Oracle Errata System Oracle Linux 5.11 2024-09-21T19:09:02 Oracle Linux 5 [1:3.13-8.0.1] - Add ocfs2 support (Orabug: 14208111) [1:3.13-8] - Fix CVE-2012-3417 (incorrect use of tcp_wrappers) (Resolves: #841448) [1:3.13-7] - Fix parsing numeric arguments of setquota (Resolves: #831520) [1:3.13-6] - Do not use real domains in warnquota example (Resolves: #680429) - Use /proc/mounts for mountpoint scanning (Resolves: #689822) - Use rq_bsize to convert quotas transferred by RPC (bug #667360) - Make RPC block factor dynamic (bug #667360) LOW Copyright 2013 Oracle, Inc. CVE-2012-3417 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 Oracle Linux 5 [5.0.95-3] - Re-add patch for CVE-2009-4030, mistakenly removed in 5.0.95 rebase Resolves: CVE-2012-4452 [5.0.95-2] - Support rotation of mysqld log (though this is not enabled by default) Resolves: #647223 - Fix crash with EXPLAIN and prepared statements Resolves: #654000 - Adopt init script updates from the last Fedora init script (F-15) Resolves: #703476 LOW Copyright 2013 Oracle, Inc. CVE-2012-4452 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [8.4.13-6] - Fixed infinite loop in regex NFA optimization code Resolves: CVE-2007-4772 - Fixed O(N^2) compile time (and huge memory requirements) for some regexps Resolves: CVE-2007-6067 [8.4.13-5] - Threaded / nonthreaded versions of tcl are now switchable through alternatives Resolves: rhbz#478961 MODERATE Copyright 2013 Oracle, Inc. CVE-2007-6067 CVE-2007-4772 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 Oracle Linux 5 [2.0.16-16.el5] - ipmitool: fix ipmi command retry shifts replies (#863310) [2.0.16-15.el5] - ipmitool: added -b, -B, -l and -T options to ipmitool man page (#846596) - ipmitool: fixed man page documentation for delloem setled command (#797050) [2.0.16-14.el5] - ipmitool: fixed wrong permissions on ipmievd.pid (#834190) [2.0.16-13.el5] - ipmitool: updated delloem commands (#797050) - ipmitool: fixed exit code of 'ipmitool -o list' command (#740780) - ipmitool: disabled automatic bridging of SDR readings to IPMB in verbose mode (#749796) - ipmitool: fixed reporting of usage of various delloem subcommands (#658762) - added path to /sbin to lsmod and modprobe (#829705) LOW Copyright 2013 Oracle, Inc. CVE-2011-4339 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 Oracle Linux 5 [5.3.2.2-20.0.2.el5] - snmptrapd: Fix crash due to access of freed memory (John Haxby) [orabug 14391194] [5.3.2.2-20.0.1.el5] - suppress spurious asserts on 32bit [Greg Marsden] [5.3.2.2-20] - fixed error message when the address specified by clientaddr option is wrong or cannot be bound (#840861) [5.3.2.2-19] - fixed support for port numbers in 'clientaddr' configuration option (#840861, #845974) - added support of cvfs filesystem hrStorageTable (#846391) - removed various error log messages when IPv6 is disabled (#845155) - removed various error log messages related to counte64 expansions (#846905) [5.3.2.2-18] - added support of ocfs2, tmpfs and reiserfs in hrStorageTable (#754652, #755958, #822061) - updated documentation of '-c' option of snmptrapd (#760001) - fixed endless loop after truncating 64bit int (#783892) - fixed snmpd exiting shortly after startup due to incoming signal (#799699) - fixed decoding of COUNTER64 values from AgentX (#803585) - fixed engineID of outgoing traps if 'trapsess -e <engineID>' is used in snmpd.conf (#805689) - fixed CVE-2012-2141, an array index error in the extension table (#815813) - fixed snmpd showing 'failed to run mteTrigger query' when 'monitor' config option is used (#830042) - added support for port numbers in 'clientaddr' configuration option (#828691) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2141 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 [1.0.15-5.0.1.el5] - Added oracle-ocfs2-network.patch - increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633] [1.0.15-5] - fixed CVE-2012-4285, CVE-2012-4289, CVE-2012-4291 and CVE-2012-4290 (#849521) [1.0.15-4] - fixed NetDump dissector (#484999) [1.0.15-3] - fixed various flaws: CVE-2011-1959 CVE-2011-2175 CVE-2011-1958 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 [1.0.15-2] - fixed tshark -s option (#580513) - fixed tshark exit code when dumpcap fails (#580510) - fixed editing of columns in Wireshark preferences (#493693) - added netdump protocol dissector (#484999) - fixed tshark / Wireshark automatic filter when started in ssh connection over IPv6 (#438473) MODERATE Copyright 2013 Oracle, Inc. CVE-2011-1958 CVE-2011-4102 CVE-2012-0066 CVE-2011-2175 CVE-2012-4290 CVE-2012-4291 CVE-2011-1959 CVE-2012-0041 CVE-2012-4285 CVE-2012-4289 CVE-2012-0042 CVE-2012-0067 CVE-2011-2698 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.4.8-21.0.2.el5] - remove Redhat splash screen images from source [1.4.8-21.0.1.el5] - remove Redhat splash screen images - add README instead of README.RedHat [1.4.8-21] - change charset for zh_CN and zh_TW to utf-8 (#508686) [1.4.8-20] - fix header encoding issue (#241861) - fix code producing warnings in the log (#475188) [1.4.8-19] - patch for CVE-2010-2813 modified wrong file (#808598) - correct requirement is mod_php not php (#789353) - comply with RFC2822 line length limits (#745469) - document that SELinux boolean httpd_can_sendmail needs to be turned on (#745380) - add support for big UIDs on 32bit machines (#450780) - do not corrupt html attachments (#359791) LOW Copyright 2013 Oracle, Inc. CVE-2012-2124 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [0.8.2-29.0.1.el5] - Replaced docs/et.png in tarball - remove virshtest from test cases to fix failure in mock build root [libvirt-0.8.2-29.el5] - Coverity pointed out an use after free in the fix for 816601 (rhbz#772848) [libvirt-0.8.2-28.el5] - qemu: Rollback on used USB devices (rhbz#816601) - qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices (rhbz#816601) [libvirt-0.8.2-27.el5] - qemu: Delete USB devices used by domain on stop (rhbz#816601) [libvirt-0.8.2-26.el5] - Fix off-by-1 in virFileAbsPath. (rhbz#680289) - Fix autostart flag when loading running domains (rhbz#675319) - node_device: Avoid null dereference on error (rhbz#772848) - util: Avoid null deref on qcowXGetBackingStore (rhbz#772848) - docs: Improve virsh domxml-*-native command docs (rhbz#783001) - Clarify the purpose of domxml-from-native (rhbz#783001) - qemu: Add return value check (rhbz#772821) - storage: Avoid mishandling backing store > 2GB (rhbz#772821) - util: Avoid PATH_MAX-sized array (rhbz#816601) - qemu: Keep list of USB devices attached to domains (rhbz#816601) - qemu: Don't leak temporary list of USB devices (rhbz#816601) - usb: Create functions to search usb device accurately (rhbz#816601) - qemu: Call usb search function for hostdev initialization and hotplug (rhbz#816601) - usb: Fix crash when failing to attach a second usb device (rhbz#816601) LOW Copyright 2013 Oracle, Inc. CVE-2012-2693 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [0.12.2-64.0.2.el5] - Remove conga-enterprise.patch [0.12.2-64.0.1.el5] - Added conga-enterprise.patch - Added conga-enterprise-Carthage.patch to support OEL5 - Replaced redhat logo image in conga-0.12.2.tar.gz and Data.fs [0.12.2-64] - Improvements for bz786372 (Better protect luci's authentication cookie) - Improvements for bz607179 (Improper handling of session timeouts) [0.12.2-60] - Improvements for bz832185 (Luci cannot configure the 'identity_file' attribute for fence_ilo_mp) - Improvements for bz822633 (Add luci support for nfsrestart) [0.12.2-59] - Fix bz835649 (luci uninstall will leave /var/lib/luci/var/pts and /usr/lib*/luci/zope/var/pts behind) [0.12.2-58] - Fix bz832183 (Luci is missing configuration of ssl for fence_ilo) [0.12.2-57] - Fix bz835649 (luci uninstall will leave /var/lib/luci/var/pts and /usr/lib*/luci/zope/var/pts behind) [0.12.2-56] - Fix bz842865 (Conga unable to find/install packages due to line breaks in yum output) [0.12.2-55] - Add support for IBM iPDU fencing configuration (Resolves bz741986) [0.12.2-54] - Fix bz839732 (Conga Add a Service Screen is Missing Option for Restart-Disable Recovery Policy) [0.12.2-53] - Fix bz786372 (Better protect luci's authentication cookie) - Fix bz607179 (Improper handling of session timeouts) [0.12.2-52] - Fix bz822633 (Add luci support for nfsrestart) - Fix bz832181 (fence_apc_snmp is missing from luci) - Fix bz832183 (Luci is missing configuration of ssl for fence_ilo) - Fix bz832185 (Luci cannot configure the 'identity_file' attribute for fence_ilo_mp) LOW Copyright 2013 Oracle, Inc. CVE-2012-3359 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.8.5-27] - unintentional file creation caused by inserting an illegal NUL character * ruby-1.8.6-CVE-2012-4522-io.c-pipe_open-command-name-should-not-contain-null-.patch - Related: rhbz#867750 [1.8.5-26] - escaping vulnerability about Exception#to_s / NameError#to_s * ruby-1.8.7-p371-CVE-2012-4481.patch - Resolves: rhbz#867750 - unintentional file creation caused by inserting an illegal NUL character * ruby-1.8.6-CVE-2012-4522-io.c-rb_open_file-should-check-NUL-in-path.patch - Resolves: rhbz#867750 [1.8.5-25] - Resolve buffer overflow causing gem installation issues. * ruby-1.8.7-syck-avoid-buffer-overflow.patch - Resolves: rhbz#834381 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4522 CVE-2012-4481 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2.2.3-74.0.1.el5] - fix mod_ssl always performing full renegotiation (Joe Jin) [orabug 12423387] - replace index.html with Oracle's index page oracle_index.html - update vstring and distro in specfile [2.2.3-74] - further %post scriptlet fix (#752618, #867736) [2.2.3-73] - fix %post scriptlet output (#752618, #867736) [2.2.3-72] - add security fix for CVE-2008-0456 [2.2.3-71] - add security fix for CVE-2012-2687 (#850794) [2.2.3-70] - relax checks for status-line validity (#853128) [2.2.3-69] - mod_cache: fix header merging for 304 case, thanks to Roy Badami (#845532) - correct CVE reference in old changelog entry (#849160) [2.2.3-68] - mod_ssl: add _userID DN variable suffix for NID_userId (#840036) - fix handling of long chunk-line (#840845) - omit %posttrans daemon restart if /etc/sysconfig/httpd-disable-posttrans exists (#833042) [2.2.3-67] - add server aliases to 'httpd -S' output (#833043) - LSB compliance fixes for init script (#783242) - mod_ldap: add LDAPReferrals directive alias (#727342) [2.2.3-66] - check if localhost.key is valid (#752618) - mod_proxy_ajp: honour ProxyErrorOverride (#767890) - mod_ssl: fixed start with FIPS 140-2 mode enabled (#773473) LOW Copyright 2013 Oracle, Inc. CVE-2012-2687 CVE-2008-0455 CVE-2008-0456 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2.16.2-10.el5] - Prevent trash applet crashing (#848822) [2.16.2-9.el5] - Prevent deleting items linking out of the trash (#586015) - Do not stat every file on an ClearCase mvfs filesystem (#822817) - Do not silently skip directory having no read permission during copy (#772307) - Allow trashing symlink to filesystem root that does not support trashing (#621394) - CVE-2009-2473 gnome-vfs2 embedded neon: billion laughs DoS attack (#540548) LOW Copyright 2013 Oracle, Inc. CVE-2009-2473 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [5.0.1-0.rc2.177.0.1.el5] - apply fix from NetApp to use tcp before udp http://www.mail-archive.com/autofs@linux.kernel.org/msg07910.html (Bert Barbe) [orabug 6827898] [5.0.1-0.rc2.177.el5] - bz714766 - autofs /net maps do not refresh list of shares exported on the NFS server - disable hosts map HUP signal update. - Related: rhbz#714766 [5.0.1-0.rc2.176.el5] - bz859890 - no --timeout option usage demonstrated in auto.master FORMAT options man page section - add timeout option description to man page. - Resolves: rhbz#859890 [5.0.1-0.rc2.175.el5] - bz845503 - autofs initscript problems - fix status() return code now gets lost due to adding lock file check. - Related: rhbz#845503 [5.0.1-0.rc2.174.el5] - bz585058 - autofs5 init script times out before automount exits and incorrectly shows that autofs5 stop failed - fix don't wait forever for shutdown. - bz845503 - autofs initscript problems - don't unconditionaly call stop on restart. - fix usage message. - fix status return code when daemon is dead but lock file exists. - Related: rhbz#585058 rhbz#845503 [5.0.1-0.rc2.173.el5] - bz845503 - autofs initscript problems - don't use status() function in restart, it can't be relied upon. - Related: rhbz#845503 [5.0.1-0.rc2.172.el5] - bz845503 - autofs initscript problems - fix status call in restart must specify pid file name. - Related: rhbz#845503 [5.0.1-0.rc2.171.el5] - bz845503 - autofs initscript problems - make redhat init script more lsb compliant. - Resolves: rhbz#845503 [5.0.1-0.rc2.170.el5] - bz847101 - System unresponsiveness and CPU starvation when launching source code script - check negative cache much earlier. - dont use pthread_rwlock_tryrdlock(). - remove state machine timed wait. - Related: rhbz#847101 [5.0.1-0.rc2.169.el5] - bz714766 - autofs /net maps do not refresh list of shares exported on the NFS server - fix offset dir removal. - Related: rhbz#714766 [5.0.1-0.rc2.168.el5] - bz585058 - autofs5 init script times out before automount exits and incorrectly shows that autofs5 stop failed - make autofs wait longer for shutdown. - Resolves: rhbz#585058 [5.0.1-0.rc2.167.el5] - bz714766 - autofs /net maps do not refresh list of shares exported on the NFS server - fix expire race. - fix remount deadlock. - fix umount recovery of busy direct mount. - fix offset mount point directory removal. - remove move mount code. - fix remount of multi mount. - fix devce ioctl alloc path check. - refactor hosts lookup module. - remove cache update from parse_mount(). - add function to delete offset cache entry. - allow update of multi mount offset entries. - add hup signal handling to hosts map. - Resolves: rhbz#714766 [5.0.1-0.rc2.166.el5] - bz826633 - autofs crashes on lookup of a key containing a backslash - fix fix LDAP result leaks on error paths. - fix result null check in read_one_map(). - Resolves: rhbz#826633 [5.0.1-0.rc2.165.el5] - bz767428 - Fix autofs attempting to download entire LDAP map at startup - always read file maps multi map fix update. - report map not read when debug logging. - bz690404 - RFE: timeout option cannot be configured individually with multiple direct map entries - move timeout to map_source. - Resolves: rhbz#767428 rhbz#690404 LOW Copyright 2013 Oracle, Inc. CVE-2012-2697 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [3.9.8-15] - Another D-Bus fix, part of bug #501834. [3.9.8-14] - Create debugging files securely (CVE-2011-2722, bug #725830). [3.9.8-13] - Several parallel-install fixes (bug #501834). [3.9.8-12] - Applied patch to fix CVE-2010-4267, remote stack overflow vulnerability (bug #662740). LOW Copyright 2013 Oracle, Inc. CVE-2011-2722 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2.1.12-5] - resolves: bug#855308 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation LOW Copyright 2013 Oracle, Inc. CVE-2011-4966 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2.10.4-29] - Improve patch to parse CUPS user lpoptions file to avoid crashes on s390 and ia64 Resolves: #603809 [2.10.4-28] - Fix the filechooser not opening selected file when location entry is empty Resolves: #518483 [2.10.4-27] - Fix integer overflow in GdkPixbuf's XBM image file format loader (CVE-2012-2370) Resolves: #846252 [2.10.4-26] - Fix crash when drag and dropping notebook tabs Resolves: #830901 [2.10.4-25] - Fix a problem with Wacom tablets pen event positions when using dual head displays Resolves: #743658 [2.10.4-24] - Backport a patch to parse CUPS user lpoptions file. Resolves: #603809 LOW Copyright 2013 Oracle, Inc. CVE-2012-2370 cpe:/a:oracle:linux:5:9:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 firefox [10.0.12-1.0.1.el6_3] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [10.0.12-1] - Update to 10.0.12 ESR xulrunner [10.0.12-1.0.1.el6_3] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.12-1] - Update to 10.0.12 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0748 CVE-2013-0762 CVE-2013-0744 CVE-2013-0746 CVE-2013-0750 CVE-2013-0754 CVE-2013-0759 CVE-2013-0758 CVE-2013-0769 CVE-2013-0753 CVE-2013-0766 CVE-2013-0767 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [10.0.12-3.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [10.0.12-3] - Update to 10.0.12 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0753 CVE-2013-0758 CVE-2013-0767 CVE-2013-0746 CVE-2013-0759 CVE-2013-0748 CVE-2013-0766 CVE-2013-0744 CVE-2013-0750 CVE-2013-0762 CVE-2013-0754 CVE-2013-0769 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [1.7.0.9-2.3.4.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.4.1.el6] - Rewerted to IcedTea 2.3.4 - rewerted patch105: java-1.7.0-openjdk-disable-system-lcms.patch - removed jxmd and idlj to alternatives - make NOT executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - re-applied patch302 and restored systemtap.patch - buildver set to 9 - icedtea_version set to 2.3.4 - unapplied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - restored tmp-patches source tarball - removed /lib/security/US_export_policy.jar and lib/security/local_policy.jar - java-1.7.0-openjdk-java-access-bridge-security.patch's path moved from java.security-linux back to java.security - Resolves: rhbz#895033 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Resolves: rhbz#895033 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0422 CVE-2012-3174 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.1.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] [2.6.18-348.1.1] - [pci] intel-iommu: reduce max num of domains supported (Don Dutile) [886876 885125] - [fs] gfs2: Fix leak of cached directory hash table (Steven Whitehouse) [886124 831330] - [x86] mm: randomize SHLIB_BASE (Petr Matousek) [804953 804954] {CVE-2012-1568} - [net] be2net: create RSS rings even in multi-channel configs (Ivan Vecera) [884702 878209] - [net] tg3: Avoid dma read error (John Feeney) [885692 877474] - [misc] Fix unsupported hardware message (Prarit Bhargava) [885063 876587] - [net] ipv6: discard overlapping fragment (Jiri Pirko) [874837 874838] {CVE-2012-4444} - [usb] Fix serial port reference counting on hotplug remove (Don Zickus) [885700 845447] - [net] bridge: export its presence and fix bonding igmp reporting (Veaceslav Falico) [884742 843473] - [fs] nfs: move wait for server->active from put_super to kill_sb (Jeff Layton) [884708 839839] - [scsi] libfc: fix indefinite rport restart (Neil Horman) [884740 595184] - [scsi] libfc: Retry a rejected PRLI request (Neil Horman) [884740 595184] - [scsi] libfc: Fix remote port restart problem (Neil Horman) [884740 595184] - [xen] memop: limit guest specified extent order (Laszlo Ersek) [878449 878450] {CVE-2012-5515} - [xen] get bottom of EBDA from the multiboot data structure (Paolo Bonzini) [885062 881885] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-1568 CVE-2012-4444 CVE-2012-5515 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.1.1] - [pci] intel-iommu: reduce max num of domains supported (Don Dutile) [886876 885125] - [fs] gfs2: Fix leak of cached directory hash table (Steven Whitehouse) [886124 831330] - [x86] mm: randomize SHLIB_BASE (Petr Matousek) [804953 804954] {CVE-2012-1568} - [net] be2net: create RSS rings even in multi-channel configs (Ivan Vecera) [884702 878209] - [net] tg3: Avoid dma read error (John Feeney) [885692 877474] - [misc] Fix unsupported hardware message (Prarit Bhargava) [885063 876587] - [net] ipv6: discard overlapping fragment (Jiri Pirko) [874837 874838] {CVE-2012-4444} - [usb] Fix serial port reference counting on hotplug remove (Don Zickus) [885700 845447] - [net] bridge: export its presence and fix bonding igmp reporting (Veaceslav Falico) [884742 843473] - [fs] nfs: move wait for server->active from put_super to kill_sb (Jeff Layton) [884708 839839] - [scsi] libfc: fix indefinite rport restart (Neil Horman) [884740 595184] - [scsi] libfc: Retry a rejected PRLI request (Neil Horman) [884740 595184] - [scsi] libfc: Fix remote port restart problem (Neil Horman) [884740 595184] - [xen] memop: limit guest specified extent order (Laszlo Ersek) [878449 878450] {CVE-2012-5515} - [xen] get bottom of EBDA from the multiboot data structure (Paolo Bonzini) [885062 881885] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5515 CVE-2012-1568 CVE-2012-4444 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.28.1-8] - Remove spurious 'e' from glib2-devel requirement [2.28.1-7] - Bump version number [2.28.1-6] - Bump version number [2.28.1-5] - Add reachability.patch Remove UI about whether the is only reachable locally or not. Fix for CVE-2011-1164 - Bug #553477 [2.28.1-5] - Add upnp.patch Fix for CVE-2011-1165 - Bug #678846 [2.28.1-5] - Add clipboard-leak.patch Fix for CVE-2012-4429 - Bug #857250 [2.28.1-5] - Add vino-2.8.1-sanity-check-fb-update.patch Fix for CVE-2011-0904 and CVE-2011-0904 - Bugs #694456, #694455 [2.28.1-4] - Translation updates. Related: rhbz 575682 MODERATE Copyright 2013 Oracle, Inc. CVE-2011-0905 CVE-2011-1164 CVE-2012-4429 CVE-2011-0904 CVE-2011-1165 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 5 [5.0.95-5] - Rebuild to fix wrong package tag Related: #892679 [5.0.95-4] - Add patches for CVE-2012-2122, CVE-2012-2749, CVE-2012-5611 Resolves: #892679 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5611 CVE-2012-2749 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.2.0-17.el6_3.1] - Fix changelog issue. The dist tag was in each entry and changing the build release changed history. (#878219) [2.2.0-17.el6_3] - Use a secure method to distribute the IPA CA to clients, CVE-2012-5484 (#878219) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5484 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 [2.1.3-5.2] - Add missing man page option --ca-cert-file. (#878217) [2.1.3-5.1] - Fix python syntax backport issue in CVE patch. (#878217) [2.1.3-5] - Use secure method to retrieve IPA CA during client enrollment. CVE-2012-5484 (#878217) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5484 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [libvirt-0.9.10-21.0.1.el6_3.8] - Replace docs/et.png in tarball with blank image [0.9.10-21.el6_3.8] - rpc: Fix crash on error paths of message dispatching (CVE-2013-0170) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0170 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 nspr [4.9.2-0.1] - Retagging to ensure n-v-r is lower than the one for rhel-6.4 - Resolves: rhbz#891661 - [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR [4.9.2-1] - Resolves: rhbz#891661 - [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR nss [3.13.6-2.0.1.el6_3] - Added nss-vendor.patch to change vendor [3.13.6-2] - Retagging for rhel-6.3 z-stream - Update to NSS_3_13_6_RTM - Resolves: rhbz#891663 - Update to 3.13.5 for mozilla 10.0.6 - Resolves: rhbz#891151 [CVE-2013-0743] [3.13.6-1] - Update to NSS_3_13_6_RTM - Resolves: rhbz#891663 - Update to 3.13.5 for mozilla 10.0.6 - Resolves: rhbz#891151 [CVE-2013-0743] nss-util [3.13.6-1] - Update to NSS_3_13_6_RTM - Resolves: rhbz#891670 - [RFE] Rebase to NSS-UTIL >= 3.13.6 [3.13.5-1] - Resolves: rhbz#833763 - Update to 3.13.5 for Mozilla 10.0.6 IMPORTANT Copyright 2013 Oracle, Inc. cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 nspr [4.9.2-2] - NVR bump [4.9.2-1] - Resolves: rhbz#893372- [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR nss [3.13.6-3] - Fix changelog inconsistencies with commit and bug resolved - Resolves: rhbz#891149 [CVE-2013-0743] [3.13.6-2] - [CVE-2013-0743] - Resolves: rhbz#891149 - Dis-trust TURKTRUST mis-issued *.google.com certificate [3.13.6-1] - Update to NSS_3_13_6_RTM - Resolves: rhbz#893371 - [RFE] [RHEL5] Rebase to NSS >= 3.13.6 IMPORTANT Copyright 2013 Oracle, Inc. cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 abrt [2.0.8-6.0.1.el6_3.2] - Add abrt-oracle-enterprise.patch to be product neutral - Remove abrt-plugin-rhtsupport dependency for cli and desktop - Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot [2.0.8-6.2] - rebuild against new libreport (brew bug) - Related: #895442 [2.0.8-6.1] - don't follow symlinks - Related: #895442 libreport [2.0.9-5.0.1.el6_3.2] - Add oracle-enterprise.patch - Remove libreport-plugin-rhtsupport pkg [2.0.9-5.2] - in same cases we have to follow symlinks - Related: #895442 [2.0.9-5.1] - don't follow symlinks - Resolves: #895442 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5659 CVE-2012-5660 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [2.3.11-14.el6_3.1] - Fix CVE-2012-5669 (Use correct array size for checking 'glyph_enc') - Resolves: #903542 [2.3.11-14] - A little change in configure part - Related: #723468 [2.3.11-13] - Fix CVE-2012-{1126, 1127, 1130, 1131, 1132, 1134, 1136, 1137, 1139, 1140, 1141, 1142, 1143, 1144} - Properly initialize array 'result' in FT_Outline_Get_Orientation() - Check bytes per row for overflow in _bdf_parse_glyphs() - Resolves: #806269 [2.3.11-12] - Add freetype-2.3.11-CVE-2011-3439.patch (Various loading fixes.) - Resolves: #754012 [2.3.11-11] - Add freetype-2.3.11-CVE-2011-3256.patch (Handle some border cases.) - Resolves: #747084 [2.3.11-10] - Use -fno-strict-aliasing instead of __attribute__((__may_alias__)) - Resolves: #723468 [2.3.11-9] - Allow FT_Glyph to alias (to pass Rpmdiff) - Resolves: #723468 [2.3.11-8] - Add freetype-2.3.11-CVE-2011-0226.patch (Add better argument check for 'callothersubr'.) - based on patches by Werner Lemberg, Alexei Podtelezhnikov and Matthias Drochner - Resolves: #723468 [2.3.11-7] - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid 'runcnt' values.) - Resolves: #651762 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5669 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [2.7.6-6] - Synchronize patch-set with mainline-version. - Bump version to 5, 6. Related: rhbz#891477 [2.7.6-4] - Change release number to 4. - Added patch libxml2-Fix-an-off-by-one-pointer-access.patch - Added patch libxml2-Fix-a-segfault-on-XSD-validation-on-pattern-error.patch - Added patch libxml2-Fix-entities-local-buffers-size-problems.patch - Added patch libxml2-gnome-bug-561340-fix.patch - Added patch for CVE-2012-0841 - Added patch for CVE-2011-0216 - Added patch for CVE-2011-2834 - Added patch for CVE-2011-3919 - Added patch for CVE-2011-1944 - Added patch for CVE-2011-3905 Related: rhbz#891477 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-0841 CVE-2011-1944 CVE-2011-2821 CVE-2011-3102 CVE-2011-3919 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-2834 CVE-2011-3905 CVE-2012-5134 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [0.0.14-14.el6] - backport of upstream commit 30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741 support _ASYNC io calls and interrupt handling (busy wait) Related: #888364 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0241 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.1.67-1] - Update to 5.1.67, for assorted upstream bugfixes including CVEs announced in January 2013 Resolves: #901380 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-0574 CVE-2013-0384 CVE-2012-0572 CVE-2012-1705 CVE-2012-1702 CVE-2013-0389 CVE-2013-0383 CVE-2013-0375 CVE-2013-0385 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-279.22.1] - [virt] kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set (Petr Matousek) [862903 862904] {CVE-2012-4461} - [fs] fuse: optimize __fuse_direct_io() (Brian Foster) [865305 858850] - [fs] fuse: optimize fuse_get_user_pages() (Brian Foster) [865305 858850] - [fs] fuse: use get_user_pages_fast() (Brian Foster) [865305 858850] - [fs] fuse: pass iov[] to fuse_get_user_pages() (Brian Foster) [865305 858850] - [fs] mm: minor cleanup of iov_iter_single_seg_count() (Brian Foster) [865305 858850] - [fs] fuse: use req->page_descs[] for argpages cases (Brian Foster) [865305 858850] to fuse_req (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_do_ioctl() (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_perform_write() (Brian Foster) [865305 858850] - [fs] fuse: rework fuse_readpages() (Brian Foster) [865305 858850] - [fs] fuse: categorize fuse_get_req() (Brian Foster) [865305 858850] - [fs] fuse: general infrastructure for pages[] of variable size (Brian Foster) [865305 858850] - [fs] exec: do not leave bprm->interp on stack (Josh Poimboeuf) [880145 880146] {CVE-2012-4530} - [fs] exec: use -ELOOP for max recursion depth (Josh Poimboeuf) [880145 880146] {CVE-2012-4530} - [scsi] have scsi_internal_device_unblock take new state (Frantisek Hrbata) [878774 854140] - [scsi] add new SDEV_TRANSPORT_OFFLINE state (Chris Leech) [878774 854140] - [kernel] cpu: fix cpu_chain section mismatch (Frederic Weisbecker) [876090 852148] - [kernel] sched: Don't modify cpusets during suspend/resume (Frederic Weisbecker) [876090 852148] - [kernel] sched, cpuset: Drop __cpuexit from cpu hotplug callbacks (Frederic Weisbecker) [876090 852148] - [kernel] sched: adjust when cpu_active and cpuset configurations are updated during cpu on/offlining (Frantisek Hrbata) [876090 852148] - [kernel] cpu: return better errno on cpu hotplug failure (Frederic Weisbecker) [876090 852148] - [kernel] cpu: introduce cpu_notify(), __cpu_notify(), cpu_notify_nofail() (Frederic Weisbecker) [876090 852148] - [fs] nfs: Properly handle the case where the delegation is revoked (Steve Dickson) [846840 842435] - [fs] nfs: Move cl_delegations to the nfs_server struct (Steve Dickson) [846840 842435] - [fs] nfs: Introduce nfs_detach_delegations() (Steve Dickson) [846840 842435] - [fs] nfs: Fix a number of RCU issues in the NFSv4 delegation code (Steve Dickson) [846840 842435] [2.6.32-279.21.1] - [scsi] mpt2sas: fix for driver fails EEH recovery from injected pci bus error (Tomas Henzl) [888818 829149] - [net] bonding: Bonding driver does not consider the gso_max_size setting of slave devices (Ivan Vecera) [886618 883643] - [netdrv] tg3: Do not set TSS for 5719 and 5720 (John Feeney) [888215 823371] - [kernel] kmod: make __request_module() killable (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] kmod: introduce call_modprobe() helper (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] call_usermodehelper: simplify/fix UMH_NO_WAIT case (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [kernel] wait_for_helper: SIGCHLD from user-space can lead to use-after-free (Oleg Nesterov) [858755 819529] {CVE-2012-4398} - [net] sunrpc: Ensure that rpc_release_resources_task() can be called twice (Jeff Layton) [880928 878204] - [scsi] qla2xxx: Don't toggle RISC interrupt bits after IRQ lines are attached. (Chad Dupuis) [886760 826565] - [kernel] rcu: Remove function versions of __kfree_rcu and offset (Doug Ledford) [880085 873949] - [kernel] rcu: define __rcu address space modifier for sparse (Doug Ledford) [880085 873949] - [kernel] rcu: Add rcu_access_pointer and rcu_dereference_protected (Doug Ledford) [880085 873949] - [kernel] rcu: Add lockdep checking to rhel (Doug Ledford) [880085 873949] - [kernel] rcu: Make __kfree_rcu() less dependent on compiler choices (Doug Ledford) [880085 873949] - [kernel] rcu: introduce kfree_rcu() (Doug Ledford) [880085 873949] - [net] rcu: add __rcu API for later sparse checking (Doug Ledford) [880085 873949] - [infiniband] ipoib: Fix AB-BA deadlock when deleting neighbours (Doug Ledford) [880085 873949] - [infiniband] ipoib: Fix memory leak in the neigh table deletion flow (Doug Ledford) [880085 873949] - [infiniband] ipoib: Fix RCU pointer dereference of wrong object (Doug Ledford) [880085 873949] - [misc] Make rcu_dereference_bh work (Doug Ledford) [880085 873949] - [infiniband] ipoib: Use a private hash table for path lookup in xmit path (Doug Ledford) [880085 873949] [2.6.32-279.20.1] - [scsi] hpsa: Use LUN reset instead of target reset (Tomas Henzl) [884422 875091] - [char] tty: Fix possible race in n_tty_read() (Stanislaw Gruszka) [891580 765665] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4461 CVE-2012-4398 CVE-2012-4530 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 [3.0.3-142.el5_9.1] - libxc: move error checking next to the function which returned the error (rhbz 876997) - libxc: builder: limit maximum size of kernel/ramdisk (rhbz 876997) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4544 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1:1.6.0.0-1.54.1.11.6] - removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch - added patch8: 7201064.patch to be reverted - added patch9: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906707 [1:1.6.0.0-1.53.1.11.6] - added patch8 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906707 [1:1.6.0.0-1.51.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906707 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0425 CVE-2013-0429 CVE-2013-0441 CVE-2013-0443 CVE-2013-0445 CVE-2013-1480 CVE-2013-0427 CVE-2013-0434 CVE-2013-0435 CVE-2013-0450 CVE-2013-1478 CVE-2013-0424 CVE-2013-0433 CVE-2013-1475 CVE-2013-0440 CVE-2013-0442 CVE-2013-1476 CVE-2013-0426 CVE-2013-0428 CVE-2013-0432 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 [ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.33.1.11.6] - removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch - added patch9: 7201064.patch to be reverted - added patch10: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906705 [1:1.6.0.0-1.32.1.11.6] - added patch9 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906705 [1:1.6.0.0-1.31.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906705 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1476 CVE-2013-0424 CVE-2013-0432 CVE-2013-0425 CVE-2013-0428 CVE-2013-0440 CVE-2013-0441 CVE-2013-0443 CVE-2013-0445 CVE-2013-0429 CVE-2013-0442 CVE-2013-1475 CVE-2013-1480 CVE-2013-0434 CVE-2013-0435 CVE-2013-0450 CVE-2013-0426 CVE-2013-0427 CVE-2013-0433 CVE-2013-1478 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [1.7.0.9-2.3.5.3.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.5.3.el6_3] - Sync logging fixes with upstream (icedtea7-forest and jdk7u) [1.7.0.9-2.3.5.1.el6_3] - Removed 6664509 backout and added 8005615 to fix the issue [1.7.0.9-2.3.5.el6_3.1] - Backed out 6664509 and 7201064.patch which cause regressions [1.7.0.9-2.3.5.el6_3] - Bumped to 2.3.5 - Changed BR to java7-devel >= 1:1.7.0 as required by CORBA changes in 2.3.5 - Resolves: rhbz#906707 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0441 CVE-2013-0434 CVE-2013-0442 CVE-2013-0426 CVE-2013-0433 CVE-2013-0424 CVE-2013-0427 CVE-2013-0431 CVE-2013-0450 CVE-2013-1480 CVE-2013-0428 CVE-2013-0429 CVE-2013-0435 CVE-2013-0440 CVE-2013-1475 CVE-2013-1476 CVE-2013-0425 CVE-2013-0432 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-1478 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [0.12-0.21.pre5] - do not delegate GSSAPI credentials (CVE-2012-4545) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4545 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0:1.2.1-7.3] - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5784 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5784 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 [1:3.1-0.7] - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5783 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 firefox [17.0.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-4] - Added NM preferences [17.0.2-3] - Update to 17.0.2 ESR [17.0.1-2] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.2.b4] - Update to 17 Beta 4 [17.0-0.1.beta1] - Update to 17 Beta 1 libproxy [0.3.0-4] - Rebuild against newer gecko xulrunner [17.0.3-1.0.2] - Increase release number and rebuild. [17.0.3-1.0.1] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-5] - Fixed NetworkManager preferences - Added fix for NM regression (mozbz#791626) [17.0.2-2] - Added fix for rhbz#816234 - NFS fix [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-3] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.6.b5] - Update to 17 Beta 5 - Updated fix for rhbz#872752 - embeded crash [17.0-0.5.b4] - Added fix for rhbz#872752 - embeded crash [17.0-0.4.b4] - Update to 17 Beta 4 [17.0-0.3.b3] - Update to 17 Beta 3 - Updated ppc(64) patch (mozbz#746112) [17.0-0.2.b2] - Built with system nspr/nss [17.0-0.1.b2] - Update to 17 Beta 2 [17.0-0.1.b1] - Update to 17 Beta 1 yelp [2.28.1-17] - Rebuild against gecko 17.0.2 [2.28.1-15] - Build fixes for gecko 17 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0780 CVE-2013-0783 CVE-2013-0776 CVE-2013-0782 CVE-2013-0775 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [17.0.3-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-2] - Update to 17.0.2 ESR [17.0-2] - Update to 17.0 ESR [17.0b2-0.1] - Update to 17.0b2 [17.0b1-0.1] - Rebase to 17 beta 1 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0783 CVE-2013-0776 CVE-2013-0775 CVE-2013-0782 CVE-2013-0780 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1:1.6.0.0-1.56.1.11.8] - Rebuild with updated sources - Resolves: rhbz#911524 [1:1.6.0.0-1.55.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but working - Resolves: rhbz#911524 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1486 CVE-2013-0169 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 [ 1:1.6.0.0-1.35.1.11.8.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.35.1.11.8] - Rebuild with updated source tarball - Resolves: rhbz#911522 [1:1.6.0.0-1.34.