit record types to strings - avoid conversion headaches and possibilty of not being able to convert a new unknown type - add logic to allow XmlSerialize to be subclassed and init_from_xml_node to be overridden - add support to xml serialize classes AuditEventID, AuditEvent, AuditRecord - use metaclass for xml class init - start adding xml support to audit data classes - Use metaclass to wrap class init - move xml serialization code from signature.py to xml_serialize.py - simplify aspect of the serialization code - add unstructured xml mapping, each xml element name has its content mapped to obj.name - modify xml serialization to be driven by xml contents - general clean up - checkpoint conversion of serialization to use metaclasses - clean up class/data specifications for XmlSerializable - add support for client rpc testing - add changelog entry - add SubProcess class to setroubleshootd in preparation to - run daemon as subprocess so we can gather results and compare them to the expected data we sent - rewrite all plugins to use new v2 audit data - add SubProcess class to setroubleshootd in preparation to run daemon as subprocess so we can gather results and compare them to the expected data we sent - add new test support: add config section 'test', add boolean 'analyze' to config test section, add class TestPluginReportReceiver which is installed if test.analyze is True, it prints analysis report. In test_setroubleshootd send AUDIT_EOE to assure sequential event processing so analysis results have same ordering as events that are sent by test_setroubleshootd - alert signatures now include host information, alerts will be grouped by host [1.10.7-1] - Fix spec file requires for opening an HTML page In configure.ac search for xdg-open and htmlview in priority order, set variable html_browser_open to the one found, in spec file require xdg-utils for fedora and htmlview for RHEL. - add 'Host' column in browser add 'Toggle Column Visibility' menu to toggle display of any column on/off - Resolves bug #310261: setroubleshoot notifications arent throttled - add support for AUDIT_EOE, end-of-event, if AUDIT_EOE immediately emit cached event. Disable timeouts used to flush events if AUDIT_EOE has been seen. [1.10.6-1] - make selinx-policy requires in spec file specific to dist tag [1.10.5-1] - update code for command line log file scanning to work with new log file scanning code introduced for the browser. - update Bulgarian translation (Doncho N. Gunchev (gunchev@gmail.com)) - update Polish translation (Piotr Drag (raven@pmail.pl)) - Resolves bug #239893: sealert wakes up very often This was caused by the use of threads and pygtks thread signal handling. The only use of threads in sealert was for log file scanning so that the UI would remain responsive during a scan. Threads in sealert have now been completely removed. Instead the scanning work is performed in a gobject idle function called from the main loop. The idle function is written as a python generator function which allows for the function to perform a small amount of work, save its execution state and return. The next time the idle function is called from the main loop it resumes execution from its last state until it decides to yield control again. This way the long running scan/analysis can be performed in small successive units of work during the time the application is otherwise idle and it does not interfere with the rest of the GUI event processing. Everything now occurs in an event loop, think of it as the applications process/thread scheduler whose event handlers execute time slices. - rewrote parts of the audit input pipeline to use generators instead of callbacks, thus permitting the logfile scanning code to yield control with more granularity. Also updated test_setroubleshootd and audisp_listen to use the new generator/yield logic. - rewrote the dialog used for scanning log files, progress bar updates are now in the dialog, the scan can be terminated part way through, errors from the scan are reported in pop-up dialog, one can only dismiss the dialog with success if the scan had been successfully run to completion, otherwise the user is only left with the option to cancel. - Relates bug #252035 bug #247469, setroubleshootd and sealert should exit if SELinux is disabled. - add utility functions escape_html() and unescape_html() - fix initial sort order in browser, track sort order in browser - modify AVC.get_path() to only return a value if the 'path' field is set, formerly it also considered the fields 'name' & 'file' which were incorrect. get_path() now also looks to see if the string begins with a slash for a fully qualified path, if not it looks to see if its a pseudo path such as 'pipe[12345]' or 'socket[12345]' and if so strips out the instance information inside the brackets and returns just the type of the pseudo path. This is done because we do not want path information in the signature to be unique for each instance of the denial. - modify the TimeStamp class to hide its internal datetime member, remove the cmp() method, the internal __cmp__ will be automatically invoked. - require selinux policy version in spec file to allow system dbus use - Resolves bug #256601: audit2allow generates incorrect syntax when comma ',' in denied list - update po i18n files - Add support for pruning database by age and size [1.10.4-1] - fix init script [1.10.3-1] - modify avc_audit.py to use new audit_data.py implementation - can listen for audit events on either /var/run/audit_events in bindary protocol mode or /var/run/audisp_events in text protocol mode [1.10.2-1] - remove all copied code from test_setroubleshootd, now we import from setroubleshoot - export ClientConnectionHandler from rpc.py as a base class. Derive SetroubleshootdClientConnectionHandler and AuditClientConnectionHandler from ClientConnectionHandler. - add audisp_listen as test program - create setroubleshoot sym link in top devel directory pointing to src so import setroubleshoot.foo if PYTHONPATH=topdir - add get_option, convert_cfg_type to config.py.in so that one can pass optional dict to override config file settings - rewrite log_init() so its easier for other programs to use it, fix the import logic concering log & config - remove log code from test_setroubleshoot, now just does import from setroubleshoot. - test_setroubleshootd can now handle audit records in both text and binary formats, can be selected by command line arg. It can now either output to clients connecting on a socket or to stdout. Can now optionally exit after N socket client connections. - remove non audit record lines from test data - remove config_init() and log_init() from package __init__.py It was the wrong place to call them, now call them when the process initializes before the first setroubleshoot imports - add parse_config_setting() and set_config() to config module - setroubleshootd now accepts -c --config command line arg - test_sectroubleshoot: add err defines & program_error exception add is_valid() tests to assure we read a valid audit record log the unrecognized line if not valid, clean up socket close() - Relates Bug #247056, update initscript to LSB standards Note: LSB initscripts in Fedora is not yet a resolved issue, the changes implemented were to add an LSB block and support the new LSB try-restart and force-reload commands. However the new /lib/lsb/init-functions are NOT currently used as this is the unstable part. [1.10.1-1] - add BuildRequires perl-XML-Parser [1.10.0-1] - move all plugins and their translations to independent package - wrap XML generation inside try/except - correct how access list is obtained in avc_auparse.py - add try/except around top level of AnalyzeThread.run so exceptions in the thread get reported and the analysis thread does not just die. - also add try/except around LogfileThread.process_logfile - add new function assure_file_ownership_permissions() - server now forces its database file permissions/ownership to be 0600 root:root - rpm now forces the servers database file permissions/ownership to be 0600 root:root - Resolves Bug #251545: Review Request: setroubleshoot-plugins - analysis plugins for setroubleshoot - clean up some other rpmlint warnings in setroubleshoot.spec - fix missing install of setroubleshoot icon and sym link to it - Resolves Bug #251551, setroubleshoot shows up in in wrong desktop menu also run desktop-file-install in rpm install - add /etc/dbus-1/system.d/setroubleshootd.conf dbus configuration file - Resolves Bug #250979, Bug #250932 Missing dependencies - Restore plugins/Makefile.am which got nuked somehow - remove dus.dbus_bindings.bus_name_has_owner(), deprecated as of F7 - wrap rpm transactions in try/except [1.9.7-1] - Resolves Bug# 241739, this bug is the lead bug for several bug reports, all consequences of the same problem, setroubleshootd/sealert when run in a non latin language environment because of incompatibilities in i18n encoding between components. [1.9.6-1] - add avc_auparse.py, now has option to use audit parsing library instead of built-in audit parsing. - fix bug in log file scanning and detail display update - Resolves Bug# 238516, python pkg directory not owned [1.9.5-1] - Update translations - Fix mislabeled file [1.9.4-1] - Remove disable_trans boolean - Check for paths in filesystem before suggesting chcon -R - Remove default to listen on local ports [1.9.3-1] - install icon in /usr/share/icons, refer to icon by name using standard API - Fix performance problems in setroubleshoot browser log file scanning - Significant rewrite of data/view management code in setroubleshoot browser. data and view now cleanly separated, can easily switch between data views while maintaining selections, view state, with proper update of status information in status area - Resolves Bug# 227806: right click context menu resets selection - Logfile scans now operate in independent thread, proper asynchronous updates of browser during scan, browser used to appear to hang - Resolved Bug# 224340: Rewrite Menu/Toobar/Popup to use UIManger instead of glade - Add toobar support - Implement GUI to edit email recipient list in setroubleshoot browser - Added user help to setroubleshoot browser - Related Bug# 224343: Fix setroubleshoot browser to respond to desktop theme changes - improve traceback error reporting in sealert - rewrite AboutDialog, replacing glade version - Resolves bug #229849 Bug# 230115, Related bug #221850: fix uuid code to resolve '_uuid_generate_random' is not defined error [1.9.2-1] - Suck in AuditMsg since audit libs are dropping support [1.9.1-1] - Split into server and gui packages [1.8.19-1] - Remove use of ctypes in uuid, which is causing bad avc messages [1.8.18-1] - Remove avc from Plugin.py [1.8.17-1] - Remove tempfile handling in util.py. Causes lots of avcs and is not used [1.8.16-1] - Resolved: Bug# 224343 sealerts 'Aditional Info:' text should be in white box - Resolved: Bug# 224336 sealert should have GtkRadioButtons in menu View - Related: bug #224351 Rewrite parts of logging support to better support changing output categories, output destinations. Now -v -V verbose works in sealert. - Resolves bug# 225161, granted AVCs incorrectly identified as a denial - add alert count to status bar - add 'Help' command to Help menu, opens web browser on wiki User FAQ [Dan Walsh <dwalsh@redhat.com>] - Make setroubleshoot.logrotate correctly [1.8.15-1] - Update po - Additional Plugins - Cleanup Plugins [1.8.14-1] - Resolved: bug# 221850 plugin module loading was failing in python 2.5 with the message 'SystemError: Parent module 'plugins' not loaded'. This is due to a change in behavior between python 2.4 and 2.5, in python 2.4 the lack of a parent module was silently ignored. The fix is to load plugins.__init__ first. [1.8.13-1] - update translations - change SETroubleshootDatabase so it is optional if its backed by a file, this fixes the problem of us littering temporary files when scanning logfiles which does not require persistence. - disable the view logfile menu item if no logfile has been opened - fix redundant log messages for case where there is no log file and the console flag is set. When there is no log file the logging module opens a console stream, thus the console stream produced by the console flag was redundant. - add username and password command line arguments rework startup logic so that all command line args are processed before we do any real work - rework the email preferences so that each email address can have a filter type associated with it. add a new filter_type 'Ignore After First Alert' which filters after the first alert has been delivered - add UI for setting the email addresses alerts are sent to. Add menu item to edit email list, add email list dialog. Remove 'recipient' config file entry, now list is stored in seperate file. Add rpc to query and set the email list, the GUI calls this to get the current list from the server and set it in the server, it is the server which reads and writes the file. Add 'enable' flag to each email entry. Modify how the server iterates over the email list when it receives an alert. When marking an alert as having been sent the username is the email address but with 'email:' prepended so as not to collide with non-email filtering options for the same user. [1.8.12-1] - remove obsolte requires for python element tree setroubleshoot-plugins: [2.0.4-2] - change requires setroubleshoot to requires setroubleshoot-server [2.0.4-1] - Resolve: bug #431768: parser error in xmlParseDoc() [2.0.3-2] - remove dependency on policycoreutils - Related: bug #224351 [2.0.2-1] - Add catchall_boolean.py plugin [2.0.1-1] - Resolve bug #332281: remove obsolete translation - Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin [2.0.0-1] - prepare for v2 test release [1.10.4-1] - Add allow_postfix_local_write_mail_spool plugin - Fix execute typo [1.10.3-1] - rewrite all plugins to use new v2 audit data [1.10.3-1] - Resolves bug #231762: Original PO strings bugs [1.10.2-1] - Change priority on use_nfs_home_dir to 55 [1.10.1-1] - add BuildRequires perl-XML-Parser [1.10.0-1] - move all plugins and their translations from setroubleshoot-server package to this new independent package to allow easier updating of just the plugins MODERATE Copyright 2008 Oracle, Inc. CVE-2007-5495 CVE-2007-5496 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 5 [1.2.2-1.0.3] - cve-2008-0006.patch: XFS Integer Overflow Vulnerability IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-0006 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:7:base Oracle Linux 5 [2.6.18-53.1.6.