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but valid - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911522 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0169 CVE-2013-1486 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [libvirt-0.10.2-18.0.1.el6] - Replace docs/et.png in tarball with blank image [0.10.2-18] - rpc: Fix crash on error paths of message dispatching (CVE-2013-0170) - spec: Disable libssh2 support (rhbz#513363) [0.10.2-17] - storage: Fix lvcreate parameter for backingStore. (rhbz#896398) - qemu: Don't return success if creation of snapshot save file fails (rhbz#896403) - qemu: Reject attempts to create snapshots with names containig '/' (rhbz#896403) [0.10.2-16] - qemu_agent: Remove agent reference only when disposing it (rhbz#892079) - Add RESUME event listener to qemu monitor. (rhbz#894085) [0.10.2-15] - snapshot: conf: Make virDomainSnapshotIsExternal more reusable (rhbz#889407) - snapshot: qemu: Separate logic blocks with newlines (rhbz#889407) - snapshot: qemu: Fix segfault and vanishing snapshots when redefining (rhbz#889407) - snapshot: qemu: Allow redefinition of external snapshots (rhbz#889407) - util: Prepare helpers for unpriv_sgio setting (rhbz#878578) - qemu: Add a hash table for the shared disks (rhbz#878578) - docs: Add docs and rng schema for new XML tag sgio (rhbz#878578) - conf: Parse and format the new XML (rhbz#878578) - qemu: Set unpriv_sgio when starting domain and attaching disk (rhbz#878578) - qemu: Check if the shared disk's cdbfilter conflicts with others (rhbz#878578) - qemu: Relax hard RSS limit (rhbz#891653) [0.10.2-14] - util: Add missing error log messages when failing to get netlink VFINFO (rhbz#889319) - util: Fix functions that retrieve SRIOV VF info (rhbz#889319) - util: Fix botched check for new netlink request filters (rhbz#889319) - blockjob: Fix memleak that prevented block pivot (rhbz#888426) - sanlock: Chown lease files as well (rhbz#820173) [0.10.2-13] - network: Prevent dnsmasq from listening on localhost (rhbz#886821) - sanlock: Re-add lockspace unconditionally (rhbz#820173) - Fix 'virsh create' example (rhbz#887187) - docs: Fix some typos in examples (rhbz#887187) - network: Don't require private addresses if dnsmasq uses SO_BINDTODEVICE (rhbz#882265) [0.10.2-12] - qemu: Eliminate bogus error log when changing netdev's bridge (rhbz#885838) - remote: Avoid the thread race condition (rhbz#866524) - storage: Error out earlier if the volume target path already exists (rhbz#832302) - dnsmasq: Fix parsing of the version number (rhbz#885727) - qemu: Restart CPUs with valid async job type when doing external snapshots (rhbz#885081) - examples: Fix balloon event callback (rhbz#884650) - util: Don't fail virGetGroupIDByName when group not found (rhbz#883832) - util: Don't fail virGetUserIDByName when user not found (rhbz#883832) - util: Rework error reporting in virGet(User|Group)IDByName (rhbz#883832) - util: Fix warning message in previous patch (rhbz#883832) [0.10.2-11] - Fix uninitialized variable in virLXCControllerSetupDevPTS (rhbz#880064) - storage: Fix device detach regression with cgroup ACLs (rhbz#876828) - storage: Fix bug of fs pool destroying (rhbz#878400) - qemu: Fix a crash when save file can't be opened (rhbz#880919) - bitmap: Fix typo to use UL type of integer constant in virBitmapIsAllSet (rhbz#876415) - virsh: Rewrite cmdDomDisplay (rhbz#878779) - network: Fix crash when portgroup has no name (rhbz#879473) - util: Capabilities detection for dnsmasq (rhbz#882265) - util: New virSocketAddrIsPrivate function (rhbz#882265) - network: Use dnsmasq --bind-dynamic when available (rhbz#882265) - storage: Fix scsi detach regression with cgroup ACLs (rhbz#876828) - libssh2_session: Support DSS keys as well (rhbz#878376) - virsh: Fix error messages in iface-bridge (rhbz#878376) - virsh: Check the return value of virStoragePoolGetAutostart (rhbz#878376) - conf: Check the return value of virXPathNodeSet (rhbz#878376) - conf: snapshot: Check return value of virDomainSnapshotObjListNum (rhbz#878376) - util: Fix virBitmap allocation in virProcessInfoGetAffinity (rhbz#878376) - virsh: Use correct sizeof when allocating cpumap (rhbz#878376) - rpc: Don't destroy xdr before creating it in virNetMessageEncodeHeader (rhbz#878376) - virsh: Do timing even for unusable connections (rhbz#878376) - conf: Fix uninitialized variable in virDomainListSnapshots (rhbz#878376) - Fix error handling in virSecurityManagerGetMountOptions (rhbz#878376) - conf: Prevent crash with no uuid in cephx auth secret (rhbz#878376) - conf: Fix virDomainNetGetActualDirect*() and BridgeName() (rhbz#881480) - virsh: Report errors if arguments of the schedinfo command are incorrect (rhbz#882915) - systemd: Require dbus service (rhbz#830201) - spec: Require dbus-daemon when using libvirtd in Fedora (rhbz#830201) - qemu: Don't free PCI device if adding it to activePciHostdevs fails (rhbz#877095) - util: Slightly refactor PCI list functions (rhbz#877095) - qemu: Fix memory (and FD) leak on PCI device detach (rhbz#877095) - util: Do not keep PCI device config file open (rhbz#877095) - node_memory: Improve the docs (rhbz#872656) - node_memory: Do not fail if there is parameter unsupported (rhbz#872656) - node_memory: Fix bug of node_memory_tune (rhbz#872656) [0.10.2-10] - Add note about numeric domain names to manpage (rhbz#824253) - Use virNetServerRun instead of custom main loop (rhbz#867246) - qemu: Fix RBD attach regression (rhbz#878862) - qemu: Stop recursive detection of image chains when an image is missing (rhbz#878862) - Fix exiting of libvirt_lxc program on container quit (rhbz#879360) - snapshot: qemu: Add support for external inactive snapshots (rhbz#876816) - conf: Fix private symbols exported by files in conf (rhbz#876816) - snapshot: qemu: Fix detection of external snapshots when deleting (rhbz#876816) - snapshot: Require user to supply external memory file name (rhbz#876816) - snapshot: Add two more filter sets to API (rhbz#876817) - snapshot: Add virsh back-compat support for new filters (rhbz#876817) - snapshot: Implement new filter sets (rhbz#876817) - snapshot: Expose location through virsh snapshot-info (rhbz#876817) - sanlock: Retry after EINPROGRESS (rhbz#820173) - storage: Fix logical volume cloning (rhbz#879780) - cpu: Add Intel Haswell cpu model (fix previous downstream definition) (rhbz#879282) - virsh: Report error when taking a snapshot with empty --memspec argument (rhbz#879130) - lxc: Don't crash if no security driver is specified in libvirt_lxc (rhbz#880064) - lxc: Avoid segfault of libvirt_lxc helper on early cleanup paths (rhbz#880064) [0.10.2-9] - util: Improve error reporting from absolutePathFromBaseFile helper (rhbz#874860) - storage: Fix broken backing chain (rhbz#874860) - nodeinfo: Add check and workaround to guarantee valid cpu topologies (rhbz#874050) - nodeinfotest: Add test data for 2 processor host with broken NUMA (rhbz#874050) - nodeinfotest: Add test data from a AMD bulldozer machine. (rhbz#874050) - virsh: save: Report an error if XML file can't be read (rhbz#876868) - virsh: Fix uninitialized variable in cmdSnapshotEdit (rhbz#877303) - qemu: Allow larger discrepency between memory & currentMemory in domain xml (rhbz#873134) [libvirt-0.10.2-8.el6] - iohelper: Don't report errors on special FDs (rhbz#866369) - esx: Yet another connection fix for 5.1 (rhbz#873538) - qemu: Don't corrupt pointer in qemuDomainSaveMemory() (rhbz#873537) - build: Place attributes in correct location (rhbz#873934) - Introduce new VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR event (rhbz#866388) - qemu: Emit event if 'cont' fails (rhbz#866388) - virsh: Make ,, escape parsing common (rhbz#874171) - virsh: Add snapshot-create-as memspec support (rhbz#874171) - qemu: Fix domain ID numbering race condition (rhbz#874330) - qemu: Allow migration to be cancelled at prepare phase (rhbz#873792) - AbortJob: Fix documentation (rhbz#873792) [libvirt-0.10.2-7.el6] - sanlock: Introduce 'user' and 'group' conf variables (rhbz#820173) - esx: Fix connection to ESX 5.1 (rhbz#865670) - cpu: Fix definition of flag smap (rhbz#797283) - util: Do a better job of matching up pids with their binaries (rhbz#871201) - qemu: Fix EmulatorPinInfo without emulatorpin (rhbz#871312) - build: Fix RPM build for non-x86 platforms (rhbz#820173) - qemu: Report errors from iohelper (rhbz#866369) - build: Fix linking with systemtap probes (rhbz#866369) - iohelper: Fdatasync() at the end (rhbz#866369) - net-update docs: S/domain/network/ (rhbz#872104) - cpu: Add newly added cpu flags (rhbz#838127) - cpu: Add AMD Opteron G5 cpu model (rhbz#838127) - cpu: Add Intel Haswell cpu model (rhbz#843087) - snapshot: New XML for external system checkpoint (rhbz#638512) - snapshot: Improve disk align checking (rhbz#638512) - snapshot: Populate new XML info for qemu snapshots (rhbz#638512) - snapshot: Merge pre-snapshot checks (rhbz#638512) - qemu: Fix possible race when pausing guest (rhbz#638512) - qemu: Clean up snapshot retrieval to use the new helper (rhbz#638512) - qemu: Split out domain memory saving code to allow reuse (rhbz#638512) - snapshot: Add flag to enable creating checkpoints in live state (rhbz#638512) - snapshot: qemu: Add async job type for snapshots (rhbz#638512) - snapshot: qemu: Rename qemuDomainSnapshotCreateActive (rhbz#638512) - snapshot: qemu: Add support for external checkpoints (rhbz#638512) - snapshot: qemu: Remove restrictions preventing external checkpoints (rhbz#638512) [libvirt-0.10.2-6.el6] - xml: Omit domain name from comment if it contains double hyphen (rhbz#868692) - cpu: Add recently added cpu feature flags. (rhbz#797283) - esx: Update version checks for vSphere 5.1 (rhbz#865670) - qemu: Add helper to prepare cpumap for affinity setting (rhbz#869096) - qemu: Keep the affinity when creating cgroup for emulator thread (rhbz#869096) - qemu: Prohibit chaning affinity of domain process if placement is 'auto' (rhbz#870099) - network: Fix networkValidate check for default portgroup and vlan (rhbz#868483) - qemu: Fix attach/detach of netdevs with matching mac addrs (rhbz#862515) - snapshot: Improve snapshot-list error message (rhbz#869100) - virsh: Remove --flags from nodesuspend (rhbz#869508) - virsh: Fix POD syntax (rhbz#870273) - xml: Print uuids in the warning (rhbz#868692) - blockjob: Support both RHEL and upstream qemu drive-mirror (rhbz#871055) [libvirt-0.10.2-5.el6] - qemu: Clear async job when p2p migration fails early (rhbz#867412) - qemu: Pin the emulator when only cpuset is specified (rhbz#867372) - qemu: Correctly wait for spice to migrate (rhbz#867724) - qemu: Fixed default machine detection in qemuCapsParseMachineTypesStr (rhbz#867764) - conf: Make tri-state feature options more universal (rhbz#864606) - conf: Add support for HyperV Enlightenment features (rhbz#864606) - qemu: Add support for HyperV Enlightenment feature 'relaxed' (rhbz#864606) - network: Set to NULL after virNetworkDefFree() (rhbz#866364) - qemu: Always format CPU topology (rhbz#866999) - qemu: Don't fail without emulatorpin or cpumask (rhbz#867372) - qemu: Allow migration with host USB devices (rhbz#843560) - qemu: Do not require hostuuid in migration cookie (rhbz#863059) - network: Free/null newDef if network fails to start (rhbz#866364) - migrate: v2: Use VIR_DOMAIN_XML_MIGRATABLE when available (rhbz#856864) - qemu: Avoid holding the driver lock in trivial snapshot API's (rhbz#772088) - storage: List more file types (rhbz#772088) - storage: Treat 'aio' like 'raw' at parse time (rhbz#772088) - storage: Match RNG to supported driver types (rhbz#772088) - storage: Use enum for default driver type (rhbz#772088) - storage: Use enum for disk driver type (rhbz#772088) - storage: Use enum for snapshot driver type (rhbz#772088) - storage: Don't probe non-files (rhbz#772088) - storage: Get entire metadata chain in one call (rhbz#772088) - storage: Don't require caller to pre-allocate metadata struct (rhbz#772088) - storage: Remember relative names in backing chain (rhbz#772088) - storage: Make it easier to find file within chain (rhbz#772088) - storage: Cache backing chain while qemu domain is live (rhbz#772088) - storage: Use cache to walk backing chain (rhbz#772088) - blockjob: Remove unused parameters after previous patch (rhbz#772088) - blockjob: Manage qemu block-commit monitor command (rhbz#772088) - blockjob: Wire up online qemu block-commit (rhbz#772088) - blockjob: Implement shallow commit flag in qemu (rhbz#772088) - blockjob: Refactor qemu disk chain permission grants (rhbz#772088) - blockjob: Properly label disks for qemu block-commit (rhbz#772088) - blockjob: Avoid segv on early error (rhbz#772088) - blockjob: Accommodate early RHEL backport naming (rhbz#772088) - virsh: Fix segfault of snapshot-list (rhbz#837544) - network: Always create dnsmasq hosts and addnhosts files, even if empty (rhbz#868389) - network: Don't allow multiple default portgroups (rhbz#868483) - selinux: Use raw contexts (rhbz#851981) - selinux: Add security selinux function to label tapfd (rhbz#851981) - selinux: Use raw contexts 2 (rhbz#851981) - selinux: Fix wrong tapfd relablling (rhbz#851981) - selinux: Remove unused variables in socket labelling (rhbz#851981) - selinux: Relabel tapfd in qemuPhysIfaceConnect (rhbz#851981) - storage: Let format probing work on root-squash NFS (rhbz#856247) - snapshot: Sanity check when reusing file for snapshot (rhbz#856247) - blockjob: Add qemu capabilities related to block jobs (rhbz#856247) - blockjob: React to active block copy (rhbz#856247) - blockjob: Return appropriate event and info (rhbz#856247) - blockjob: Support pivot operation on cancel (rhbz#856247) - blockjob: Make drive-reopen safer (rhbz#856247) - blockjob: Implement block copy for qemu (rhbz#856247) - blockjob: Allow for existing files in block-copy (rhbz#856247) - blockjob: Allow mirroring under SELinux and cgroup (rhbz#856247) - blockjob: Relabel entire existing chain (rhbz#856247) [libvirt-0.10.2-4.el6] - node_memory: Add new parameter field to tune the new sysfs knob (rhbz#840113) - daemon: Fix removing abstract namespaces (rhbz#859331) - tests: Fix domain-events python test (rhbz#839661) - conf: Fix crash with cleanup (rhbz#866288) - spec: Add runtime requirement for libssh2 (rhbz#866508) - spec: Require newer sanlock on recent distros (rhbz#832156) - spec: Require newer sanlock on recent distros 2 (rhbz#832156) [libvirt-0.10.2-3.el6] - conf: Rename life cycle actions to event actions (rhbz#832156) - conf: Add on_lockfailure event configuration (rhbz#832156) - locking: Add const char * parameter to avoid ugly typecasts (rhbz#832156) - locking: Pass hypervisor driver name when acquiring locks (rhbz#832156) - locking: Add support for lock failure action (rhbz#832156) - locking: Implement lock failure action in sanlock driver (rhbz#832156) - conf: Add support for startupPolicy for USB devices (rhbz#843560) - qemu: Introduce qemuFindHostdevUSBDevice (rhbz#843560) - qemu: Add option to treat missing USB devices as success (rhbz#843560) - qemu: Implement startupPolicy for USB passed through devices (rhbz#843560) - Add MIGRATABLE flag for virDomainGetXMLDesc (rhbz#843560) - qemu: Make save/restore with USB devices usable (rhbz#843560) - conf: Mark missing optional USB devices in domain XML (rhbz#843560) - security: Also parse user/group names instead of just IDs for DAC labels (rhbz#860519) - doc: Update description about security labels on formatdomain.html (rhbz#860519) - util: Extend virGetUserID and virGetGroupID to support names and IDs (rhbz#860519) - security: Update user and group parsing in security_dac.c (rhbz#860519) - doc: Update description about user/group in qemu.conf (rhbz#860519) - Fix kvm_pv_eoi with kvmclock (rhbz#860971) - Change qemuSetSchedularParameters to use AFFECT_CURRENT (rhbz#852260) - Fix handling of itanium arch name in QEMU driver (rhbz#863115) - Add a qemu capabilities cache manager (rhbz#863115) - Switch over to use cache for building QEMU capabilities (rhbz#863115) - Remove probing of flags when launching QEMU guests (rhbz#863115) - Remove probing of machine types when canonicalizing XML (rhbz#863115) - Remove probing of CPU models when launching QEMU guests (rhbz#863115) - Make qemuCapsProbeMachineTypes & qemuCapsProbeCPUModels static (rhbz#863115) - Remove xenner support (rhbz#863115) - Refactor guest init to support qemu-system-i386 binary too (rhbz#863115) - Add a qemuMonitorGetVersion() method for QMP query-version command (rhbz#863115) - Add a qemuMonitorGetMachines() method for QMP query-machines command (rhbz#863115) - Add a qemuMonitorGetCPUDefinitions method for QMP query-cpu-definitions command (rhbz#863115) - Add a qemuMonitorGetCommands() method for QMP query-commands command (rhbz#863115) - Add a qemuMonitorGetEvents() method for QMP query-events command (rhbz#863115) - Add a qemuMonitorGetObjectTypes() method for QMP qom-list-types command (rhbz#863115) - Add a qemuMonitorGetObjectProps() method for QMP device-list-properties command (rhbz#863115) - Add a qemuMonitorGetTargetArch() method for QMP query-target command (rhbz#863115) - Remove some unused includes in QEMU code (rhbz#863115) - Move command/event capabilities detection out of QEMU monitor code (rhbz#863115) - Fix regression starting QEMU instances without query-events (rhbz#863115) - Refactor qemuCapsParseDeviceStr to work from data tables (rhbz#863115) - Fix QEMU test with 1.2.0 help output (rhbz#863115) - Ignore error from query-cpu-definitions (rhbz#863115) - Fix potential deadlock when agent is closed (rhbz#859712) - Fix (rare) deadlock in QEMU monitor callbacks (rhbz#859712) - Convert virLXCMonitor to use virObject (rhbz#864336) - Remove pointless virLXCProcessMonitorDestroy method (rhbz#864336) - Simplify some redundant locking while unref'ing objects (rhbz#859712) - Fix deadlock in handling EOF in LXC monitor (rhbz#864336) - Avoid bogus I/O event errors when closing the QEMU monitor (rhbz#859712) - qemu: Fix parsing of x86 CPU models (rhbz#864097) - python: Keep consistent handling of Python integer conversion (rhbz#816609) - esx: Fix and improve esxListAllDomains function (rhbz#864384) - virsh: Block SIGINT while getting BlockJobInfo (rhbz#845448) - spec: Add support for libssh2 transport (rhbz#513363) - Revert 'Use XDG Base Directories instead of storing in home directory' (rhbz#859331) [(rhbz#855218)] - conf: Ignore vcpupin for not onlined vcpus when parsing (rhbz#855218) - conf: Initialize the pinning policy for vcpus (rhbz#855218) - qemu: Create or remove cgroup when doing vcpu hotpluging (rhbz#857013) - qemu: Initialize cpuset for hotplugged vcpu as def->cpuset (rhbz#855218) - conf: Ignore emulatorpin if vcpu placement is auto (rhbz#855218) - qemu: Ignore def->cpumask if emulatorpin is specified (rhbz#855218) [(rhbz#855218)] - conf: Fix virDevicePCIAddressEqual args (rhbz#805071) - conf: VirDomainDeviceInfoCopy utility function (rhbz#805071) - qemu: Reorganize qemuDomainChangeNet and qemuDomainChangeNetBridge (rhbz#805071) - Add support for SUSPEND_DISK event (rhbz#839661) [libvirt-0.10.2-2.el6] - qemu: Wait for SPICE to migrate (rhbz#836135) - lxc: Correctly report active cgroups (rhbz#860907) - network: Backend for virNetworkUpdate of interface list (rhbz#844404) - Fix start of containers with custom root filesystem (rhbz#861564) - Correct checking of virStrcpyStatic() return value (rhbz#864122) [libvirt-0.10.2-1.el6] - New build based on upstream release 0.10.2 (rhbz#836934) - network: define new API virNetworkUpdate - add support for QEmu sandbox support - blockjob: add virDomainBlockCommit - New APIs to get/set Node memory parameters - new API virConnectListAllSecrets - new API virConnectListAllNWFilters - new API virConnectListAllNodeDevices - new API virConnectListAllInterfaces - new API virConnectListAllNetworks - new API virStoragePoolListAllVolumes - Add PMSUSPENDED life cycle event - new API virStorageListAllStoragePools - Add per-guest S3/S4 state configuration - qemu: Support for Block Device IO Limits - a lot of bug fixes, improvements and portability work [libvirt-0.10.2-0rc1.el6] - New build based on upstream release candidate 1 of 0.10.2 (rhbz#836934) [libvirt-0.10.1-2.el6] - Don't assume use of /sys/fs/cgroup (rhbz#842979) [libvirt-0.10.1-1.el6] - New build based on upstream release 0.10.1 (rhbz#836934) - many fixes on top of 0.10.0 [libvirt-0.10.0-1.el6] - New build based on upstream release 0.10.0 (rhbz#836934) - agent: add qemuAgentArbitraryCommand() for general qemu agent command - Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo functions - network: use firewalld instead of iptables, when available - network: make network driver vlan-aware - esx: Implement network driver - Various LXC improvements - Add virDomainGetHostname - a lot of bug fixes, improvements and portability work [libvirt-0.10.0-0rc1.el6] - New build based on upstream snapshot 0.10.0-0rc1 (rhbz#836934) [libvirt-0.10.0-0rc0.el6] - New build based on upstream snapshot 0.10.0-0rc0 (rhbz#836934) - Cleanup and rebase of the few RHEL-only patches [libvirt-0.9.13-3.el6] - fix the package split to be similar to 6.3 one instead of upstream [libvirt-0.9.13-2.el6] - fix a package dependency problem making -1 uninstallable [libvirt-0.9.13-1.el6] - first rebase for 6.4 more to come - kvm-guest failed to start; double-close bug in libvirt (rhbz#823716) - potential to deadlock libvirt on EPIPE (rhbz#827234) - fix keepalive issues (rhbz#832081) - CPU topology parsing bug on special NUMA platform (rhbz#828729) - libvirtd will crash when tight loop of hotplug/unplug PCI device (rhbz#822373) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-3411 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.48-13] - Fix the DHCP RELEASE problem when two or more dnsmasq instances are running (rhbz#887156) [2.48-12] - Fixing initscript restart stop functions (rhbz#850944) [2.48-11] - Revert previous changes because of many problems with --bind-dynamic option backport. - Dropping dnsmasq-2.48-add-bind-dynamic-option.patch - Set SO_BINDTODEVICE socket option when using --bind-interfaces (rhbz#884957) [2.48-10] - Fixed dnsmasq-2.48-add-bind-dynamic-option.patch - the option --bind-dynamic was not set correctly when used [2.48-9] - Added cc flag -fno-strict-aliasing to solve Testsuite regressions [2.48-8] - Fix CVE-2012-3411 (rhbz#882251) [2.48-7] - Fix lease-change script (rhbz#815819) - Check tftp-root exists and is accessible at startup (rhbz#824214) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-3411 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.6.32-358.el6] - [fs] Fix sget() race with failing mount (Eric Sandeen) [883276] [2.6.32-357.el6] - [virt] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests (Andrew Jones) [896050] {CVE-2013-0190} - [block] sg_io: use different default filters for each device class (Paolo Bonzini) [875361] {CVE-2012-4542} - [block] sg_io: prepare for adding per-device-type filters (Paolo Bonzini) [875361] {CVE-2012-4542} - [virt] virtio-blk: Don't free ida when disk is in use (Asias He) [870344] - [netdrv] mlx4: Remove FCS bytes from packet length (Doug Ledford) [893707] - [net] netfilter: nf_ct_reasm: fix conntrack reassembly expire code (Amerigo Wang) [726807] [2.6.32-356.el6] - [char] ipmi: use a tasklet for handling received messages (Prarit Bhargava) [890160] - [char] ipmi: handle run_to_completion properly in deliver_recv_msg() (Prarit Bhargava) [890160] - [usb] xhci: Reset reserved command ring TRBs on cleanup (Don Zickus) [843520] - [usb] xhci: handle command after aborting the command ring (Don Zickus) [874541] - [usb] xhci: cancel command after command timeout (Don Zickus) [874541] - [usb] xhci: add aborting command ring function (Don Zickus) [874541] - [usb] xhci: add cmd_ring_state (Don Zickus) [874541] - [usb] xhci: Fix Null pointer dereferencing with non-DMI systems (Don Zickus) [874542] - [usb] xhci: Intel Panther Point BEI quirk (Don Zickus) [874542] - [usb] xhci: Increase XHCI suspend timeout to 16ms (Don Zickus) [874542] - [powerpc] Revert: pseries/iommu: remove default window before attempting DDW manipulation (Steve Best) [890454] - [serial] 8250_pnp: add Intermec CV60 touchscreen device (Mauro Carvalho Chehab) [894445] - [char] ipmi: apply missing hunk from upstream commit 2407d77a (Tony Camuso) [882787] - [acpi] Fix broken kernel build if CONFIG_ACPI_DEBUG is enabled (Lenny Szubowicz) [891948] - [scsi] qla2xxx: Test and clear FCPORT_UPDATE_NEEDED atomically (Chad Dupuis) [854736] - [mm] vmalloc: remove guard page from between vmap blocks (Johannes Weiner) [873737] - [mm] vmalloc: vmap area cache (Johannes Weiner) [873737] - [fs] vfs: prefer EEXIST to EROFS when creating on an RO filesystem (Eric Sandeen) [878091] - [scsi] qla2xxx: change queue depth ramp print to debug print (Rob Evers) [893113] - [fs] nfs: Fix umount when filelayout DS is also the MDS (Steve Dickson) [895194] - [fs] nfs/pnfs: add set-clear layoutdriver interface (Steve Dickson) [895194] - [fs] nfs: Don't call nfs4_deviceid_purge_client() unless we're NFSv4.1 (Steve Dickson) [895194] - [fs] nfs: Wait for session recovery to finish before returning (Steve Dickson) [895176] - [mm] compaction: validate pfn range passed to isolate_freepages_block (Johannes Weiner) [889456 890498] - [drm] nouveau: ensure legacy vga is re-enabled during POST (Ben Skeggs) [625441] - [netdrv] be2net: Remove stops to further access to BE NIC on UE bits (Ivan Vecera) [894344] - [virt] kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set (Petr Matousek) [862904] {CVE-2012-4461} [2.6.32-355.el6] - [netdrv] qlge: remove NETIF_F_TSO6 flag (Amerigo Wang) [891839] - [fs] ext3: Remove BKL from ext3_put_super() and ext3_remount() (Carlos Maiolino) [885945] - [lib] switch the protection of percpu_counter list to spinlock (Carlos Maiolino) [885945] - [virt] hv: Add Hyper-V balloon driver (Jason Wang) [885572] - [mm] export a function to get vm committed memory (Jason Wang) [885572] - [drm] nouveau: extend prevent display switching issues by disabling pageflip (Ben Skeggs) [853226] - [netdrv] mlx4: Fix advertisement of wrong PF context behaviour (Alex Williamson) [894060] [2.6.32-354.el6] - [char] ipmi: add new kernel options to prevent automatic ipmi init (Tony Camuso) [877177] - [usb] xhci: New system added for Compliance Mode Patch on SN65LVPE502CP (Don Zickus) [856709] - [x86] quirks: Mark Haswell HDMI Audio as unsupported (Prarit Bhargava) [883428] - [scsi] bfa: fix crash in bfa_cb_ioim_done when performing failover/failback tests (Vijay Guvva) [878618] - [fs] autofs4: Fix sparse warning: context imbalance in autofs4_d_automount() different lock contexts for basic block (Ian Kent) [876795] - [fs] jbd, jbd2: don't wake kjournald unnecessarily (Eric Sandeen) [886318] - [scsi] qla4xxx: v5.03.00.00.06.04-k2 (Rob Evers) [890727] - [scsi] qla4xxx: Correct the validation to check in get_sys_info mailbox (Rob Evers) [890727] - [scsi] qla4xxx: Pass correct function param to qla4_8xxx_rd_direct (Rob Evers) [890727] - [scsi] qla4xxx: v5.03.00.00.06.04-k1 (Chad Dupuis) [878048] - [scsi] qla4xxx: update copyrights in LICENSE.qla4xxx (Chad Dupuis) [878048] - [scsi] qla4xxx: Disable generating pause frames for ISP83XX (Chad Dupuis) [878048] - [scsi] qla4xxx: Fix double clearing of risc_intr for ISP83XX (Chad Dupuis) [878048] - [scsi] qla4xxx: IDC implementation for Loopback (Chad Dupuis) [878048] - [scsi] qla4xxx: Fix panic while rmmod (Chad Dupuis) [878048] - [scsi] qla4xxx: Fail probe_adapter if IRQ allocation fails (Chad Dupuis) [878048] - [scsi] qla4xxx: Prevent MSI/MSI-X falling back to INTx for ISP82XX (Chad Dupuis) [878048] - [scsi] qla4xxx: Update idc reg in case of PCI AER (Chad Dupuis) [878048] - [scsi] qla4xxx: Fix double IDC locking in qla4_8xxx_error_recovery (Chad Dupuis) [878048] - [scsi] qla4xxx: Clear interrupt while unloading driver for ISP83XX (Chad Dupuis) [878048] - [scsi] qla4xxx: Print correct IDC version (Chad Dupuis) [878048] - [scsi] qla4xxx: Added new mbox cmd to pass driver version to FW (Chad Dupuis) [878048] - [scsi] qla4xxx: fix various printk and comment typos (Chad Dupuis) [878048] - [fs] autofs4: use simple_empty() for empty directory check (Ian Kent) [876795] - [fs] autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (Ian Kent) [876795] - [fs] gfs2: Fix race in gfs2_rs_alloc (Abhijith Das) [878476] - [fs] xfs: fix broken error handling in xfs_vm_writepage (Dave Chinner) [874539] - [drm] radeon: force rn50 chip to always report connected on analog output (Jerome Glisse) [892723] - [sound] alsa: add support for Teradici 2200 host card audio (Jaroslav Kysela) [890581] - [md] dm-raid: Fix RAID10's check for sufficient redundancy (Jonathan E Brassow) [889358] - [scsi] hpsa: update version number to 3.2.0 (Tomas Henzl) [891935] - [netdrv] cxgb4: Initialize data structures before using (Steve Best) [885756] [2.6.32-353.el6] - [mm] pageattr: prevent PSE and GLOABL leftovers to confuse pmd/pte_present and pmd_huge (Andrea Arcangeli) [878877] - [fs] gfs2: Fix FITRIM argument handling (Abhijith Das) [866932] - [fs] gfs2: Require user to provide argument for FITRIM (Abhijith Das) [866932] - [fs] exec: do not leave bprm->interp on stack (Josh Poimboeuf) [880146] {CVE-2012-4530} - [fs] exec: use -ELOOP for max recursion depth (Josh Poimboeuf) [880146] {CVE-2012-4530} - [fs] btrfs: close exclusive opens with close_bdev_exclusive() (Zach Brown) [874505] - [kernel] sched_rt: Fix hang where umount is stuck in synchronize_sched_expedited (Larry Woodman) [814768] [2.6.32-352.el6] - [md] raid10: Do not call md_raid10_unplug_device while holding spinlock (Jonathan E Brassow) [886658] - [md] dm-thin: commit before gathering status (Mike Snitzer) [882426] - [md] dm-thin: cleanup dead code (Mike Snitzer) [882426] - [md] dm-thin: rename cell_defer_except to cell_defer_no_holder (Mike Snitzer) [882426] - [md] dm-thin: emit 'ignore_discard' in status if discards are disabled (Mike Snitzer) [882426] - [md] dm-thin: wake the worker when a discard is prepared (Mike Snitzer) [882426] - [md] dm-thin: fix race between simultaneous io and discards to same block (Mike Snitzer) [882426] - [md] dm-thin: replace calls to cell_release_singleton with cell_defer_except (Mike Snitzer) [882426] - [mm] Revert: ksm: numa awareness sysfs knob (Jarod Wilson) [743643] - [fs] gfs2: Reset rd_last_alloc when it reaches the end of the rgrp (Robert S Peterson) [882381] - [fs] gfs2: Stop looking for free blocks at end of rgrp (Robert S Peterson) [882381] - [drm] nouveau: cache ramcfg value for RAM_RESTRICT_ZM_GROUP (Ben Skeggs) [878384] - [drm] nouveau: disable use of tesla/fermi copy engines for buffer moves (Ben Skeggs) [878384] - [fs] xfs: fix direct IO nested transaction deadlock (Dave Chinner) [876426] [2.6.32-351.el6] - [kernel] ptrace-utrace: fix PTRACE_GETEVENTMSG(pid) in sub-namespace (Oleg Nesterov) [782330] - [scsi] mpt2sas: fix for driver fails EEH recovery from injected pci bus error (Tomas Henzl) [829149] - [mm] memcontrol: propagate LRU accounting state when splitting THP (Johannes Weiner) [881714] - [net] sctp: proc: protect bind_addr->address_list accesses with rcu_read_lock() (Thomas Graf) [706038] - [net] sctp: Add RCU protection to assoc->transport_addr_list (Thomas Graf) [706038] - [s390] zfcp: Adapt to new FC_PORTSPEED semantics (Hendrik Brueckner) [855128] - [virt] virtio_net: allow to change mac when iface is running (Jiri Pirko) [882868] - [virt] kvm: Minimal hyper-v support (Vadim Rozenfeld) [871350] - [fs] gfs2: Journal DLM lock has wrong label (Steven Whitehouse) [884822] - [mm] huge_memory: fix typo in transparent_hugepage sysfs symlink (Jeremy Eder) [887308] - [mm] ksm: numa awareness sysfs knob (Petr Holasek) [743643] - [fs] btrfs: handle IS_ERR(inode) in btrfs_lookup() (Zach Brown) [870944] - [kernel] sched: Add irq_{enter,exit}() to scheduler_ipi() (Stanislaw Gruszka) [836964] - [kernel] panic: fix a possible deadlock in panic() (Tatsuya Kitamura) [871939] [2.6.32-350.el6] - [powerpc] perf: power_pmu_start restores incorrect values, breaking frequency events (Jiri Olsa) [880525] - [netdrv] mlx4: Allow choosing flow steering mode (Doug Ledford) [885191] - [netdrv] mlx4: Adjustments to Flow Steering activation logic for SRIOV (Doug Ledford) [885191] - [netdrv] mlx4: Fix wrong error flow in the flow steering wrapper (Doug Ledford) [885191] - [netdrv] mlx4: Add QPN enforcement for flow steering rules set by VFs (Doug Ledford) [885191] - [infiniband] mlx4: 64-byte CQE/EQE support (Doug Ledford) [885191] - [netdrv] mlx4: Fix potential deadlock in mlx4_eq_int() (Doug Ledford) [885191] - [infiniband] mlx4: Fix spinlock order to avoid lockdep warnings (Doug Ledford) [885191] - [netdrv] mlx4: Removing reserve vectors (Doug Ledford) [885191] - [netdrv] mlx4: Fix double-release-range in tx-rings (Doug Ledford) [885191] - [infiniband] mlx4: Fix QP1 P_Key processing in the Primary Physical Function (PPF) (Doug Ledford) [885191] - [infiniband] mlx4: Synchronize cleanup of MCGs in MCG paravirtualization (Doug Ledford) [885191] - [net] bonding: Bonding driver does not consider the gso_max_size setting of slave devices (Ivan Vecera) [883643] - [net] tcp: Fix >4GB writes on 64-bit (Daniel Borkmann) [885238] - [net] bridge: skip forwarding delay if not using STP (Thomas Graf) [881682] - [fs] nfs: Fix open(O_TRUNC) and ftruncate() error handling (Steve Dickson) [884263] - [fs] nfsd: add proc file listing kernel's gss_krb5 enctypes (Steve Dickson) [877113] - [fs] nfs: add nfs_sb_deactive_async to avoid deadlock (Steve Dickson) [871968] - [fs] nfs: fix page dirtying in NFS DIO read codepath (Jeff Layton) [876514] - [fs] nfs: don't zero out the rest of the page if we hit the EOF on a DIO READ (Jeff Layton) [876514] - [fs] handle null sb in get_super_thawed (Eric Sandeen) [874521] - [scsi] Fix race when removing SCSI devices (Tomas Henzl) [820880] - [netdrv] be2net: enable GRO by default (Ivan Vecera) [849930] - [netdrv] igb: fix compile warning if CONFIG_IGB_PTP is not set (Stefan Assmann) [886519] - [netdrv] bnx2x: Prevent link flaps when booting from SAN (Michal Schmidt) [881068] - [netdrv] bnx2x: Activate LFA (Michal Schmidt) [881068] - [acpi] apei: Fixup common access width firmware bug (Prarit Bhargava) [880465] - [acpi] apei: Avoid too much error reporting in runtime (Prarit Bhargava) [880465] - [acpi] apei: Fix incorrect APEI register bit width check and usage (Prarit Bhargava) [880465] - [virt] vhost: fix length for cross region descriptor (Michael S. Tsirkin) [862265] - [fs] nfs: Use FS-Cache invalidation (David Howells) [699931] - [fs] cachefiles: Implement invalidation (David Howells) [699931] - [fs] vfs: Make more complete truncate operation available to CacheFiles (David Howells) [699931] - [fs] fscache: Provide proper invalidation (David Howells) [699931] - [fs] fscache: Fix operation state management and accounting (David Howells) [699931] - [fs] fscache: Make cookie relinquishment wait for outstanding reads (David Howells) [699931] - [fs] cachefiles: Make some debugging statements conditional (David Howells) [699931] - [fs] fscache: Check cookie is still correct in __fscache_read_or_alloc_pages() (David Howells) [699931] - [fs] fscache: Check that there are no read ops when cookie relinquished (David Howells) [699931] - [fs] cachefiles: Downgrade the requirements passed to the allocator (David Howells) [699931] - [fs] fscache: Validate page mapping pointer value (David Howells) [699931] - [fs] fscache: Fix the marking of cached pages (David Howells) [699931] - [fs] fscache: nfs_migrate_page() does not wait for FS-Cache to finish with a page (David Howells) [699931] - [fs] fscache: Fix __fscache_uncache_all_inode_pages()'s outer loop (David Howells) [699931] - [fs] fscache: Add a helper to bulk uncache pages on an inode (David Howells) [699931] - [scsi] qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low (Chad Dupuis) [829739] - [scsi] qla2xxx: Determine the number of outstanding commands based on available resources (Chad Dupuis) [829739] - [s390] zfcp: return early from slave_destroy if slave_alloc returned early (Hendrik Brueckner) [878372] - [scsi] fcoe: fix fcoe enable on link toggle while it is still disabled (Neil Horman) [875271] - [scsi] Log thin provisioning threshold event (Ewan Milne) [847998] - [netdrv] qlge: NETIF_F_GRO needs to be part of hw_features instead of features (John Green) [849749] - [s390] qeth: set new mac even if old mac is gone (Hendrik Brueckner) [883458] - [s390] qeth: Fix IPA_CMD_QIPASSIST return code handling (Hendrik Brueckner) [882792] [2.6.32-349.el6] - [redhat] kabi: additional whitelist symbols for RHEL-6.4 (Jiri Olsa) [866427] [2.6.32-348.el6] - [ipc] mqueue: Prevent mq_send/receive memory corruption (Larry Woodman) [885030] - [fs] nfs: prevent delegreturn attr deadlock (David Jeffery) [870142] - [netdrv] tg3: Do not set TSS for 5719 and 5720 (John Feeney) [823371] - [scsi] lpfc: Update lpfc version for 8.3.5.86.1p driver release (Rob Evers) [877149] - [scsi] lpfc: Fixed setting sequential delivery bit in a service class that is not valid (Rob Evers) [877149] - [scsi] lpfc: Fixed boot from san failure when SLI4 FC device presented on the same PCI bus (Rob Evers) [877149] - [scsi] lpfc: Add LOGO support after ABTS compliance (Rob Evers) [877149] - [scsi] lpfc: Fixed not reporting logical link speed to SCSI midlayer when QoS not on (Rob Evers) [877149] - [scsi] lpfc: Fixed SCSI host create showing wrong link speed on SLI3 HBA ports (Rob Evers) [877149] - [scsi] lpfc: Fixed kernel warning on spinlock usage on some distributions (Rob Evers) [877149] - [scsi] lpfc: Fixed Linux generic firmware download on SLI4 devices with longer module names (Rob Evers) [877149] - [scsi] lpfc: Fix error with fabric service parameters causing performance issues (Rob Evers) [877149] - [scsi] lpfc: Fixed messages for misconfigured port errors (Rob Evers) [877149] - [scsi] lpfc: Fix FCP2 Retries for non-r/w commands (Rob Evers) [877149] - [scsi] lpfc: Fix incorrect comment in T10 DIF attributes (Rob Evers) [877149] - [scsi] lpfc: Correct missing queue destroy on function reset (Rob Evers) [877149] - [scsi] lpfc: Added checking BMBX register for RDY bit before writing the first address in (Rob Evers) [877149] - [scsi] lpfc: Misc changes to optimize critical path (Rob Evers) [877149] - [s390] qdio: fix kernel panic for zfcp 31-bit (Hendrik Brueckner) [878380] - [s390] zcrypt: msgType50 (RSA-CRT) fix (Hendrik Brueckner) [875977] - [netdrv] ixgbe: fix uninitialized event.type in ixgbe_ptp_check_pps_event (Andy Gospodarek) [884369] - [netdrv] ixgbe: (PTP) Fix PPS interrupt code (Andy Gospodarek) [884369] - [netdrv] ixgbe: Fix PTP X540 SDP alignment code for PPS signal (Andy Gospodarek) [884369] - [s390] zfcp: support for hardware data router (Hendrik Brueckner) [823016] - [s390] qdio: base support for hardware data router with zfcp (Hendrik Brueckner) [823016] - [s390] qdio: Split SBAL entry flags (Hendrik Brueckner) [823016] - [net] netfilter/ipset: Check and reject crazy /0 input parameters (Thomas Graf) [880920] - [kernel] kmod: make __request_module() killable (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] kmod: introduce call_modprobe() helper (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] call_usermodehelper: simplify/fix UMH_NO_WAIT case (Oleg Nesterov) [819529] {CVE-2012-4398} - [kernel] wait_for_helper: SIGCHLD from user-space can lead to use-after-free (Oleg Nesterov) [819529] {CVE-2012-4398} - [netdrv] qlge: Backport offload features to vlan interfaces (John Green) [849749] - [netdrv] igbvf: work around i350 erratum (Stefan Assmann) [870638] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0190 CVE-2013-0309 CVE-2013-0311 CVE-2013-0310 CVE-2012-4508 CVE-2012-4542 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2:2.3.14-38] - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port - Resolves: #883653 [2:2.3.14-37] - Fix changelog entry - Related: #809271 [2:2.3.14-36] - Fix: Service disabled due to bind failure - Resolves: #809271 LOW Copyright 2013 Oracle, Inc. CVE-2012-0862 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [3.12.4-4] - Applied patch to fix CVE-2013-0200, temporary file vulnerability (bug #902163). - Fixed hpijs-marker-supply patch. [3.12.4-3] - Make 'hp-check' check for hpaio set-up correctly (bug #683007). [3.12.4-2] - Added more fixes from Fedora (bug #731900). [3.12.4-1] - Re-based to 3.12.4 with fixes from Fedora (bug #731900). No longer need no-system-tray, openPPD, addgroup, emit-SIGNAL, fab-root-crash, newline, hpaio-segfault, dbus-threads, or cups-web patches. [3.10.9-4] - The hpijs sub-package no longer requires cupsddk-drivers (which no longer exists as a real package), but cups >= 1.4 (bug #829453). LOW Copyright 2013 Oracle, Inc. CVE-2011-2722 CVE-2013-0200 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 xorg-x11-apps [7.6-6] - x11perf 1.5.4 (CVE-2011-2504) [7.6-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [7.6-4] - Move xinput and xkill to xorg-x11-server-utils [7.6-3] - Rebuild for libpng 1.5 [7.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [7.6-1] - x11perf 1.5.3 [7.5-5] - xeyes 1.1.1 [7.5-4] - xinput 1.5.3 - xkill 1.0.3 [7.5-3] - xclipboard 1.1.1 [7.5-2] - oclock 1.0.2 - xclock 1.0.5 - xconsole 1.0.4 - xbiff 1.0.2 - luit 1.1.0 - x11perf 1.5.2 - xcursorgen 1.0.4 - xeyes 1.1.0 - xload 1.1.0 - xlogo 1.0.3 - xmag 1.0.4 - xmessage 1.0.3 - xfd 1.1.0 - xfontsel 1.0.3 - xvidtune 1.0.2 [7.5-1] - xwd 1.0.4 - xwud 1.0.3 [7.4-14] - xinput 1.5.2 [7.4-13] - xinput 1.5.1 [7.4-12] - Add missing BR xorg-x11-xbitmaps [7.4-11] - Don't steal directory owned by filesystem package xorg-x11-server-utils [7.5-13] - xinput 1.6.0 [7.5-12] - Add libXinerama-devel requires for new xinput [7.5-11] - xinput 1.5.99.901 [7.5-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [7.5-9] - xinput 1.5.4 [7.5-8] - Move xinput and xkill here from xorg-x11-apps [7.5-7] - Fix BuildRequires ... xbitmaps-devel does not exist anymore (RHBZ #744751) - Upgrade to the latest upstream iceauth, rgb, sessreg, and xrandr [7.5-6] - xset 1.2.2 xorg-x11-utils [7.5-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [7.5-5] - xlsclients 1.1.2 - Rebuild for new xcb-util [7.5-4] - xdpyinfo 1.3.0 [7.5-3] - xprop 1.2.1 [7.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [7.5-1] - xvinfo 1.1.1 - xev 1.1.0 - xdpyinfo 1.2.0 - xwininfo 1.1.0 - xlsclients 1.1.0 - xlsfonts 1.0.3 [7.4-10] - xlsatoms 1.1.0 - xlsclients 1.1.0 [7.4-9] - edid-decode snapshot LOW Copyright 2013 Oracle, Inc. CVE-2011-2504 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.2.11.15-11] - Resolves: Bug 896256 - updating package touches configuration files [1.2.11.15-10] - Resolves: Bug 889083 - For modifiersName/internalModifiersName feature, internalModifiersname is not working for DNA plugin [1.2.11.15-9] - Resolves: Bug 891930 - DNA plugin no longer reports additional info when range is depleted [1.2.11.15-8] - Resolves: Bug 887855 - RootDN Access Control plugin is missing after upgrade from RHEL63 to RHEL64 [1.2.11.15-7] - Resolves: Bug 830355 - [RFE] improve cleanruv functionality - Resolves: Bug 876650 - Coverity revealed defects - Ticket #20 - [RFE] Allow automember to work on entries that have already been added (Bug 768084) - Resolves: Bug 834074 - [RFE] Disable replication agreements - Resolves: Bug 878111 - ns-slapd segfaults if it cannot rename the logs [1.2.11.15-6] - Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode - use perl-Socket6 on RHEL6 [1.2.11.15-5] - Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode [1.2.11.15-4] - Resolves: Bug 868841 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error - Resolves: Bug 868853 - Winsync: DS error logs report wrong version of Windows AD when winsync is configured. - Resolves: Bug 875862 - crash in DNA if no dnamagicregen is specified - Resolves: Bug 876694 - RedHat Directory Server crashes (segfaults) when moving ldap entry - Resolves: Bug 876727 - Search with a complex filter including range search is slow - Ticket #495 - internalModifiersname not updated by DNA plugin (Bug 834053) [1.2.11.15-3] - Resolves: Bug 870158 - slapd entered to infinite loop during new index addition - Resolves: Bug 870162 - Cannot abandon simple paged result search - c970af0 Coverity defects - 1ac087a Fixing compiler warnings in the posix-winsync plugin - 2f960e4 Coverity defects - Ticket #491 - multimaster_extop_cleanruv returns wrong error codes [1.2.11.15-2] - Resolves: Bug 834063 [RFE] enable attribute that tracks when a password was last set on an entry in the LDAP store; Ticket #478 passwordTrackUpdateTime stops working with subtree password policies - Resolves: Bug 847868 [RFE] support posix schema for user and group sync; Ticket #481 expand nested posix groups - Resolves: Bug 860772 Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl - Resolves: Bug 863576 Dirsrv deadlock locking up IPA - Resolves: Bug 864594 anonymous limits are being applied to directory manager [1.2.11.15-1] - Resolves: Bug 856657 dirsrv init script returns 0 even when few or all instances fail to start - Resolves: Bug 858580 389 prevents from adding a posixaccount with userpassword after schema reload [1.2.11.14-1] - Resolves: Bug 852202 Ipa master system initiated more than a dozen simultaneous replication sessions, shut itself down and wiped out its db - Resolves: Bug 855438 CLEANALLRUV task gets stuck on winsync replication agreement [1.2.11.13-1] - Resolves: Bug 847868 [RFE] support posix schema for user and group sync - fix upgrade issue with plugin config schema - posix winsync has default plugin precedence of 25 [1.2.11.12-1] - Resolves: Bug 800051 Rebase 389-ds-base to 1.2.11 - Resolves: Bug 742054 SASL/PLAIN binds do not work - Resolves: Bug 742381 MOD operations with chained delete/add get back error 53 on backend config - Resolves: Bug 746642 [RFE] define pam_passthru service per subtree - Resolves: Bug 757836 logconv.pl restarts count on conn=0 instead of conn=1 - Resolves: Bug 768084 [RFE] Allow automember to work on entries that have already been added - Resolves: Bug 782975 krbExtraData is being null modified and replicated on each ssh login - Resolves: Bug 803873 Sync with group attribute containing () fails - Resolves: Bug 818762 winsync should not delete entry that appears to be out of scope - Resolves: Bug 830001 unhashed#user#password visible after changing password [rhel-6.4] - Resolves: Bug 830256 Audit log - clear text password in user changes - Resolves: Bug 830331 ns-slapd exits/crashes if /var fills up - Resolves: Bug 830334 Invalid chaining config triggers a disk full error and shutdown - Resolves: Bug 830335 restore of replica ldif file on second master after deleting two records shows only 1 deletion - Resolves: Bug 830336 db deadlock return should not log error - Resolves: Bug 830337 usn + mmr = deletions are not replicated - Resolves: Bug 830338 Change DS to purge ticket from krb cache in case of authentication error - Resolves: Bug 830340 Make the CLEANALLRUV task one step - Resolves: Bug 830343 managed entry sometimes doesn't delete the managed entry - Resolves: Bug 830344 [RFE] Improve replication agreement status messages - Resolves: Bug 830346 ADD operations not in audit log - Resolves: Bug 830347 389 DS does not support multiple paging controls on a single connection - Resolves: Bug 830348 Slow shutdown when you have 100+ replication agreements - Resolves: Bug 830349 cannot use & in a sasl map search filter - Resolves: Bug 830353 valgrind reported memleaks and mem errors - Resolves: Bug 830355 [RFE] improve cleanruv functionality - Resolves: Bug 830356 coverity 12625-12629 - leaks, dead code, unchecked return - Resolves: Bug 832560 [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) - Resolves: Bug 833202 transaction retries need to be cache aware - Resolves: Bug 833218 ldapmodify returns Operations error - Resolves: Bug 833222 memberOf attribute and plugin behaviour between sub-suffixes - Resolves: Bug 834046 [RFE] Add nsTLS1 attribute to schema and objectclass nsEncryptionConfig - Resolves: Bug 834047 Fine Grained Password policy: if passwordHistory is on, deleting the password fails. - Resolves: Bug 834049 [RFE] Add schema for DNA plugin - Resolves: Bug 834052 [RFE] limiting Directory Manager (nsslapd-rootdn) bind access by source host (e.g. 127.0.0.1) - Resolves: Bug 834053 [RFE] Plugins - ability to control behavior of modifyTimestamp/modifiersName - Resolves: Bug 834054 Should only update modifyTimestamp/modifiersName on MODIFY ops - Resolves: Bug 834056 Automembership plugin fails in a MMR setup, if data and config area mixed in the plugin configuration - Resolves: Bug 834057 ldap-agent crashes on start with signal SIGSEGV - Resolves: Bug 834058 [RFE] logconv.pl : use of getopts to parse commandline options - Resolves: Bug 834060 passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions - Resolves: Bug 834061 [RFE] RHDS: Implement SO_KEEPALIVE in network calls. - Resolves: Bug 834063 [RFE] enable attribute that tracks when a password was last set on an entry in the LDAP store - Resolves: Bug 834064 dnaNextValue gets incremented even if the user addition fails - Resolves: Bug 834065 Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied - Resolves: Bug 834074 [RFE] Disable replication agreements - Resolves: Bug 834075 logconv.pl reporting unindexed search with different search base than shown in access logs - Resolves: Bug 835238 Account Usability Control Not Working - Resolves: Bug 836386 slapi_ldap_bind() doesn't check bind results - Resolves: Bug 838706 referint modrdn not working if case is different - Resolves: Bug 840153 Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled - Resolves: Bug 841600 Referential integrity plug-in does not work when update interval is not zero - Resolves: Bug 842437 dna memleak reported by valgrind - Resolves: Bug 842438 Report during startup if nsslapd-cachememsize is too small - Resolves: Bug 842440 memberof performance enhancement - Resolves: Bug 842441 'Server is unwilling to perform' when running ldapmodify on nsds5ReplicaStripAttrs - Resolves: Bug 847868 [RFE] support posix schema for user and group sync - Resolves: Bug 850683 nsds5ReplicaEnabled can be set with any invalid values. - Resolves: Bug 852087 [RFE] add attribute nsslapd-readonly so we can reference it in acis - Resolves: Bug 852088 server to server ssl client auth broken with latest openldap - Resolves: Bug 852839 variable dn should not be used in ldbm_back_delete MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4450 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [12:4.1.1-34.P1.0.1.el6] - Added oracle-errwarn-message.patch [12:4.1.1-34.P1] - Reducing the expiration time for an IPv6 lease may cause the server to crash (CVE-2012-3955, #858130) [12:4.1.1-33.P1] - Use getifaddrs() for interface discovery code on Linux (#803540) - dhclient-script: do not backup&restore /etc/resolv.conf (#824622) [12:4.1.1-32.P1] - An error in the handling of malformed client identifiers can cause a denial-of-service condition in affected servers. (CVE-2012-3571, #843122) - Memory Leaks Found In ISC DHCP (CVE-2012-3954, #843122) LOW Copyright 2013 Oracle, Inc. CVE-2012-3955 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [7:3.1.10-16] - Resolves: #888198 - CVE-2012-5643: improved upstream patch [7:3.1.10-15] - Reverts: #861062 - Squid delays on FQDNs that don't contains AAAA record [7:3.1.10-14] - Resolves: #888198 - CVE-2012-5643: patch [7:3.1.10-13] - Resolves: #888198 - CVE-2012-5643: DoS (excessive resource consumption) [7:3.1.10-12] - Resolves #861062 - add configure directive --enable-internal-dns [7:3.1.10-11 ] - Resolves #861062 - Squid delays on FQDNs that don't contains AAAA record [7:3.1.10-10] - Resolves #798090 - Client timeout uses server-side 'read_timeout' - Resolves #833086 - Private md5 hash function does not comply FIPS - Resolves #782732 - Squid crashes by segfault when it reboots - Resolves #797571 - Squid userid is not added to wbpriv group - Disable strict-error-checking on account of squid-fips.patch MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5643 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [4.0.0-55.rc4] - Fix dependencies of samba4-test package. - related: #896142 [4.0.0-54.rc4] - Fix summary and description of dc subpackages. - resolves: #896142 - Remove conflicting libsmbclient.7 manpage. - resolves: #896240 [4.0.0-53.rc4] - Fix provides filter rules to remove conflicting libraries from samba4-libs. - resolves: #895718 [4.0.0-52.rc4] - Fix typo in winbind-krb-locator post uninstall script. - related: #864889 [4.0.0-51.rc4] - Make sure we use the same directory as samba package for the winbind pipe. - resolves: #886157 [4.0.0-50.rc4] - Fix typo in winbind-krb-locator post uninstall script. - related: #864889 [4.0.0-49.rc4] - Fix Netlogon AES encryption. - resolves: #885089 [4.0.0-48.rc4] - Fix IPA trust AD lookup of users. - resolves: #878564 [4.0.0-47.rc4] - Add require for krb5-libs >= 1.10 to samba4-libs. - resolves: #877533 [4.0.0-46.rc4] - Rename /etc/sysconfig/samba4 to name to mach init scripts. - resolves: #877085 [4.0.0-45.rc4] - Don't require samba4-common and samba4-test in samba4-devel package. - related: #871748 [4.0.0-44.rc4] - Make libnetapi and internal library to fix dependencies. - resolves: #873491 [4.0.0-43.rc4] - Move libnetapi and internal printing migration lib to libs package. - related: #766333 [4.0.0-42.rc4] - Fix perl, pam and logrotate dependencies. - related: #766333 [4.0.0-41.rc4] - Fix library dependencies found by rpmdiff. - Update winbind offline logon patch. - related: #766333 [4.0.0-40.rc4] - Move libgpo to samba-common - resolves: #871748 [4.0.0-39.rc4] - Rebase to version 4.0.0rc4. - related: #766333 [4.0.0-38.rc3] - Add missing export KRB5CCNAME in init scripts. - resolves: #868419 [4.0.0-37.rc3] - Move /var/log/samba to samba-common package for winbind which requires it. - resolves: #868248 [4.0.0-36.rc3] - The standard auth modules need to be built into smbd to function. - resolves: #867854 [4.0.0-35.rc3] - Move pam_winbind.conf to the package of the module. - resolves: #867317 [4.0.0-34.rc3] - Built auth_builtin as static module. - related: #766333 [4.0.0-33.rc3] - Add back the AES patches which didn't make it in rc3. - related: #766333 [4.0.0-32.rc3] - Rebase to version 4.0.0rc3. - related: #766333 [4.0.0-31.rc2] - Use alternatives to configure winbind_krb5_locator.so - resolves: #864889 [4.0.0-30.rc2] - Fix multilib package installation. - resolves: #862047 - Filter out libsmbclient and libwbclient provides. - resolves: #861892 - Rebase to version 4.0.0rc2. - related: #766333 [4.0.0-29.rc1] - Fix Requires and Conflicts. - related: #766333 [4.0.0-28.rc1] - Move pam_winbind and wbinfo manpages to the right subpackage. - related: #766333 [4.0.0-27.rc1] - Fix permission for init scripts. - Define a common KRB5CCNAME for smbd and winbind. - Set piddir back to /var/run in RHEL6. - related: #766333 [4.0.0-26.rc1] - Add '-fno-strict-aliasing' to CFLAGS again. - related: #766333 [4.0.0-25.rc1] - Build with syste libldb package which has been just added. - related: #766333 [4.0.0-24.rc1] - Rebase to version 4.0.0rc1. - resolves: #766333 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-1182 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.9.2-82] - Resolves: rhbz#888614 - Failure in memberof can lead to failed database update [1.9.2-81] - Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees [1.9.2-80] - Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders [1.9.2-79] - Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x [1.9.2-78] - Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute. [1.9.2-77] - Resolves: rhbz#902436 - possible segfault when backend callback is removed [1.9.2-76] - Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache [1.9.2-75] - Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps [1.9.2-74] - Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache [1.9.2-73] - Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform [1.9.2-72] - Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit [1.9.2-71] - Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache [1.9.2-70] - Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache [1.9.2-69] - Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work [1.9.2-68] - Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships [1.9.2-67] - Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent [1.9.2-66] - Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts [1.9.2-65] - Resolves: rhbz#892197 - Incorrect principal searched for in keytab [1.9.2-64] - Resolves: rhbz#891356 - Smart refresh doesn't notice 'defaults' addition with OpenLDAP [1.9.2-63] - Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache [1.9.2-62] - Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider [1.9.2-61] - Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work [1.9.2-60] - Resolves: rhbz#874618 - sss_cache: fqdn not accepted [1.9.2-59] - Resolves: rhbz#889182 - crash in memory cache [1.9.2-58] - Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache [1.9.2-57] - Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666) [1.9.2-56] - Resolves: rhbz#886038 - sssd components seem to mishandle sighup [1.9.2-55] - Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function [1.9.2-54] - Resolves: rhbz#888614 - Failure in memberof can lead to failed database update [1.9.2-53] - Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long [1.9.2-52] - Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade [1.9.2-51] - Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal [1.9.2-50] - Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps [1.9.2-49] - Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh [1.9.2-48] - Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076) [1.9.2-47] - Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider [1.9.2-46] - Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname [1.9.2-45] - Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired [1.9.2-44] - Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache [1.9.2-43] - Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule [1.9.2-42] - Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter [1.9.2-41] - Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly [1.9.2-40] - Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507) [1.9.2-39] - Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974) [1.9.2-38] - Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060) [1.9.2-37] - Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507) [1.9.2-36] - Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned [1.9.2-35] - Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds [1.9.2-34] - Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users [1.9.2-33] - Resolves: rhbz#881773 - mmap cache needs update after db changes [1.9.2-32] - Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742) [1.9.2-31] - Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573) [1.9.2-30] - Resolves: rhbz#880140 - sssd hangs at startup with broken configurations [1.9.2-29] - Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set [1.9.2-28] - Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group [1.9.2-27] - Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations [1.9.2-26] - Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130 [1.9.2-25] - Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache [1.9.2-24] - Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password [1.9.2-23] - Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal [1.9.2-22] - Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure [1.9.2-21] - Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections [1.9.2-20] - Related: rhbz#877126 - Bump the release tag [1.9.2-20] - Resolves: rhbz#877126 - subdomains code does not save the proper user/group name [1.9.2-19] - Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid() [1.9.2-18] - Resolves: rhbz#870039 - sss_cache says 'Wrong DB version' [1.9.2-17] - Resolves: rhbz#875740 - 'defaults' entry ignored [1.9.2-16] - Resolves: rhbz#875738 - offline authentication failure always returns System Error [1.9.2-15] - Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11 [1.9.2-14] - Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place [1.9.2-13] - Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment [1.9.2-12] - Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place [1.9.2-11] - Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule [1.9.2-10] - Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running [1.9.2-9] - Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section [1.9.2-8] - Resolves: rhbz#873032 - Move sss_cache to the main subpackage [1.9.2-7] - Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group [1.9.2-6] - Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive [1.9.2-5] - Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443 [1.9.2-4] - BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932 [1.9.2-3] - Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542 [1.9.2-2] - Fix the 'ca' translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 [1.9.2-1] - New upstream release 1.9.2 [1.9.1-1] - Rebase to 1.9.1 [1.9.0-3] - Require the latest libldb [1.9.0-2] - Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 [1.9.0-1.rc1] - Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes [1.8.0-33] - Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds LOW Copyright 2013 Oracle, Inc. CVE-2013-0220 CVE-2013-0219 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 ibacm [1.0.8-0.git7a3adb7] - Update to latest upstream via git repo - Resolves: bz866222, bz866223 ibsim [0.5-7] - Bump and rebuild against latest opensm - Related: bz756396 ibutils [1.5.7-7] - Bump and rebuild against latest opensm - Related: bz756396 infiniband-diags [1.5.12-5] - Bump and rebuild against latest opensm - Pick up fixes done for rhel5.9 - Related: bz756396 [1.5.12-4] - Update the all_hcas patch to resolve several problems - Give a simple help message to the ibnodes script - Resolves: bz818606, bz847129 infinipath-psm [3.0.1-115.1015_open.1] - New upstream releas Resolves: rhbz818789 libibmad [1.3.9-1] - Update to latest upstream version (more SRIOV support) - Related: bz756396 [1.3.8-1] - Update to latest upstream version (for FDR link speed support) - Related: bz750609 [1.3.7-1] - Update to latest upstream version (1.3.4 -> 1.3.7) - Related: bz725016 [1.3.4-1] - New upstream version [1.3.3-2] - ExcludeArch s390(x) as there's no hardware support there [1.3.3-1] - Update to latest upstream release [1.3.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.3.2-1] - Update to latest upstream version - Require the same version of libibumad as our version [1.3.1-1] - Update to latest upstream version [1.2.0-3] - Rebuilt against libtool 2.2 [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.0-1] - Initial package for Fedora review process libibumad [1.3.8-1] - Update to latest upstream release (more SRIOV support) - Related: bz756396 [1.3.7-1] - Update to latest upstream version (1.3.4 -> 1.3.7) - Related: bz725016 [1.3.4-1] - New upstream release [1.3.3-2] - ExcludeArch s390(x) as there is no hardware support there [1.3.3-1] - Update to latest upstream version [1.3.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.3.2-2] - Forgot to remove both instances of the libibcommon requires - Add build requires on glibc-static [1.3.2-1] - Update to latest upstream version - Remove requirement on libibcommon since that library is no longer needed - Fix a problem with man page listing [1.3.1-1] - Update to latest upstream version [1.2.0-3] - Rebuilt against libtool 2.2 [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.0-1] - Initial package for Fedora review process libibverbs [1.1.6-5] - Don't print link state on iWARP links as it's always invalid - Don't try to do ud transfers in excess of port MTU - Resolves: bz822781 libmlx4 [1.0.4-1] - Update to latest upstream version - Related: bz756396 librdmacm [1.0.17-0.git4b5c1aa] - Pre-release version of 1.0.17 - Resolves a CVE vulnerability between librdmacm and ibacm - Fixes various minor bugs in sample programs - Resolves: bz866221, bz816074 opensm [3.3.15-1] - Update to latest upstream source (adds more SRIOV support) - Fix init script when no config files are present - Related: bz756396 [3.3.13-1] - Update to latest upstream release - Add patch to support specifying subnet_prefix on command lien - Update init script to pass unique subnet_prefix's when using the GUID method of starting multiple instances - Fix up LSB init script headers - Resolves: bz754196 [3.3.12-1] - Generate the opensm.conf file instead of shipping a static one as a source - Update to latest upstream release (FDR link speed support) - Resolves: bz750609 [3.3.9-1] - Update to latest upstream version (3.3.5 -> 3.3.9) - Add /etc/sysconfig/opensm for use by opensm init script - Enable the ability to start more than one instance of opensm for multiple fabric support - Enable the ability to start opensm with a priority other than default for support of backup opensm instances - Related: bz725016 - Resolves: bz633392 [3.3.5-1] - Update to latest upstream release. We need various defines in ib_types.h for the latest ibutils package to build properly, and the latest ibutils package is needed because we found licensing problems in the older tarballs during review. [3.3.3-2] - ExcludeArch s390(x) as there's no hardware support there [3.3.3-1] - Update to latest upstream release - Minor tweaks to init script for LSB compliance [3.3.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [3.3.2-1] - Update to latest upstream version [3.3.1-1] - Update to latest upstream version [3.2.1-3] - fix bare elifs to rebuild [3.2.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [3.2.1-1] - Initial package for Fedora review process rdma [3.6-1.0.2] - Add SDP to rdma.conf and rdma.init [3.6-1.0.1] - Support Mellanox OFED 1.5.5 [3.6-1] - Bump version to match final kernel submission [3.6-0.rc5.1] - Bump version to match kernel update submitted for rhel6.4 LOW Copyright 2013 Oracle, Inc. CVE-2012-4517 CVE-2012-4518 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 Oracle Linux 6 [9.0.3-30] - Resolves #902474 - upgrading IPA from 2.2 to 3.0 sees certmonger errors [9.0.3-29] - Resolves #891985 - Increase FreeIPA root CA validity [9.0.3-28] - Resolves #885790 - Multiple cross-site scripting flaws by displaying CRL or processing profile [9.0.3-27] - Resolves #867640 - ipa-replica-install Configuration of CA failed by REVERTING #819111 - Non-existent container breaks replication [9.0.3-26] - Resolves #844459 - Increase audit cert renewal range to 2 years (mharmsen) - Resolves #841663 - serial number incorrectly cast from BigInt to integer in installation wizard (mharmsen) - Resolves #858864 - create/ identify a mechanism for clients to determine that the pki subsystem is up (alee) [9.0.3-25] - Resolves #819111 - Non-existent container breaks replication MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4543 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.2.15-26.0.1.el6] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-26] - htcacheclean: exit with code 4 also for 'restart' action (#805810) [2.2.15-25] - htcacheclean: exit with code 4 if nonprivileged user runs initscript (#805810) - rotatelogs: omit the second arg when invoking a post-rotate program (#876923) [2.2.15-24] - mod_ssl: improved patch for mod_nss fallback (w/mharmsen, #805720) [2.2.15-23] - mod_log_config: fix cookie parsing substring mismatch (#867268) [2.2.15-22] - mod_cache: fix header merging for 304 case, thanks to Roy Badami (#868283) - mod_cache: fix handling of 304 responses (#868253) [2.2.15-21] - mod_proxy_ajp: ignore flushing if headers have not been sent (#853160) - mod_proxy_ajp: do not mark worker in error state when one request timeouts (#864317) - mod_ssl: do not run post script if all files are already created (#752618) [2.2.15-20] - add htcacheclean init script (Jan Kaluza, #805810) [2.2.15-19] - mod_ssl: fall back on another module's proxy hook if mod_ssl proxy is not configured. (#805720) [2.2.15-18] - add security fix for CVE-2012-2687 (#850794) [2.2.15-17] - mod_proxy: allow change BalancerMember state in web interface (#748400) - mod_proxy: Tone down 'worker [URL] used by another worker' warning (#787247) - mod_proxy: add support for 'failonstatus' option (#824571) - mod_proxy: avoid DNS lookup on hostname from request URI if ProxyRemote* is configured (#837086) - rotatelogs: create files even if they are empty (#757739) - rotatelogs: option to rotate files into a custom location (#757735) - rotatelogs: add support for -L option (#838493) - fix handling of long chunk-line (#842376) - add server aliases to 'httpd -S' output (#833092) - omit %posttrans daemon restart if /etc/sysconfig/httpd-disable-posttrans exists (#833064) - mod_ldap: treat LDAP_UNAVAILABLE as a transient error (#829689) - ab: fix double free when SSL request fails in verbose mode (#837613) - mod_cache: do not cache partial results (#822587) - mod_ldap: add LDAPReferrals directive alias (#796958) - mod_ssl: add _userID DN variable suffix for NID_userId (#842375) - mod_ssl: fix test for missing decrypted private keys, and ensure that the keypair matches (#848954) - mod_authnz_ldap: set AUTHORIZE_* variables in LDAP authorization (#828896) - relax checks for status-line validity (#853348) [2.2.15-16] - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787599) - obviates fix for CVE-2011-3638, patch removed LOW Copyright 2013 Oracle, Inc. CVE-2012-2687 CVE-2008-0455 CVE-2012-4557 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.3.3-22] - php-xml provides php-xmlreader and php-xmlwriter (#874987) - fix possible NULL derefence and buffer overflow (#879179) - fix zend garbage collector (#848186, #868375) [5.3.3-21] - fix CVE reference in previous changelog entry [5.3.3-20] - remove reproducer from security fix for CVE-2012-0781 [5.3.3-19] - add FastCGI Process Manager (php-fpm) SAPI (#806132, #824293) [5.3.3-18] - php script hangs when it exceeds max_execution_time when inside an ODBC call (#864951) [5.3.3-17] - add security fixes for CVE-2012-2688, CVE-2012-0831, CVE-2011-1398 [5.3.3-16] - fix stream support in fileinfo (#858653) - fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859371) [5.3.3-15] - fix permission on source files (#676364) - fix negative keys with var_export (#771738) - fix setDate when DateTime created from timestamp (#812819) - add php(language) and missing provides (#837042) - use arch-specific requires (#833545) - fix possible buffer overflow in pdo_odbc (#836264) - fix possible segfault in pdo_mysql (#824199) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2688 CVE-2011-1398 CVE-2012-0831 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 evolution-mapi [0.28.3-12] - Add patch for RH bug #903241 (Double-free on message copy/move) [0.28.3-11] - Add patch for RH bug #902932 (Cannot connect with latest samba) [0.28.3-10] - Drop multilib by obsoleting evolution-mapi < 0.28.3-9 (RH bug #886914). [0.28.3-9] - Adapt to OpenChange 1.0 (RH bug #767678). [0.28.3-8] - Add patch for RH bug #680061 (crash while setting props). openchange [1.0-4] - Use current version (1.0-4) for a multilib obsolete (RH bug #881698). [1.0-3] - Add patch to be able to send large messages (RH bug #870405) [1.0-2] - Drop multilib by obsoleting openchange < 0.9 (RH bug #881698). [1.0-1] - Rebase to 1.0 using the rpm spec from Fedora 18. MODERATE Copyright 2013 Oracle, Inc. CVE-2012-1182 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.28.3-30.el6] - Update patch for RH bug #707526 (Prints QP-encoded email encoded) [2.28.3-29.el6] - Add patch for RH bug #890642 (Crash due to implicit function declarations) [2.28.3-28.el6] - Add patch for RH bug #885558 (CVE 2011-3201). [2.28.3-27.el6] - Add patch for RH bug #805239 (calendar alarm notifications). [2.28.3-26.el6] - Add patch for RH bug #707526 (contact_list_editor_render_destination) LOW Copyright 2013 Oracle, Inc. CVE-2011-3201 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.17.2-12.9] - fix #892471 - CVE-2013-0157 mount folder existence information disclosure [2.17.2-12.8] - fix #679833 - [RFE] tailf should support - fix #719927 - [RFE] add adjtimex --compare functionality to hwclock - fix #730272 - losetup does not warn if backing file is < 512 bytes - fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors - fix #736245 - lscpu segfault on non-uniform cpu configuration - fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong - fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte - fix #818621 - lsblk should not open device it prints info about - fix #819945 - hwclock --systz causes a system time jump - fix #820183 - mount(8) man page should include relatime in defaults definition - fix #823008 - update to the latest upstream lscpu and chcpu - fix #837935 - lscpu coredumps on a system with 158 active processors - fix #839281 - inode_readahead for ext4 should be inode_readahead_blks - fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail - fix #845971 - while reading /etc/fstab, mount command returns a device before a directory - fix #858009 - login doesn't update /var/run/utmp properly - fix #809449 - Backport inverse tree (-s) option for lsblk and related patches - fix #809139 - lsblk option -D missing in manpage LOW Copyright 2013 Oracle, Inc. CVE-2013-0157 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [5.3p1-84.1] - Add a 'netcat mode' (ssh -W) (#860809) [5.3p1-83] - fix the required authentications patch (#869903) [5.3p1-82] - check return value of PK11_Authenticate in ssh-add -n (#782912) - document available methods to RequiredAuthentications[12] (#821641) - fix ssh-copy-id (#836650) - fix segmentation fault in ssh client (#836655) - update pam_ssh_agent_auth to 0.9.3 upstream version - fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent is not running (#834404) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5536 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [1:2.0.9-5] - script-login did not drop privileges correctly (#709095) - fix directory traversal due to not obeying chroot directive (#709097) - check proxy destination host against SSL certificate name (#754980) [1:2.0.9-4] - dovecot may not set correct premissions for mail folder (#697620) [1:2.0.9-3] - fix potential crash when parsing header names that contain NUL characters (#728673) LOW Copyright 2013 Oracle, Inc. CVE-2011-2167 CVE-2011-4318 CVE-2011-2166 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.1.1-13] - fix environment file handling problems - CVE-2011-3148 (#746619) and CVE-2011-3148 (#746620) [1.1.1-12] - add character sequence test to pam_cracklib - drop unused difignore option from pam_cracklib (#811243) - add enforce_for_root option to pam_cracklib (#588893) - mention limits.d in the limits.conf(5) manpage (#723297) - add ability to lock out inactive accounts to pam_lastlog - fix require_selinux option in pam_namespace (#750601) - add mntopts flag for tmpfs polyinstantiation method - preserve authtok_type in pam_get_authtok() (#811168) - fix username mismatch in pam_unix remember feature (#815516) - relax restriction of root in pam_pwhistory - relax soft nproc limit for root in 90-nproc.conf [1.1.1-11] - additional password checks in pam_cracklib MODERATE Copyright 2013 Oracle, Inc. CVE-2011-3148 CVE-2011-3149 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base Oracle Linux 6 [7.2-60.el6] - Fix CVE-2011-4355 gdb: arbitrary code execution via .debug_gdb_scripts' (Jan Kratochvil, RH BZ 756116). [7.2-58.el6] - Fix Backport gdb fix to handle identical binaries via additional build-id symlinks' (RH BZ 836966). MODERATE Copyright 2013 Oracle, Inc. CVE-2011-4355 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.3.9.6] - CVE-2010-4530 patch [1.3.9-5] - Fix dist tag [1.3.9-4] - Check multiple voltages, even if we started with 5V. LOW Copyright 2013 Oracle, Inc. CVE-2010-4530 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.5.2-11] - fix overflow issue introduced in 1.5.2-5 and incorrectly corrected in 1.5.2-6 [1.5.2-10] - CVE-2010-4531 [1.5.2-9] - Bump version number so it doesn't get confused with z stream build. MODERATE Copyright 2013 Oracle, Inc. CVE-2010-4531 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [1.11.1-4] - remove BR dependency on java-devel-openjdk [1.11.1-3] - fix for CVE-2012-3386 -- 'make distcheck' was making the directory distdir world-readable (#848469) LOW Copyright 2013 Oracle, Inc. CVE-2012-3386 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [3.0.0-25.el6] - Filter generated winbind dependencies so the right version of samba can be installed. (#905594) [3.0.0-24.el6] - Add certmonger condrestart to server post scriptlet (#903758) - Make certmonger a (pre) Requires (#903758) - Add selinux-policy to Requires(pre) to avoid post scriptlet AVCs (#903758) - Set minimum version of pki-ca to 9.0.3-30 and add to Requires(pre) to pick up certmonger upgrade fix (#902474) - Update anonymous access ACI to protect secret attributes (#902481) [3.0.0-23.el6] - Installer should not connect to 127.0.0.1. (#895561) - Don't initialize NSS if we don't have to. (#878220) [3.0.0-22.el6] - Set minimum version of bind-dyndb-ldap to 2.3-2 to pick up missing DNS zone SOA serial fix (#894131) - Stopped named service crashed ipa-upgradeconfig program (#895298) - ipa-replica-prepare crashed when manipulating DNS zone without SOA serial (#894143) - Use new certmonger locking to prevent NSS database corruption during CA subsystem renewal (#883484) - Set minimum selinux-policy to 3.7.19-193 to allow certmonger to talk to dbus in an rpm scriptlet. (related #883484) - Set minimum vresion of certmonger to 0.61-3 for new locking scheme (related #883484) [3.0.0-21.el6] - Properly handle migrated uniqueMember attributes (#894090) - ipa permission-find using valid targetgroup throws internal error (#893827) - Fix migration of CRLs to new directory location (#893722) - Installing IPA with a single realm component sometimes fails (#893187) [3.0.0-20.el6] - Set maxbersize to a large value to accomondate large CRLs during replica installation. (#888956) - Set minimum version of pki-ca, pki-slient and pki-setup to 9.0.3-29 to pick up default CA validity period of 20 years. (#891980) [3.0.0-19.el6] - Client installation crashes when Kerberos SRV record is not found (#889583) - Fix typo in patch 0048 for CVE-2012-5484 (#878220) [3.0.0-18.el6] - Cookie Expires date should be locale insensitive to avoid CLI errors (#888915) [3.0.0-17.el6] - ipa delegation-find --group option returns internal error (#888524) - Add missing Requires for python-crypto replacement (#878969) [3.0.0-16.el6] - sssd is not enabled on client/server install (#888124) [3.0.0-15.el6] - ipa-server-install --uninstall doesn't clear certmonger dirs, which leads to install failing (#817080) [3.0.0-14.el6] - Compliant client side session cookie behavior. CVE-2012-5631. (#886371) [3.0.0-13.el6] - Use secure method to retrieve IPA CA during client enrollment. CVE-2012-5484 (#878220) - Reformat patch 0044 so it works with git-am [3.0.0-12.el6] - Include /var/lib/sss/pubconf/krb5.include.d/ for domain-realm mappings in krb5.conf (#883166) - Set minimum selinux-policy >= 3.7.19-184 to allow domains that can read sssd_public_t files to also list the directory (#881413) - Remove dist label from changelog entries. - Fix timestamp on patched files to avoid multilib warnings [3.0.0-11.el6] - Set Requires on httpd 2.2.15-24, mod_nss to 1.0.8-18 and patch to check for existing mod_ssl configuration. These versions allow mod_proxy to simultaneously support SSL servers using mod_ssl and mod_proxy (#761574) - IPA WebUI login for AD Trusted User fails (#875261) - Add 'disable_last_success' and 'disable_lockout' to the ipa_lockout plugin (#824488) [3.0.0-10.el6] - Make default group type POSIX in ui (#880655) - Write replacement for python-crypto (#878969) - ipa trust-add prints misleading information about required DNS setting (#878485) - Lookup user SIDs in external groups (#878480) - Special case NFS related ticket to avoid attaching MS-PACs (#878462) - IPA users are not available after ipa-server-install because sssd not running (#878288) - Incorrect error message when time difference between AD and IPA is too great (#877434) - Missing option to add SSH Public Key in Web UI after upgrade (#877324) [3.0.0-9.el6] - Update minimum BR and Requires of sssd to 1.9.2-25 (related #870278, related #871160, related #878262) - Replication agreement tools report errors with new single instance CA database (#878491) - If time is moved back on the IPA server, ipasam does not invalidate the existing ticket (#866576) [3.0.0-8.el6] - Server installation fails to find A/AAAA record for IPA hostname (#874935) - Out of range error when listing RUV on host with no agreements (#873726) - Tighten dependency on krb5-server to limit to 1.10 (#872707) - Default SELinuxusermaporder needs to mapped with default selinux users list (#870053) - Clarify trust-add help regarding multiple runs against the same domain (#869741) - Improve reliabilityof RA renewal script (#869663) - Add option to disable DNS forwarding by zone (#869658) - Update minimum version of bind-dyndb-ldap to 2.3-1 (#869658) - Improve information on passsync user in man page, command help (#869656) - Resolve external members from trusted domain via Global Catalog (#869616) - Process relative nameserver DNS record correctly (#868956) - ipa-adtrust-install does not reset all information when re-run (#867447) - Fix potential memory leak in KDB backend (#811989) [3.0.0-7.el6] - Fix type conversion of integers when doing modifications (#870446) - Set SECURE_NFS to lowercase yes rather than uppercase (#869654) - Add autofs service to sssd.conf before enabling it (#869649) - Add strict Requires for policycoreutils to avoid user removing them during package lifetime (#869281) - Make internal rename_s() call compatible with python-ldap-2.3.10 (#867902) - Update minimum version of bind-dyndb-ldap to 2.2-1.el6 (related #871583) - Restart httpd after running ipa-adtrust-install (#866966) [3.0.0-6.el6] - Add patch to override xmlrpc request method for session (#786199) - Bad link to Web UI config page after session is expired (#869279) - extdom plugin does not handle Posix UID and GID request (#867676) - ipa-server-install --setup-dns always installs reverse zone (#866978) - Inform user when ipa-upgradeconfig reports errors (#866977) - Certificate request fails when CSR has subjectAltnames (#866955) - ipa-adtrust-install checks for /usr/bin/smbpasswd, which is not required (#866572) - Instructions to uninstall are unclear (#856294) - Inconsistent service naming in ipa-server-install (#856292) - Improve instructions to generate certificate in Web UI (#856282) - /etc/ipa/default.conf is out of date (#855855) - Time synchronization is disabled in ipa-client-install (#854325) - ipa-replica-install httpd restart sometimes fails (#845405) - Improve error messages during ipa-replica-manage del (#835632) - Always log errors from dogtag (#813401) [3.0.0-5.el6] - Update to upstream 3.0.0 GA release (#827602) - Add zip dependency, needed for creating unsigned Firefox extensions - Filter generated winbind dependencies so the right version of samba can be installed. - Remove patch to support python-ldap 2.3.10. Fixed upstream. - Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca (#864533) - Add zip dependency, needed for creating unsigned Firefox extensions [3.0.0-4.el6] - Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so plugin to /dev/null since they cannot be used when trusts are configured (related #864889) - Update BR and Requires of samba4 to 4.0.0-31 to pick up winbind_krb5_locator alternatives change. (related #864889) [3.0.0-3.el6] - Update to upstream 3.0.0.rc2 release (#827602) - Provide new Firefox extension. - Own /etc/ipa/ca.crt [3.0.0-2.el6] - Remove Requires on krb5-pkinit-openssl as part of disabling pkinit code. - Add missing subdirectories in site-packages/ipaserver discovered by rpmdiff. (#827602) [3.0.0-1.el6] - Update to upstream 3.0.0.rc1 release (#827602) - Update BR and Requires of 389-ds-base to 1.2.11.14 - Update BR and Requires of krb5 to 1.10 - Update BR and Requires of samba4 to 4.0.0-24 - Update BR and Requires of sssd to 1.9.0 - Update Requires on policycoreutils to 2.0.83-19.24 - Update Requires on httpd to httpd-2.2.15-17 to pick up #787247 - Update minimum version of bind-dyndb-ldap to 1.1.0-0.9.b1.el6_3.1 - Update minimum version of bind to 9.8.2-0.10.rc1.el6_3.2 - Sync upstream spec file Requires - Add patch to support python-ldap 2.3.10 LOW Copyright 2013 Oracle, Inc. CVE-2012-4546 cpe:/a:oracle:linux:6:4:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [32:9.8.2-0.17.rc1.0.2.el6.3] - bump up version and rebuild [32:9.8.2-0.17.rc1.0.1.el6.3] - add rrl.h into include dirs [32:9.8.2-0.27.rc1.3] - remove one bogus file from /usr/share/doc, introduced by RRL patch [32:9.8.2-0.17.rc1.2] - fix CVE-2012-5689 [32:9.8.2-0.17.rc1.1] - add response rate limit patch (#873624) [32:9.8.2-0.17.rc1] - fix CVE-2012-5688 [32:9.8.2-0.16.rc1] - initscript: silence spurious "named.pid: No such file" error [32:9.8.2-0.15.rc1] - fix CVE-2012-5166 [32:9.8.2-0.14.rc1] - allow forward{,ers} statement in static-stub zones [32:9.8.2-0.13.rc1] - fix CVE-2012-4244 [32:9.8.2-0.12.rc1] - fix CVE-2012-3817 [32:9.8.2-0.11.rc1] - fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5689 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [2.6.32-358.0.1] - [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0871 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [0.73-11] - Add patch to fix CVE-2013-0292 - Resolves: #913072 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0292 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 5 Oracle Linux 6 [1:1.4.2-50:.4] - Added BrowseLDAPCACertFile and PrintcapGUI to restricted options list. [1:1.4.2-50:.3] - Fix for CVE-2012-5519 patch: handle blacklisted lines that have no value part gracefully. [1:1.4.2-50:.2] - Added documentation for new CVE-2012-5519 option. [1:1.4.2-50:.1] - Applied patch to fix CVE-2012-5519 (privilege escalation for users in SystemGroup or with equivalent polkit permission). This prevents HTTP PUT requests with paths under /admin/conf/ other than that for cupsd.conf, and also prevents such requests altering certain configuration directives such as PageLog and FileDevice (bug #875898). [1:1.4.2-50] - Fixed LDAP browsing issues (bug #870386). [1:1.4.2-49] - Avoid 'forbidden' error when moving job between queues via web UI (bug #834445). MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5519 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base Oracle Linux 5 Oracle Linux 6 [2.7.6-12.0.1.el6_4.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-12.el6_4.1] -detect and stop excessive entities expansion upon replacement (rhbz#912574) [2.7.6-12.el6] - fix out of range heap access (CVE-2012-5134) [2.7.6-11.el6] - Change the XPath code to percolate allocation error (CVE-2011-1944) [2.7.6-10.el6] - Fix an off by one pointer access (CVE-2011-3102) [2.7.6-9.el6] - Fix a failure to report xmlreader parsing failures - Fix parser local buffers size problems (rhbz#843742) - Fix entities local buffers size problems (rhbz#843742) - Fix an error in previous commit (rhbz#843742) - Do not fetch external parsed entities - Impose a reasonable limit on attribute size (rhbz#843742) - Impose a reasonable limit on comment size (rhbz#843742) - Impose a reasonable limit on PI size (rhbz#843742) - Cleanups and new limit APIs for dictionaries (rhbz#843742) - Introduce some default parser limits (rhbz#843742) - Implement some default limits in the XPath module - Fixup limits parser (rhbz#843742) - Enforce XML_PARSER_EOF state handling through the parser - Avoid quadratic behaviour in some push parsing cases (rhbz#843742) - More avoid quadratic behaviour (rhbz#843742) - Strengthen behaviour of the push parser in problematic situations (rhbz#843742) - More fixups on the push parser behaviour (rhbz#843742) - Fix a segfault on XSD validation on pattern error - Fix an unimplemented part in RNG value validation MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0338 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0166 CVE-2012-4929 CVE-2013-0169 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 [2.8.5-10.1] - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1619 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.7.1-3.1] - fix CVE-2013-0308 [1.7.1-3] - fix CVE-2010-3906 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0308 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.7.5-18.1] - Apply upstream r1926 to resolve FD_SET array index error - Resolves: rhbz#915361 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0288 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 kernel [2.6.18-348.2.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] LOW Copyright 2013 Oracle, Inc. CVE-2012-3400 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.2.1] - [misc] tainted flags, fix buffer size (Prarit Bhargava) [905829 901547] - [net] be2net: fix unconditionally returning IRQ_HANDLED in INTx (Ivan Vecera) [884704 878316] - [net] be2net: fix INTx ISR for interrupt behaviour on BE2 (Ivan Vecera) [884704 878316] - [net] be2net: fix a possible events_get() race on BE2 (Ivan Vecera) [884704 878316] - [firmware] Expand kernel boot-time storage for DMI table structs (Lenny Szubowicz) [902683 862865] - [fs] udf: Fortify loading of sparing table (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400} - [fs] udf: Improve table length check to avoid possible overflow (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400} - [fs] udf: Avoid run away loop when partition table is corrupted (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400} LOW Copyright 2013 Oracle, Inc. CVE-2012-3400 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [3.0.3-142.el5_9.2] - e1000: discard packets that are too long if !SBP and !LPE (rhbz 910843) - e1000: discard oversized packets based on SBP|LPE (rhbz 910843) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6075 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.7.0.9-2.3.8.0.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.8.0el6] - Revert to rhel 6.3 version of spec file - Revert to icedtea7 2.3.8 forest - Resolves: rhbz#917183 [1.7.0.11-2.4.0.pre5.el6] - Update to latest snapshot of icedtea7 2.4 forest - Resolves: rhbz#917183 [1.7.0.9-2.4.0.pre4.3.el6] - Updated to icedtea 2.4.0.pre4, - Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre3.3.el6] - Updated to icedtea 2.4.0.pre3, updated! - Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre2.3.el6] - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.4.0.pre2, updated? - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911530 [1.7.0.11-2.4.0.2.el6] - Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch - Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch - Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch - Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch - NSS enabled by default - enable_nss set to 1 - rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch - rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch - Resolves: rhbz#831734 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Disabled nss - enable_nss set to 0 - Resolves: rhbz#895034 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0809 CVE-2013-1493 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [1.7.0.9-2.3.8.0.0.1.el5_9] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.9-2.3.8.0.el5_9] - Updated to icedtea7-forest-2.3 - Resolves: rhbz#917181 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0809 CVE-2013-1493 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [ 1:1.6.0.0-1.36.1.11.9.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.36.1.11.9] - Updated to icedtea6 1.11.9 - Resolves: rhbz#917176 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1493 CVE-2013-0809 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1:1.6.0.0-1.57.1.11.9] - Updated to icedtea6 1.11.9 - Resolves: rhbz#917179 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1493 CVE-2013-0809 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [kvm-83-262.0.1.el5_9.1] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [kvm-83-262.el5_1] - kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910839] - kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910839] - Resolves: bz#910839 (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-5.9.z]) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6075 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [qemu-kvm-0.12.1.2-2.355.el6_4.2] - kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910841] - kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910841] - Resolves: bz#910841 (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-6.4.z]) [qemu-kvm-0.12.1.2-2.355.el6_4.1] - kvm-Revert-e1000-no-need-auto-negotiation-if-link-was-do.patch [bz#907397] - Resolves: bz#907397 (Patch 'e1000: no need auto-negotiation if link was down' may break e1000 guest) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6075 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [1.8.5-29] - Fix regression introduced by fix for entity expansion DOS vulnerability in REXML (https://bugs.ruby-lang.org/issues/7961) * ruby-2.0.0-add-missing-rexml-require.patch - Related: rhbz#915377 [1.8.5-28] - Addresses entity expansion DoS vulnerability in REXML. * ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch - Resolves: rhbz#915377 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1821 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.8.7.352-10] - escaping vulnerability about Exception#to_s / NameError#to_s * ruby-1.8.7-p371-CVE-2012-4481.patch - Related: rhbz#915379 [1.8.7.352-9] - Fix regression introduced by fix for entity expansion DOS vulnerability in REXML (https://bugs.ruby-lang.org/issues/7961) * ruby-2.0.0-add-missing-rexml-require.patch - Related: rhbz#915379 [1.8.7.352-8] - Addresses entity expansion DoS vulnerability in REXML. * ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch - Resolves: rhbz#915379 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4481 CVE-2013-1821 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.3-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-2] - Added fix for #848644 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0787 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 kernel [2.6.18-348.3.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] [2.6.18-348.3.1] - [utrace] ensure arch_ptrace() can never race with SIGKILL (Oleg Nesterov) [912071 912072] {CVE-2013-0871} - [x86] msr: Add capabilities check (Nikola Pajkovsky) [908696 908697] {CVE-2013-0268} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0268 CVE-2013-0871 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.3.1] - [utrace] ensure arch_ptrace() can never race with SIGKILL (Oleg Nesterov) [912071 912072] {CVE-2013-0871} - [x86] msr: Add capabilities check (Nikola Pajkovsky) [908696 908697] {CVE-2013-0268} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0268 CVE-2013-0871 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0:6.0.24-52] - Related: rhbz 882010 rhbz 883692 rhbz 883705 - Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate - to avoid building on ppc64, ppc, and x390x. [0:6.0.24-50] - Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 - three DIGEST authentication issues - Resolves: rhbz 883692 CVE-2012-4534 Denial of service when using - SSL NIO sendfile - Resolves: rhbz 883705 CVE-2012-3546 Bypass of Realm security constraints IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5885 CVE-2012-5887 CVE-2012-5886 CVE-2012-3546 CVE-2012-4534 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.3-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-2] - Added fix for #848644 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0787 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.2.11.15-12] - Resolves: Bug 910994 - PamConfig schema not updated during upgrade - Resolves: Bug 910995 - Valgrind reports memleak in modify_update_last_modified_attr - Resolves: Bug 910996 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) - Resolves: Bug 911467 - DNA: use event queue for config update only at the start up - Resolves: Bug 911468 - Error messages encountered when using POSIX winsync - Resolves: Bug 911469 - dse.ldif is 0 length after server kill or machine kill - Resolves: Bug 911474 - Invalid chaining config triggers a disk full error and shutdown - Resolves: Bug 914305 - ns-slapd segfaults while trying to delete a tombstone entry - Resolves: Bug 913228 - unauthenticated denial of service vulnerability in handling of LDAPv3 control data MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0312 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [2.6.32-358.2.1] - [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871} [2.6.32-358.1.1] - [netdrv] mlx4: Set number of msix vectors under SRIOV mode to firmware defaults (Michal Schmidt) [911663 904726] - [netdrv] mlx4: Fix bridged vSwitch configuration for non SRIOV mode (Michal Schmidt) [910998 903644] - [net] rtnetlink: Fix IFLA_EXT_MASK definition (regression) (Thomas Graf) [909815 903220] - [x86] msr: Add capabilities check (Nikola Pajkovsky) [908698 908699] {CVE-2013-0268} - [x86] msr: Remove incorrect, duplicated code in the MSR driver (Nikola Pajkovsky) [908698 908699] {CVE-2013-0268} - [virt] xen: dont assume ds is usable in xen_iret for 32-bit PVOPS (Andrew Jones) [906310 906311] {CVE-2013-0228} - [kernel] cputime: Avoid multiplication overflow on utime scaling (Stanislaw Gruszka) [908794 862758] - [net] sunrpc: When changing the queue priority, ensure that we change the owner (Steve Dickson) [910370 902965] - [net] sunrpc: Ensure we release the socket write lock if the rpc_task exits early (Steve Dickson) [910370 902965] - [fs] nfs: Ensure that we free the rpc_task after read and write cleanups are done (Steve Dickson) [910370 902965] - [net] sunrpc: Ensure that we free the rpc_task after cleanups are done (Steve Dickson) [910370 902965] - [net] sunrpc: Dont allow low priority tasks to pre-empt higher priority ones (Steve Dickson) [910370 902965] - [fs] nfs: Add sequence_priviliged_ops for nfs4_proc_sequence() (Steve Dickson) [910370 902965] - [fs] nfs: The NFSv4.0 client must send RENEW calls if it holds a delegation (Steve Dickson) [910370 902965] - [fs] nfs: nfs4_proc_renew should be declared static (Steve Dickson) [910370 902965] - [fs] nfs: nfs4_locku_done must release the sequence id (Steve Dickson) [910370 902965] - [fs] nfs: We must release the sequence id when we fail to get a session slot (Steve Dickson) [910370 902965] - [fs] nfs: Add debugging messages to NFSv4s CLOSE procedure (Steve Dickson) [910370 902965] - [net] sunrpc: Clear the connect flag when socket state is TCP_CLOSE_WAIT (Steve Dickson) [910370 902965] - [fs] nfs: cleanup DS stateid error handling (Steve Dickson) [910370 902965] - [fs] nfs: handle DS stateid errors (Steve Dickson) [910370 902965] - [fs] nfs: Fix potential races in xprt_lock_write_next() (Steve Dickson) [910370 902965] - [fs] nfs: Ensure correct locking when accessing the 'lock_states' list (Steve Dickson) [910370 902965] - [fs] nfs: Fix the handling of NFS4ERR_SEQ_MISORDERED errors (Steve Dickson) [910370 902965] - [netdrv] be2net: fix unconditionally returning IRQ_HANDLED in INTx (Ivan Vecera) [910373 909464] - [netdrv] be2net: fix INTx ISR for interrupt behaviour on BE2 (Ivan Vecera) [910373 909464] - [netdrv] be2net: fix a possible events_get() race on BE2 (Ivan Vecera) [910373 909464] - [fs] gfs2: Get a block reservation before resizing a file (Robert S Peterson) [908398 875753] - [net] ipv6: do not create neighbor entries for local delivery (Jiri Pirko) [909159 896020] - [net] bonding: check for assigned mac before adopting the slaves mac address (Veaceslav Falico) [908737 905126] - [fs] nfs: nfs4_xdr_enc_layout{commit, return} must return status (Steve Dickson) [908733 907227] - [fs] set s_type before destroy_super in sget() (Eric Sandeen) [909813 904982] - [scsi] ses: Avoid kernel panic when lun 0 is not mapped (Ewan Milne) [908739 886867] - [block] avoid divide-by-zero with zero discard granularity (Mike Snitzer) [911000 901705] - [block] discard granularity might not be power of 2 (Mike Snitzer) [911000 901705] - [netdrv] tg3: Fix crc errors on jumbo frame receive (Ivan Vecera) [909816 895336] - [netdrv] igb: set E1000_IMS_TS interrupt bit in igb_irq_enable (Stefan Assmann) [909818 871795] - [pci] intel-iommu: Prevent devices with RMRRs from being placed into SI Domain (Tony Camuso) [908744 678451] - [scsi] sd: Reshuffle init_sd to avoid crash (Ewan Milne) [911655 888417] - [mm] add numa node symlink for cpu devices in sysfs (Neil Horman) [909814 878708] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0228 CVE-2013-0268 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [0:5.5.23-0jpp.38] - Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication - implementation - Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints. - Remove unneeded handling of FORM authentication in RealmBase IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5887 CVE-2012-5886 CVE-2012-5885 CVE-2012-3546 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.7.9-10.el6_4.1] - Fix spec file for disttag [2.7.9-10.el6] - Add patch for CVE-2013-0274 (RH bug #910653). [2.7.9-9.el6] - Add patch for CVE-2013-0273 (RH bug #910653). [2.7.9-8.el6] - Add patch for CVE-2013-0272 (RH bug #910653). [2.7.9-7.el6] - Add patch for CVE-2011-2485 (RH bug #837562). [2.7.9-6.el6] - Add patch for CVE-2012-1178 (RH bug #837560). - Add patch for CVE-2012-2318 (RH bug #837560). - Add patch for CVE-2012-3374 (RH bug #837560). MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.10.3-10.1] - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909) - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917909, CVE-2012-1016) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-1016 CVE-2013-1415 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.9.2-82.4] - Resolves: rhbz#911298 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider [1.9.2-82.3] - Fix pwd_expiration_warning=0 - Resolves: rhbz#914671 - pwd_expiration_warning has wrong default for Kerberos [1.9.2-82.2] - Resolves: rhbz#914671 - pwd_expiration_warning has wrong default for Kerberos - Fix the NVR [1.9.2-82.1] - Resolves: rhbz#907362 - Serious performance regression in sssd MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0287 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [1.41.0-15] - Add in explicit dependences between some boost subpackages [1.41.0-14] - Build with -fno-strict-aliasing [1.41.0-13] - In Boost.Pool, be careful not to overflow allocated chunk size (boost-1.41.0-pool.patch) [1.41.0-12] - Add an upstream patch that fixes computation of CRC in zlib streams. - Resolves: #707624 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2677 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base Oracle Linux 6 [1:4.6.2-26] - Resolves: CVE-2013-0254, QSharedMemory class created shared memory segments with insecure permissions MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0254 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [0:1.2.1-2jpp.7] - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5784 - Add patches to build with java 1.6 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5784 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [4:5.10.1-130] - Resolves: #915692 - CVE-2012-5526 (newline injection due to improper CRLF escaping in Set-Cookie and P3P headers) - Resolves: #915692 - CVE-2012-6329 (possible arbitrary code execution via Locale::Maketext) - Resolves: #915692 - CVE-2013-1667 (DoS in rehashing code) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5195 CVE-2013-1667 CVE-2012-5526 CVE-2012-6329 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 6 [0.26.2-5] - Fix bug 914474 (CVE 2013-1591) - Remove openmp.patch MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1591 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [ 32:9.8.2-0.17.rc1.0.2.el6_4.4] - bump release and build for ULN IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2266 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [32:9.7.0-17.P2.1] - fix CVE-2013-2266 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2266 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 firefox [17.0.5-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.5-1] - Update to 17.0.5 ESR xulrunner [17.0.5-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.5-1] - Update to 17.0.5 ESR [17.0.3-3] - Added fix for rhbz#916180 - Wrong library directory reference in /usr/bin/xulrunner CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-0796 CVE-2013-0800 CVE-2013-0795 CVE-2013-0788 CVE-2013-0793 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.5-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.5-1] - Update to 17.0.5 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0800 CVE-2013-0796 CVE-2013-0788 CVE-2013-0795 CVE-2013-0793 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [4.29-3] Resolves: CVE-2013-1762 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1762 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [kvm-83-262.0.1.el5_9.3] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [kvm-83-262.el5_3] - kvm-kernel-kvm-accept-unaligned-MSR_KVM_SYSTEM_TIME-writes.patch [bz#947363] - Resolves: bz#947363 (RHEL.5.8.32 guest hang when installing) [kvm-83-262.el5_2] - kvm-kernel-KVM-Fix-for-buffer-overflow-in-handling-of-MSR_KVM_S.patch [bz#917018] - kvm-kernel-KVM-Convert-MSR_KVM_SYSTEM_TIME-to-use-kvm_write_gue.patch [bz#917022] - kvm-kernel-KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch [bz#917028] - kvm-kernel-do-not-GP-on-unaligned-MSR_KVM_SYSTEM_TIME-write.patch [bz#bz917019] - Resolves: bz#917018 (CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME [rhel-5.9.z]) - Resolves: bz#917022 (CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME [rhel-5.9.z]) - Resolves: bz#917028 (CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads [rhel-5.9.z]) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1796 CVE-2013-1798 CVE-2013-1797 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [1.6.11-9] - add security fixes for CVE-2013-1846, CVE-2013-1847, CVE-2013-1849 (#947372) [1.6.11-8] - add security fix for CVE-2013-1845 (#947372) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1849 CVE-2013-1845 CVE-2013-1847 CVE-2013-1846 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.2.11.15-14] - Resolves: Bug 929107 - ns-slapd crashes sporadically with segmentation fault in libslapd.so (ticket 627) - Resolves: Bug 929114 - cleanAllRUV task fails to cleanup config upon completion (ticket 623) [1.2.11.15-13] - Resolves: Bug 929114 - cleanAllRUV task fails to cleanup config upon completion (ticket 623) - Resolves: Bug 929111 - Coverity issue 13091 - Resolves: Bug 929196 - Deadlock in DNA plug-in (ticket 634) - Resolves: Bug 929107 - ns-slapd crashes sporadically with segmentation fault in libslapd.so (ticket 627) - Resolves: Bug 929115 - crash in aci evaluation (ticket 628) - Resolves: Bug 923240 - unintended information exposure when anonymous access is set to rootdse (ticket 47308) LOW Copyright 2013 Oracle, Inc. CVE-2013-1897 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [2.6.32-358.6.1] - [virt] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes (Petr Matousek) [917020 917021] {CVE-2013-1796} - [char] tty: hold lock across tty buffer finding and buffer filling (Prarit Bhargava) [928686 901780] - [net] tcp: fix for zero packets_in_flight was too broad (Thomas Graf) [927309 920794] - [net] tcp: frto should not set snd_cwnd to 0 (Thomas Graf) [927309 920794] - [net] tcp: fix an infinite loop in tcp_slow_start() (Thomas Graf) [927309 920794] - [net] tcp: fix ABC in tcp_slow_start() (Thomas Graf) [927309 920794] - [netdrv] ehea: avoid accessing a NULL vgrp (Steve Best) [921535 911359] - [net] sunrpc: Get rid of the redundant xprt->shutdown bit field (J. Bruce Fields) [915579 893584] - [virt] kvm: do not #GP on unaligned MSR_KVM_SYSTEM_TIME write (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [drm] i915: bounds check execbuffer relocation count (Nikola Pajkovsky) [920523 920525] {CVE-2013-0913} - [x86] irq: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [911267 887006] - [kvm] Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [kvm] Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (Gleb Natapov) [917020 917021] {CVE-2013-1796} - [kvm] Fix bounds checking in ioapic indirect register reads (Gleb Natapov) [917030 917032] {CVE-2013-1798} - [kvm] x86: release kvmclock page on reset (Gleb Natapov) [917024 917025] {CVE-2013-1797} - [security] keys: Fix race with concurrent install_user_keyrings() (David Howells) [916681 913258] {CVE-2013-1792} - [virt] hv_balloon: Make adjustments to the pressure report (Jason Wang) [909156 902232] [2.6.32-358.5.1] - [fs] xfs: use maximum schedule timeout when ail is empty (Brian Foster) [921958 883905] - [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_auth() (Thomas Graf) [922428 922429] {CVE-2012-6537} - [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922386 922387] {CVE-2012-6546} - [net] atm: fix info leak via getsockname() (Thomas Graf) [922386 922387] {CVE-2012-6546} - [fs] nls: improve UTF8 -> UTF16 string conversion routine (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [fs] fat: Fix stat->f_namelen (Nikola Pajkovsky) [916118 916119] {CVE-2013-1773} - [netdrv] tun: fix ioctl() based info leaks (Thomas Graf) [922350 922351] {CVE-2012-6547} - [virt] x86: Add a check to catch Xen emulation of Hyper-V (Andrew Jones) [923204 918239] - [fs] cifs: fix expand_dfs_referral (Sachin Prabhu) [923098 902492] - [fs] cifs: factor smb_vol allocation out of cifs_setup_volume_info (Sachin Prabhu) [923098 902492] - [fs] cifs: have cifs_cleanup_volume_info not take a double pointer (Sachin Prabhu) [923098 902492] - [fs] nfs: Dont allow NFS silly-renamed files to be deleted, no signal (Dave Wysochanski) [920266 905095] [2.6.32-358.4.1] - [fs] NLM: Ensure that we resend all pending blocking locks after a reclaim (Steve Dickson) [921150 913704] - [fs] xfs: remove log force from xfs_buf_cond_lock() (Brian Foster) [921961 896224] - [fs] xfs: recheck buffer pinned status after push trylock failure (Brian Foster) [921961 896224] - [fs] nfs: Ensure that we check lock exclusive/shared type against open modes (Dave Wysochanski) [920268 916324] - [powerpc] pseries: Fix partition migration hang in stop_topology_update (Steve Best) [921963 910597] - [infiniband] qib: correction for faulty sparse warning correction (Jay Fenlason) [922154 901701] - [usb] io_ti: Fix NULL dereference in chase_port() (Nikola Pajkovsky) [916198 916200] {CVE-2013-1774} - [net] bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Nikola Pajkovsky) [914690 914691] {CVE-2013-0349} - [char] tty: set_termios/set_termiox should not return -EINTR (Oleg Nesterov) [921145 904907] - [netdrv] ehea: fix VLAN support (Steve Best) [921535 911359] - [net] xfrm_user: return error pointer instead of NULL (Thomas Graf) [919388 919389] {CVE-2013-1826} - [net] dccp: check ccid before NULL poiter dereference (Weiping Pan) [919187 919188] {CVE-2013-1827} - [mm] tmpfs: fix use-after-free of mempolicy object (Nikola Pajkovsky) [915714 915715] {CVE-2013-1767} - [fs] fuse: set page_descs length in fuse_buffered_write() (Brian Foster) [916957 915135] - [fs] vfs: fix pointer dereference validation in d_validate (Carlos Maiolino) [915583 876600] - [fs] cifs: after upcalling for krb5 creds, invalidate key rather than revoking it (Niels de Vos) [912452 885899] - [fs] cifs: tmp_key_invalidate() should not set key->expiry to 0 (Niels de Vos) [912452 885899] - [block] disable discard request merge temporarily (Mike Snitzer) [911475 907844] [2.6.32-358.3.1] - [net] netfilter: improve out-of-sync situation in TCP tracking (Flavio Leitner) [917690 629857] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6546 CVE-2013-0349 CVE-2013-0913 CVE-2012-6547 CVE-2013-1796 CVE-2013-1798 CVE-2013-1773 CVE-2013-1792 CVE-2013-1797 CVE-2013-1827 CVE-2013-1774 CVE-2012-6537 CVE-2013-1767 CVE-2013-1826 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 kernel [2.6.18-348.4.