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [ORA 6045759] - [NET] Fix msi issue with kexec/kdump (Michael Chan) [ORA 6219364] - [MM] Fix alloc_pages_node() static `nid\' race made kernel crash (Joe Jin) [ORA 6187457] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [ORA 6263574] - [dio] fix error-path crashes (Linux Torvalds) [ORA 6242289] - [MM] Fix leak in hugepages, regression for shared pagetables patch (Adam Litke) [ORABUG 6732368] [2.6.18-53.1.6.el5] - [fs] corruption by unprivileged user in directories (Vitaly Mayatskikh ) [428796] {CVE-2008-0001} [2.6.18-53.1.5.el5] - [ia64] ptrace: access to user register backing (Roland McGrath ) [259801] - [fs] cifs: buffer overflow due to corrupt response (Jeff Layton ) [372991] - [net] s2io: correct VLAN frame reception (Andy Gospodarek ) [426289] - [net] s2io: allow VLAN creation on interfaces (Andy Gospodarek ) [426289] - [misc] tux: get rid of O_ATOMICLOOKUP (Michal Schmidt ) [426494] - [x86_64] fix race conditions in setup_APIC_timer (Geoff Gustafson ) [424181] - [fs] core dump file ownership (Don Howard ) [396991] - [nfs] let rpciod finish sillyrename then umount (Steve Dickson ) [414041] - [nfs] fix a race in silly rename (Steve Dickson ) [414041] - [nfs] clean up the silly rename code (Steve Dickson ) [414041] - [nfs] infrastructure changes for silly renames (Steve Dickson ) [414041] - [nfs] introduce nfs_removeargs and nfs_removeres (Steve Dickson ) [414041] - [ia64] remove stack hard limit (Aron Griffis ) [412091] - [fs] sysfs: fix race condition around sd->s_dentry (Eric Sandeen ) [245777] {CVE-2007-3104} - [fs] sysfs: fix condition check in sysfs_drop_dentry() (Eric Sandeen ) [245777] {CVE-2007-3104} - [fs] sysfs: store inode nrs in s_ino (Eric Sandeen ) [245777] {CVE-2007-3104} - [xen] ia64: vulnerability of copy_to_user in PAL emu (Jarod Wilson ) [425938] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2007-5904 CVE-2007-6206 CVE-2007-3104 CVE-2007-6416 CVE-2008-0001 Oracle Linux 5 [3.6-5.11.1] - Resolves: rhbz#429706 CVE-2007-4770 CVE-2007-4771 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2007-4771 CVE-2007-4770 Oracle Linux 5 [1.5.0.12-9.0.1] - Added Oracle specific links into default bookmarks [1.5.0.12-9] - Update to latest snapshot of Mozilla 1.8.0 branch - Added a patch with backported fixes from 1.8.1.12 CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0592 CVE-2008-0593 CVE-2008-0420 Oracle Linux 5 [2.3.27-8.3] - better fix for CVE-2007-6698 (#431407), now it fixes also modrdn operations [2.3.27-8.2] - fix CVE-2007-6698 (#431407) MODERATE Copyright 2008 Oracle, Inc. CVE-2007-6698 CVE-2008-0658 Oracle Linux 5 [2.6.18-53.1.13.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759] - [NET] Fix msi issue with kexec/kdump (Michael Chan) [orabug 6219364] - [MM] Fix alloc_pages_node() static `nid\' race made kernel crash (Joe Jin) [orabug 6187457] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [orabug 6263574] - [dio] fix error-path crashes (Linus Torvalds) [orabug 6242289] - [MM] Fix leak in hugepages, regression for shared pagetables patch (Adam Litke) [orabug 6732368] [2.6.18-53.1.13] - revert to 2.6.18-53.1.6.el5 - [x86_64] kernel vmsplice_to_pipe flaw (Alexander Viro ) [432252] {CVE-2008-0600} IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-0600 Oracle Linux 5 [8.4.13-5.EL5_1.1] - CVE-2008-0553 CVE-2007-5378 - GIF overflow and also GIF overflow Resolves: rhbz#432514 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-0553 CVE-2007-5137 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.2.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.1.0::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.2.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:linux:5:8:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 [6.2.8.0-4.el5_1.1] - backport functionality for CVE patches - Add patch for CVE-2007-1797 (#235071) - Add patch for CVE-2007-4988 (#310081) - Add patch for CVE-2007-4985 (#310091) - Add patch for CVE-2007-4986 (#310121) - Add patch for CVE-2008-1096 (#286411) - Add patch for CVE-2008-1097 (#285861) MODERATE Copyright 2008 Oracle, Inc. CVE-2007-1797 CVE-2008-1096 CVE-2008-1097 CVE-2007-4986 CVE-2007-4985 CVE-2007-4988 cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2.0.28-5.E4.1] - security fixes - Resolves: #432784 MODERATE Copyright 2008 Oracle, Inc. CVE-2006-4484 CVE-2007-0455 CVE-2007-3476 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 Oracle Linux 5 [2.6.18-53.1.14.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759] - [NET] Fix msi issue with kexec/kdump (Michael Chan) [orabug 6219364] - [MM] Fix alloc_pages_node() static `nid' race made kernel crash (Joe Jin) [orabug 6187457] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [orabug 6263574] - [dio] fix error-path crashes (Linus Torvalds) [orabug 6242289] [2.6.18-53.1.14.el5] - merge from 2.6.18-53.1.13 to 2.6.18-53.1.12 - [nfs] potential file corruption issue when writing (Jeff Layton ) [432078] - [ppc] chrp: fix possible strncmp NULL pointer usage (Vitaly Mayatskikh ) [396821] - [isdn] i4l: fix memory overruns (Vitaly Mayatskikh ) [425171] - [isdn] fix possible isdn_net buffer overflows (Aristeu Rozanski ) [392151] {CVE-2007-6063} - [mm] hugepages: leak due to pagetable page sharing (Larry Woodman ) [431522] - [net] NULL dereference in iwl driver (Vitaly Mayatskikh ) [401421] {CVE-2007-5938} - [misc] Denial of service with wedged processes (Jerome Marchand ) [221403] - [xen] ia64: hvm guest memory range checking (Jarod Wilson ) [408701] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2006-6921 CVE-2007-6063 CVE-2007-6694 CVE-2007-5938 CVE-2007-6207 Oracle Linux 5 [ 7.05-32.1.13] - Applied patch to fix CVE-2008-0411 (bug #433366). IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-0411 Oracle Linux 5 [1.2.4-11.14:.4] - Prevent double-free when a browsed class has the same name as a printer or vice versa (bug #433766, STR #2656). [1.2.4-11.14:.3] - pdftops: Fix invalid dereference from bad Info object (found during testing of bug #356571). [1.2.4-11.14:.2] - Applied patch to fix CVE-2007-4045 (bug #356571). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #356571). IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-0882 Oracle Linux 5 [1.0.0-6.3.el5_1] - CVE-2008-0595: D-Bus security policy circumvention - Resolves: #432437 [1.0.0-6.el5_1] - CVE-2006-6107: D-Bus denial of service - Resolves: #219601 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-0595 Oracle Linux 5 [1.6.1-17.el5_1.1] - add preliminary patch to fix use of uninitialized pointer / double-free in KDC (CVE-2008-0062,CVE-2008-0063) (#432620, #432621) - add backported patch to fix use-after-free in libgssapi_krb5 (CVE-2007-5901) (#415321) - add backported patch to fix double-free in libgssapi_krb5 (CVE-2007-5971) (#415351) - add preliminary patch to fix incorrect handling of high-numbered descriptors in the RPC library (CVE-2008-0947) (#433596) - fix storage of delegated krb5 credentials when they've been wrapped up in spnego (#436460) - return a delegated credential handle even if the application didn't pass a location to store the flags which would be used to indicate that credentials were delegated (#436465) - add patch to fall back to TCP kpasswd servers for kdc-unreachable, can't-resolve-server, and response-too-big errors (#436467) - use the right sequence numbers when generating password-set/change requests for kpasswd servers after the first one (#436468) - backport from 1.6.3 to initialize a library-allocated get_init_creds_opt structure the same way we would one which was allocated by the calling application, to restore kinit's traditional behavior of doing a password change right when it detects an expired password (#436470) CRITICAL Copyright 2008 Oracle, Inc. CVE-2007-5901 CVE-2007-5971 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 Oracle Linux 5 cups [1.2.4-11.14:.6] - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). [1.2.4-11.14:.5] - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). MODERATE Copyright 2008 Oracle, Inc. CVE-2008-0053 CVE-2008-1373 