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] [2.6.18-348.4.1] - [virt] xen-netback: backports (Andrew Jones) [910884 910885] {CVE-2013-0216} - [virt] xen-netback: netif_schedulable should take a netif (Andrew Jones) [910884 910885] {CVE-2013-0216} - [virt] pciback: rate limit error mess from pciback_enable_msi() (Igor Mammedov) [910876 910877] {CVE-2013-0231} - [net] be2net: remove BUG_ON() in be_mcc_compl_is_new() (Ivan Vecera) [923910 907524] - [net] ipv4: Update MTU to all related cache entries (Amerigo Wang) [923353 905190] - [net] annotate rt_hash_code() users (Amerigo Wang) [923353 905190] - [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922426 922427] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922426 922427] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922426 922427] {CVE-2012-6537} - [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922384 922385] {CVE-2012-6546} - [net] atm: fix info leak via getsockname() (Thomas Graf) [922384 922385] {CVE-2012-6546} - [net] tun: fix ioctl() based info leaks (Thomas Graf) [922348 922349] {CVE-2012-6547} - [net] llc, zero sockaddr_llc struct (Thomas Graf) [922327 922329] {CVE-2012-6542} - [net] llc: fix info leak via getsockname() (Thomas Graf) [922327 922329] {CVE-2012-6542} - [net] xfrm_user: return error pointer instead of NULL (Thomas Graf) [919386 919387] {CVE-2013-1826} - [net] ixgbevf: allocate room for mailbox MSI-X interrupt's name (Laszlo Ersek) [924134 862862] - [fs] knfsd: allow nfsd READDIR to return 64bit cookies (Niels de Vos) [924087 918952] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-6547 CVE-2012-6542 CVE-2012-6546 CVE-2013-1826 CVE-2013-0216 CVE-2013-0231 CVE-2012-6537 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.4.1] - [virt] xen-netback: backports (Andrew Jones) [910884 910885] {CVE-2013-0216} - [virt] xen-netback: netif_schedulable should take a netif (Andrew Jones) [910884 910885] {CVE-2013-0216} - [virt] pciback: rate limit error mess from pciback_enable_msi() (Igor Mammedov) [910876 910877] {CVE-2013-0231} - [net] be2net: remove BUG_ON() in be_mcc_compl_is_new() (Ivan Vecera) [923910 907524] - [net] ipv4: Update MTU to all related cache entries (Amerigo Wang) [923353 905190] - [net] annotate rt_hash_code() users (Amerigo Wang) [923353 905190] - [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922426 922427] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922426 922427] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922426 922427] {CVE-2012-6537} - [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922384 922385] {CVE-2012-6546} - [net] atm: fix info leak via getsockname() (Thomas Graf) [922384 922385] {CVE-2012-6546} - [net] tun: fix ioctl() based info leaks (Thomas Graf) [922348 922349] {CVE-2012-6547} - [net] llc, zero sockaddr_llc struct (Thomas Graf) [922327 922329] {CVE-2012-6542} - [net] llc: fix info leak via getsockname() (Thomas Graf) [922327 922329] {CVE-2012-6542} - [net] xfrm_user: return error pointer instead of NULL (Thomas Graf) [919386 919387] {CVE-2013-1826} - [net] ixgbevf: allocate room for mailbox MSI-X interrupt's name (Laszlo Ersek) [924134 862862] - [fs] knfsd: allow nfsd READDIR to return 64bit cookies (Niels de Vos) [924087 918952] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0231 CVE-2013-1826 CVE-2012-6542 CVE-2012-6546 CVE-2012-6547 CVE-2012-6537 CVE-2013-0216 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.10.3-10.2] - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests (CVE-2013-1416, #950342) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1416 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.7.0.19-2.3.9.1.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.19-2.3.9.1.el6] - updated to updated IcedTea 2.3.9 with fix to one of security fixes - fixed font glyph offset - Resolves: rhbz#950380 [1.7.0.9-2.3.9.0.el6] - updated to IcedTea 2.3.9 with latest security patches - buildver sync to b19 - rewritten java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#950380 [1.7.0.19-2.3.8.2.el6] - Added latest Fedora spec changes - Bumped release - Removed patch2 java-1.7.0-openjdk-java-access-bridge-idlj.patch (unapplied) - zlib in BuildReq restricted for 1.2.3-7 or higher - see https://bugzilla.redhat.com/show_bug.cgi?id=904231 - Removed a -icedtea tag from the version - package have less and less connections to icedtea7 - Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb - Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1 - see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details - Removed all fonconfig files. Fonts are now handled differently in JDK and those files are redundant. This is going to be usptreamed. - see https://bugzilla.redhat.com/show_bug.cgi?id=902227 for details - logging.properties marked as config(noreplace) - see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details - classes.jsa marked as ghost on full path - see https://bugzilla.redhat.com/show_bug.cgi?id=918172 for details - nss.cfg was marked as config(noreplace) - Add symlink to default soundfont (see 541466) - Resolves: rhbz#950380 [1.7.0.9-2.3.8.1.el6] - Added and applied patch 116 - patch 116 rh905128-non_block_ciphers.patch - Added and applied patch 117 - patch 117 java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch - to enable handleStartupErrors = ignoreMultipleInitialisation in icedtea 2.3 - Restorered removed nss support - Fixed java-1.7.0-openjdk-nss-config-{1,2} patches to be valid for icedtea 2.3.x - enable_nss switch to 0 - disabled - Resolves: rhbz#950380 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1557 CVE-2013-2424 CVE-2013-2436 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2426 CVE-2013-1558 CVE-2013-2430 CVE-2013-0401 CVE-2013-1488 CVE-2013-2384 CVE-2013-2422 CVE-2013-2431 CVE-2013-1569 CVE-2013-2415 CVE-2013-2423 CVE-2013-2429 CVE-2013-1537 CVE-2013-2417 CVE-2013-1518 CVE-2013-2383 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [1.7.0.19-2.3.9.1.0.1.el5_9] - Add oracle-enterprise.patch - Fix DISTRO_NAME to "Enterprise Linux" [1.7.0.19-2.3.9.1.el5] - updated to updated IcedTea 2.3.9 with fix to one of security fixes - fixed font glyph offset - Resolves: rhbz#950376 [1.7.0.19-2.3.9.0.el5] - updated to IcedTea 2.3.9 with latest security patches - buildver sync to b19 - rewritten java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#950376 [1.7.0.9-2.3.8.1.el5] - Added some of the latest Fedora spec bugfixes - Bumped release - zlib in BuildReq restricted for 1.2.3-7 or higher - see https://bugzilla.redhat.com/show_bug.cgi?id=904231 - Removed a -icedtea tag from the version - package have less and less connections to icedtea7 - Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb - Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1 - see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details - logging.properties marked as config(noreplace) - see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details - nss.cfg was marked as config(noreplace) - slaves sync with el6 - Resolves: rhbz#950376 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0401 CVE-2013-1488 CVE-2013-1558 CVE-2013-2417 CVE-2013-2419 CVE-2013-2436 CVE-2013-2420 CVE-2013-2422 CVE-2013-1557 CVE-2013-2429 CVE-2013-1569 CVE-2013-2430 CVE-2013-1537 CVE-2013-1518 CVE-2013-2415 CVE-2013-2426 CVE-2013-2423 CVE-2013-2424 CVE-2013-2431 CVE-2013-2383 CVE-2013-2421 CVE-2013-2384 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.2.3-2] - Added (temporally!) posttrans forcing creation of symlinks - should be removed next release - Resolves: rhbz#949094 [1.2.3-1] - fixed postun - removal of alternatives for plugin restricted to (correct) removal process only - fixed date in changelog previous entry - Resolves: rhbz#949094 [1.2.3-0] - Updated to latest ustream release of 1.2 branch - 1.2.3 - Security Updates - CVE-2013-1927, RH884705 - fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 - Plugin - PR1157: Applets can hang browser after fatal exception - Removed upstreamed patch 0- icedtea-web-PR1161.patch - Resolves: rhbz#949094 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1926 CVE-2013-1927 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [2.5-107.4] - Add missing patch to avoid use after free (#816647). [2.5-107.3] - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951130) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951130) [2.5-107.2] - Call feraiseexcept only if exceptions are not masked (#861871). LOW Copyright 2013 Oracle, Inc. CVE-2013-0242 CVE-2013-1914 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [1:1.6.0.0-1.61.1.11.11] - added and applied (temporally) patch10 fixToFontSecurityFix.patch. - fixing regression in fonts introduced by one security patch. - Resolves: rhbz#950386 [1:1.6.0.0-1.60.1.11.11] - added and applied (temporally) one more patch to xalan/xerces privileges - patch9 jaxp-backport-factoryfinder.patch - will be upstreamed - Resolves: rhbz#950386 [1:1.6.0.0-1.59.1.11.11] - Updated to icedtea6 1.11.11 - fixed xalan/xerxes privledges - removed patch 8 - removingOfAarch64.patch.patch - fixed upstream - Resolves: rhbz#950386 [1:1.6.0.0-1.58.1.11.10] - Updated to icedtea6 1.11.10 - rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - excluded aarch64.patch - by patch 8 - removingOfAarch64.patch.patch - Resolves: rhbz#950386 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2420 CVE-2013-2422 CVE-2013-2429 CVE-2013-2431 CVE-2013-1537 CVE-2013-2419 CVE-2013-2421 CVE-2013-2424 CVE-2013-2426 CVE-2013-2430 CVE-2013-0401 CVE-2013-1518 CVE-2013-2383 CVE-2013-1488 CVE-2013-1558 CVE-2013-1569 CVE-2013-2417 CVE-2013-1557 CVE-2013-2384 CVE-2013-2415 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [7.19.7-36] - fix cookie tailmatching to prevent cross-domain leakage (CVE-2013-1944) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1944 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ovs3 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 6 [5.1.69-1] - Update to 5.1.69, for assorted upstream bugfixes including CVEs announced in April 2013 Resolves: #953084 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-5614 CVE-2013-1521 CVE-2013-1531 CVE-2013-1555 CVE-2013-2391 CVE-2013-2392 CVE-2013-1532 CVE-2013-1544 CVE-2013-1548 CVE-2013-1552 CVE-2013-2375 CVE-2013-1506 CVE-2013-2378 CVE-2013-2389 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [0-0.7.0.1.el5_9.3] - Add support for oracle os [0-0.7.3] - Fix for one more file descriptor leak (rhbz#953502) [0-0.7.2] - Validate Netlink source address (CVE-2012-5532) (rhbz#953560) [0-0.7.1] - Fix for file descriptor leak (rhbz#953502) LOW Copyright 2013 Oracle, Inc. CVE-2012-5532 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [2.2.15-28.0.1.el6_4] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-28] - mod_rewrite: add security fix for CVE-2013-1862 (#953729) [2.2.15-27] - add security fixes for CVE-2012-3499, CVE-2012-4558 (#915883, #915884) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4558 CVE-2013-1862 CVE-2012-3499 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 firefox [17.0.6-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-2] - Updated XulRunner check xulrunner [17.0.6-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.6-2] - Update to 17.0.6 ESR [17.0.5-2] - Updated nss and nspr versions CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1670 CVE-2013-1676 CVE-2013-0801 CVE-2013-1674 CVE-2013-1677 CVE-2013-1681 CVE-2013-1675 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [17.0.6-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.6-2] - Update to 17.0.6 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1670 CVE-2013-1674 CVE-2013-1676 CVE-2013-1677 CVE-2013-1679 CVE-2013-0801 CVE-2013-1675 CVE-2013-1678 CVE-2013-1681 CVE-2013-1680 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [2.6.32-20] Resolves: #960234 - CVE-2013-2053 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2053 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 [2.6.32-358.6.2] - [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2094 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.10.2-18.0.1.el6_4.5] - Replace docs/et.png in tarball with blank image [0.10.2-18.el6_4.5] - daemon: Fix leak after listing volumes (CVE-2013-1962) - Don't try to add non-existant devices to ACL (rhbz#958837) - Avoid spamming logs with cgroups warnings (rhbz#958837) - audit: Properly encode device path in cgroup audit (rhbz#958839) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1962 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 kernel [2.6.18-348.6.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] [2.6.18-348.6.1.el5] - [char] ipmi: use a tasklet for handling received messages (Tony Camuso) [953435 947732] - [char] ipmi: do run_to_completion properly in deliver_recv_msg (Tony Camuso) [953435 947732] - [fs] nfs4: fix locking around cl_state_owners list (Dave Wysochanski) [954296 948317] - [fs] nfs: Fix bugs on short read (Sachin Prabhu) [952098 924011] - [xen] AMD IOMMU: spot missing IO-APIC entries in IVRS table (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] AMD, IOMMU: Make per-device interrupt remap table default (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] AMD, IOMMU: Disable IOMMU if SATA Combined mode is on (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] AMD, IOMMU: On creating entry clean up in remapping tables (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] ACPI: acpi_table_parse() should return handler's err code (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] introduce xzalloc() & Co (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531] - [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531] - [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531] [2.6.18-348.5.1.el5] - [fs] nfs: handle getattr failure during nfsv4 open (David Jeffery) [947736 906909] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0153 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.6.1] - [char] ipmi: use a tasklet for handling received messages (Tony Camuso) [953435 947732] - [char] ipmi: do run_to_completion properly in deliver_recv_msg (Tony Camuso) [953435 947732] - [fs] nfs4: fix locking around cl_state_owners list (Dave Wysochanski) [954296 948317] - [fs] nfs: Fix bugs on short read (Sachin Prabhu) [952098 924011] - [xen] AMD IOMMU: spot missing IO-APIC entries in IVRS table (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] AMD, IOMMU: Make per-device interrupt remap table default (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] AMD, IOMMU: Disable IOMMU if SATA Combined mode is on (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] AMD, IOMMU: On creating entry clean up in remapping tables (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] ACPI: acpi_table_parse() should return handler's err code (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [xen] introduce xzalloc() & Co (Igor Mammedov) [910912 910913] {CVE-2013-0153} - [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531] - [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531] - [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531] [2.6.18-348.5.1] - [fs] nfs: handle getattr failure during nfsv4 open (David Jeffery) [947736 906909] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0153 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0:6.0.24-55] - Related: rhbz#955976 CVE-2013-1976. Changed log location - so only root can use it. Touching TOMCAT_LOG is no longer - required [0:6.0.24-54] - Resolves: rhbz#956771 Related: CVE-2012-3439 digest - authentication broken after errata for cve-2012-3439 - patch for 3439 corrected [0:6.0.24-53] - Resolves: rhbz#955976 CVE-2013-1976 improper TOMCAT_LOG - management in init script IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1976 CVE-2013-2051 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [0:5.5.23-0jpp.40] - Related: CVE-2013-1976 It was found during additional testing - that the tomcat5 init may fail to start because the user - shell is set to sbin/nologin. Fixed in init scrip. SU now - uses -s /bin/sh during startup [0:5.5.23-0jpp.39] - Resolves: CVE-2013-1976 Improper TOMCAT_LOG management in - initscript. Change location of TOMCAT_LOG to /var/log so - only root can write to it. Touching TOMCAT_LOG is no longer - required during initscript startup. Permissions and ownership - changed to 0755 tomcat:root for logdir IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1976 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.8.5-10.2] - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch (#966754) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2116 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [0.2.1-6_4] - Removed a svc_freeargs() call from svc_dg_freeargs() (bz 953735) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1950 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.12.1.2-2.355.el6_4.5] - kvm-e1000-fix-link-down-handling-with-auto-negotiation.patch [bz#907716] - kvm-e1000-unbreak-the-guest-network-when-migration-to-RH.patch [bz#907716] - kvm-reimplement-error_setg-and-error_setg_errno-for-RHEL.patch [bz#957056] - kvm-qga-set-umask-0077-when-daemonizing-CVE-2013-2007.patch [bz#957056] - kvm-qga-distinguish-binary-modes-in-guest_file_open_mode.patch [bz#957056] - kvm-qga-unlink-just-created-guest-file-if-fchmod-or-fdop.patch [bz#957056] - Resolves: bz#907716 (use set_link to change rtl8139 and e1000 network card's status but fail to make effectively after reboot guest) - Resolves: bz#957056 (CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [rhel-6.4.z]) [0.12.1.2-2.355.el6_4.4] - kvm-virtio-balloon-fix-integer-overflow-in-BALLOON_CHANG.patch [bz#958750] - Resolves: bz#958750 (QMP event shows incorrect balloon value when balloon size is grater than or equal to 4G) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2007 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [9.0-0.8.3] - CVE-2013-1872: Updated patch with testing from upstream (#963063) [9.0-0.8.2] - CVE-2013-1872: Updated patch from upstream (#963063) [9.0-0.8.1] - CVE-2013-1872: Updated patch (#963063) [9.0-0.8] - CVE-2013-1872: memory corruption oob read/write on intel (#963063) - CVE-2013-1993: interger overflows in protocol handling (#961613) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1993 CVE-2013-1872 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [6.5.1-7.11] - CVE-2013-1993 - buffer overflows in DRI protocol (#963066) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1993 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [2.6.32-358.11.1] - [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094} [2.6.32-358.10.1] - [scsi] be2iscsi : Fix the NOP-In handling code path (Nikola Pajkovsky) [955504 947550] - [scsi] be2iscsi: Fix memory leak in control path of driver (Rob Evers) [955504 947550] - [virt] kvm: validate userspace_addr of memslot (Petr Matousek) [950496 950498] {CVE-2013-1943} - [virt] kvm: fix copy to user with irq disabled (Michael S. Tsirkin) [949985 906602] {CVE-2013-1935} - [net] veth: Dont kfree_skb() after dev_forward_skb() (Jiri Benc) [957712 957713] {CVE-2013-2017} - [net] tcp: Reallocate headroom if it would overflow csum_start (Thomas Graf) [954298 896233] - [net] tcp: take care of misalignments (Thomas Graf) [954298 896233] - [net] skbuff.c cleanup (Thomas Graf) [954298 896233] - [idle] intel_idle: Initialize driver_data correctly in ivb_cstates on IVB processor (Prarit Bhargava) [960864 953630] - [x86] Prevent panic in init_memory_mapping() when booting more than 1TB on AMD systems (Larry Woodman) [962482 869736] - [mm] enforce mmap_min_addr on x86_64 (Rik van Riel) [961431 790921] - [mm] optional next-fit policy for arch_get_unmapped_area (Rik van Riel) [961431 790921] - [mm] fix quadratic behaviour in get_unmapped_area_topdown (Rik van Riel) [961431 790921] - [scsi] Revert: qla2xxx: Optimize existing port name server query matching (Chad Dupuis) [950529 924804] - [scsi] Revert: qla2xxx: Avoid losing any fc ports when loop id's are exhausted (Chad Dupuis) [950529 924804] - [fs] defer do_filp_open() access checks to may_open() (Eric Sandeen) [928683 920752] - [md] dm thin: bump the target version numbers (Mike Snitzer) [924823 922931] - [md] dm-thin: fix discard corruption (Mike Snitzer) [924823 922931] - [md] persistent-data: rename node to btree_node (Mike Snitzer) [924823 922931] - [md] dm: fix limits initialization when there are no data devices (Mike Snitzer) [923096 908851] [2.6.32-358.9.1] - [fs] nfs: Fix handling of revoked delegations by setattr (Steve Dickson) [960415 952329] - [fs] nfs: Return the delegation if the server returns NFS4ERR_OPENMODE (Steve Dickson) [960415 952329] - [fs] nfs: Fix another potential state manager deadlock (Steve Dickson) [960436 950598] - [fs] nfs: Fix another open/open_recovery deadlock (Steve Dickson) [960433 916806] - [fs] nfs: Hold reference to layout hdr in layoutget (Steve Dickson) [960429 916726] - [fs] nfs: add 'pnfs_' prefix to get_layout_hdr() and put_layout_hdr() (Steve Dickson) [960429 916726] - [fs] nfs: nfs4_open_done first must check that GETATTR decoded a file type (Steve Dickson) [960412 916722] - [net] sunrpc: Dont start the retransmission timer when out of socket space (Steve Dickson) [960426 916735] - [fs] nfs: Dont use SetPageError in the NFS writeback code (Steve Dickson) [960420 912867] - [fs] nfs: Dont decode skipped layoutgets (Steve Dickson) [927294 904025] - [fs] nfs: nfs4_proc_layoutget returns void (Steve Dickson) [927294 904025] - [fs] nfs: defer release of pages in layoutget (Steve Dickson) [927294 904025] - [fs] nfs: Use kcalloc() when allocating arrays (Steve Dickson) [927294 904025] - [fs] nfs: Fix an ABBA locking issue with session and state serialisation (Steve Dickson) [960417 912842] - [fs] nfs: Fix a race in the pNFS return-on-close code (Steve Dickson) [960417 912842] - [fs] nfs: Do not accept delegated opens when a delegation recall is in effect (Steve Dickson) [960417 912842] - [fs] nfs: Fix a reboot recovery race when opening a file (Steve Dickson) [952613 908524] - [fs] nfs: Ensure delegation recall and byte range lock removal don't conflict (Steve Dickson) [952613 908524] - [fs] nfs: Fix up the return values of nfs4_open_delegation_recall (Steve Dickson) [952613 908524] - [fs] nfs: Dont lose locks when a server reboots during delegation return (Steve Dickson) [952613 908524] - [fs] nfs: Move nfs4_wait_clnt_recover and nfs4_client_recover_expired_lease (Steve Dickson) [952613 908524] - [fs] nfs: Add NFSDBG_STATE (Steve Dickson) [952613 908524] - [fs] nfs: nfs_inode_return_delegation() should always flush dirty data (Steve Dickson) [952613 908524] - [fs] nfs: nfs_client_return_marked_delegations cant flush data (Steve Dickson) [952613 908524] - [fs] nfs: Prevent deadlocks between state recovery and file locking (Steve Dickson) [952613 908524] - [fs] nfs: Allow the state manager to mark an open_owner as being recovered (Steve Dickson) [952613 908524] - [kernel] seqlock: Dont smp_rmb in seqlock reader spin loop (Steve Dickson) [952613 908524] - [kernel] seqlock: add 'raw_seqcount_begin()' function (Steve Dickson) [952613 908524] - [kernel] seqlock: optimise seqlock (Steve Dickson) [952613 908524] - [fs] nfs: don't allow nfs_find_actor to match inodes of the wrong type (Jeff Layton) [921964 913660] - [net] sunrpc: Add barriers to ensure read ordering in rpc_wake_up_task_queue_locked (Dave Wysochanski) [956979 840860] [2.6.32-358.8.1] - [fs] raw: don't call set_blocksize when not changing the blocksize (Jeff Moyer) [951406 909482] - [x86] Allow greater than 1TB of RAM on AMD x86_64 sytems (Larry Woodman) [952570 876275] - [netdrv] ixgbe: Only set gso_type to SKB_GSO_TCPV4 as RSC does not support IPv6 (Michael S. Tsirkin) [927292 908196] - [netdrv] bnx2x: set gso_type (Michael S. Tsirkin) [927292 908196] - [netdrv] qlcnic: set gso_type (Michael S. Tsirkin) [927292 908196] - [netdrv] ixgbe: fix gso type (Michael S. Tsirkin) [927292 908196] - [fs] gfs2: Allocate reservation structure before rename and link (Robert S Peterson) [924847 922999] [2.6.32-358.7.1] - [infiniband] ipoib: Add missing locking when CM object is deleted (Doug Ledford) [928817 913645] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1935 CVE-2013-2017 CVE-2013-1943 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [1.10.3-10.3] - pull up fix for UDP ping-pong flaw in kpasswd service (CVE-2002-2443, MODERATE Copyright 2013 Oracle, Inc. CVE-2002-2443 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [1.7.0.25-2.3.10.3.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.25-2.3.10.3.el6] - removed upstreamed patch1000 MBeanFix.patch - updated to newer IcedTea7-forest 2.3.10 with 8010118 fix - Resolves: rhbz#973119 [1.7.0.25-2.3.10.2.el6] - added patch1000 MBeanFix.patch to fix regressions caused by security patches - Resolves: rhbz#973119 [1.7.0.25-2.3.10.1.el6] - build bumped to 25 - Resolves: rhbz#973119 [1.7.0.19-2.3.10.0.el6] - Updated to latest IcedTea7-forest 2.3.10 - patch 107 renamed to 500 for cosmetic purposes - improved handling of patch111 - nss-config-2.patch - removed patch 117, java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch duplicated with patch 108 (java-1.7.0-openjdk-nss-icedtea-e9c857dcb964) - Added client/server directories so they can be owned - Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs - Resolves: rhbz#973119 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1500 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2447 CVE-2013-2459 CVE-2013-2471 CVE-2013-1571 CVE-2013-2456 CVE-2013-2460 CVE-2013-2461 CVE-2013-2448 CVE-2013-2453 CVE-2013-2457 CVE-2013-2465 CVE-2013-2445 CVE-2013-2446 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2454 CVE-2013-2455 CVE-2013-2458 CVE-2013-2463 CVE-2013-2469 CVE-2013-2470 CVE-2013-2472 CVE-2013-2473 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [1.7.0.25-2.3.10.4.0.1.el5_9] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.25-2.3.10.4.el5] - updated to newer IcedTea7-forest 2.3.10 with 8010118 fix - removed upstreamed patch1000 MBeanFix.patch - Resolves: rhbz#973117 [1.7.0.25-2.3.10.3.el5] - reverted fix for license files owning - Resolves: rhbz#973117 [1.7.0.25-2.3.10.2.el5] - added patch1000 MBeanFix.patch to fix regressions caused by security patches - Resolves: rhbz#973117 [1.7.0.25-2.3.10.1.el6] - build bumped to 25 - Resolves: rhbz#973117 [1.7.0.19-2.3.10.0.el5] - Updated to latest IcedTea7-forest 2.3.10 - patch 107 renamed to 500 for cosmetic purposes - Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs - Resolves: rhbz#973117 [1.7.0.19-2.3.10.0.el5] - Updated to latest IcedTea7-forest 2.3.10 - Resolves: rhbz#973117 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1571 CVE-2013-2412 CVE-2013-2448 CVE-2013-2455 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-1500 CVE-2013-2444 CVE-2013-2447 CVE-2013-2449 CVE-2013-2458 CVE-2013-2471 CVE-2013-2472 CVE-2013-2407 CVE-2013-2445 CVE-2013-2453 CVE-2013-2459 CVE-2013-2473 CVE-2013-2443 CVE-2013-2446 CVE-2013-2450 CVE-2013-2452 CVE-2013-2454 CVE-2013-2456 CVE-2013-2457 CVE-2013-2460 CVE-2013-2461 CVE-2013-2470 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0:6.0.24-57] - Related: CVE-2013-2067 Session fixation [0:6.0.24-56] - Resolves: CVE-2013-2067 session fixation MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2067 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 firefox [17.0.7-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.7-1] - Update to 17.0.7 ESR xulrunner [17.0.7-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.7-1] - Update to 17.0.7 ESR [17.0.6-5] - Added workaround for rhbz#973721 - fixing problem with installation of some addons [17.0.6-4] - Added a workaround for rhbz#961687 - Prelink throws message 'Cannot safely convert .rel.dyn' section from REL to RELA' [17.0.6-3] - Added patch for aliasing issues (mozbz#821502) CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1682 CVE-2013-1697 CVE-2013-1685 CVE-2013-1694 CVE-2013-1690 CVE-2013-1693 CVE-2013-1684 CVE-2013-1686 CVE-2013-1687 CVE-2013-1692 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [17.0.7-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.7-1] - Update to 17.0.7 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1692 CVE-2013-1684 CVE-2013-1685 CVE-2013-1694 CVE-2013-1682 CVE-2013-1686 CVE-2013-1687 CVE-2013-1693 CVE-2013-1690 CVE-2013-1697 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [7.19.7-37] - fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2174 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 Oracle Linux 5 Oracle Linux 6 [1:1.6.0.0-1.62.1.11.11.90] - updated to icedtea6-1.11.11.90.tar.gz - removed upstreamed patch9 jaxp-backport-factoryfinder.patch - removed upstreamed patch10 fixToFontSecurityFix.patch. - modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#973129 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1500 CVE-2013-2455 CVE-2013-2465 CVE-2013-2471 CVE-2013-2443 CVE-2013-2445 CVE-2013-2470 CVE-2013-2446 CVE-2013-2452 CVE-2013-2456 CVE-2013-2459 CVE-2013-2453 CVE-2013-2473 CVE-2013-2461 CVE-2013-1571 CVE-2013-2407 CVE-2013-2448 CVE-2013-2412 CVE-2013-2447 CVE-2013-2457 CVE-2013-2463 CVE-2013-2469 CVE-2013-2450 CVE-2013-2472 CVE-2013-2444 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 kernel [2.6.18-348.12.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printks when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] [2.6.18-348.12.1] - Revert: [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: handle NULL p_ext in ext4_ext_next_allocated_block() (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: make FIEMAP and delayed allocation play well together (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: Fix possibly very long loop in fiemap (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: prevent race while walking extent tree for fiemap (Lukas Czerner) [960014 692071] [2.6.18-348.11.1] - Revert: [kernel] kmod: make request_module() killable (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] kmod: avoid deadlock from recursive kmod call (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] wait_for_helper: remove unneeded do_sigaction() (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] Fix ____call_usermodehelper errs being silently ignored (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] wait_for_helper: SIGCHLD from u/s cause use-after-free (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] kmod: avoid deadlock from recursive request_module call (Frantisek Hrbata) [957152 949568] - Revert: [x86-64] non lazy sleazy fpu implementation (Prarit Bhargava) [948187 731531] - Revert: [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531] - Revert: [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531] - Revert: [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783] [2.6.18-348.10.1] - [net] Bluetooth: fix possible info leak in bt_sock_recvmsg() (Radomir Vrbovsky) [955600 955601] {CVE-2013-3224} - [net] Bluetooth: HCI & L2CAP information leaks (Jacob Tanenbaum) [922415 922416] {CVE-2012-6544} - [misc] signal: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER (Nikola Pajkovsky) [920503 920504] {CVE-2013-0914} - [misc] signal: always clear sa_restorer on execve (Nikola Pajkovsky) [920503 920504] {CVE-2013-0914} - [misc] signal: Def __ARCH_HAS_SA_RESTORER for sa_restorer clear (Nikola Pajkovsky) [920503 920504] {CVE-2013-0914} - [net] cxgb4: zero out another firmware request struct (Jay Fenlason) [971872 872531] - [net] cxgb4: clear out most firmware request structures (Jay Fenlason) [971872 872531] - [kernel] Make futex_wait() use an hrtimer for timeout (Prarit Bhargava) [958021 864648] [2.6.18-348.9.1] - [net] tg3: buffer overflow in VPD firmware parsing (Jacob Tanenbaum) [949939 949940] {CVE-2013-1929} - [net] atm: update msg_namelen in vcc_recvmsg() (Nikola Pajkovsky) [955222 955223] {CVE-2013-3222} - [fs] ext4: prevent race while walking extent tree for fiemap (Lukas Czerner) [960014 692071] - [fs] ext4: Fix possibly very long loop in fiemap (Lukas Czerner) [960014 692071] - [fs] ext4: make FIEMAP and delayed allocation play well together (Lukas Czerner) [960014 692071] - [fs] ext4: handle NULL p_ext in ext4_ext_next_allocated_block() (Lukas Czerner) [960014 692071] - [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [960014 692071] - [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [960014 692071] - [net] llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Jesper Brouer) [956096 956097] {CVE-2013-3231} - [net] tipc: fix info leaks via msg_name in recv_msg/recv_stream (Jesper Brouer) [956148 956149] {CVE-2013-3235} - [net] Bluetooth: RFCOMM Fix info leak in ioctl(RFCOMMGETDEVLIST) (Radomir Vrbovsky) [922406 922407] {CVE-2012-6545} - [net] Bluetooth: RFCOMM - Fix info leak via getsockname() (Radomir Vrbovsky) [922406 922407] {CVE-2012-6545} - [kernel] kmod: avoid deadlock from recursive request_module call (Frantisek Hrbata) [957152 949568] - [kernel] wait_for_helper: SIGCHLD from u/s cause use-after-free (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] Fix ____call_usermodehelper errs being silently ignored (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] wait_for_helper: remove unneeded do_sigaction() (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] kmod: avoid deadlock from recursive kmod call (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] kmod: make request_module() killable (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} [2.6.18-348.8.1] - [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783] [2.6.18-348.7.1] - [pci] intel-iommu: Prev devs with RMRRs from going in SI Domain (Tony Camuso) [957606 839334] LOW Copyright 2013 Oracle, Inc. CVE-2013-3235 CVE-2013-0914 CVE-2012-6544 CVE-2012-6545 CVE-2013-3224 CVE-2013-3231 CVE-2013-1929 CVE-2013-3222 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.12.1] - Revert: [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: handle NULL p_ext in ext4_ext_next_allocated_block() (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: make FIEMAP and delayed allocation play well together (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: Fix possibly very long loop in fiemap (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: prevent race while walking extent tree for fiemap (Lukas Czerner) [960014 692071] [2.6.18-348.11.1] - Revert: [kernel] kmod: make request_module() killable (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] kmod: avoid deadlock from recursive kmod call (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] wait_for_helper: remove unneeded do_sigaction() (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] Fix ____call_usermodehelper errs being silently ignored (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] wait_for_helper: SIGCHLD from u/s cause use-after-free (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - Revert: [kernel] kmod: avoid deadlock from recursive request_module call (Frantisek Hrbata) [957152 949568] - Revert: [x86-64] non lazy sleazy fpu implementation (Prarit Bhargava) [948187 731531] - Revert: [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531] - Revert: [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531] - Revert: [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783] [2.6.18-348.10.1] - [net] Bluetooth: fix possible info leak in bt_sock_recvmsg() (Radomir Vrbovsky) [955600 955601] {CVE-2013-3224} - [net] Bluetooth: HCI & L2CAP information leaks (Jacob Tanenbaum) [922415 922416] {CVE-2012-6544} - [misc] signal: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER (Nikola Pajkovsky) [920503 920504] {CVE-2013-0914} - [misc] signal: always clear sa_restorer on execve (Nikola Pajkovsky) [920503 920504] {CVE-2013-0914} - [misc] signal: Def __ARCH_HAS_SA_RESTORER for sa_restorer clear (Nikola Pajkovsky) [920503 920504] {CVE-2013-0914} - [net] cxgb4: zero out another firmware request struct (Jay Fenlason) [971872 872531] - [net] cxgb4: clear out most firmware request structures (Jay Fenlason) [971872 872531] - [kernel] Make futex_wait() use an hrtimer for timeout (Prarit Bhargava) [958021 864648] [2.6.18-348.9.1] - [net] tg3: buffer overflow in VPD firmware parsing (Jacob Tanenbaum) [949939 949940] {CVE-2013-1929} - [net] atm: update msg_namelen in vcc_recvmsg() (Nikola Pajkovsky) [955222 955223] {CVE-2013-3222} - [fs] ext4: prevent race while walking extent tree for fiemap (Lukas Czerner) [960014 692071] - [fs] ext4: Fix possibly very long loop in fiemap (Lukas Czerner) [960014 692071] - [fs] ext4: make FIEMAP and delayed allocation play well together (Lukas Czerner) [960014 692071] - [fs] ext4: handle NULL p_ext in ext4_ext_next_allocated_block() (Lukas Czerner) [960014 692071] - [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [960014 