CVE-2008-0047 Oracle Linux 5 [3.0.3-41.el5_1.5] - Disable QEMU image format auto-detection CVE-2008-2004 (rhbz #444700) [3.0.3-41.el5_1.4] - Fix PVFB to validate frame buffer description (rhbz #443376) - Fix PVFB to cope with bogus update requests (rhbz #368931) [3.0.3-41.el5_1.3] - Fix QEMU buffer overflow CVE-2007-5730 (rhbz #360381) - Fix QEMU block device extents checking CVE-2008-0928 (rhbz #433560) [3.0.3-41.el5_1.2] - Fix FV O_DIRECT flushing (rhbz #435495) [3.0.3-41.el5_1.1] - Fixed xenbaked tmpfile flaw (CVE-2007-3919) (rhbz #350421) IMPORTANT Copyright 2008 Oracle, Inc. CVE-2007-3919 CVE-2007-5730 CVE-2008-1943 CVE-2008-0928 CVE-2008-1944 CVE-2008-2004 Oracle Linux 5 [2.16.1-5.1] Resolves: #436521 - don't unlock the screen when pwent lookup fails MODERATE Copyright 2008 Oracle, Inc. CVE-2008-0887 Oracle Linux 5 [1.5.0.12-14.0.1] - Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js [1.5.0.12-14] - Fix assertions from script [1.5.0.12-13] - Ensure wrappers are properly disposed of [1.5.0.12-12] - Update to latest snapshot of Mozilla 1.8.0 branch - Add patches for backported fixes from 1.8.1.13 CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-1233 CVE-2008-1235 CVE-2008-1236 CVE-2008-1234 CVE-2008-1237 CVE-2008-1238 CVE-2008-1241 Oracle Linux 5 [2.6.STABLE6-5.el5_1.3] - fix for #439801 - regression introduced in fix for CVE-2007-6239 - Resolves: #439992 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-1612 Oracle Linux 5 [2.16.1-8] Resolves: #436522 - rebuild against 5.1 nss [2.16.1-7] Resolves: #436522 - dont unlock the screen when pwent lookup fails [2.16.1-6] Resolves: #245345 - Add missing BuildRequires to fix fade in MODERATE Copyright 2008 Oracle, Inc. CVE-2008-0887 cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.5.0.12-15.el5_1.0.1] - Add firefox-oracle-default-bookmarks.html and firefox-oracle-default-prefs.js [1.5.0.12-15] - Update patchset to fix regressions as per 1.8.1.14 CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-1380 Oracle Linux 5 [2.6.18-53.1.19.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [ORA 6045759] - [NET] Fix msi issue with kexec/kdump (Michael Chan) [ORA 6219364] - [MM] Fix alloc_pages_node() static nid' race made kernel crash (Joe Jin) [ORA 6187457] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [ORA 6263574] - [dio] fix error-path crashes (Linux Torvalds) [ORA 6242289] [2.6.18-53.1.19.el5] - [xen] check num of segments in block backend driver (Bill Burns ) [378281] - [x86_64] update IO-APIC dest field to 8-bit for xAPIC (Dave Anderson ) [442922] - Update: [fs] fix race condition in dnotify (Alexander Viro ) [439758] {CVE-2008-1375} - Update: [xen] ia64: ftp stress test fixes between HVM/Dom0 (Tetsu Yamamoto ) [427400] {CVE-2008-1619} [2.6.18-53.1.18.el5] - Update: [fs] fix race condition in dnotify (Alexander Viro ) [439758] {CVE-2008-1375} [2.6.18-53.1.17.el5] - [fs] fix race condition in dnotify (Alexander Viro ) [439758] {CVE-2008-1375} - [pci] hotplug: PCI Express problems with bad DLLPs (Kei Tokunaga ) [440438] - [nfs] stop sillyrenames and unmounts from racing (Steve Dickson ) [440447] - [x86] clear df flag for signal handlers (Jason Baron ) [437316] {CVE-2008-1367} - [xen] ia64: ftp stress test fixes between HVM/Dom0 (Tetsu Yamamoto ) [427400] {CVE-2008-1619} - [xen] ia64: fix ssm_i emulation barrier and vdso pv (Tetsu Yamamoto ) [427400] {CVE-2008-1619} [2.6.18-53.1.16.el5] - [misc] fix range check in fault handlers with mremap (Vitaly Mayatskikh ) [428970] - [video] neofb: avoid overwriting fb_info fields (Anton Arapov ) [430253] [2.6.18-53.1.15.el5] - [libata] sata_nv: un-blacklist hitachi drives (David Milburn ) [433617] - [libata] sata_nv: may send cmds with duplicate tags (David Milburn ) [433617] - [s390] qdio: output queue stall on FCP and net devs (Hans-Joachim Picht ) [412071] - [xen] ia64: guest has bad network performance (Tetsu Yamamoto ) [433616] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1367 CVE-2008-1375 CVE-2008-1619 CVE-2007-5498 CVE-2008-0007 CVE-2008-1669 Oracle Linux 5 [1.0.5-4.el5_1.1] - Check for headers with invalid mode numbers (#442037, CVE-2008-1686) IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1686 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 5 [0.5.4-4.4] - Add CVE-2008-1693.patch (#442392). IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1693 Oracle Linux 5 [1.1.2-3.el5.2] - fix release tag Related: #444707 [1.1.2-3.el5.1] - fix CVE-2008-1420, CVE-2008-1419, CVE-2008-1423 Resolves: #444707 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1420 CVE-2008-1423 CVE-2008-1419 Oracle Linux 5 [2.6.18-53.1.21.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [ORA 6045759] - [NET] Fix msi issue with kexec/kdump (Michael Chan) [ORA 6219364] - [MM] Fix alloc_pages_node() static 'nid' race made kernel crash (Joe Jin) [ORA 6187457] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [ORA 6263574] - [dio] fix error-path crashes (Linux Torvalds) [ORA 6242289] [2.6.18-53.1.21.el5] - [misc] infinite loop in highres timers (Michal Schmidt ) [440001] - [video] PWC driver DoS (Pete Zaitcev ) [308521] - [x86_64] fix unprivileged crash on %cs corruption (Jarod Wilson ) [439787] - [net] ESP: ensure IV is in linear part of the skb (Thomas Graf ) [427247] - [cpufreq] booting with maxcpus=1 panics (Doug Chapman ) [429516] - [net] sunrpc: lockd recovery is broken (Steve Dickson ) [445360] - [cpufreq] don't take sem in cpufreq_quick_get (Doug Chapman ) [400821] - [cpufreq] remove hotplug cpu cruft (Doug Chapman ) [400821] - [cpufreq] governor: use new rwsem locking in work cb (Doug Chapman ) [400821] - [cpufreq] ondemand governor restructure the work cb (Doug Chapman ) [400821] - [cpufreq] rewrite lock to eliminate hotplug issues (Doug Chapman ) [400821] [2.6.18-53.1.20.el5] - [misc] fix softlockup warnings/crashes (Chris Lalancette ) [444402] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2007-6282 CVE-2007-5093 CVE-2008-1615 CVE-2007-6712 Oracle Linux 5 [1.1.17-2.0.1.el5_1.1] - Added libxslt-enterprise.patch and replaced doc/redhat.gif [1.1.17-2.el5_1.1] - fix a max number of steps in pattern match expressions bug - resolves: rhbz#446891 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1767 Oracle Linux 5 [3.0.28-1.el5_2.1] - Security fix for CVE-2008-1105 - Fix join verification - Fix smb signing - resolves: CVE-2008-1105 - resolves: #447380 - resolves: #444637 CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-1105 Oracle Linux 5 [2.0.5-12] - fix CVE-2007-5962: vsftpd memory leak when deny_file option is set - Resolves: #423001 [2.0.5-11] - add new option to log login failures based on user list - Resolves: #345791 - fix user_config_dir option - Resolves: #400921 - allow usernames starting with '_' or '.' - Resolves: #386561 - fix the write/race condition when uploading files simultaneously - Resolves: #240553 - fix the bug that causes every new file stored with STOU to have a prefix '.1' - Resolves: #392231 - make vsftpd wildcard matching more greedy - Resolves: #392181 LOW Copyright 2008 Oracle, Inc. CVE-2007-5962 Oracle Linux 5 [1.0.7-2] - LDAP+auth cache user login mixup (CVE-2007-6598, #427575) - insecure mail_extra_groups option (CVE-2008-1199, #436927) [1.0.7-1] - update to latest upstream, fixes a few bugs (#331441, #245249), plus two security vulnerabilities (CVE-2007-2231, CVE-2007-4211) - increased default login_process_size to 64 (#253363) LOW Copyright 2008 Oracle, Inc. CVE-2007-6598 CVE-2007-2231 CVE-2007-4211 CVE-2008-1199 Oracle Linux 5 [30:9.3.4-6.P1] - final 5.2 version - minor changes in initscript - improved patches for #250744 and #250901 [30:9.3.4-5.P1] - improved patch to handle D-BUS races (#240876) - updated named.root zone to affect root IPv6 migration [30:9.3.4-4.P1] - improved fix for #253537, posttrans script is now used - do not call restorecon on chroot/proc [30:9.3.4-3.P1] - CVE-2008-0122 (small buffer overflow in inet_network) [30:9.3.4-2.P1] - ship /usr/include/dst/gssapi.h file [30:9.3.4-1.P1] - CVE-2007-6283 (#419421) [30:9.3.4-0.9.2.P1] - added GSS-TSIG support to nsupdate (#251528) [30:9.3.4-0.9.1.P1] - updated L.ROOT-SERVERS.NET address in lib/dns/rootns.c file [30:9.3.4-0.9.P1] - fixed building of SDB stuff (#240788) - fixed race condition during DBUS initialization (#240876) - initscript LSD standardization (#242734) [command (#247148)] - fixed wrong perms of named's ldap schema (#250118) - supressed errors from chroot's specfile scripts (#252334) - fixed /dev/random SELinux labelling - added configtest to usage report from named initscript (#250744) - fixed rndc stop return value handler (#250901) - fixed named.log sync in bind-chroot-admin (#247486) - rebased to latest 9.3 maintenance release (9.3.4-P1, #353741) - updated named.root file (new L.ROOT-SERVERS.NET, #363531) - added GSS-TSIG support to named (#251528) - dropped patches (upstream) - bind-9.3.4.P1-query-id.patch - bind-9.3.3rc2-dbus-0.6.patch - bind-9.3.4-validator.patch - bind-9.3.4-nqueries.patch - updated patches - bind-9.3.2-tmpfile.patch MODERATE Copyright 2008 Oracle, Inc. CVE-2007-6283 CVE-2008-0122 Oracle Linux 5 [5.0.45-7] - Adjust thread stack requests to allow for platform-specific guard page size; necessary to prevent stack overrun on PPC with RHEL5's 64K page size. Resolves: #435391 - Remove calendar-dependent queries from 'view' test; necessary to get regression tests to pass after 2007. [5.0.45-6] - Back-port upstream fixes for CVE-2007-5925, CVE-2007-5969, CVE-2007-6303. Resolves: #422211 [5.0.45-1] - Update to MySQL 5.0.45 Resolves: #256501, #240813, #246309, #254012 Resolves: #280811, #316451, #349121, #367131 - Synchronize with current Fedora package, which is pretty well tested by now; see past bzs 245770, 241912, 233771, 221085, 223713, 203910, 193559, 199368 [5.0.22-3] - Fix CVE-2007-3780: remote DOS via bad password length byte Resolves: #257681 LOW Copyright 2008 Oracle, Inc. CVE-2007-2583 CVE-2007-2691 CVE-2006-4031 CVE-2006-4227 CVE-2006-7232 CVE-2007-1420 CVE-2007-3781 CVE-2007-3782 CVE-2007-2692 CVE-2006-0903 Oracle Linux 5 [253-12] - rebuild [253-11] - backport changes to group parsing from version 254 to fix heap corruption when parsing nested groups (#444031) [253-10] - remove unnecessary nss_ldap linkage to libnsl (part of #427370) [253-9] - rebuild [253-8] - incorporate Tomas Janouseks fix to prevent re-use of connections across fork() (#252337) [253-7] - add keyutils-libs-devel and libselinux-devel as a buildrequires: in order to static link with newer Kerberos (#427370) [253-6] - suppress password-expired errors encountered during referral chases during modify requests (#335661) - interpret server-supplied policy controls when chasing referrals, so that we dont give up when following a referral for a password change after reset (#335661) - dont attempt to change the password using ldap_modify if the password change mode is 'exop_send_old' (we already didnt for 'exop') (#364501) - dont drop the supplied password if the directory server indicates that the password needs to be changed because its just been reset: we may need it to chase a referral later (#335661) - correctly detect libresolv and build a URI using discovered settings, so that server discovery can work again (#254172) - honor the 'port' setting again by correctly detecting when a URI doesnt already specify one (#326351) LOW Copyright 2008 Oracle, Inc. CVE-2007-5794 Oracle Linux 5 [1.0.9-35z] - Added the warning.patch to fix some warning which were flaged by rpmdiff during the errata phasea (Errata 2008:0486) [1.0.9-34z] - Re-enabled tcp wrappers. (bz440119) MODERATE Copyright 2008 Oracle, Inc. CVE-2008-1376 Oracle Linux 5 [1.4.1-3] - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 (#447461, #447462, #447463) CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-1950 CVE-2008-1948 CVE-2008-1949 Oracle Linux 5 [1.31.0.1.el5_2.1] - Add oracle-enterprise-release.patch [1.31.el5_2.1] - Remove RPATH from shared libraries in sblim-cmpi-{dns,fsvol,network, nfsv3,nfsv4,samba,syslog} and create appropriate record in /etc/ld.so.conf.d (CVE-2008-1951) Resolves: #446859 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1951 Oracle Linux 5 [1.2.4-11.18:.1] - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). MODERATE Copyright 2008 Oracle, Inc. CVE-2008-1722 Oracle Linux 5 [1.1.1-48.41.0.1.el5_2.1] - Added Enterprise Linux detection [1.1.1-48.41.1] - cve-2008-1377.patch: Record and Security Extension Input validation - cve-2008-1379.patch: MIT-SHM extension Input Validation flaw - cve-2008-2360.patch: Render AllocateGlyph extension Integer overflows - cve-2008-2361.patch: Render CreateCursor extension Integer overflows - cve-2008-2362.patch: Render Gradient extension Integer overflows IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1377 CVE-2008-2361 CVE-2008-2362 CVE-2008-1379 CVE-2008-2360 Oracle Linux 5 [2.6.18-92.1.6.0.2.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [orabug 6263574] - [dio] fix error-path crashes (Linus Torvalds) [orabug 6242289] - [NET] fix netpoll race (Tina Yang) [orabugz 5791] [2.6.18-92.1.6.el5] - [x86] sanity checking for read_tsc on i386 (Brian Maly ) [447686 443435] [2.6.18-92.1.5.el5] - [x86_64] copy_user doesn't zero tail bytes on page fault (Vitaly Mayatskikh) [451275 451276] {CVE-2008-2729} [2.6.18-92.1.4.el5] - Revert: [misc] ttyS1 loses interrupt and stops transmitting (Simon McGrath ) [443071 440121] [2.6.18-92.1.3.el5] - [x86_64] fix possible data leaks in copy_from_user() routine (Anton Arapov ) [433944 433945] {CVE-2008-0598} [2.6.18-92.1.2.el5] - [misc] ttyS1 loses interrupt and stops transmitting (Simon McGrath ) [443071 440121] - [net] DCCP sanity check feature length (Anton Arapov ) [447395 447396] {CVE-2008-2358} - [misc] fix possible buffer overflow in ASN.1 parsing routine (Anton Arapov ) [444464 444465] {CVE-2008-1673} IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-2358 CVE-2008-2729 CVE-2008-0598 Oracle Linux 5 [5.8.8-10.0.1.el5_2.3] - Added patch perl-5.8.8-OEL-mock-build.patch to disable lib/Net/t/hostname.t so that build complete successfully in mock env. [5.8.8-10.el5.3] - CVE-2008-1927 perl: double free on regular expressions with utf8 characters - Resolves: #449323 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1927 Oracle Linux 5 [5.3.1-24.1] - fix buffer overflow in perl module (CVE-2008-2292) (#449897) - fix SNMPv3 authentication checks (unknown CVE) (#449897) MODERATE Copyright 2008 Oracle, Inc. CVE-2008-0960 CVE-2008-2292 Oracle Linux 5 bind: [9.3.4-6.0.1.P1] - CVE-2008-1447 selinux-policy: [2.4.6-137.1] - Allow named to bind to any udp port Resolves: #451971 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1447 Oracle Linux 5 [5.1.6-20.el5_2.1] - add security fixes for CVE-2007-5898, CVE-2007-4782, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 (#445923) MODERATE Copyright 2008 Oracle, Inc. CVE-2007-5898 CVE-2007-5899 CVE-2008-2051 CVE-2008-2107 CVE-2008-2108 CVE-2007-4782 Oracle Linux 5 [2.2.1-20] - Add freetype-2.3.5-CVEs.patch - Resolves: #450910 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1806 CVE-2008-1808 CVE-2008-1807 Oracle Linux 5 [1.8.5-5.el5_2.3] - CVE-2008-2376: Integer overflow in rb_ary_fill(). [1.8.5-5.el5_2.1] - security fixes. (#451928) - CVE-2008-2662: Integer overflow in rb_str_buf_append(). - CVE-2008-2663: Integer overflow in rb_ary_store(). - CVE-2008-2664: Unsafe use of alloca in rb_str_format(). - CVE-2008-2725: Integer overflow in rb_ary_splice(). - CVE-2008-2726: Integer overflow in rb_ary_splice(). MODERATE Copyright 2008 Oracle, Inc. CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2726 CVE-2008-2725 CVE-2008-2376 Oracle Linux 5 devhelp: [0.12-17] - Rebuild against xulrunner firefox: [3.0-2.0.1.el5] - Replaced the RedHat prefs and bookmarks with Oracle prefs and bookmarks - Add patch oracle-firefox-branding.patch [3.0-2] - Fixed firstrun homepage issue [3.0-1] - Update to Firefox 3 Final xulrunner: [1.9-1.0.1.el5] - Added xulrunner-oracle-default-prefs.js [1.9-1] - Update to 1.9 final yelp: [2.16.0-19] - rebuild against xulrunner CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-2798 CVE-2008-2799 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2801 CVE-2008-2810 CVE-2008-2811 CVE-2008-2800 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 Oracle Linux 5 [1.4.1-6] - Update the prototype for xrealloc() as well. - Fix bug 452978, cve-2008-1803 - Fix bug 452978, cve-2008-1801 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-1803 CVE-2008-1801 Oracle Linux 5 [7.0.109-4.4z] - fix netrw [7.0.109-4.3z] - fixes CVE-2008-3074 (tar plugin) - fixes CVE-2008-3075 (zip plugin) - fixes CVE-2008-3076 (netrw plugin) - fixes CVE-2008-4101 (keyword and tag lookup) [7.0.109-4.2z] - fix some issues with netrw and remote file editing caused by the CVE-2008-2712 patch [7.0.109-4.1z] - more fixes for CVE-2008-2712 [7.0.109-4.z] - fix release [7.0.109-3.1z] - rebuild for z stream [7.0.109-3.6] - re-enable debuginfo [7.0.109-3.5] - update netrw files for CVE-2008-2712 [7.0.109-3.4] - add fixes for CVE-2007-2953 and CVE-2008-2712 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-3075 CVE-2007-2953 CVE-2008-2712 CVE-2008-3074 CVE-2008-4101 CVE-2008-6235 Oracle Linux 5 bluez-libs: [3.7-1.1] - Fix CVE-2008-2374 Resolves: #452880 bluez-utils: [3.7-2.2] - Add explicit versioned Requires and BuildRequires for new bluez-libs [3.7-2.1] - Fix CVE-2008-2374 (#452715) SDP payload processing vulnerability MODERATE Copyright 2008 Oracle, Inc. CVE-2008-2374 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 5 [2.3.27-8.4] - fix CVE-2008-2952 (#453639) IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-2952 Oracle Linux 5 devhelp: [0.12-18] - Rebuild against xulrunner firefox: [3.0.1-1.0.1.el5] - Replaced the RedHat prefs and bookmarks with Oracle prefs and bookmarks - Add patch oracle-firefox-branding.patch - Update firstrun URL [3.0.1-1] - Update to Firefox 3.0.1 xulrunner: [1.9.0.1-1.0.1.el5] - Added xulrunner-oracle-default-prefs.js [1.9.0.1-1] - Update to 1.9.0.1 yelp: [2.16.0-20] - rebuild against xulrunner CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-2785 CVE-2008-2933 CVE-2008-3198 Oracle Linux 5 [2.6.18-92.1.10.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [orabug 6263574] - [dio] fix error-path crashes (Linus Torvalds) [orabug 6242289] - [NET] fix netpoll race (Tina Yang) [orabugz 5791] [2.6.18-92.1.10.el5] - [ia64] softlock: prevent endless warnings in kdump (Neil Horman ) [456117 453200] [2.6.18-92.1.9.el5] - [misc] signaling msgrvc() should not pass back error (Jiri Pirko ) [455278 452533] - [ia64] properly unregister legacy interrupts (Prarit Bhargava ) [450337 445886] [2.6.18-92.1.8.el5] - [net] randomize udp port allocation (Eugene Teo ) [454571 454572] - [tty] add NULL pointer checks (Aristeu Rozanski ) [453425 453154] {CVE-2008-2812} - [net] sctp: make sure sctp_addr does not overflow (David S. Miller ) [452482 452483] {CVE-2008-2826} - [sys] sys_setrlimit: prevent setting RLIMIT_CPU to 0 (Neil Horman ) [437121 437122] {CVE-2008-1294} - [net] sit: exploitable remote memory leak (Jiri Pirko ) [446038 446039] {CVE-2008-2136} - [misc] ttyS1 lost interrupt, stops transmitting v2 (Brian Maly ) [455256 451157] - [misc] ttyS1 loses interrupt and stops transmitting (Simon McGrath ) [443071 440121] [2.6.18-92.1.7.el5] - [x86_64]: extend MCE banks support for Dunnington, Nehalem (Prarit Bhargava ) [451941 446673] - [nfs] address nfs rewrite performance regression in RHEL5 (Eric Sandeen ) [448685 436004] - [mm] Make mmap() with PROT_WRITE on RHEL5 (Larry Woodman ) [450758 448978] - [i386]: Add check for supported_cpus in powernow_k8 driver (Prarit Bhargava ) [450866 443853] - [i386]: Add check for dmi_data in powernow_k8 driver (Prarit Bhargava ) [450866 443853] - [net] fix recv return zero (Thomas Graf ) [452231 435657] - [misc] kernel crashes on futex (Anton Arapov ) [450336 435178] - [net] Fixing bonding rtnl_lock screwups (Fabio Olive Leite ) [451939 450219] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1294 CVE-2008-2136 CVE-2008-2812 Oracle Linux 5 [5.5.23-0jpp.7.el5_2.1] - add patch for CVE-2008-1232 Resolves: rhbz#457727 - add patch for CVE-2008-1947 Resolves: rhbz#449916 - add patch for CVE-2008-2370 Resolves: rhbz#458634 - add patch for CVE-2008-2938 Resolves: rhbz#456214 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-2938 CVE-2008-1947 CVE-2008-2370 CVE-2008-1232 Oracle Linux 5 [1.1.17-2.0.1.el5_2.2] - Added libxslt-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.17-2.el5_2.2] - fix various problems in libexslt RC4 encryption/decryption functions - resolves: rhbz#456232 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-2935 cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2.45-1.el5.1] - update to new upstream version - fixes for CVE-2008-1447/CERT VU#800113 - Resolves: rhbz#454869 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-1447 Oracle Linux 5 [1.6.7-4.1.el5_2.4] - Applied patch to make hpssd message parser more robust (bug #457052). - Applied patches to fix insecure alert emails (bug #455235). MODERATE Copyright 2008 Oracle, Inc. CVE-2008-2941 CVE-2008-2940 cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2.6.26-2.1.2.3.0.1] - Add libxml2-enterprise.patch and update logos in tarball [2.6.26-2.1.2.3] - Patch to fix recursive entities handling CVE-2008-3281 - Resolves: rhbz#458095 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-3281 Oracle Linux 5 [2.3.3-2.1] - fixed postfix privilege problem with symlinks in the mail spool directory (CVE-2008-2936) Resolves: rhbz#456717 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-2936 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [3.8.2-7.el5.2] - Use -fno-strict-aliasing per rpmdiff recommendation [3.8.2-7.el5.1] - Fix LZW decoding vulnerabilities (CVE-2008-2327) Resolves: #458812 - Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't ship Resolves: #460120 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-2327 Oracle Linux 5 [0.6.5-9.3] - fix for DoS through various memory leaks (CVE-2008-3651 #456660, CVE-2008-3652 #458846) IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-3651 CVE-2008-3652 Oracle Linux 5 [4.3p2-26.el5_2.1] - CVE-2007-4752 - Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails (#280361) CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-3844 CVE-2007-4752 Oracle Linux 5 devhelp: [0.12-19] - Rebuild against xulrunner firefox: [3.0.2-3.0.1.el5] - Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html - Removed the corresponding files of Red Hat. - Added patch oracle-firefox-branding.patch - Update firstrun URL [3.0.2-3] - Update to Firefox 3.0.2 build 6 [3.0.2-2] - Update to Firefox 3.0.2 build 4 [3.0.2-1] - Update