692071] - [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [960014 692071] - [net] llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Jesper Brouer) [956096 956097] {CVE-2013-3231} - [net] tipc: fix info leaks via msg_name in recv_msg/recv_stream (Jesper Brouer) [956148 956149] {CVE-2013-3235} - [net] Bluetooth: RFCOMM Fix info leak in ioctl(RFCOMMGETDEVLIST) (Radomir Vrbovsky) [922406 922407] {CVE-2012-6545} - [net] Bluetooth: RFCOMM - Fix info leak via getsockname() (Radomir Vrbovsky) [922406 922407] {CVE-2012-6545} - [kernel] kmod: avoid deadlock from recursive request_module call (Frantisek Hrbata) [957152 949568] - [kernel] wait_for_helper: SIGCHLD from u/s cause use-after-free (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] Fix ____call_usermodehelper errs being silently ignored (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] wait_for_helper: remove unneeded do_sigaction() (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] kmod: avoid deadlock from recursive kmod call (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} - [kernel] kmod: make request_module() killable (Frantisek Hrbata) [858752 858753] {CVE-2012-4398} [2.6.18-348.8.1] - [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783] [2.6.18-348.7.1] - [pci] intel-iommu: Prev devs with RMRRs from going in SI Domain (Tony Camuso) [957606 839334] LOW Copyright 2013 Oracle, Inc. CVE-2012-6544 CVE-2013-3235 CVE-2013-0914 CVE-2013-1929 CVE-2013-3224 CVE-2013-3231 CVE-2012-6545 CVE-2013-3222 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [5.3.3-23] - add security fix for CVE-2013-4113 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-4113 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 [5.3.3-13.1] - add security fix for CVE-2013-4113 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-4113 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-358.14.1] - [x86] apic: Add probe() for apic_flat (Prarit Bhargava) [975086 953342] [2.6.32-358.13.1] - [wireless] b43: stop format string leaking into error msgs (John Linville) [971387 971389] {CVE-2013-2852} - [pci] make sriov work with hotplug remove (Takahiro MUNEDA) [973555 965002] - [net] rtnl: fix info leak on RTM_GETLINK request for VF devices (Flavio Leitner) [923657 923659] {CVE-2013-2634 CVE-2013-2635} - [net] dcbnl: fix various netlink info leaks (Flavio Leitner) [923657 923659] {CVE-2013-2634 CVE-2013-2635} - [net] bonding: fix enslaving in alb mode when link down (Veaceslav Falico) [969306 965132] - [net] tcp: Fix oops from tcp_collapse() when using splice() (Nikola Pajkovsky) [968871 863512] {CVE-2013-2128} - [usb] uhci: fix IRQ race during initialization (Dave Young) [968557 915834] - [netdrv] e1000e: enable VLAN RX/TX in PROMISC mode (Stefan Assmann) [963564 886420] - [netdrv] bnx2x: strip VLAN header in PROMISC mode (Stefan Assmann) [963564 886420] - [net] vlan: handle packets with empty vlan_group via VLAN code (Stefan Assmann) [963564 886420] - [fs] namei.c: Dont allow to create hardlink for deleted file (Brian Foster) [956296 908158] - [fs] gfs2: Reinstate withdraw ack system (Robert S Peterson) [927308 908093] - [fs] nfs: open a file descriptor for fsync in nfs4 recovery (J. Bruce Fields) [964046 915479] - [net] macvlan: remove bogus check in macvlan_handle_frame() (Jiri Pirko) [962370 952785] - [net] macvlan: fix passthru mode race between dev removal and rx path (Jiri Pirko) [962370 952785] - [kernel] rcu: Replace list_first_entry_rcu() with list_first_or_null_rcu() (Jiri Pirko) [962370 952785] - [net] bluetooth/rfcomm: Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Weiping Pan) [955653 955654] {CVE-2013-3225} - [net] bluetooth: fix possible info leak in bt_sock_recvmsg() (Radomir Vrbovsky) [955603 955604] {CVE-2013-3224} - [fs] gfs2: Issue discards in 512b sectors (Robert S Peterson) [927317 922779] - [fs] udf: avoid info leak on export (Nikola Pajkovsky) [922354 922355] {CVE-2012-6548} - [scsi] lpfc: Fixed deadlock between hbalock and nlp_lock use (Rob Evers) [962368 960717] - [kernel] tracing: Fix possible NULL pointer dereferences (Weiping Pan) [952212 952213] {CVE-2013-3301} - [kernel] tracing: Fix panic when lseek() called on 'trace' opened for writing (Weiping Pan) [952212 952213] {CVE-2013-3301} - [net] atm: update msg_namelen in vcc_recvmsg() (Nikola Pajkovsky) [955224 955225] {CVE-2013-3222} - [x86] apic: Work around boot failure on HP ProLiant DL980 G7 Server systems (Prarit Bhargava) [969326 912963] - [x86] apic: Use probe routines to simplify apic selection (Prarit Bhargava) [969326 912963] - [x86] x2apic: Simplify apic init in SMP and UP builds (Prarit Bhargava) [969326 912963] - [kvm] vmx: provide the vmclear function and a bitmap to support VMCLEAR in kdump (Andrew Jones) [962372 908608] - [x86] kexec: VMCLEAR VMCSs loaded on all cpus if necessary (Andrew Jones) [962372 908608] - [fs] ext3: Fix format string issues (Nikola Pajkovsky) [920784 920785] {CVE-2013-1848} - [kernel] signal: always clear sa_restorer on execve (Nikola Pajkovsky) [920505 920506] {CVE-2013-0914} [2.6.32-358.12.1] - [fs] Panic in gfs2_inplace_reserve after fix from BZ#875753 (Robert S Peterson) [924847 922999] - [nfs] sunrpc: Prevent an rpc_task wakeup race (Dave Wysochanski) [956979 840860] - [nfs] sunrpc: clarify comments on rpc_make_runnable (Dave Wysochanski) [956979 840860] - [x86] acpi: Avoid SRAT table checks for Fujitsu Primequest systems (Prarit Bhargava) [973198 966853] - [x86] oprofile: Fix crash when unloading module in nmi timer mode (Don Zickus) [972586 828936] - [block] propagate proper return codes from blk_get_request callers (Jeff Moyer) [958684 927918] - [block] Check the return value from blk_get_request (Jeff Moyer) [958684 927918] - [virt] kvm/mmu: fix hashing for TDP and non-paging modes (Marcelo Tosatti) [966432 908751] - [virt] kvm/mmu: Fix free memory accounting race in mmu_alloc_roots() (Marcelo Tosatti) [966432 908751] - [virt] kvm/mmu: Don't flush shadow when enabling dirty tracking (Marcelo Tosatti) [966432 908751] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1848 CVE-2013-3225 CVE-2012-6548 CVE-2013-0914 CVE-2013-2634 CVE-2013-3224 CVE-2013-3301 CVE-2013-2128 CVE-2013-3222 CVE-2013-2635 CVE-2013-2852 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [1.8.7.352-12] - Fix regression introduced by CVE-2013-4073 https://bugs.ruby-lang.org/issues/8575 * ruby-2.0.0-p255-Fix-SSL-client-connection-crash-for-SAN-marked-critical.patch - Related: rhbz#979300 [1.8.7.352-11] - hostname check bypassing vulnerability in SSL client. * ruby-1.8.7-p374-CVE-2013-4073-fix-hostname-verification.patch - Resolves: rhbz#979300 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4073 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [qemu-kvm-0.12.1.2-2.355.el6_4.6] - kvm-qga-cast-to-int-for-DWORD-type.patch [bz#980758] - kvm-qga-remove-undefined-behavior-in-ga_install_service.patch [bz#980758] - kvm-qga-diagnostic-output-should-go-to-stderr.patch [bz#980758] - kvm-qa_install_service-nest-error-paths-more-idiomatically.patch [bz#980758] - kvm-qga-escape-cmdline-args-when-registering-win32-service.patch [bz#980758] - Resolves: bz#980758 (qemu-kvm: CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path [rhel-6.4.z]) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2231 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [32:9.8.2-0.17.rc1.0.2.el6_4.5] - bump release and build for ULN [32:9.8.2-0.17.rc1.5] - fix CVE-2013-4854 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4854 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [32:9.7.0-17.P2.2] - fix for CVE-2013-4854 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4854 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.2.11.15.20] - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 5 limits not displayed correctly). (ticket 47427) [1.2.11.15.19] - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 4). (ticket 47427) - Patch was not added [1.2.11.15.19] - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 4). (ticket 47427) [1.2.11.15.19] - Bump version to 1.2.11.15-19 - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 3). (ticket 47427) [1.2.11.15.18] - Bump version to 1.2.11.15-18 - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold(part 2). (ticket 47427) - Resolves: Bug 987850 - Disk Monitoring not checking filesystem with logs (ticket 47741) [1.2.11.15-17] - Resolves: Bug 970995 - DS not shutting down when disk monitoring threshold is reached to half. (Ticket 47385) - Resolves: Bug 984970 - Overflow in nsslapd-disk-monitoring-threshold. (ticket 47427) [1.2.11.15-16] - Resolves: Bug 979514 - CVE-2013-2219 ACLs inoperative in some search scenarios. (Ticket 47405) [1.2.11.15-15] - Resolves: Bug 970995 - RHDS not shutting down when disk monitoring threshold is reached to half. (Ticket 47385) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2219 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [1.7-9.62.0.1.el5_9.1] - add patch to remove all sysrq echo commands from sysreport.legacy (John Sobecki) [orabug 11061754] - comment out rh-upload-core and README.rh-upload-core in specfile [1.7-9.62.el5_9.1] - Remove anaconda-ks.cfg collection from general plug-in Resolves: bz965807 [1.7-9.62.el5_9] - Elide passwords in anaconda-ks.cfg and yum.repos.d Resolves: bz965807 LOW Copyright 2013 Oracle, Inc. CVE-2012-2664 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 nspr [4.9.2-4] - Resolves: rhbz#924741 - Rebase to nspr-4.9.5 nss [3.14.3-6] - Resolves: rhbz#986969 - nssutil_ReadSecmodDB() leaks memory [3.14.3-5] - Define -DNO_FORK_CHECK when compiling softoken for ABI compatibility - Remove the unused and obsolete nss-nochktest.patch - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-4] - Fix rpmdiff test reported failures and remove other unwanted changes - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-3] - Update to NSS_3_14_3_RTM - Rework the rebase to preserve needed idiosynchracies - Ensure we install frebl/softoken from the extra build tree - Don't include freebl static library or its private headers - Add patch to deal with system sqlite not being recent enough - Don't install nss-sysinit nor sharedb - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-2] - Restore the freebl-softoken source tar ball updated to 3.14.3 - Renumbering of some sources for clarity - Resolves: rhbz#918870 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#918870 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1620 CVE-2013-0791 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.0::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:11.2.3.3.0::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 Oracle Linux 5 Oracle Linux 6 firefox [17.0.8-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.8-1] - Update to 17.0.8 ESR xulrunner [17.0.8-3.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.8-3] - Update to 17.0.8 ESR Build 2 [17.0.8-2] - Added fix for rhbz#990921 - firefox does not build with required nss/nspr [17.0.8-1] - Update to 17.0.8 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1709 CVE-2013-1714 CVE-2013-1710 CVE-2013-1713 CVE-2013-1701 CVE-2013-1717 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 Oracle Linux 6 [17.0.8-5.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.8-5] - Update to 17.0.8 ESR - Added strict aliasing patch (mozbz#821502) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1701 CVE-2013-1710 CVE-2013-1709 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 nspr [4.9.5-2] - Update to NSPR_4_9_5_RTM - Resolves: rhbz#927186 - Rebase to nspr-4.9.5 - Add upstream URL for an existing patch per packaging guidelines [4.9.5-1] - Resolves: Rebase to nspr-4.9.5 [4.9.2-1] - Update to nspr-4.9.2 - Related: rhbz#863286 nss [3.14.3-4.0.1.el6_4] - Added nss-vendor.patch to change vendor [3.14.3-4] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-3] - Ensure pem uses system freebl as with this update freebl brings in new API's - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-2] - Install sechash.h and secmodt.h which are now provided by nss-devel - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Remove unsafe -r option from commands that remove headers already shipped by nss-util and nss-softoken [3.14.3-1] - Update to NSS_3.14.3_RTM - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Update expired test certificates (fixed in upstream bug 852781) - Sync up pem module's rsawrapr.c with softoken's upstream changes for nss-3.14.3 - Reactivate the aia tests nss-softokn [3.14.3-3] - Add patch to conditionally compile according to old or new sqlite api - new is used on rhel-6 while rhel-5 uses old but we need the same code for both - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue [3.14.3-2] - Revert to using a code patch for relro support - Related: rhbz#927158 [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue - Add export LD_LIBRARY_PATH=//usr/lib before the signing commands in __spec_install_post scriplet to ensure signing tool links with in-tree freebl so verification uses same algorithm as in signing - Add %check section to run the upstream crypto reqression test suite as per packaging guidelines - Don't install sechash.h or secmodt.h which as per 3.14 are provided by nss-devel - Update the licence to MPLv2.0 [3.12.9-12] - Bootstrapping of the builroot in preparation for rebase to 3.14.3 - Remove hasht.h from the %files devel list to prevent update conflicts with nss-util - With 3.14.3 hasht.h will be provided by nss-util-devel - Related: rhbz#927158 - rebase nss-softokn to 3.14.3 nss-util [3.14.3-3] - Resolves: rhbz#984967 - nssutil_ReadSecmodDB leaks memory [3.14.3-2] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927171 - Rebase to 3.14.3 as part of the fix for the lucky-13 issue MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1620 CVE-2013-0791 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 Oracle Linux 5 [2.2.15-29.0.1.el6_4] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-29] - mod_dav: add security fix for CVE-2013-1896 (#991368) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1896 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:5:base Oracle Linux 5 kernel [2.6.18-348.16.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2147 CVE-2013-2232 CVE-2013-2237 CVE-2013-2164 CVE-2013-2234 CVE-2013-2206 CVE-2013-2224 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.16.1] - [x86_64] Fix kdump failure due to 'x86_64: Early segment setup' (Paolo Bonzini) [988251 987244] - [xen] skip tracing if it was disabled instead of dying (Igor Mammedov) [987976 967053] - [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783] - [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531] - [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531] - [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531] [2.6.18-348.15.1] - [fs] nfs: flush cached dir information slightly more readily (Scott Mayhew) [976441 853145] - [fs] nfs: Fix resolution prob with cache_change_attribute (Scott Mayhew) [976441 853145] - [fs] nfs: define function to update nfsi->cache_change_attribute (Scott Mayhew) [976441 853145] - [net] af_key: fix info leaks in notify messages (Jiri Benc) [980999 981000] {CVE-2013-2234} - [net] af_key: initialize satype in key_notify_policy_flush() (Jiri Benc) [981222 981224] {CVE-2013-2237} - [net] ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Jiri Pirko) [981556 981557] {CVE-2013-2232} - [net] fix invalid free in ip_cmsg_send() callers (Petr Matousek) [980141 980142] {CVE-2013-2224} - [x86_64] Early segment setup for VT (Paolo Bonzini) [979920 978305] - [block] cpqarray: info leak in ida_locked_ioctl() (Tomas Henzl) [971245 971246] {CVE-2013-2147} - [block] cdrom: use kzalloc() for failing hardware (Frantisek Hrbata) [973103 973104] {CVE-2013-2164} - [mm] Break out when there is nothing more to write for the fs. (Larry Woodman) [972583 965359] [2.6.18-348.14.1] - [net] Fix panic for vlan over gre via tun (Thomas Graf) [983452 981337] - [x86] mm: introduce proper mem barriers smp_invalidate_interrupt (Rafael Aquini) [983628 865095] [2.6.18-348.13.1] - [net] sctp: Disallow new connection on a closing socket (Daniel Borkmann) [976569 974936] {CVE-2013-2206} - [net] sctp: Use correct sideffect command in dup cookie handling (Daniel Borkmann) [976569 974936] {CVE-2013-2206} - [net] sctp: deal with multiple COOKIE_ECHO chunks (Daniel Borkmann) [976569 974936] {CVE-2013-2206} - [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [980811 957604] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2206 CVE-2013-2224 CVE-2013-2237 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2147 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-358.18.1] - [x86] perf/x86: Fix offcore_rsp valid mask for SNB/IVB (Nikola Pajkovsky) [971314 971315] {CVE-2013-2146} - [net] br: fix schedule while atomic issue in br_features_recompute() (Jiri Pirko) [990464 980876] - [scsi] isci: Fix a race condition in the SSP task management path (David Milburn) [990470 978609] - [bluetooth] L2CAP - Fix info leak via getsockname() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544} - [bluetooth] HCI - Fix info leak in getsockopt() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544} - [net] tuntap: initialize vlan_features (Vlad Yasevich) [984524 951458] - [net] af_key: initialize satype in key_notify_policy_flush() (Thomas Graf) [981225 981227] {CVE-2013-2237} - [usb] uhci: fix for suspend of virtual HP controller (Gopal) [982697 960026] - [usb] uhci: Remove PCI dependencies from uhci-hub (Gopal) [982697 960026] - [netdrv] bnx2x: Change MDIO clock settings (Michal Schmidt) [982116 901747] - [scsi] st: Take additional queue ref in st_probe (Tomas Henzl) [979293 927988] - [kernel] audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE (Oleg Nesterov) [982472 962976] - [kernel] audit: avoid negative sleep durations (Oleg Nesterov) [982472 962976] - [fs] ext4/jbd2: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807] - [fs] jbd: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807] - [fs] ext4: fix waiting and sending of a barrier in ext4_sync_file() (Eric Sandeen) [963557 955807] - [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Eric Sandeen) [963557 955807] - [fs] jbd2: fix sending of data flush on journal commit (Eric Sandeen) [963557 955807] - [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [963557 955807] - [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [963557 955807] - [fs] ext4: Rewrite __jbd2_log_start_commit logic to match upstream (Eric Sandeen) [963557 955807] - [net] bridge: Set vlan_features to allow offloads on vlans (Vlad Yasevich) [984524 951458] - [virt] virtio-net: initialize vlan_features (Vlad Yasevich) [984524 951458] - [mm] swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [977668 827548] - [dma] ioat: Fix excessive CPU utilization (John Feeney) [982758 883575] - [fs] vfs: revert most of dcache remove d_mounted (Ian Kent) [974597 907512] - [fs] xfs: don't free EFIs before the EFDs are committed (Carlos Maiolino) [975578 947582] - [fs] xfs: pass shutdown method into xfs_trans_ail_delete_bulk (Carlos Maiolino) [975576 805407] - [net] ipv6: bind() use stronger condition for bind_conflict (Flavio Leitner) [989923 917872] - [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [977680 894683] - [x86] remove BUG_ON(TS_USEDFPU) in __sanitize_i387_state() (Oleg Nesterov) [956054 920445] - [fs] coredump: ensure the fpu state is flushed for proper multi-threaded core dump (Oleg Nesterov) [956054 920445] [2.6.32-358.17.1] - [net] ipv4: fix invalid free in ip_cmsg_send() callers (Petr Matousek) [980144 979788] {CVE-2013-2224} - [net] sctp: Use correct sideffect command in duplicate cookie handling (Daniel Borkmann) [976571 963843] {CVE-2013-2206} - [virt] kvm: limit difference between kvmclock updates (Marcelo Tosatti) [979912 952174] [2.6.32-358.16.1] - [net] ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Jiri Pirko) [981558 981559] - [x86] Revert: Allow greater than 1TB of RAM on AMD x86_64 sytems (Larry Woodman) [982703 970735] - [x86] Revert: Prevent panic in init_memory_mapping() when booting more than 1TB on AMD systems (Larry Woodman) [982703 970735] - [mm] reinstate the first-fit scheme for arch_get_unmapped_area_topdown() (Rafael Aquini) [982571 980273] [2.6.32-358.15.1] - [mm] block: optionally snapshot page contents to provide stable pages during write (Rafael Aquini) [981177 951937] - [mm] only enforce stable page writes if the backing device requires it (Rafael Aquini) [981177 951937] - [mm] bdi: allow block devices to say that they require stable page writes (Rafael Aquini) [981177 951937] - [mm] fix writeback_in_progress() (Rafael Aquini) [981177 951937] - [kernel] sched: Do not account bogus utime (Stanislaw Gruszka) [959930 912662] - [kernel] sched: Avoid cputime scaling overflow (Stanislaw Gruszka) [959930 912662] - [char] n_tty: Remove BUG_ON from n_tty_read() (Stanislaw Gruszka) [982496 848085] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2146 CVE-2013-2237 CVE-2013-2224 CVE-2013-2232 CVE-2013-2206 CVE-2012-6544 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.2.11.15.22] - Resolves: Bug 1000631 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN -- retry [1.2.11.15.21] - Resolves: Bug 1000631 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4283 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.12.0-12.el6_4.3] - Fixes an abort on unsafe client ring access Resolves: rhbz#986298 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4130 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 gdm [2.16.0-59.0.1.el5_9.1] - Fix gdmconfig memory leaks [orabug 12734629] [2.16.0-59.1] - Don't try to pre-create directories that are internal implementation details of X. Resolves: #997619 CVE-2013-4169 initscripts [8.45.42-2.0.1.el5_9.1] - Do not rename eth devices. Orabug 14266688. Apply upstream patches: 0001-Remove-reference-to-rename_device.patch 0002-rename_device-dequote-DEVICE-eth0.patch 0003-dont_try_to_rename_devices.patch - change the ifup-eth and ifdown-eth script to use default leases file of dhclient. [Orabug 12434590] - Update oracle-enterprise.patch to do detection on /etc/oracle-release and /etc/enterprise-release - Patch x86_64 sysctl.conf as well as default sysctl.conf - Patch sysctl.conf to default rp_filter to loose reverse path filtering (has no effect for pre-2.6.32 kernels) [orabug 10286227] - Move hwclock into udev rules - Update oracle-enterprise.patch to fix RedHat references in arch specific sysctl.conf files in source tarball - Add oracle-enterprise.patch and update specfile - Don't attempt to re-enslave already-enslaved devices (#455537) (pknirsch@redhat.com) [8.45.42-2.1] - create /tmp/.X11-unix in rc.sysinit (#997622, CVE-2013-4169) [8.45.42-2] - added missing '-p p' for kpartx in netfs (#844671) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4169 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 firefox [17.0.9-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-4] - Added fix for mozbz#601442 - Support the extensions.getAddons.showPane pref again in the Add-ons Manager UI, a part of rhbz#818636 fix. [17.0.8-3] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. [17.0.8-2] - Updated manual page xulrunner [17.0.9-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-5] - Fixed mozbz#633001 - Cannot open ipv6 address with self-signed certificate [17.0.8-4] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1718 CVE-2013-1722 CVE-2013-1730 CVE-2013-1732 CVE-2013-1737 CVE-2013-1736 CVE-2013-1725 CVE-2013-1735 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [17.0.9-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.9-1] - Update to 17.0.9 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1730 CVE-2013-1732 CVE-2013-1736 CVE-2013-1722 CVE-2013-1725 CVE-2013-1737 CVE-2013-1718 CVE-2013-1735 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.96-5] - Actually apply the patch, and modify it to apply to 0.96 - Resolves: #1006262 [0.96-4.el6_4] - Include fix for CVE-2013-4288 - Resolves: #1006262 [0.96-3.el6_4] - Include fixes for CVE-2011-1485 - Resolves: #692942 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4288 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.10.2-18.0.1.el6_4.14] - Replace docs/et.png in tarball with blank image [0.10.2-18.el6_4.14] - spec: Update requirements to pick up rebuilt polkit (CVE-2013-4311) [0.10.2-18.el6_4.13] - spec: Fix messed up dependency on polkit (CVE-2013-4311) [0.10.2-18.el6_4.12] - Introduce APIs for splitting/joining strings (rhbz#1006265) - Rename virKillProcess to virProcessKill (rhbz#1006265) - Rename virPid{Abort, Wait} to virProcess{Abort, Wait} (rhbz#1006265) - Rename virCommandTranslateStatus to virProcessTranslateStatus (rhbz#1006265) - Move virProcessKill into virprocess.{h, c} (rhbz#1006265) - Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h} (rhbz#1006265) - Include process start time when doing polkit checks (rhbz#1006265) - Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) [0.10.2-18.el6_4.11] - Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) [0.10.2-18.el6_4.10] - qemu: Avoid leaking uri in qemuMigrationPrepareDirect (rhbz#984578) - qemu: Fix double free in qemuMigrationPrepareDirect (rhbz#984578) [when parsing a single device (rhbz#1003934)] - Plug leak in virCgroupMoveTask (rhbz#984556) - Fix invalid read in virCgroupGetValueStr (rhbz#984561) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4296 CVE-2013-4311 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.14-7.3] - New build with correct patch for CVE-2013-4324 [0.14-7.2] - Fix race condition in policykit use (CVE-2013-4324) Resolves: CVE-2013-4324 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4324 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [3.12.4-4:.1] - Applied patch to avoid unix-process authorization subject when using polkit as it is racy (CVE-2013-4325). IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4325 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [0.5-2] - CVE-2013-4326 Resolves: #1007174 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4326 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 kernel [2.6.18-348.18.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4162 CVE-2013-2141 CVE-2012-3511 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-348.18.1] - [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [1005239 987539] - [kernel] signals: stop info leak via tkill and tgkill syscalls (Oleg Nesterov) [970874 970875] {CVE-2013-2141} - [net] ipv6: do udp_push_pending_frames AF_INET sock pending data (Jiri Benc) [987647 987648] {CVE-2013-4162} - [mm] use-after-free in madvise_remove() (Jacob Tanenbaum) [849735 849736] {CVE-2012-3511} - [fs] autofs: remove autofs dentry mount check (Ian Kent) [1001488 928098] [2.6.18-348.17.1] - [net] be2net: Fix to avoid hardware workaround when not needed (Ivan Vecera) [999819 995961] - [net] be2net: Mark checksum fail for IP fragmented packets (Ivan Vecera) [983864 956322] - [net] be2net: Avoid double insertion of vlan tags (Ivan Vecera) [983864 956322] - [net] be2net: disable TX in be_close() (Ivan Vecera) [983864 956322] - [net] be2net: fix EQ from getting full while cleaning RX CQ (Ivan Vecera) [983864 956322] - [net] be2net: avoid napi_disable() when not enabled (Ivan Vecera) [983864 956322] - [net] be2net: Fix receive Multicast Packets w/ Promiscuous mode (Ivan Vecera) [983864 956322] - [net] be2net: Fixed memory leak (Ivan Vecera) [983864 956322] - [net] be2net: Fix PVID tag offload for packets w/ inline VLAN tag (Ivan Vecera) [983864 956322] - [net] be2net: fix a Tx stall bug caused by a specific ipv6 packet (Ivan Vecera) [983864 956322] - [net] be2net: Remove an incorrect pvid check in Tx (Ivan Vecera) [983864 956322] - [net] be2net: Fix issues in error recovery with wrong queue state (Ivan Vecera) [983864 956322] - [net] netpoll: revert 6bdb7fe3104 and fix be_poll() instead (Ivan Vecera) [983864 956322] - [net] be2net: Fix to parse RSS hash Receive completions correctly (Ivan Vecera) [983864 956322] - [net] be2net: Fix cleanup path when EQ creation fails (Ivan Vecera) [983864 956322] - [net] be2net: Fix Endian (Ivan Vecera) [983864 956322] - [net] be2net: Fix to trim skb for padded vlan packets (Ivan Vecera) [983864 956322] - [net] be2net: Explicitly clear reserved field in Tx Descriptor (Ivan Vecera) [983864 956322] - [net] be2net: remove unnecessary usage of unlikely() (Ivan Vecera) [983864 956322] - [net] be2net: do not modify PCI MaxReadReq size (Ivan Vecera) [983864 956322] - [net] be2net: cleanup be_vid_config() (Ivan Vecera) [983864 956322] - [net] be2net: don't call vid_config() when there no vlan config (Ivan Vecera) [983864 956322] - [net] be2net: Ignore status of some ioctls during driver load (Ivan Vecera) [983864 956322] - [net] be2net: Fix wrong status getting returned for MCC commands (Ivan Vecera) [983864 956322] - [net] be2net: Fix VLAN/multicast packet reception (Ivan Vecera) [983864 956322] - [net] be2net: fix wrong frag_idx reported by RX CQ (Ivan Vecera) [983864 956322] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2141 CVE-2013-4162 CVE-2012-3511 cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [2:2.3.14-19] - Correctly backport patches that fix the descriptor leakage - Related: #852274 [-2:2.3.14-18] - Fix leaking file descriptors (#852274) - Fix: Service disabled due to bind failure (#811000) - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port (#788795) LOW Copyright 2013 Oracle, Inc. CVE-2012-0862 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [5.3.3-21] - add security fix for CVE-2013-4248 [5.3.3-20] - add security fix for CVE-2013-4113 [5.3.3-19] - add upstream reproducer for error_handler (#951075) [5.3.3-18] - add security fixes for CVE-2006-7243 [5.3.3-17] - reorder security patches - add security fixes for CVE-2012-2688, CVE-2012-0831, CVE-2011-1398, CVE-2013-1643 [5.3.3-15] - fix segfault in error_handler with allow_call_time_pass_reference = Off (#951075) - fix double free when destroy_zend_class fails (#951076) [5.3.3-14] - fix possible buffer overflow in pdo_odbc (#869694) - rename php-5.3.3-extrglob.patch and reorder - php script hangs when it exceeds max_execution_time when inside an ODBC call (#864954) - fix zend garbage collector (#892695) - fix transposed memset arguments in libzip (#953818) - fix possible segfault in pdo_mysql (#869693) - fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859369) - fix stream support in fileinfo (#869697) - fix setDate when DateTime created from timestamp (#869691) - fix permission on source files (#869688) - add php(language) and missing provides (#837044) - fix copy doesn't report failure on partial copy (#951413) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-0831 CVE-2011-1398 CVE-2013-1643 CVE-2013-4248 CVE-2006-7243 CVE-2012-2688 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [3.6.6-0.136] - resolves: #984807 - CVE-2013-4124: DoS via integer overflow when reading an EA list [3.6.6-0.135] - Fix PIDL parsing with newer versions of gcc. - Fix dereferencing a unique pointer in the WKSSVC server. - resolves: #982484 [3.6.6-0.134] - Check for system libtevent and require version 0.9.18. - Use tevent epoll backend in winbind. - resolves: #869295 [3.6.6-0.133] - Fix smbstatus code dump when a file entry has delete tokens. - resolves: #962840 [3.6.6-0.132] - Fix possible segfaults with group caching patch. - related: #948923 [3.6.6-0.131] - Fix CVE-2013-0213 and CVE-2013-0214. - resolves: #957591 [3.6.6-0.130] - Fix netlogon failover for LogonSamLogon. - resolves: #862872 - Fix write operations as guest with security = share - resolves: #905071 - Disable building cifs idmap and acl binaries. - resolves: #873692 - Change chkconfig order to start winbind before netfs. - resolves: #948614 - Fix cache issue when resoliving groups without domain name. - resolves: #948923 - Fix pam_winbind upn to username conversion if you have different seperator. - resolves: #949611 - Fix the username map optimization. - resolves: #917564 - Fix leaking sockets of smb dc connection. - resolves: #883861 - Fix 'net ads keytab add' not respecting the case. - resolves: #955680 - Fix 'map untrusted to domain' with NTLMv2. - resolves: #947999 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4124 CVE-2013-0213 CVE-2013-0214 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.5.1-70] - Fix IPA provider performance issue when storing large host groups - Resolves: rhbz#979047 - sssd_be goes to 99% CPU and causes significant login delays when client is under load [1.5.1-69] - Fix startup with a broken configuration - Resolves: rhbz#974036 - sssd core process keeps running after backends quit [1.5.1-68] - Add a forgotten break in a switch statement - Related: rhbz#886165 - sssd will stop functioning correctly if sssd_be hangs for a while [1.5.1-67] - Fix initialization of the paging control - Related: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts cache repeatedly [1.5.1-66] - Resolves: rhbz#961680 - sssd components seem to mishandle sighup [1.5.1-65] - Resolves: rhbz#959838 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees [1.5.1-64] - Free the LDAP control when following referrals - Resolves: rhbz#820908 - SSSD stops working due to memory problems [1.5.1-63] - Restart services with a timeout in case they are restarted too often - Resolves: rhbz#950156 - sssd dead but pid file exists after heavy load presented [1.5.1-62] - Use the LDAP paging control more sparingly - Related: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts cache repeatedly [1.5.1-61] - Resolves: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts cache repeatedly [1.5.1-60] - Resolves: rhbz#886165 - sssd will stop functioning correctly if sssd_be hangs for a while [1.5.1-59] - Process pending requests on PAM reconnect - Resolves: rhbz#882414 - sssd will stop perform LDAP requests for user lookup (nss), authorization, and authentication [1.5.1-58] - Initialize hbac_ctx to NULL - Resolves: rhbz#850722 [1.5.1-57] - Process all groups from a single nesting level - Resolves: rhbz#846664 - Backport the option to disable srchost processing - Resolves: rhbz#841677 [1.5.1-56] - Require libgssapiv2.so to pull in cyrus-sasl-gssapi - Resolves: rhbz#786443 [1.5.1-55] - Rebuild against newer libtdb - Related: rhbz#838130 - SSSD needs to be rebuilt against newer libtdb [1.5.1-54] - Resolves: rhbz#797272 - sssd-1.5.1-37.el5 needs a dependency to dbus >= 1.1 - Resolves: rhbz#797300 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#833169 - Add support for terminating idle connections in sssd_nss - Resolves: rhbz#783081 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#786443 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#827469 - Unable to lookup user, group, netgroup aliases with case_sensitive=false [1.5.1-53] - Resolves: rhbz#826237 - sssd_be segfaulting with IPA backend [1.5.1-52] - Resolves: rhbz#817073 - sssd fails to use the last AD server if other AD servers are not reachable - Resolves: rhbz#828190 - Infinite loop checking Kerberos credentials [1.5.1-51] - Resolves: rhbz#815154 - Raise limits for max num of files sssd_nss/sssd_pam can use [1.5.1-50] - Add the ability to disable the LDAP simple paging control - Resolves: rhbz#782221 - Intermittent LDAP paging errors LOW Copyright 2013 Oracle, Inc. CVE-2013-0219 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.3.8-2] - fix voltage issue LOW Copyright 2013 Oracle, Inc. CVE-2010-4530 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-371.0.0.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4398 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-371] - [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [987539] [2.6.18-370] - [net] be2net: Fix to avoid hardware workaround when not needed (Ivan Vecera) [995961] - [kernel] signals: stop info leak via tkill and tgkill syscalls (Oleg Nesterov) [970875] {CVE-2013-2141} [2.6.18-369] - [fs] nlm: Ensure we resend pending blocking locks after a reclaim (Steve Dickson) [918592] - [kernel] kmod: kthread_run causes oom killer deadlock (Frantisek Hrbata) [983506] - [fs] nfs4: ratelimit some messages, add name to bad seq-id mess (Dave Wysochanski) [953121] - [fs] nfsd: fix EXDEV checking in rename (J. Bruce Fields) [515599] - [misc] tty: Fix abusers of current-sighand->tty (Aaron Tomlin) [858981] - [net] ipv6: don't call addrconf_dst_alloc again when enable lo (Jiri Benc) [981417] - [redhat] kabi: Adding symbol fc_fabric_login (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fcoe_ctlr_recv (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_exch_mgr_reset (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_lport_init (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_exch_recv (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_lport_destroy (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fcoe_ctlr_els_send (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fcoe_ctlr_destroy (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_exch_init (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_fabric_logoff (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_set_mfs (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_elsct_init (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fcoe_ctlr_link_up (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fcoe_ctlr_recv_flogi (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_change_queue_depth (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fcoe_ctlr_init (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fcoe_ctlr_link_down (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_change_queue_type (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_exch_mgr_free (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_exch_mgr_alloc (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_lport_config (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_disc_init (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol strict_strtoul (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_rport_init (Jiri Olsa) [864256] - [redhat] kabi: Adding symbol fc_get_host_port_state (Jiri Olsa) [864256] [2.6.18-368] - [net] tg3: Add read dma workaround for 5720 (Ivan Vecera) [984064] - [net] tg3: Add New 5719 Read DMA workaround (Ivan Vecera) [984064] - [net] vlan: fix perf regression due to missing features flags (Michal Schmidt) [977711] [2.6.18-367] - [net] ipv6: do udp_push_pending_frames AF_INET sock pending data (Jiri Benc) [987648] {CVE-2013-4162} - [net] mlx4: restore pre-RHEL5.9 default value of log_num_mac (Michal Schmidt) [968352] - [x86_64] Fix kdump failure due to 'x86_64: Early segment setup' (Paolo Bonzini) [987244] - [fs] vfs: remove unused __d_splice_alias argument (J. Bruce Fields) [785916] - [fs] vfs: stop d_splice_alias creating directory aliases (J. Bruce Fields) [785916] - [xen] skip tracing if it was disabled instead of dying (Igor Mammedov) [967053] [2.6.18-366] - [net] be2net: Activate new FW after FW download for Lancer (Ivan Vecera) [982590] - [net] be2net: Fix initialization sequence for Lancer (Ivan Vecera) [982590] - [net] be2net: Fix FW download in Lancer (Ivan Vecera) [982590] - [net] qlge: Fix receive path to drop error frames (Chad Dupuis) [975852] - [net] qlge: remove NETIF_F_TSO6 flag (Chad Dupuis) [975852] - [net] qlge: Moving low level frame error to ethtool statistics (Chad Dupuis) [975852] - [net] qlge: Fixed double pci free on tx_ring->q allocation fail (Chad Dupuis) [975852] [2.6.18-365] - [net] be2net: Mark checksum fail for IP fragmented packets (Ivan Vecera) [956322] - [net] be2net: Avoid double insertion of vlan tags (Ivan Vecera) [956322] - [net] be2net: disable TX in be_close() (Ivan Vecera) [956322] - [net] be2net: fix EQ from getting full while cleaning RX CQ (Ivan Vecera) [956322] - [net] be2net: avoid napi_disable() when not enabled (Ivan Vecera) [956322] - [net] be2net: Fix receive Multicast Packets w/ Promiscuous mode (Ivan Vecera) [956322] - [net] be2net: Fixed memory leak (Ivan Vecera) [956322] - [net] be2net: Fix PVID tag offload for packets w/ inline VLAN tag (Ivan Vecera) [956322] - [net] be2net: fix a Tx stall bug caused by a specific ipv6 packet (Ivan Vecera) [956322] - [net] be2net: Remove an incorrect pvid check in Tx (Ivan Vecera) [956322] - [net] be2net: Fix issues in error recovery with wrong queue state (Ivan Vecera) [956322] - [net] netpoll: revert 6bdb7fe3104 and fix be_poll() instead (Ivan Vecera) [956322] - [net] be2net: Fix to parse RSS hash Receive completions correctly (Ivan Vecera) [956322] - [net] be2net: Fix cleanup path when EQ creation fails (Ivan Vecera) [956322] - [net] be2net: Fix Endian (Ivan Vecera) [956322] - [net] be2net: Fix to trim skb for padded vlan packets (Ivan Vecera) [956322] - [net] be2net: Explicitly clear reserved field in Tx Descriptor (Ivan Vecera) [956322] - [net] be2net: remove unnecessary usage of unlikely() (Ivan Vecera) [956322] - [net] be2net: do not modify PCI MaxReadReq size (Ivan Vecera) [956322] - [net] be2net: cleanup be_vid_config() (Ivan Vecera) [956322] - [net] be2net: don't call vid_config() when there no vlan config (Ivan Vecera) [956322] - [net] be2net: Ignore status of some ioctls during driver load (Ivan Vecera) [956322] - [net] be2net: Fix wrong status getting returned for MCC commands (Ivan Vecera) [956322] - [net] be2net: Fix VLAN/multicast packet reception (Ivan Vecera) [956322] - [net] be2net: fix wrong frag_idx reported by RX CQ (Ivan Vecera) [956322] - [infiniband] cxgb4: Compile when CXGB4 is set, not CXGB3 (Doug Ledford) [871555] - Revert: [infiniband] qib: add qib, mod ipath to only support HTX (Doug Ledford) [871555] - Revert: [infiniband] Enable Kconfig for ipath (Doug Ledford) [871555] - Revert: [infiniband] Revert upstream 'Infiniband: make ipath' (Doug Ledford) [871555] - Revert: [infiniband] Revert upstream 'IB/ipath: Make ipath_port' (Doug Ledford) [871555] - Revert: [infiniband] Revert upstream 'IB/ipath: Convert from ...' (Doug Ledford) [871555] - Revert: [infiniband] Revert upstream 'cpumask: use new cpumask' (Doug Ledford) [871555] - Revert: [infiniband] Import of backport patch from ofed 1.4.2 (Doug Ledford) [871555] - Revert: [infiniband] Pull in backport from ofed 1.4.2 (Doug Ledford) [871555] - Revert: [infiniband] aio_write not right entrypoint to use in our (Doug Ledford) [871555] - Revert: [infiniband] make up for lack of HT_IRQ config option (Doug Ledford) [871555] - Revert: [infiniband] Don't use vmalloc_user (Doug Ledford) [871555] - Revert: [infiniband] More device->class_device conversions (Doug Ledford) [871555] - Revert: [scsi] qla4xxx: ISP8xxx: Correct retry of adapter initial (Chad Dupuis) [978150] - [net] af_key: fix info leaks in notify messages (Jiri Benc) [981000] {CVE-2013-2234} - [net] af_key: initialize satype in key_notify_policy_flush() (Jiri Benc) [981224] {CVE-2013-2237} - [net] Fix panic for vlan over gre via tun (Thomas Graf) [981337] - [net] ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Jiri Pirko) [981557] {CVE-2013-2232} [2.6.18-364] - [net] sctp: Disallow new connection on a closing socket (Daniel Borkmann) [974936] {CVE-2013-2206} - [net] sctp: Use correct sideffect command in dup cookie handling (Daniel Borkmann) [974936] {CVE-2013-2206} - [net] sctp: deal with multiple COOKIE_ECHO chunks (Daniel Borkmann) [974936] {CVE-2013-2206} - [scsi] qla4xxx: Update vers to 5.02.04.06.05.10-d0 for Inbox rel (Chad Dupuis) [978150] - [scsi] qla4xxx: ISP8xxx: Correct retry of adapter initialization (Chad Dupuis) [978150] - [scsi] qla4xxx: Fix req queue count manipulation on response path (Chad Dupuis) [978150] - [scsi] qla4xxx: Fix targets not coming back if chap is enabled (Chad Dupuis) [978150] - [scsi] qla4xxx: Correct early completion of pending mbox (Chad Dupuis) [978150] - [net] fix invalid free in ip_cmsg_send() callers (Petr Matousek) [980142] {CVE-2013-2224} - [x86_64] Early segment setup for VT (Paolo Bonzini) [978305] - [block] cpqarray: info leak in ida_locked_ioctl() (Tomas Henzl) [971246] {CVE-2013-2147} - [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [957604] [2.6.18-363] - [virt] netback: don't disconnect frontend with oversize packet (Andrew Jones) [971155] - [virt] netfront: reduce gso_max_size to account max TCP header (Andrew Jones) [971155] - [block] cdrom: use kzalloc() for failing hardware (Frantisek Hrbata) [973104] {CVE-2013-2164} - [block] cciss: Update version string (Linda Knippers) [919633] [2.6.18-362] - [block] cciss: Silence noisy per-device cciss messages (Tomas Henzl) [827515] - [fs] gfs2: flush work queue before clearing glock hash tables (Abhijith Das) [959532] - [fs] extN: tighten restrictions on inode flags (Eric Sandeen) [756309] - [mm] use-after-free in madvise_remove() (Jacob Tanenbaum) [849736] {CVE-2012-3511} - [internal] kernel.spec: add Provides line to kernel-debug-devel (Phillip Lougher) [709658] [2.6.18-361] - [fs] ext4: Avoid crashing on NULL ptr dereference on fs error (Carlos Maiolino) [867748] - [fs] ext4: set extents flag when migrating file to use extents (Carlos Maiolino) [867748] - [fs] ext4: Convert more i_flags references to use accessors (Carlos Maiolino) [867748] - [fs] ext4: Fix remaining racy updates of EXT4_I(inode)->i_flags (Carlos Maiolino) [867748] - [fs] ext4: Use bitops to read/modify i_flags in ext4_inode_info (Carlos Maiolino) [867748] - [fs] ext3/4: don't clear orphan list on ro mount with errors (Eric Sandeen) [850803] - [fs] jbd2: round commit timer up to avoid uncommitted transaction (Carlos Maiolino) [892393] - [scsi] ibmvfc: Ignore fabric RSCNs when link is dead (Steve Best) [964334] - [mm] Page migration: Don't accept invalid nodes in target nodeset (Jan Stancek) [848473] - [mm] Break out when there is nothing more to write for the fs. (Larry Woodman) [965359] - [sound] ALSA - fix the no-sound issue for Creative Recon3D cards (Jaroslav Kysela) [796912] [2.6.18-360] - [fs] zisofs: fix readpage() outside i_size (Eric Sandeen) [952860] - [net] fixed: fix module unloading for the 'fixed' driver (Nikolay Aleksandrov) [647894] - [net] ipv6: assign rt6_info to inet6_ifaddr in init_loopback (Jiri Benc) [971067] - [net] Bluetooth: fix possible info leak in bt_sock_recvmsg() (Radomir Vrbovsky) [955601] {CVE-2013-3224} - [block] gen8plus Smart Array IDs (Linda Knippers) [919633] - [net] Bluetooth: HCI & L2CAP information leaks (Jacob Tanenbaum) [922416] {CVE-2012-6544} - [virt] xen PV passthru: assign SR-IOV VFs to sep virtual slots (Laszlo Ersek) [865736] - [scsi] be2iscsi: This patch bumps the version number (Rob Evers) [962503] - [scsi] be2iscsi: This patch fixes the NOPIN issues (Rob Evers) [962503] - [xen] cap physmem at 1TB (Andrew Jones) [961667] - [xen] cleanup invalid checksum error (Andrew Jones) [914814] - [xen] mask cpuid avx (Andrew Jones) [894360] [2.6.18-359] - [fs] autofs4: use __simple_empty() for empty directory check (Ian Kent) [873922] - [fs] autofs: remove autofs dentry mount check (Ian Kent) [928098] - [redhat] kabi: Adding symbol register_lro_netdev (Jiri Olsa) [873514] - [redhat] kabi: Adding symbol unregister_lro_netdev (Jiri Olsa) [873514] - [misc] signal: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER (Nikola Pajkovsky) [920504] {CVE-2013-0914} - [misc] signal: always clear sa_restorer on execve (Nikola Pajkovsky) [920504] {CVE-2013-0914} - [misc] signal: Def __ARCH_HAS_SA_RESTORER for sa_restorer clear (Nikola Pajkovsky) [920504] {CVE-2013-0914} - [net] ipv6: Fix broken IPv6 routing table after loopback down-up (Jiri Benc) [745321] - [virt] hv: use gracefully shutdown instead of poweroff (Jason Wang) [903460] - [md] dm kcopyd throttling (Mikulas Patocka) [958556] - [scsi] storvsc: Properly handle in-transit packets during a reset (Jason Wang) [865292] - [net] sky2: fix scheduling while atomic in sky2_vlan_rx_register (Nikolay Aleksandrov) [920757] - [x86] fix timeout of poll(2) w/ 32-bit processes on x86_64 (Naoya Horiguchi) [794670] [2.6.18-358] - [net] tg3: buffer overflow in VPD firmware parsing (Jacob Tanenbaum) [949940] {CVE-2013-1929} - [net] atm: update msg_namelen in vcc_recvmsg() (Nikola Pajkovsky) [955223] {CVE-2013-3222} - [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [960783] - [cpufreq] acpi-cpufreq more defensive against BIOS freq changes (Lenny Szubowicz) [921856] - [net] tcp: connect() race with timewait reuse (Jiri Pirko) [947038] - [block] ide: Allow configuration of prefer_ms_hyperv (Radomir Vrbovsky) [907231] - [infiniband] Return link layer type to userspace query port op (Jay Fenlason) [866331] - [scsi] ipr: Fix oops while resetting an ipr adapter (Steve Best) [914391] - [net] ipv6: Remove IPV6_ADDR_RESERVED (Amerigo Wang) [728922] - [net] IP_MULTICAST_IF setsockopt now recognizes struct mreq (Jiri Pirko) [847613] - [net] reduce per cpu ram used for loopback stats (Weiping Pan) [872466] - [net] ipv4: check optlen for IP_MULTICAST_IF option (Jiri Pirko) [866743] [2.6.18-357] - [fs] ext4: prevent race while walking extent tree for fiemap (Lukas Czerner) [692071] - [fs] ext4: Fix possibly very long loop in fiemap (Lukas Czerner) [692071] - [fs] ext4: make FIEMAP and delayed allocation play well together (Lukas Czerner) [692071] - [fs] ext4: handle NULL p_ext in ext4_ext_next_allocated_block() (Lukas Czerner) [692071] - [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [692071] - [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [692071] - [fs] cifs: show sec= option in /proc/mounts (Sachin Prabhu) [806481] - [fs] cifs: Introduce workaround for crypto module loading problem (Sachin Prabhu) [806481] - [fs] cifs: Fix extended security auth failure (Sachin Prabhu) [806481] - [fs] cifs: silence printk when establishing first sess on socket (Sachin Prabhu) [806481] - [fs] cifs: Fix sign failure when serv mandates sign for NTLMSSP (Sachin Prabhu) [806481] - [fs] cifs: Support NTLM2 sess security dur NTLMSSP authenticate (Sachin Prabhu) [806481] - [fs] cifs: ignore everything in SPNEGO blob after mechTypes (Sachin Prabhu) [806481] - [fs] cifs: check offset in decode_ntlmssp_challenge() (Sachin Prabhu) [806481] - [fs] cifs: endian fix in decode_ntlmssp_challenge (Sachin Prabhu) [806481] - [fs] cifs: NTLM auth/sign - create & send keys for key exchange (Sachin Prabhu) [806481] - [fs] cifs: mv 'ntlmssp' & 'local_leases' opts from experimental (Sachin Prabhu) [806481] - [fs] cifs: Remove distinction between rawntlmssp and ntlmssp. (Sachin Prabhu) [806481] - [fs] cifs: Fix broken sec=ntlmv2/i sec option (try #2) (Sachin Prabhu) [806481] - [fs] cifs: NTLM auth/sign - minor error corrections and cleanup (Sachin Prabhu) [806481] - [fs] cifs: NTLM auth/sign - Alloc sess key/client res dynamically (Sachin Prabhu) [806481] - [fs] cifs: NTLM authent & signing - Calc auth response per sess (Sachin Prabhu) [806481] - [fs] cifs: ntlm authent & signing - proper av/ti pair for ntlmv2 (Sachin Prabhu) [806481] - [fs] cifs: fix module refcount leak in find_domain_name (Sachin Prabhu) [806481] - [fs] cifs: ntlm authent & signing - Fix response len for ntlmv2 (Sachin Prabhu) [806481] - [fs] cifs: NTLMv2/NTLMSSP ntlmv2 within ntlmssp authenticate code (Sachin Prabhu) [806481] - [fs] cifs: NTLMv2/NTLMSSP Change var name mac_key to session key (Sachin Prabhu) [806481] - [fs] cifs: ntlmv2/ntlmssp rem function CalcNTLMv2_partial_mac_key (Sachin Prabhu) [806481] - [fs] cifs: have decode_negTokenInit set flags in server struct (Sachin Prabhu) [806481] - [fs] cifs: eliminate 'first_time' parm to CIFS_SessSetup (Sachin Prabhu) [806481] - [fs] cifs: Allow raw ntlmssp code to be enabled with sec=ntlmssp (Sachin Prabhu) [806481] - [fs] cifs: Fix SMB uid in NTLMSSP authenticate request (Sachin Prabhu) [806481] - [fs] cifs: NTLMSSP reenabled after move from connect.c to sess.c (Sachin Prabhu) [806481] - [fs] cifs: Add remaining ntlmssp flags & standardize field names (Sachin Prabhu) [806481] - [misc] genalloc: stop crashing the system when destroying a pool (Steve Best) [859194] - [x86] mm: introduce proper mem barriers smp_invalidate_interrupt (Rafael Aquini) [865095] - [x86] Add sysctl to allow panic on IOCK NMI error (Prarit Bhargava) [918279] [2.6.18-356] - [fs] nfs: flush cached dir information slightly more readily (Scott Mayhew) [853145] - [fs] nfs: Fix resolution prob with cache_change_attribute (Scott Mayhew) [853145] - [fs] nfs: define function to update nfsi->cache_change_attribute (Scott Mayhew) [853145] - [fs] nfsv4: Save the owner/group name string when doing open (Scott Mayhew) [609252] - [fs] nfsv4: Don't do idmapper upcalls for asynchronous RPC calls (Scott Mayhew) [609252] - [fs] nfsv4: Fix cache validate bug where getcwd() returns ENOENT (Scott Mayhew) [609252] - [fs] nfsv4: Simplify some cache consistency post-op GETATTRs (Scott Mayhew) [609252] - [fs] nfsv4: set fattr->valid to reflect what was decoded (Scott Mayhew) [609252] - [fs] nfsv4: Clean up decode_getfattr() (Scott Mayhew) [609252] - [fs] nfsv4: Support NFSv4 optional attrs in the struct nfs_fattr (Scott Mayhew) [609252] - [fs] nfs: Fix nfs_post_op_update_inode_force_wcc() (Scott Mayhew) [609252] - [md] shutdown, don't switch to RO, mark clean and set safemode=2 (Jes Sorensen) [864727] - [net] cxgb4: zero out another firmware request struct (Jay Fenlason) [872531] - [net] cxgb4: clear out most firmware request structures (Jay Fenlason) [872531] - [net] ethtool: allow enable GRO even if RX csum is disabled (Ivan Vecera) [894636] - [net] enable GRO by default for vlan devices (Ivan Vecera) [894636] - [net] bonding: enable gro by default (Ivan Vecera) [894636] - [mm] writeback: remove unnecessary wait in throttle_vm_writeout() (Frantisek Hrbata) [822768] - [mm] throttle_vm_writeout: don't loop on GFP_NOFS/GFP_NOIO alloc (Frantisek Hrbata) [822768] - [char] random: mix in architectural randomness in extract_buf() (Prarit Bhargava) [871559] - [char] random: Use arch-specific RNG to init the entropy store (Prarit Bhargava) [871559] - [x86] random: Verify RDRAND function and allow it to be disabled (Prarit Bhargava) [871559] - [x86] random: Arch inlines to get random integers with RDRAND (Prarit Bhargava) [871559] - [char] random: Add support for architectural random hooks (Prarit Bhargava) [871559] - [char] random: make mixing interface byte-oriented (Prarit Bhargava) [871559] - [char] random: remove some prefetch logic (Prarit Bhargava) [871559] - [char] random: improve variable naming, clear extract buffer (Prarit Bhargava) [871559] - [x86] add clear_cpu_cap() operation (Prarit Bhargava) [871559] - [x86] 32-bit, add alternative_io() (Prarit Bhargava) [871559] - [x86] add X86_FEATURE_RDRAND (Prarit Bhargava) [871559] - [x86] add ASM_OUTPUT2 (Prarit Bhargava) [871559] - [x86] mce, kernel supports MCE for Nehalem (Prarit Bhargava) [958905] - [scsi] qla2xxx: Add a mutex around use of optrom variables. (Chad Dupuis) [795550] - [net] be2net: fix wrong frag_idx reported by RX CQ (Ivan Vecera) [862520] - [net] bnx2x: Prevent NULL pointer dereference in kdump (Michal Schmidt) [867302] - [scsi] cxgb4i hot-unplug (Jay Fenlason) [786024] - [net] bond: add support to read speed and duplex via ethtool (Andy Gospodarek) [704575] - [net] netpoll: workaround a race condition (Amerigo Wang) [742495] - [net] IPV6: Allow address changes while administrative down (Flavio Leitner) [868622] - [sound] ALSA - HDA - fix NULL pointer dereference for ALC268 (Jaroslav Kysela) [901337] - [scsi] cciss: use lun reset not target reset (Tomas Henzl) [893049] - [net] igbvf: work around i350 erratum (Stefan Assmann) [878904] - [net] llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Jesper Brouer) [956097] {CVE-2013-3231} - [net] tipc: fix info leaks via msg_name in recv_msg/recv_stream (Jesper Brouer) [956149] {CVE-2013-3235} - [net] Bluetooth: RFCOMM Fix info leak in ioctl(RFCOMMGETDEVLIST) (Radomir Vrbovsky) [922407] {CVE-2012-6545} - [net] Bluetooth: RFCOMM - Fix info leak via getsockname() (Radomir Vrbovsky) [922407] {CVE-2012-6545} - [kernel] Make futex_wait() use an hrtimer for timeout (Prarit Bhargava) [864648] [2.6.18-355] - [char] ipmi: use a tasklet for handling received messages (Tony Camuso) [947732] - [char] ipmi: do run_to_completion properly in deliver_recv_msg (Tony Camuso) [947732] - [fs] nfs4: fix locking around cl_state_owners list (Dave Wysochanski) [948317] - [s390] qeth: fix qeth_wait_for_threads() deadlock for OSN devices (Hendrik Brueckner) [952451] - [fs] ext4: check for zero length extent (Lukas Czerner) [866433] - [net] be2net: fix be_close() to ensure all events are ack'ed (Ivan Vecera) [950137] - [net] be2net: fix a race in be_xmit() (Ivan Vecera) [949959] - [kernel] kmod: avoid deadlock from recursive request_module call (Frantisek Hrbata) [949568] - [net] netxen: write IP address to firmware when using bonding (Nikolay Aleksandrov) [756502] - [s390] kernel: sched_clock() overflow (Hendrik Brueckner) [903338] - [net] devinet: Register inetdev earlier (Jiri Pirko) [770813] - [fs] nfs: Fix bugs on short read (Sachin Prabhu) [924011] - [fs] nfs: Don't allow NFS silly-renamed files to be deleted (Dave Wysochanski) [906472] - [xen] AMD IOMMU: spot missing IO-APIC entries in IVRS table (Igor Mammedov) [910913] {CVE-2013-0153} - [xen] AMD, IOMMU: Make per-device interrupt remap table default (Igor Mammedov) [910913] {CVE-2013-0153} - [xen] AMD, IOMMU: Disable IOMMU if SATA Combined mode is on (Igor Mammedov) [910913] {CVE-2013-0153} - [xen] AMD, IOMMU: On creating entry clean up in remapping tables (Igor Mammedov) [910913] {CVE-2013-0153} - [xen] ACPI: acpi_table_parse() should return handler's err code (Igor Mammedov) [910913] {CVE-2013-0153} - [xen] introduce xzalloc() & Co (Igor Mammedov) [910913] {CVE-2013-0153} [2.6.18-354] - [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [731531] - [i386] add sleazy FPU optimization (Prarit Bhargava) [731531] - [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [731531] - [net] be2net: fix calling __vlan_put_tag() after eth_type_trans() (Ivan Vecera) [916640] - [net] be2net: increment/decrement vlans_added only once (Ivan Vecera) [922223] - [net] tg3: use PCI PM core funcs not direct access to registers (Ivan Vecera) [866822] - [fs] ext3: fix update of mtime and ctime on rename (Carlos Maiolino) [919191] - [fs] nfs: handle getattr failure during nfsv4 open (David Jeffery) [906909] - [pci] read-modify-write PCIe dev control reg when initiating FLR (Myron Stowe) [854001] - [fs] ext3: fix wrong gfp type under transaction (Lukas Czerner) [816665] - [pci] intel-iommu: Prev devs with RMRRs from going in SI Domain (Tony Camuso) [839334] - [net] tcp: fix >2 iw selection (Daniel Borkmann) [871787] - [ata] sata_svw: check DMA start bit before reset (David Milburn) [754311] - [s390] qeth: set new mac even if old mac is gone (Hendrik Brueckner) [883459] - [s390] qeth: fix deadlock between recovery and bonding driver (Hendrik Brueckner) [869646] - [s390] dasd: check count address during online setting (Hendrik Brueckner) [859527] - [s390] hugetlb: use direct TLB flushing for hugetlbfs pages (Hendrik Brueckner) [861178] [2.6.18-353] - [virt] xen-netback: backports (Andrew Jones) [910885] {CVE-2013-0216 CVE-2013-0217} - [virt] xen-netback: netif_schedulable should take a netif (Andrew Jones) [910885] {CVE-2013-0216 CVE-2013-0217} - [virt] pciback: rate limit error mess from pciback_enable_msi() (Igor Mammedov) [910877] {CVE-2013-0231} - [net] be2net: remove BUG_ON() in be_mcc_compl_is_new() (Ivan Vecera) [907524] - [net] ipv4: Update MTU to all related cache entries (Amerigo Wang) [905190] - [net] annotate rt_hash_code() users (Amerigo Wang) [905190] - [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922427] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922427] {CVE-2012-6537} - [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922427] {CVE-2012-6537} - [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922385] {CVE-2012-6546} - [net] atm: fix info leak via getsockname() (Thomas Graf) [922385] {CVE-2012-6546} - [net] tun: fix ioctl() based info leaks (Thomas Graf) [922349] {CVE-2012-6547} - [net] llc, zero sockaddr_llc struct (Thomas Graf) [922329] {CVE-2012-6542} - [net] llc: fix info leak via getsockname() (Thomas Graf) [922329] {CVE-2012-6542} - [net] xfrm_user: return error pointer instead of NULL (Thomas Graf) [919387] {CVE-2013-1826} - [kernel] wait_for_helper: SIGCHLD from u/s cause use-after-free (Frantisek Hrbata) [858753] {CVE-2012-4398} - [kernel] Fix ____call_usermodehelper errs being silently ignored (Frantisek Hrbata) [858753] {CVE-2012-4398} - [kernel] wait_for_helper: remove unneeded do_sigaction() (Frantisek Hrbata) [858753] {CVE-2012-4398} - [kernel] kmod: avoid deadlock from recursive kmod call (Frantisek Hrbata) [858753] {CVE-2012-4398} - [kernel] kmod: make request_module() killable (Frantisek Hrbata) [858753] {CVE-2012-4398} - [net] ixgbevf: allocate room for mailbox MSI-X interrupt's name (Laszlo Ersek) [862862] - [fs] knfsd: allow nfsd READDIR to return 64bit cookies (Niels de Vos) [918952] [2.6.18-352] - [utrace] ensure arch_ptrace() can never race with SIGKILL (Oleg Nesterov) [912072] {CVE-2013-0871} - [x86] msr: Add capabilities check (Nikola Pajkovsky) [908697] {CVE-2013-0268} [2.6.18-351] - [misc] tainted flags, fix buffer size (Prarit Bhargava) [901547] - [net] be2net: fix unconditionally returning IRQ_HANDLED in INTx (Ivan Vecera) [878316] - [net] be2net: fix INTx ISR for interrupt behaviour on BE2 (Ivan Vecera) [878316] - [net] be2net: fix a possible events_get() race on BE2 (Ivan Vecera) [878316] [2.6.18-350] - [firmware] Expand kernel boot-time storage for DMI table structs (Lenny Szubowicz) [862865] - [fs] udf: Fortify loading of sparing table (Nikola Pajkovsky) [843141] {CVE-2012-3400} - [fs] udf: Improve table length check to avoid possible overflow (Nikola Pajkovsky) [843141] {CVE-2012-3400} - [fs] udf: Avoid run away loop when partition table is corrupted (Nikola Pajkovsky) [843141] {CVE-2012-3400} [2.6.18-349] - [pci] intel-iommu: reduce max num of domains supported (Don Dutile) [885125] - [fs] gfs2: Fix leak of cached directory hash table (Steven Whitehouse) [831330] - [x86] mm: randomize SHLIB_BASE (Petr Matousek) [804954] {CVE-2012-1568} - [net] be2net: create RSS rings even in multi-channel configs (Ivan Vecera) [878209] - [net] tg3: Avoid dma read error (John Feeney) [877474] - [misc] Fix unsupported hardware message (Prarit Bhargava) [876587] - [net] ipv6: discard overlapping fragment (Jiri Pirko) [874838] {CVE-2012-4444} - [usb] Fix serial port reference counting on hotplug remove (Don Zickus) [845447] - [net] bridge: export its presence and fix bonding igmp reporting (Veaceslav Falico) [843473] - [fs] nfs: move wait for server->active from put_super to kill_sb (Jeff Layton) [839839] - [scsi] libfc: fix indefinite rport restart (Neil Horman) [595184] - [scsi] libfc: Retry a rejected PRLI request (Neil Horman) [595184] - [scsi] libfc: Fix remote port restart problem (Neil Horman) [595184] - [xen] memop: limit guest specified extent order (Laszlo Ersek) [878450] {CVE-2012-5515} - [xen] get bottom of EBDA from the multiboot data structure (Paolo Bonzini) [881885] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4398 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest Oracle Linux 5 [1.7.2p1-28] - backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 Resolves: rhbz#968221 [1.7.2p1-27] - visudo: fixed incorrect warning and parse error regarding undefined aliases which were in fact defined Resolves: rhbz#849679 Resolves: rhbz#905624 [1.7.2p1-26] - updated sudoers man-page to clarify the behavior of the user negation operator and the behavior of wildcard matching in command specifications Resolves: rhbz#846118 Resolves: rhbz#856902 [1.7.2p1-25] - fixed regression in escaping of sudo -i arguments Resolves: rhbz#853203 [1.7.2p1-24] - bump release number [1.7.2p1-23] - Fixed caching of user and group names - Backported RFC 4515 escaping of LDAP queries Resolves: rhbz#855836 Resolves: rhbz#869287 LOW Copyright 2013 Oracle, Inc. CVE-2013-2776 CVE-2013-1776 CVE-2013-1775 cpe:/a:oracle:linux:5:10:base cpe:/a:oracle:linux:5::u10_base cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2:2.3.14-39] - Honor user and group directives - Resolves: CVE-2013-4342 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4342 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 5 [2.5-118.2] - Fix integer overflows in *valloc and memalign. (#1011804). [2.5-118.1] - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1011424). MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4332 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.2.11-17.el6_4.1] - fix CVE-2013-4397: buffer overflows by expanding a specially-crafted archive MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4397 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1.13.0-11.1.2] - CVE-2013-4396: Fix use-after free in ImageText requests (#1014561) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4396 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [2.6.32-358.23.2] - [md] dm-snapshot: fix data corruption (Mikulas Patocka) [1004252 1004233] {CVE-2013-4299} [2.6.32-358.23.1] - [md] raid1, raid10: use freeze_array in place of raise_barrier in various places (Jes Sorensen) [1003765 997845] - [scsi] megaraid_sas: megaraid_sas driver init fails in kdump kernel (Nikola Pajkovsky) [1001963 833299] - [char] ipmi: eliminate long delay in ipmi_si on SGI UV2 (Nikola Pajkovsky) [988228 876778] - [net] bridge: Add multicast_querier toggle and disable queries by default (Nikola Pajkovsky) [995334 905561] - [net] bridge: Fix fatal typo in setup of multicast_querier_expired (Nikola Pajkovsky) [995334 905561] - [net] bridge: Restart queries when last querier expires (Nikola Pajkovsky) [995334 905561] - [net] bridge: Add br_multicast_start_querier (Flavio Leitner) [995334 905561] - [kernel] Prevent RT process stall due to missing upstream scheduler bug fix (Larry Woodman) [1006932 1002765] - [fs] nfs: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (Dave Wysochanski) [1006956 998752] - [firmware] efivars: Use correct efi_pstore_info struct when calling pstore_register (Lenny Szubowicz) [993547 867689] - [net] bridge: do not call setup_timer() multiple times (Amerigo Wang) [997746 994430] - [fs] lockd: protect nlm_blocked list (David Jeffery) [993544 967095] - [net] ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Jiri Benc) [987649 987651] {CVE-2013-4162} - [fs] fuse: readdirplus sanity checks (Niels de Vos) [988708 981741] - [fs] fuse: readdirplus cleanup (Niels de Vos) [988708 981741] - [fs] fuse: readdirplus change attributes once (Niels de Vos) [988708 981741] - [fs] fuse: readdirplus fix instantiate (Niels de Vos) [988708 981741] - [fs] fuse: fix readdirplus dentry leak (Niels de Vos) [988708 981741] - [fs] cifs: fix issue mounting of DFS ROOT when redirecting from one domain controller to the next (Sachin Prabhu) [994866 976535] - [fs] nfs: Make nfs_readdir revalidate less often (Scott Mayhew) [994867 976879] - [fs] nfs: Make nfs_attribute_cache_expired() non-static (Scott Mayhew) [994867 976879] - [fs] nfs: set verifier on existing dentries in nfs_prime_dcache (Scott Mayhew) [994867 976879] - [fs] nfs: Allow nfs_updatepage to extend a write under additional circumstances (Scott Mayhew) [987262 983288] - [fs] nfs: fix a leak at nfs_lookup_revalidate() (Dave Wysochanski) [987261 975211] - [acpi] efivars: If pstore_register fails, free unneeded pstore buffer (Lenny Szubowicz) [993547 867689] - [acpi] Eliminate console msg if pstore.backend excludes ERST (Lenny Szubowicz) [993547 867689] - [acpi] Return unique error if backend registration excluded by kernel param (Lenny Szubowicz) [993547 867689] - [net] bridge: fix some kernel warning in multicast timer (Amerigo Wang) [997745 952012] - [net] bridge: send query as soon as leave is received (Amerigo Wang) [997745 952012] - [net] bridge: only expire the mdb entry when query is received (Amerigo Wang) [997745 952012] - [net] bridge: Replace mp->mglist hlist with a bool (Amerigo Wang) [997745 952012] - [mm] fadvise: drain all pagevecs if POSIX_FADV_DONTNEED fails to discard all pages (Larry Woodman) [994140 957821] - [net] sunrpc: don't use a credential with extra groups (Mateusz Guzik) [1003931 955712] - [virt] xen-netfront: reduce gso_max_size to account for max TCP header (Andrew Jones) [1004657 957231] - [pps] Fix a use-after free bug when unregistering a source (Jiri Benc) [997916 920155] - [scsi] fnic: Fix SGEs limit (Chris Leech) [991346 829506] [2.6.32-358.22.1] - [x86] Round the calculated scale factor in set_cyc2ns_scale() (Prarit Bhargava) [1001954 975507] - [x86] sched: Fix overflow in cyc2ns_offset (Prarit Bhargava) [1001954 975507] [2.6.32-358.21.1] - [fs] autofs: remove autofs dentry mount check (Ian Kent) [1000314 947275] - [net] sctp: Fix list corruption resulting from freeing an association on a list (Jiri Pirko) [1002184 887868] [2.6.32-358.20.1] - [fs] nfs: Add functionality to allow waiting on all outstanding reads to complete (Dave Wysochanski) [996424 976915] - [fs] nfs: Ensure that NFS file unlock waits for readahead to complete (Dave Wysochanski) [996424 976915] - [fs] nfs: Convert nfs_get_lock_context to return an ERR_PTR on failure (Dave Wysochanski) [996424 976915] - [x86] thermal: Disable power limit notification interrupt (Shyam Iyer) [999328 908990] - [x86] thermal: Delete power-limit-notification console messages (Shyam Iyer) [999328 908990] [2.6.32-358.19.1] - [fs] gfs2: Reserve journal space for quota change in do_grow (Robert S Peterson) [988384 976823] - [netdrv] bonding: properly unset current_arp_slave on slave link up (Veaceslav Falico) [995458 988460] - [fs] nfs4: Fix infinite loop in nfs4_lookup_root (Scott Mayhew) [996014 987426] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4162 CVE-2013-4299 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1.3.7-4] - Remove regexp backtracing (CVE-2013-4363). - Related: rhbz#1002838. [1.3.7-3] - Fix insecure connection to SSL repository (CVE-2012-2125, CVE-2012-2126). - Related: rhbz#1002838. [1.3.7-2] - Fix algorithmic complexity vulnerability (CVE-2013-4287). - Resolves: rhbz#1002838. MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2126 CVE-2012-2125 CVE-2013-4287 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [1.7.0.45-2.4.3.1.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.45-2.4.3.1.el5] - Updated to icedtea 2.4.3 - Resolves: rhbz#1017623 [1.7.0.45-2.4.3.0.el5] - fixed and updated tapset - removed bootstrap - source 11 redeclared to 1111 - added source12: TestCryptoLevel.java - removed upstreamed patch103 java-1.7.0-openjdk-arm-fixes.patch - removed unnecessary patch112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch - added patch120: java-1.7.0-openjdk-freetype-check-fix.patch - fixed nss - cleaned sources - Resolves: rhbz#1017623 [1.7.0.25-2.4.1.4.el5] - updated to icedtea 2.4.1 - improoved handling of patch111 - nss-config-2.patch - backported uniquesuffix from 6.5 - Resolves: rhbz#978421 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5774 CVE-2013-5784 CVE-2013-5804 CVE-2013-5820 CVE-2013-5851 CVE-2013-5782 CVE-2013-5809 CVE-2013-5814 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5849 CVE-2013-5850 CVE-2013-3829 CVE-2013-5772 CVE-2013-5780 CVE-2013-5783 CVE-2013-5803 CVE-2013-5817 CVE-2013-5838 CVE-2013-5840 CVE-2013-4002 CVE-2013-5778 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5842 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-371.1.2.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4299 CVE-2013-4345 CVE-2013-0343 CVE-2013-4368 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-371.1.2] - [xen] x86: check segment descriptor read result in 64-bit OUTS emulation (Radim Krcmar) [1012958 1012959] {CVE-2013-4368} - [md] dm snapshot: fix data corruption (Mikulas Patocka) [1004734 975353] {CVE-2013-4299} [2.6.18-371.1.1] - [crypto] ansi_cprng fix off by one err in non-block size request (Neil Horman) [1007692 1007693] {CVE-2013-4345} - [fs] gfs2: yield() in shrinker to allow glock_workqueues to run (Abhijith Das) [1014714 928518] - [net] ipv6: ipv6_create_tempaddr cleanup (Petr Holasek) [999361 999362] {CVE-2013-0343} - [net] ipv6: remove max_addresses check from ipv6_create_tempaddr (Petr Holasek) [999361 999362] {CVE-2013-0343} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4345 CVE-2013-4299 CVE-2013-4368 CVE-2013-0343 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [1.7.0.45-2.4.3.2.0.1.el6] - Update DISTRO_NAME in specfile [1.7.0.40-2.4.3.1.el6] - sync with rhel 6.5 to icedtea 2.4 because of pernament tck failures - nss kept disabled - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.4.el6] - added back patch408 tck20131015_5.patch, to resolve one of tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.3.el6] - added back patch404 tck20131015_1.patch, to resolve one of tck failures - added back patch405 tck20131015_2.patch, to resolve one of tck failures - added back patch406 tck20131015_3.patch, to resolve one of tck failures (modified) - added back patch407 tck20131015_4.patch, to resolve one of tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.2.el6] - updated to newer security tarball of 2.3.13 - removed patch405 tck20131015_2.patch, no longer necessary to fix tck failures - removed patch406 tck20131015_3.patch, no longer necessary to fix tck failures - removed patch407 tck20131015_4.patch, no longer necessary to fix tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.1.el6] - removed useless patch404 tck20131015_1.patch - added patch405 tck20131015_2.patch, to resolve one of tck failures - added patch406 tck20131015_3.patch, to resolve one of tck failures - added patch407 tck20131015_4.patch, to resolve one of tck failures - Resolves: rhbz#1017626 [1.7.0.25-2.3.13.0.el6] - security update to 2.3.13 - adapted java-1.7.0-openjdk-disable-system-lcms.patch (and redeclared to 105) - removed bootstrap - fixed nss - fixed buildver and updatever (Set to 25,30) - moved to xz compression of sources - all patches moved correctly to prep - added patch404 tck20131015_1.patch, to resolve one of tck failures - Resolves: rhbz#1017626 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-5772 CVE-2013-5778 CVE-2013-5800 CVE-2013-5814 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5838 CVE-2013-5774 CVE-2013-5780 CVE-2013-5782 CVE-2013-5784 CVE-2013-5804 CVE-2013-5817 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5850 CVE-2013-5851 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5809 CVE-2013-3829 CVE-2013-4002 CVE-2013-5783 CVE-2013-5790 CVE-2013-5842 CVE-2013-5849 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.28.1-9] - Reject clients in deferred auth state - Bug 1009228 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-5745 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1.4.5-11] - fix CVE-2013-4242 GnuPG/libgcrypt susceptible to cache side-channel attack [1.4.5-10] - Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4242 cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.2.