to Firefox 3.0.2 [3.0.1-2] - Fixed #447535 - RHEL 5.2 beta / upstream Firefox 3 beta 5 autoConfig broken - Fixed #445304 - HTML/index.html always redirects to en-US/index.html parallel compiles and -debuginfo packages nss: [3.12.1.1-1] - Update to NSS_3_12_1_RC2 [3.12.1.0-1] - Update to NSS_3_12_1_RC1 xulrunner: [1.9.0.2-5.0.1] - Added xulrunner-oracle-default-prefs.js - Remove its corresponding of Red Hat. [1.9.0.2-5] - Update to 1.9.0.2 build 6 [1.9.0.2-4] - Fixed firefox dependency (#445391) [1.9.0.2-3] - Update to 1.9.0.2 build 4 [1.9.0.2-2] - Fixed gecko version [1.9.0.2-1] - Update to 1.9.0.2 [1.9.0.1-2] - Updated provided gecko version yelp: [2.16.0-21] - rebuild against xulrunner CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-3837 CVE-2008-4058 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4060 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 Oracle Linux 5 [2.6.26-2.1.2.6.0.1] - Add libxml2-enterprise.patch and update logos in tarball [2.6.26-2.1.2.6] - Patch to fix an entity name copy buffer overflow CVE-2008-3529 - Resolves: rhbz#461023 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-3529 Oracle Linux 5 [2.6.18-92.1.13.0.1.el5] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759] - [splice] Fix bad unlock_page() in error case (Jens Axboe) [orabug 6263574] - [NET] fix netpoll race (Tina Yang) [orabugz 5791] [2.6.18-92.1.13.el5] - [md] fix crashes in iterate_rdev (Doug Ledford ) [460128 455471] - [sound] snd_seq_oss_synth_make_info info leak (Eugene Teo ) [458000 458001] {CVE-2008-3272} - [ipmi] control BMC device ordering (peterm@redhat.com ) [459071 430157] - [ia64] fix to check module_free parameter (Masami Hiramatsu ) [460639 457961] - [misc] NULL pointer dereference in kobject_get_path (Jiri Pirko ) [459776 455460] - [xen] ia64: SMP-unsafe with XENMEM_add_to_physmap on HVM (Tetsu Yamamoto ) [459780 457137] - [net] bridge: eliminate delay on carrier up (Herbert Xu ) [458783 453526] - [fs] dio: lock refcount operations (Jeff Moyer ) [459082 455750] - [misc] serial: fix break handling for i82571 over LAN (Aristeu Rozanski ) [460509 440018] - [fs] dio: use kzalloc to zero out struct dio (Jeff Moyer ) [461091 439918] - [fs] lockd: nlmsvc_lookup_host called with f_sema held (Jeff Layton ) [459083 453094] - [net] bnx2x: chip reset and port type fixes (Andy Gospodarek ) [441259 442026] [2.6.18-92.1.12.el5] - [mm] tmpfs: restore missing clear_highpage (Eugene Teo ) [426082 426083]{CVE-2007-6417} - [fs] vfs: fix lookup on deleted directory (Eugene Teo ) [457865 457866]{CVE-2008-3275} - [net] ixgbe: remove device ID for unsupported device (Andy Gospodarek ) [457484 454910] - [ppc] Event Queue overflow on eHCA adapters (Brad Peters ) [458779 446713] [2.6.18-92.1.11.el5] - [mm] xpmem: inhibit page swapping under heavy mem use (George Beshers ) [456946 456574] - [xen] HV: memory corruption with large number of cpus (Chris Lalancette ) [455768 449945] - [fs] missing check before setting mount propagation (Eugene Teo ) [454392 454393] - [openib] small ipoib packet can cause an oops (Doug Ledford ) [447913 445731] - [misc] fix race in switch_uid and user signal accounting (Vince Worthington ) [456235 441762 440830] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2007-6417 CVE-2007-6716 CVE-2008-3272 CVE-2008-2931 CVE-2008-3275 Oracle Linux 5 [1.0.3-4.0.1.el5_2] - Add oracle-ocfs2-network.patch [1.0.3-4] - fix pam session file, wireshark requires root pswd everytime its started [1.0.3-3] - fix pie flags [1.0.3-1] - upgrade to 1.0.3 - fixes several security issues - Resolves: #461569 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-1070 CVE-2008-1072 CVE-2008-1562 CVE-2008-3933 CVE-2008-1561 CVE-2008-3146 CVE-2008-3932 CVE-2008-3934 CVE-2008-1071 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-1563 Oracle Linux 5 [3.0.3-64.el5_2.3] - Fix overflow in qemu-img (rhbz #454651) [3.0.3-64.el5_2.2] - Correctly limit PVFB size CVE-2008-1952 (rhbz #447760) - Disable QEMU USB disk image format auto-detection CVE-2008-1945 (rhbz #445845) IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-1945 CVE-2008-1952 Oracle Linux 5 [1.0.3-4] - Resolves: #461587 fix cash on malformed archive file - CVE-2008-1372 (apply upstream patch) MODERATE Copyright 2008 Oracle, Inc. CVE-2008-1372 cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.8.5-5.el5_2.5] - Build with -fno-strict-aliasing. [1.8.5-5.el5_2.4] - security fixes. (#461590) - CVE-2008-3655: multiple insufficient safe mode restrictions. - CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption). - CVE-2008-3657: missing taintness checks in dl module. - CVE-2008-3905: use of predictable source port and transaction id in DNS requests done by resolv.rb module. - CVE-2008-3443: Memory allocation failure in Ruby regex engine (remotely exploitable DoS). - CVE-2008-3790: DoS vulnerability in the REXML module. MODERATE Copyright 2008 Oracle, Inc. CVE-2008-3656 CVE-2008-3905 CVE-2008-3443 CVE-2008-3655 CVE-2008-3657 CVE-2008-1145 CVE-2008-3790 Oracle Linux 5 [2.2.14-1.el5_2.1] - add backported fix for ccache permissions bypass when the existing_ticket option is used (CVE-2008-3825, #462112) MODERATE Copyright 2008 Oracle, Inc. CVE-2008-3825 Oracle Linux 5 [1.2.4-11.18:.2] - Applied patch to fix CVE-2008-3639 (STR #2918, bug #464721). - Applied patch to fix CVE-2008-3640 (STR #2919, bug #464721). - Applied patch to fix CVE-2008-3641 (STR #2911, bug #464721). IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-3641 CVE-2008-3640 CVE-2008-3639 Oracle Linux 5 [0.2-39] - add fix for CVE-2008-3916 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-3916 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 5 [2.6.18-92.1.17.0.1.el5] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - [NFS] nfs attribute timeout fix (Trond Myklebust) [orabug 7156607] [RHBZ 446083] - [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759] - [NET] fix netpoll race (Tina Yang) [orabugz 5791] [2.6.18-92.1.17.el5] - Revert: [nfs] pages of a memory mapped file get corrupted (Peter Staubach ) [450335 435291] [2.6.18-92.1.16.el5] - [i386] vDSO: use install_special_mapping (Peter Zijlstra ) [460275 460276] {CVE-2008-3527} - [scsi] aacraid: remove some quirk AAC_QUIRK_SCSI_32 bits (Tomas Henzl ) [466885 453472] - [fs] remove SUID when splicing into an inode (Eric Sandeen ) [464451 464452] {CVE-2008-3833} - [fs] open() allows setgid bit when user is not in group (Eugene Teo ) [463867 463687] {CVE-2008-4210} - [xen] ia64: fix INIT injection (Tetsu Yamamoto ) [467105 464445] [2.6.18-92.1.15.el5] - [pci] fix problems with msi interrupt management (Neil Horman ) [461894 428696] - [x86_64] revert time syscall changes (Prarit Bhargava ) [466427 461184] - [xen] allow guests to hide the TSC from applications (Chris Lalancette ) [378471 378481] {CVE-2007-5907} - [scsi] qla2xxx: additional residual-count correction (Marcus Barrow ) [465741 462117] - [char] add range_is_allowed check to mmap_mem (Eugene Teo ) [460858 460857] - [fs] binfmt_misc: avoid potential kernel stack overflow (Vitaly Mayatskikh ) [459464 459463] - [misc] cpufreq: fix format string bug (Vitaly Mayatskikh ) [459461 459460] - [dlm] user.c input validation fixes (David Teigland ) [458759 458760] - [nfs] pages of a memory mapped file get corrupted (Peter Staubach ) [450335 435291] - [x86_64] gettimeofday fixes for HPET, PMTimer, TSC (Prarit Bhargava ) [462860 250708] [2.6.18-92.1.14.el5] - [libata] ata_scsi_rbuf_get check for scatterlist usage (David Milburn ) [460638 455445] - [net] random32: seeding improvement (Jiri Pirko ) [458021 458019] - [x86_64] xen: local DOS due to NT bit leakage (Eugene Teo ) [457721 457722] {CVE-2006-5755} - [fs] cifs: fix O_APPEND on directio mounts (Jeff Layton ) [462591 460063] - [openib] race between QP async handler and destroy_qp (Brad Peters ) [458781 446109] - [net] dccp_setsockopt_change integer overflow (Vitaly Mayatskikh ) [459232 459235] {CVE-2008-3276} - [acpi] error attaching device data (peterm@redhat.com ) [460868 459670] - [mm] optimize ZERO_PAGE in 'get_user_pages' and fix XIP (Anton Arapov ) [452667 452668] {CVE-2008-2372} - [xen] xennet: coordinate ARP with backend network status (Herbert Xu ) [461457 458934] - [xen] event channel lock and barrier (Markus Armbruster ) [461099 457086] - [fs] fix bad unlock_page in pip_to_file() error path (Larry Woodman ) [462436 439917] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-2372 CVE-2008-3833 CVE-2006-5755 CVE-2007-5907 CVE-2008-3276 CVE-2008-4210 CVE-2008-3527 CVE-2008-4302 Oracle Linux 5 [2.8.5-28.1.1] - add patch for CVE-2008-4690 (rhbz#468184) - prompt user before executing commands from the lynxcgi: handler, even in the advanced user mode - mark all lynxcgi: URIs as untrusted in the default lynx.cfg - add patch to prevent lynx from opening configuration files in the current working directory (CVE to be assigned) (rhbz#214205) IMPORTANT Copyright 2008 Oracle, Inc. CVE-2006-7234 CVE-2008-4690 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 5 [2.2.3-11.0.1.el5_2.4] - use oracle index page oracle_index.html - update vstring and distro in specfile [2.2.3-11.el5_2.4] - add security fixes for CVE-2008-2364, CVE-2008-2939 (#468840) MODERATE Copyright 2008 Oracle, Inc. CVE-2008-2939 CVE-2008-2364 Oracle Linux 5 [5.3.1-24.2] - fix crash in bulk request processing (#469373) IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-4309 Oracle Linux 5 devhelp: [0.12-20] - Rebuild against xulrunner firefox: [3.0.4-1.0.1.el5] - Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html Removed the corresponding files of Red Hat. - Added patch oracle-firefox-branding.patch - Update firstrun URL in spec file [3.0.4-5] - Update to Firefox 3.0.4 - Removed firefox-2.0-getstartpage.patch (#454283) nss: [3.12.1.1-3] - Update to NSS_3_12_1_WITH_CKBI_1_72_RTM xulrunner: [1.9.0.4-1.0.1] - Added xulrunner-oracle-default-prefs.js [1.9.0.4-1] - Update to 1.9.0.4 [1.9.0.2-6] - Enabled safe-browsing (#463157) yelp: [2.16.0-22] - rebuild against xulrunner CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-0017 CVE-2008-5018 CVE-2008-5022 CVE-2008-5014 CVE-2008-5016 CVE-2008-5021 CVE-2008-5024 CVE-2008-5015 CVE-2008-5017 CVE-2008-5019 CVE-2008-5023 CVE-2008-5052 cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.8.5-5.el5_2.6] - security fix (#470262) - CVE-2008-4310: real fix for CVE-2008-3656. original patch named as fix for CVE-2008-3656 actually fixed different issue (CVE-2008-1145), hence we are providing correct patch and renaming original patch to refer to proper CVE. MODERATE Copyright 2008 Oracle, Inc. CVE-2008-4310 Oracle Linux 5 [1.4.1-3.1] - fix chain verification issue CVE-2008-4989 (#470079) MODERATE Copyright 2008 Oracle, Inc. CVE-2008-4989 Oracle Linux 5 [2.6.26-2.1.2.7.0.1] - Add libxml2-enterprise.patch and update logos in tarball [2.6.26-2.1.2.7] - two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226 - Resolves: rhbz#470474 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-4226 CVE-2008-4225 Oracle Linux 5 [2.7.0-2.0.1.el5_2.1] - Added pegasus-enterprise.patch to allow detection of enterprise-release [2.7.0-2.el5_2.1] - Fix local-or-remote-auth patch and enhance PAM security settings Resolves: #471370 IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-4313 CVE-2008-4315 Oracle Linux 5 [1.6.4-4.1.1] - fixed CVE-2008-3863 and CVE-2008-4306 MODERATE Copyright 2008 Oracle, Inc. CVE-2008-4306 CVE-2008-3863 cpe:/a:oracle:linux:5:6:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:7:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:8:base Oracle Linux 5 [2.6.18-92.1.22.0.1.el5] - [net] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759] - [net] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [mm] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - [nfs] nfs attribute timeout fix (Trond Myklebust) [orabug 7156607] [RHBZ 446083] - [xen] execshield: fix endless GPF fault loop (Stephen Tweedie) [orabug 7175395] [2.6.18-92.1.22.el5] - [misc] hugepages: ia64 stack overflow and corrupt memory (Larry Woodman ) [474347 472802] - [misc] allow hugepage allocation to use most of memory (Larry Woodman ) [474760 438889] [2.6.18-92.1.21.el5] - [misc] rtc: disable SIGIO notification on close (Vitaly Mayatskikh ) [465746 465747] [2.6.18-92.1.20.el5] - [input] atkbd: cancel delayed work before freeing struct (Jiri Pirko ) [461232 461233] - [drm] i915 driver arbitrary ioremap (Eugene Teo ) [464508 464509] {CVE-2008-3831} - [fs] don't allow splice to files opened with O_APPEND (Eugene Teo ) [466709 466710] {CVE-2008-4554} - [xen] x86: allow the kernel to boot on pre-64 bit hw (Chris Lalancette ) [470040 468083] - [net] ipv4: fix byte value boundary check (Jiri Pirko ) [469649 468148] - [ia64] fix ptrace hangs when following threads (Denys Vlasenko ) [469150 461456] - [net] sctp: INIT-ACK indicates no AUTH peer support oops (Eugene Teo ) [466081 466082] {CVE-2008-4576} - [input] atkbd: delay executing of LED switching request (Jiri Pirko ) [461232 461233] - [xen] ia64: make viosapic SMP-safe by adding lock/unlock (Tetsu Yamamoto ) [467727 466552] - [xen] allow guests to hide the TSC from applications (Chris Lalancette ) [378471 378481] {CVE-2007-5907} - [nfs] v4: don't reuse expired nfs4_state_owner structs (Jeff Layton ) [469650 441884] - [nfs] v4: credential ref leak in nfs4_get_state_owner (Jeff Layton ) [469650 441884] - [nfs] v4: Poll aggressively when handling NFS4ERR_DELAY (Jeff Layton ) [469650 441884] - [xen] ia64: speed up hypercall for guest domain creation (Tetsu Yamamoto ) [459080 456171] - [xen] use unlocked_ioctl in evtchn, gntdev and privcmd (Tetsu Yamamoto ) [459080 456171] - [xen] page scrub: serialise softirq with a new lock (Tetsu Yamamoto ) [459080 456171] - [xen] serialize scrubbing pages (Tetsu Yamamoto ) [459080 456171] - [nfs] pages of a memory mapped file get corrupted (Peter Staubach ) [450335 435291] - [x86_64] xen: fix syscall return when tracing (Chris Lalancette ) [470853 453394] [2.6.18-92.1.19.el5] - Revert: [xen] allow guests to hide the TSC from applications (Chris Lalancette ) [378471 378481] {CVE-2007-5907} - Revert: [xen] x86: allow the kernel to boot on pre-64 bit hw (Chris Lalancette ) [470040 468083] [2.6.18-92.1.18.el5] - [xen] x86: allow the kernel to boot on pre-64 bit hw (Chris Lalancette ) [470040 468083] IMPORTANT Copyright 2008 Oracle, Inc. CVE-2008-3831 CVE-2008-4554 CVE-2008-4576 Oracle Linux 5 [1.2.4-11.18:.3] - Applied patch to fix RSS subscription limiting (bug #473901, CVE-2008-5183). MODERATE Copyright 2008 Oracle, Inc. CVE-2008-5183 Oracle Linux 5 firefox : [3.0.5-1.0.1] - Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html - Removed the corresponding files of Red Hat. - Added patch oracle-firefox-branding.patch - Update firstrun URL in spec file [3.0.5-1] - Update to Firefox 3.0.5 nspr: [4.7.3-2] - Update to NSPR 4.7.3 nss: [3.12.2.0-2] - Update to NSS_3_12_2_RC1 - Use system zlib xulrunner: [1.9.0.5-1.0.1] - Added xulrunner-oracle-default-prefs.js CRITICAL Copyright 2008 Oracle, Inc. CVE-2008-5501 CVE-2008-5506 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5500 CVE-2008-5505 CVE-2008-5507 CVE-2008-5502 CVE-2008-5513