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ovs3 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.1.2.2.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 5 [1.4.5-18] - fix CVE-2013-4351 gpg treats no-usage-permitted keys as all-usages-permitted [1.4.5-17] - fix CVE-2012-6085 GnuPG: read_block() corrupt key input validation - fix CVE-2013-4242 GnuPG susceptible to Yarom/Falkner side-channel attack - fix CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser [1.4.5-15] - fix error when decrypting certain files (#510500) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-6085 CVE-2013-4402 CVE-2013-4242 CVE-2013-4351 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.0.14-6] - fix CVE-2013-4351 gpg treats no-usage-permitted keys as all-usages-permitted [2.0.14-5] - fix CVE-2012-6085 GnuPG: read_block() corrupt key input validation - fix CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser MODERATE Copyright 2013 Oracle, Inc. CVE-2012-6085 CVE-2013-4351 CVE-2013-4402 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [0.12.0-12.5] - Fix issue with error-handling of RSA_private_decrypt() in previous patch Related: CVE-2013-4282 [0.12.0-12.el6_4.4] - Fix buffer overflow when decrypting client SPICE ticket Resolves: CVE-2013-4282 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4282 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 [0.3.0-56.1] - Fix spice-server crash when client sends a password which is too long Resolves: CVE-2013-4282 [0.3.0-56.el5] - Fix unsafe accesses + spice: drop libpng from windows components (537849) + libspice: fix unsafe guest data accessing Resolves: #568720 + fix unsafe free() call. Resolves: #568724 + spice server: fix unsafe cursor items handling. Resolves: #568720 [0.3.0-55.el5] - spice: clear client palette caches on migration Resolves: #599496 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4282 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [8.4.18-1] - Update to PostgreSQL 8.4.18, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-14.html http://www.postgresql.org/docs/8.4/static/release-8-4-15.html http://www.postgresql.org/docs/8.4/static/release-8-4-16.html http://www.postgresql.org/docs/8.4/static/release-8-4-17.html http://www.postgresql.org/docs/8.4/static/release-8-4-18.html including fixes for CVE-2013-0255, CVE-2013-1900 (#1017837) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0255 CVE-2013-1900 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 firefox [17.0.10-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [17.0.10-1] - Update to 17.0.10 ESR xulrunner [17.0.10-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.10-1] - Update to 17.0.10 ESR [17.0.9-2] - Added patch for rhbz#983488 - Resizing window changes window size to 0 with third party window manager. CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-5597 CVE-2013-5601 CVE-2013-5602 CVE-2013-5595 CVE-2013-5600 CVE-2013-5590 CVE-2013-5599 CVE-2013-5604 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:base Oracle Linux 5 Oracle Linux 6 [17.0.10-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.10-1] - Update to 17.0.10 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5600 CVE-2013-5602 CVE-2013-5590 CVE-2013-5599 CVE-2013-5595 CVE-2013-5597 CVE-2013-5601 CVE-2013-5604 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [7.1-12] - Fix host triplets on x86 (#1014273) - Related: CVE-2012-2673 [7.1-11] - Add sanity checking for calloc/malloc calls - Resolves: CVE-2012-2673 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-2673 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:4:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 [1:1.6.0.0-1.68.1.11.14] - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - Resolves: rhbz#1017618 [1:1.6.0.1-1.67.1.13.0] - reverted previous update - Resolves: rhbz#1017618 [1:1.6.0.1-1.66.1.13.0] - updated to icedtea 1.13 - updated to openjdk-6-src-b28-04_oct_2013 - added --disable-lcms2 configure switch to fix tck - removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch - added patch7 1.13_fixes.patch to fix 1.13 build issues - adapted patch0 java-1.6.0-openjdk-optflags.patch - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - removed useless runtests parts - included also java.security.old files - Resolves: rhbz#1017618 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5797 CVE-2013-5803 CVE-2013-5809 CVE-2013-5817 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5850 CVE-2013-5778 CVE-2013-5784 CVE-2013-5802 CVE-2013-5823 CVE-2013-5840 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5790 CVE-2013-5804 CVE-2013-5814 CVE-2013-5820 CVE-2013-5842 CVE-2013-5849 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 6 [1:1.20.11-2] - Fix CVE-2013-4419: insecure temporary directory handling for guestfish's network socket resolves: rhbz#1019737 [1:1.20.11-1] - Rebase to libguestfs 1.20.11. resolves: rhbz#958183 - Remove buildnet: builds now detect network automatically. - The rhel-6.x branches containing the patches used in RHEL are now stored on a public git repository (https://github.com/libguestfs/libguestfs/branches). - Compare spec file to Fedora 18 and fix where necessary. - Backport new APIs part-get-gpt-type and part-set-gpt-type resolves: rhbz#965495 - Fix DoS (abort) due to a double free flaw when inspecting certain guest files / images (CVE-2013-2124) resolves: rhbz#968337 - libguestfs-devel should depend on an explicit version of libguestfs-tools-c, in order that the latest package is pulled in. - Rebuild against Augeas >= 1.0.0-5 resolves: rhbz#971207 - Backport Windows inspection changes resolves: rhbz#971090 - Add back state test commands to guestfish resolves: rhbz#971664 - Work around problem with ntfsresize command in RHEL 6 resolves: rhbz#971326 - Fix txz-out API resolves: rhbz#972413 - Move virt-sysprep to the libguestfs-tools-c package since it's no longer a shell script resolves: rhbz#975572 - Fix hostname inspection because of faulty Augeas path expression resolves: rhbz#975377 - Calculate appliance root correctly when iface drives are added resolves: rhbz#975760 - Add notes about resizing Windows disk images to virt-resize documentation resolves: rhbz#975753 - Remove dependency on lsscsi, not available in 6Client resolves: rhbz#973425 - Fix yum cache copy so it works if there are multiple repos resolves: rhbz#980502 - Fix hivex-commit API to fail with relative paths resolves: rhbz#980372 - Better documentation for filesystem-available API resolves: rhbz#980358 - Fix double free when kernel link fails during launch resolves: rhbz#983690 - Fix virt-sysprep --firstboot option resolves: rhbz#988863 - Fix cap-get-file so it returns empty string instead of error on no cap resolves: rhbz#989352 - Better documentation for acl-set-file resolves: rhbz#985269 - Fix bogus waitpid error when using guestfish --remote resolves: rhbz#996825 - Disable 9p support resolves: rhbz#997884 - Document that guestfish --remote doesn't work with certain other arguments resolves: rhbz#996039 - Enable kvmclock in the appliance to reduce clock instability resolves: rhbz#998108 - Fix 'sh' command before mount causes daemon to segfault resolves: rhbz#1000122 - Various fixes to tar-out 'excludes' (RHBZ#1001875) - Document use of glob + rsync-out (RHBZ#1001876) - Document mke2fs blockscount (RHBZ#1002032) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4419 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.0.0-5] - Don't package lenses in tests/ subdirectory. related: rhbz#817753 [1.0.0-4] - Rebase to Augeas 1.0.0 resolves: rhbz#817753 - Add dependency on libxml2-devel. - Remove all patches (all upstream and included in 1.0.0). - Print tests/test-suite.log when the tests fail. - Add fix for regression added in 1.0.0 (RHBZ#920609). - Fix tests/test-run. LOW Copyright 2013 Oracle, Inc. CVE-2012-0786 CVE-2012-0787 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 cheese [2.28.1-8] - Rebuild against newer evolution-data-server. Resolves: #973276 control-center [2.28.1-39] - Rebuild against newer evolution-data-server. Resolves: #973279 ekiga [3.2.6-4] - Rebuild against newer evolution-data-server. - Add patch to build break (include where needed) Resolves: #973281 evolution [2.32.3-30.el6] - Update patch for RH bug #975409 (Custom message in alarm notification) - Add patch for RH bug #1014743 (Use system timezone has no effect) - Add patch for RH bug #1014677 (Search filter persists when changing folders) [2.32.3-29.el6] - Add patch for RH bug #1013543 (Freeze during migration of pre-2.24 mails) [2.32.3-28.el6] - Add patch for RH bug #1012399 (Fails to display task mail attachment) - Bump evolution-data-server version requirement (for RH bug #1009426) [2.32.3-27.el6] - Add patch for RH bug #1009517 (Be aware of 'no-alarm-after-start' calendar capability) [2.32.3-26.el6] - Add patch for RH bug #1006764 (Plugin actions not updated) [2.32.3-25.el6] - Add patch for RH bug #1003578 (Update actions on search execute) [2.32.3-24.el6] - Update translations for the Exchange Web Services advertisement [2.32.3-23.el6] - Build evolution-devel-docs for noarch only [2.32.3-22.el6] - Add a devel-docs subpackage and do not ship evolution-settings (RH bug #1000323) [2.32.3-21.el6] - Remove bogofilter plugin from el6 (missed previous removal during rebase) [2.32.3-20.el6] - Update bn_IN translation [2.32.3-19.el6] - Show a one-time dialog on upgrade advertising Exchange Web Services. [2.32.3-18.el6] - Update translation patch [2.32.3-17.el6] - Add patch for icons in a message list Wide View [2.32.3-16.el6] - Add patch for translation updates [2.32.3-15.el6] - Update patch for RH bug #949610 (Avoid runtime warnings caused by async load) [2.32.3-14.el6] - Update patch for RH bug #975409 (Custom message in alarm notification) - Add patch for RH bug #985528 (Multiple contacts remove confuses view) [2.32.3-13.el6] - Obsolete evolution-conduits, thus an update can be done, when it's installed - Add patch for RH bug #981313 (a11y in the Contacts' minicard view) - Add patch for RH bug #981257 (Save changes in addressbook backend's ensure_sources) [2.32.3-12.el6] - Add patch for use-after-free memory in mail account editor found by valgrind [2.32.3-11.el6] - Add patch for RH bug #978525 (CamelSession left with unset network-available) [2.32.3-10.el6] - Add patch for RH bug #956510 (Alarm notify crash and other related fixes in alarm notify) - Update patch for RH bug #977292 (Close also evolution-alarm-notify process) [2.32.3-9.el6] - Add patch for RH bug #624851 (Select S/MIME encryption certificate) - Add patch for RH bug #628174 (Copy/Paste text in calendar views) - Add patch for RH bug #971496 (Notify user about question dialogs) - Add patch for RH bug #977292 (--force-shutdown closes also factories) [2.32.3-8.el6] - Add patch for RH bug #700733 (Update message counts after mail folder migration) - Add patch for RH bug #975394 (Report errors from calendars in statusbar) - Add patch for RH bug #975409 (Custom message in alarm notification) - Add patch for RH bug #970955 (Contact mail merge improvements) - Add patch for RH bug #971452 (Empty Send/Draft folders in account from startup wizard) [2.32.3-7.el6] - Add patch for RH bug #974647 (Load extensions in GObject::constructed) - Add patch for RH bug #974234 (Crash in try_open_e_book_cb()) [2.32.3-6.el6] - Fix typo in patch for Coverity scan issues - Add patch for RH bug #971820 (Crash in et_get_n_children) [2.32.3-5.el6] - Add patch for some issues found by Coverity scan [2.32.3-4.el6] - Add patch for RH bug #962331 (Initialize dbus-glib threading for GConf) - Add patch for RH bug #689429 (Replace 'Open With' button for too large messages) [2.32.3-3.el6] - Add patch for RH bug #602667 (Crash due to use after mail_msg_free call) - Add patch for RH bug #698246 (Remember password default value for calendars) - Add patch for RH bug #670917 (ItipFormatter - do not check read-only calendars) - Add patch for RH bug #737865 (ItipFormatter - ensure attendee email) - Add patch for RH bug #970650 (Store last attachment load/save path as URI) - Add patch for RH bug #970633 (Contact editor's work Country mnemonic widget) - Add patch for RH bug #949610 (Don't block UI on an attachment load) - Add patch for RH bug #919002 (Prevent message list auto-selection change) - Add patch for RH bug #857003 (Wrong czech translation) [2.32.3-2.el6] - Add patch with some gnome-2-32 branch bug fixes, which landed after 2.32.3 release [2.32.3-1.el6] - Rebase to 2.32.3 - Remove patch for conduit dir fix (obsolete by rebase) - Remove patch for GNOME bug #613639 (obsolete by rebase) - Remove patch for RH bug #585750 (part of rebase) - Remove patch for RH bug #577799 (part of rebase) - Remove patch for RH bug #522157, #632998, #638643 (obsolete by rebase) - Remove patch for RH bug #621517 (part of rebase) - Remove patch for RH bug #632968 (part of rebase) - Remove patch for RH bug #633629 (obsolete by rebase) - Remove patch for RH bug #585931 (part of rebase) - Remove patch for RH bug #666875 (part of rebase) - Remove patch for RH bug #667083 (part of rebase) - Remove patch for RH bug #696881 (part of rebase) - Remove patch for RH bug #805239 (part of rebase) - Remove patch for RH bug #890642 (part of rebase) - Remove patch for RH bug #552805 (part of rebase) evolution-data-server [2.32.3-18.el6] - Add patch for RH bug #1014032 (Prevent a crash in CamelDB) [2.32.3-17.el6] - Add patch for RH bug #1009426 ('no such table' error after upgrade) [2.32.3-16.el6] - Add patch for RH bug #1004784 (Create contact on ownCloud with WebDAV fails) [2.32.3-15.el6] - Update translation patch [2.32.3-14.el6] - Add patch for translation updates [2.32.3-13.el6] - Add patch for RH bug #979722 (Mail connects with weak SSL) - Bump nss version requirement to 3.14 [2.32.3-12.el6] - Add patch for RH bug #991074 (Unnecessary crash due to g_assert() call) [2.32.3-11.el6] - Add patch for RH bug #990380 (CVE-2013-4166) [2.32.3-10.el6] - Add patch for RH bug #950005 (Ignore cached zero-sized files) - Add patch for RH bug #983964 (Do calendar operations in a thread) [2.32.3-9.el6] - Add patch for RH bug #970013 (Disable IMAP+ QResync feature by default) - Add patch for RH bug #983031 (Google book saves other fax as business fax) - Add patch for RH bug #975409 (Custom alarm message for local calendars) [2.32.3-8.el6] - Add patch for RH bug #982681 (Google contact list name changes on load) [2.32.3-7.el6] - Add patch for RH bug #735674 (Add parameter guards to POP3 provider) - Add patch for RH bug #977395 (Be able to close factories with killev) [2.32.3-6.el6] - Add patch for RH bug #700726 (Try to read binary camel summaries from other archs) - Add patch for RH bug #975438 (Category Unmatched search doesn't work with Name contains) [2.32.3-5.el6] - Add patch for RH bug #971621 (Book view blocks factory) - Add patch for RH bug #696620 (Crash of in retrieval_done of an On The Web calendar) [2.32.3-4.el6] - Add patch for some issues found by Coverity scan [2.32.3-3.el6] - Add patch for RH bug #710058 (Expand list inline with comma separator) - Add patch for RH bug #589263 (EFileCache recursive freeze/thaw) - Add patch for RH bug #815371 (Encoded email address shown after paste) - Add patch for RH bug #804651 (Incorrect CalDAV offline setup test) - Add patch for RH bug #739968 (Initialize dbus-glib threading for GConf) - Add patch for RH bug #710005 (Encoded email address shown after list inline expand) - Add patch for RH bug #962499 (GPG decrypt failed with missing signature certificate) - Add patch for RH bug #955587 (GPG and S/MIME parts are not attachments) - Add patch for RH bug #811980 (CalDAV fails to write to Google calendar) - Add patch for RH bug #750916 (Offer also TLS for IMAPS) - Add patch for RH bug #705859 (Calendar code memory leaks) [2.32.3-2.el6] - Add patch with some gnome-2-32 branch bug fixes, which landed after 2.32.3 release [2.32.3-1.el6] - Rebase to 2.32.3 - Remove patch for RH bug #215702 (part of rebase) - Remove patch for GNOME bug #373146 (obsolete by rebase) - Remove patch for 'Remove debug spew from IMAP provider' (part of rebase) - Remove patch for RH bug #576215 (part of rebase) - Remove patch for RH bug #589192 (obsolete by rebase) - Remove patch for RH bug #553556 (part of rebase) - Remove patch for RH bug #605320 (part of rebase) - Remove patch for RH bug #619286 (part of rebase) - Remove patch for RH bug #657117 (part of rebase) - Remove patch for RH bug #634949 (part of rebase) - Remove patch for RH bug #660356 (obsolete by rebase) - Remove patch for RH bug #666879 (part of rebase) - Remove patch for RH bug #734048 (part of rebase) evolution-exchange [2.32.3-16.el6] - Add patch for RH bug #1019434 (evolution-ews searchable GAL) [2.32.3-15.el6] - Add patch for RH bug #1018301 (evolution-ews crash and broken Free/Busy fetch) [2.32.3-14.el6] - Add patch for RH bug #1009470 (evolution-ews crash when GAL not marked for offline sync) - Add patch for RH bug #1005888 (evolution-ews add 'no-alarm-after-start' calendar capability) [2.32.3-13.el6] - Add patch for RH bug #1006336 (evolution-ews fails to download attachments) [2.32.3-12.el6] - Do not ship gtk-doc files (RH bug #1000325) [2.32.3-11.el6] - Add patch to regression of GNOME bug #702922 (Cannot create appointments) [2.32.3-10.el6] - Add patch for some issues found by Coverity scan in evolution-exchange [2.32.3-9.el6] - Update translation patch for evolution-exchange [2.32.3-8.el6] - Add patches for translation updates [2.32.3-7.el6] - Add patch for evolution-ews to match 3.8.5 upstream release [2.32.3-6.el6] - Update patch for evolution-ews to match 3.8.4 upstream release (RH bug #988356) [2.32.3-5.el6] - Add patch for evolution-ews to match 3.8.4 upstream release - Add patch for RH bug #984961 (evolution-ews multiple contacts remove hang) - Add patch for RH bug #985015 (evolution-ews empty search hides contacts) [2.32.3-4.el6] - Add patch for RH bug #984531 (evolution-ews double-free in book backend) [2.32.3-3.el6] - Add patch for evolution-ews to fix account type check in new account wizard [2.32.3-2.el6] - Add patch for evolution-ews to match 3.8.3 upstream release [2.32.3-1.el6] - Rebase to 2.32.3 - Bundle evolution-ews as part of this, with feature parity of its 3.8.2 release evolution-mapi [0.32.2-12] - Fix a copy&paste error in a patch update for RH bug #621941 [0.32.2-11] - Update patch for RH bug #621941 (Created events not shown in OWA) - Add patch for RH bug #1017108 (Shorten delay of calendar open) [0.32.2-10] - Add patch for RH bug #621941 (Created events not shown in OWA) - Add patch for RH bug #906341 (Cannot create book/calendar) [0.32.2-9] - Update patch for RH bug #1005072 (Calendars could not authenticate) [0.32.2-8] - Add patch for RH bug #619842 (Attached email message is empty in forwarded email) [0.32.2-7] - Add patch for RH bug #1005072 (Authentication after migration/restore fails) [0.32.2-6] - Add patch for translation updates - Update patch for issues found by Coverity scan [0.32.2-5] - Bump libmapi requirement to 1.0-4 [0.32.2-4] - Add patch for some issues found by Coverity scan [0.32.2-3] - Add patch for RH bug #909259 (Meeting invite accept duplicates event) [0.32.2-2] - Add patch for RH bug #694134 (Contacts book not searchable) - Add patch for RH bug #625059 (Allow slash in folder names) - Add patch for RH bug #905591 (Refresh folder can fail with Exchange 2010 server) [0.32.2-1] - Rebase to 0.32.2 - Remove patch for RH bug #589193 (obsolete by rebase) - Remove patch for RH bug #602749 (part of rebase) - Remove patch for RH bug #605369 (part of rebase) - Remove patch for RH bug #666492 (obsolete by rebase) - Remove patch for RH bug #902932 (merged to openchange-1.0 patch) - Remove patch for RH bug #903241 (part of rebase) gnome-panel [2.30.2-15] - Rebuild against newer evolution-data-server. Resolves: #973284 gnome-python2-desktop [2.28.0-5.el6] - Rebuild against newer evolution-data-server. Resolves: #973285 gtkhtml3 [3.32.2-2.el6] - Add patch for some issues found by Coverity scan - Add patch for RH bug #577797 (Cursor misplaced after paste) - Add patch for RH bug #615969 (Whitespaces drop on paste) - Add patch for RH bug #627199 (Underline/strikeout misplaced in printout) - Add patch for RH bug #626690 (Paragraph style not drawn after font style change) [3.32.2-1.el6] - Rebase to 3.32.2 - Remove patch for RH bug #588457 (part of rebase) - Remove patch for RH bug #590877 (part of rebase) libgdata [0.6.4-2] - Return back accidentally removed changelog entry [0.6.4-1] - Update to 0.6.4 nautilus-sendto [2.28.2-4] - Rebuild against newer evolution-data-server. Resolves: #973287 openchange [1.0-6] - Add a patch for RH bug #665967 (Free/busy fails to be fetched) pidgin [2.7.9-11.el6] - Rebuild against newer evolution-data-server (RH bug #973288). planner [0.14.4-10] - Resolves: rhbz#973289 rebuild against newer evolution-data-server - Also add planner-0.14.4-edsapi.patch from Fedora 14 package. totem [2.28.6-4] - Change a description of a totem-youtube package [2.28.6-3] - Rebuild against libgdata-0.6.4 Resolves: #883032 LOW Copyright 2013 Oracle, Inc. CVE-2013-4166 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [3.6.9-164] - resolves: #1008574 - Fix offline logon cache not updating for cross child domain group membership. [3.6.9-163] - resolves: #1015359 - Fix CVE-2013-0213 and CVE-2013-0214 in SWAT. [3.6.9-162] - resolves: #978007 - Fix 'valid users' manpage documentation. [3.6.9-161] - resolves: #997338 - Fix smbstatus as non root user. - resolves: #1003689 - Fix Windows 8 printer driver support. [3.6.9-160] - resolves: #948071 - Group membership is not correct on logins with new AD groups. - resolves: #953985 - User and group info not return from a Trusted Domain. [3.6.9-159] - resolves: #995109 - net ads join - segmentation fault if no realm has been specified. - List all vfs, auth and charset modules in the spec file. [3.6.9-158] - resolves: #984808 - CVE-2013-4124: DoS via integer overflow when reading an EA list [3.6.9-157] - Fix Windows 8 Roaming Profiles. - resolves: #990685 [3.6.9-156] - Fix PIDL parsing with newer versions of gcc. - Fix dereferencing a unique pointer in the WKSSVC server. - resolves: #980382 [3.6.9-155] - Check for system libtevent and require version 0.9.18. - Use tevent epoll backend in winbind. - resolves: #951175 [3.6.9-154] - Add encoding option to 'net printing (migrate|dump)' command. - resolves: #915455 [3.6.9-153] - Fix overwrite of errno in check_parent_exists(). - resolves: #966489 - Fix dir code using dirfd() without vectoring trough VFS calls. - resolves: #971283 [3.6.9-152] - Fix 'map untrusted to domain' with NTLMv2. - resolves: #961932 - Fix the username map optimization. - resolves: #952268 - Fix 'net ads keytab add' not respecting the case. - resolves: #955683 - Fix write operations as guest with security = share - resolves: #953025 - Fix pam_winbind upn to username conversion if you have different seperator. - resolves: #949613 - Change chkconfig order to start winbind before netfs. - resolves: #948623 - Fix cache issue when resoliving groups without domain name. - resolves: #927383 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4124 CVE-2013-0213 CVE-2013-0214 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [4.0.0-58.rc4] - Fix winbind lsat reconnection code, avoids ntlmv2-only session setup problems - resolves: #949993 [4.0.0-57.rc4] - resolves: #984809 - CVE-2013-4124: DoS via integer overflow when reading an EA list [4.0.0-56.rc4] - Fix libwbclient.so.0 symlink. - resolves: #882338 - Fix correct linking of libreplace with cmdline-credentials. - resolves: #911264 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4124 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [qemu-kvm-0.12.1.2-2.415.el6] - kvm-target-i386-don-t-migrate-steal-time-MSR-on-older-ma.patch [bz#1022821] - Resolves: bz#1022821 (live-migration from RHEL6.5 to RHEL6.4.z fails with 'error while loading state for instance 0x0 of device 'cpu'') [0.12.1.2-2.414.el6] - kvm-vmstate-Add-max_version_id-field-to-VMStateDescripti.patch [bz#1016736] - kvm-savevm-Introduce-max_version_id-field-to-SaveStateEn.patch [bz#1016736] - kvm-i386-Set-cpu-section-version_id-to-11.patch [bz#1016736] - kvm-qemu-ga-execute-fsfreeze-freeze-in-reverse-order-of-.patch [bz#1015633] - Resolves: bz#1015633 (qemu-guest-agent: 'guest-fsfreeze-freeze' deadlocks if the guest have mounted disk images) - Resolves: bz#1016736 (CPU migration data has version_id 12 but version 11 format) [0.12.1.2-2.413.el6] - kvm-scsi-Allocate-SCSITargetReq-r-buf-dynamically-CVE-20.patch [bz#1007330] - kvm-scsi-Fix-data-length-SCSI_SENSE_BUF_SIZE.patch [bz#956929] - Resolves: bz#1007330 (CVE-2013-4344 qemu: buffer overflow in scsi_target_emulate_report_luns) - Resolves: bz#956929 (/usr/libexec/qemu-kvm was killed by signal 6 (SIGABRT) when SCSI inquiry is sent to unsupported page inside the KVM guest) [qemu-kvm-0.12.1.2-2.412.el6] - kvm-char-move-backends-io-watch-tag-to-CharDriverState.patch [bz#985205] - kvm-char-use-common-function-to-disable-callbacks-on-cha.patch [bz#985205] - kvm-char-remove-watch-callback-on-chardev-detach-from-fr.patch [bz#985205] - kvm-os-posix-block-SIGUSR2-in-os_setup_early_signal_hand.patch [bz#996814] - Resolves: bz#985205 (QEMU core dumped when do hot-unplug virtio serial port during transfer file between host to guest with virtio serial through TCP socket) - Resolves: bz#996814 (boot image with gluster native mode cant work with attach another device from local file system) [qemu-kvm-0.12.1.2-2.411.el6] - kvm-block-don-t-lose-data-from-last-incomplete-sector.patch [bz#1009370] - kvm-vmdk-fix-cluster-size-check-for-flat-extents.patch [bz#1009370] - Resolves: bz#1009370 (qemu-img refuses to open the vmdk format image its created) [qemu-kvm-0.12.1.2-2.410.el6] - kvm-chardev-fix-pty_chr_timer.patch [bz#995341] - Resolves: bz#995341 (hot-unplug chardev with pty backend caused qemu Segmentation fault) [qemu-kvm-0.12.1.2-2.409.el6] - kvm-exec-Simplify-allocation-of-guest-RAM.patch [bz#867921] - kvm-exec-Don-t-abort-when-we-can-t-allocate-guest-memory.patch [bz#867921] - kvm-block-better-error-message-for-read-only-format-name.patch [bz#999788] - kvm-vmdk-Add-migration-blocker.patch [bz#999358] - kvm-scsi-Fix-scsi_bus_legacy_add_drive-scsi-generic-with.patch [bz#1013478] - kvm-Add-support-for-JSON-pretty-printing.patch [bz#1010610] - kvm-qemu-img-add-dirty-flag-status.patch [bz#1010610] - kvm-qemu-img-make-info-backing-file-output-correct-and-e2.patch [bz#1010610] - kvm-qapi-Add-SnapshotInfo-and-ImageInfo.patch [bz#1010610] - kvm-qemu-img-Add-json-output-option-to-the-info-command.patch [bz#1010610] - kvm-qemu-img-Add-backing-chain-option-to-info-command.patch [bz#1010610] - kvm-block-get_block_status-set-pnum-0-on-error.patch [bz#1010610] - kvm-block-get_block_status-avoid-segfault-if-there-is-no.patch [bz#1010610] - Resolves: bz#1010610 (Backport option '--output=json|human' to qemu-img info command) - Resolves: bz#1013478 (-device usb-storage,serial=... crashes with SCSI generic drive) - Resolves: bz#867921 ([RFE] Nicer error report when qemu-kvm can't allocate guest RAM) - Resolves: bz#999358 (do live migration with used VMDK format disk should fail with a friendly message prompt) - Resolves: bz#999788 (qemu should give a more friendly prompt when didn't specify read-only for VMDK format disk) [qemu-kvm-0.12.1.2-2.408.el6] - Fix Qemu guest agent - move logfiles to new directory for easier SELinux tagging [bz#1009431] - kvm-block-Introduce-bs-zero_beyond_eof.patch [bz#1007224] - Resolves: bz#1007224 (Introduce bs->zero_beyond_eof) - Resolves: bz#1009431 (move qga logfiles to new /var/log/qemu-ga/ directory) [qemu-kvm-0.12.1.2-2.407.el6] - kvm-usb-host-remove-message.patch [bz#1003771] - Qemu guest agent - move logfiles to new directory for easier SELinux tagging [bz#1009431] - kvm-qemu-kvm-fix-reset-value-of-MSR_PAT.patch [bz#976706] - Resolves: bz#1003771 (warning msg not correct after hotplug invalid usb-host to guest) - Resolves: bz#1009431 (move qga logfiles to new /var/log/qemu-ga/ directory) - Resolves: bz#976706 ([HP BCS 6.5 Bug]Guest OS cannot boot after first reboot when enabling SR-IOV feature) [qemu-kvm-0.12.1.2-2.406.el6] - Reverted spurious fix for BZ 981623 [bz#1010930] - Resolves: bz#1010930 (Qemu-kvm-rhev build verifytest failed (rpm -V)) [qemu-kvm-0.12.1.2-2.405.el6] - kvm-Revert-usb-hub-report-status-changes-only-once.patch [bz#1002888] - kvm-virtio-net-revert-mac-on-reset.patch [bz#890265] - kvm-virtio-net-fix-up-HMP-NIC-info-string-on-reset.patch [bz#890265] - Resolves: bz#1002888 (usb hub doesn't work properly (win2012 sees downstream port #1 only)) - Resolves: bz#890265 (change the mac of virtio_net device temporary but will effect forever after reboot guest) [qemu-kvm-0.12.1.2-2.404.el6] - kvm-target-i386-kvm-save-restore-steal-time-MSR.patch [bz#903123] - Resolves: bz#903123 (The value of steal time in 'top' command always is '0.0% st' after guest migration) [qemu-kvm-0.12.1.2-2.403.el6] - kvm-block-Remove-semicolon-in-BDRV_SECTOR_MASK-macro.patch [bz#914802] - kvm-block-implement-is_allocated-for-raw.patch [bz#914802] - kvm-qemu-io-fix-the-alloc-command.patch [bz#914802] - kvm-stream-complete-early-if-end-of-backing-file-is-reac.patch [bz#914802] - kvm-block-cow-Return-real-error-code.patch [bz#914802] - kvm-cow-Use-bdrv_-p-write_sync-for-metadata-writes.patch [bz#914802] - kvm-cow-make-reads-go-at-a-decent-speed.patch [bz#914802] - kvm-cow-make-writes-go-at-a-less-indecent-speed.patch [bz#914802] - kvm-cow-do-not-call-bdrv_co_is_allocated.patch [bz#914802] - kvm-block-keep-bs-total_sectors-up-to-date-even-for-grow.patch [bz#914802] - kvm-block-make-bdrv_co_is_allocated-static.patch [bz#914802] - kvm-block-do-not-use-total_sectors-in-bdrv_co_is_allocat.patch [bz#914802] - kvm-block-remove-bdrv_is_allocated_above-bdrv_co_is_allo.patch [bz#914802] - kvm-block-expect-errors-from-bdrv_co_is_allocated.patch [bz#914802] - kvm-qemu-img-always-probe-the-input-image-for-allocated-.patch [bz#914802] - kvm-block-make-bdrv_has_zero_init-return-false-for-copy-.patch [bz#914802] - kvm-block-introduce-bdrv_get_block_status-API.patch [bz#914802] - kvm-block-define-get_block_status-return-value.patch [bz#914802] - kvm-block-return-get_block_status-data-and-flags-for-for.patch [bz#914802] - kvm-block-use-bdrv_has_zero_init-to-return-BDRV_BLOCK_ZE.patch [bz#914802] - kvm-block-return-BDRV_BLOCK_ZERO-past-end-of-backing-fil.patch [bz#914802] - kvm-qemu-img-add-a-map-subcommand.patch [bz#914802] - kvm-docs-qapi-document-qemu-img-map.patch [bz#914802] - kvm-block-add-default-get_block_status-implementation-fo.patch [bz#914802] - kvm-qemu-img-fix-invalid-JSON.patch [bz#914802] - Resolves: bz#914802 (Support backup vendors in qemu to access qcow disk readonly (qemu-img metadata dump)) [qemu-kvm-0.12.1.2-2.402.el6] - Move VPC from r/w whitelist to r/o whitelist [bz#999779] - kvm-migrate-add-migration-blockers.patch [bz#999779] - kvm-qed-add-migration-blocker-v2.patch [bz#999779] - kvm-qed-remove-incoming-live-migration-blocker.patch [bz#999779] - kvm-vpc-Add-migration-blocker.patch [bz#999779] - Resolves: bz#999779 (Add vpc file format support in qemu-kvm) [qemu-kvm-0.12.1.2-2.401.el6] - Add block VHD/VPC format to block driver whitelist [bz#999779] - kvm-block-vpc-Fix-conversion-from-size-to-disk-geometry.patch [bz#999779] - kvm-vpc-Read-write-multiple-sectors-at-once.patch [bz#999779] - kvm-vpc-Use-bdrv_-p-write_sync-for-metadata-writes.patch [bz#999779] - kvm-vpc-fix-a-file-descriptor-leak.patch [bz#999779] - kvm-vpc.c-Use-get_option_parameter-does-the-search.patch [bz#999779] - kvm-block-vpc.c-Detect-too-large-vpc-file.patch [bz#999779] - kvm-vpc-Add-missing-error-handling-in-alloc_block.patch [bz#999779] - kvm-vpc-Add-support-for-Fixed-Disk-type.patch [bz#999779] - kvm-vpc-Round-up-image-size-during-fixed-image-creation.patch [bz#999779] - kvm-block-vpc-initialize-the-uuid-footer-field.patch [bz#999779] - kvm-block-vpc-support-for-2-TB-disks.patch [bz#999779] - kvm-vpc-Fix-bdrv_open-error-handling.patch [bz#999779] - Resolves: bz#999779 (Add vpc file format support in qemu-kvm) [qemu-kvm-0.12.1.2-2.400.el6] - kvm-vmdk-Move-l1_size-check-into-vmdk_add_extent.patch [bz#995865] - kvm-vmdk-fix-L1-and-L2-table-size-in-vmdk3-open.patch [bz#995865] - kvm-vmdk-support-vmfsSparse-files.patch [bz#995865] - kvm-vmdk-support-vmfs-files.patch [bz#995865] - kvm-block-initialize-do_check_io_limits-error-pointer-to.patch [bz#1001436] - kvm-gluster-Abort-on-AIO-completion-failure.patch [bz#997220] - Resolves: bz#1001436 (Qemu core dumped when set iops,bps... to a negative value var monitor) - Resolves: bz#995865 (fix vmdk support to ESX images) - Resolves: bz#997220 (Race in gluster_finish_aiocb) [qemu-kvm-0.12.1.2-2.399.el6] - kvm-block-migration-propagate-return-value-when-bdrv_wri.patch [bz#994813] - kvm-block-migration-actually-disable-dirty-tracking-on-c.patch [bz#994813] - kvm-Fix-off-by-one-error-in-page_l1_map.patch [bz#996791] - Resolves: bz#994813 ([FJ6.4 Bug] the guest doesn't operate normally after block live migration with out of disk space) - Resolves: bz#996791 (Off-by-one error in page_l1_map() can lead to out-of-bounds access) [qemu-kvm-0.12.1.2-2.398.el6] - kvm-block-use-Error-in-do_check_io_limits.patch [bz#987725] - kvm-block-refuse-negative-iops-and-bps-values.patch [bz#987725] - Resolves: bz#987725 (Guest should failed to be booted if specifying iops,bps as negative value) [qemu-kvm-0.12.1.2-2.397.el6] - kvm-block-Decouple-block-device-commit-all-from-DriveInf.patch [bz#856505] - kvm-block-Monitor-command-commit-neglects-to-report-some.patch [bz#856505] - kvm-block-for-HMP-commit-operations-on-all-skip-non-COW-.patch [bz#856505] - Resolves: bz#856505 (Missing error message in bdrv_commit to read-only backing file) [qemu-kvm-0.12.1.2-2.396.el6] - Fix glusterfs support in the qemu white-list - Related: bz#848070 ([RHEL 6.5] Add glusterfs support to qemu) [qemu-kvm-0.12.1.2-2.394.el6] - kvm-dump-clamp-guest-provided-mapping-lengths-to-rambloc.patch [bz#989585] - kvm-dump-introduce-GuestPhysBlockList.patch [bz#989585] - kvm-dump-populate-guest_phys_blocks.patch [bz#989585] - kvm-dump-rebase-from-host-private-RAMBlock-offsets-to-gu.patch [bz#989585] - kvm-virtio-net-remove-layout-assumptions-for-ctrl-vq.patch [bz#904927] - kvm-virtio-net-introduce-a-new-macaddr-control.patch [bz#904927] - kvm-net-add-compat-property-to-disable-ctrl_mac_addr-fea.patch [bz#904927] - kvm-virtio-net-rename-ctrl-rx-commands.patch [bz#904927] - kvm-target-i386-fix-bits-39-32-of-the-final-physical-add.patch [bz#880990] - kvm-qxl-Don-t-drop-client-capability-bits.patch [bz#880990] - kvm-block-fix-null-pointer-bug-on-error-case-in-block-co.patch [bz#880990] - Resolves: bz#880990 ([coverity] suspicious use of sizeof, bad use of strncpy(), etc) - Resolves: bz#904927 (RFE: (qemu) Introduce a vq command to robust virtio net mac programming) - Resolves: bz#989585 (crash command can not read the dump-guest-memory file when paging=false [RHEL-6]) [qemu-kvm-0.12.1.2-2.393.el6] - kvm-add-timestamp-to-error_report.patch [bz#906931] - kvm-Convert-stderr-message-calling-error_get_pretty-to-e.patch [bz#906931] - Resolves: bz#906931 ([Hitachi 6.5 FEAT][QEMU]Add a time stamp to error message (*)) [qemu-kvm-0.12.1.2-2.392.el6] - Whitelist rbd block driver [bz#988079] - kvm-ceph-rbd-block-driver-for-qemu-kvm.patch [bz#988079] - kvm-rbd-link-and-load-librbd-dynamically.patch [bz#988079] - kvm-rbd-Only-look-for-qemu-specific-copy-of-librbd.so.1.patch [bz#988079] - kvm-Build-rbd-block-driver-only-for-qemu-kvm-rhev.patch [bz#988079] - kvm-block-call-the-snapshot-handlers-of-the-protocol-dri.patch [bz#988079] - Resolves: bz#988079 ([6.5 FEAT] qemu runtime support for librbd backend (ceph)) [qemu-kvm-0.12.1.2-2.391.el6] - Set qemu-guest-agent to be started automatically [bz#888297] - kvm-migration-add-migrate_set_state-tracepoint.patch [bz#903429] - kvm-vl-add-runstate_set-tracepoint.patch [bz#903429] - kvm-all-add-kvm_ioctl-kvm_vm_ioctl-kvm_vcpu_ioctl-tr.patch [bz#903429] - kvm-all-add-kvm_run_exit-tracepoint.patch [bz#903429] - kvm-aio-Fix-qemu_aio_wait-to-maintain-correct-walking_ha.patch [bz#848070] - kvm-aio-Another-fix-to-the-walking_handlers-logic.patch [bz#848070] - kvm-qemu-URI-parsing-library.patch [bz#848070] - kvm-qemu-tool-Add-dummy-qemu_mutex_lock_iothread-and-qem.patch [bz#848070] - kvm-block-Support-GlusterFS-as-a-QEMU-block-backend.patch [bz#848070] - kvm-configure-Add-a-config-option-for-GlusterFS-as-block.patch [bz#848070] - kvm-qcow2-Simplify-image-creation.patch [bz#848070] - kvm-block-Produce-zeros-when-protocols-reading-beyond-en.patch [bz#848070] - kvm-block-vdi-Fix-wrong-size-in-conditionally-used-memse.patch [bz#848070] - kvm-qcow2-Remove-old-image-creation-function.patch [bz#848070] - kvm-gluster-Add-image-resize-support.patch [bz#848070] - kvm-vdi-don-t-override-libuuid-symbols.patch [bz#848070] - kvm-gluster-Return-bdrv_has_zero_init-0.patch [bz#848070] - kvm-qcow2-Really-use-cache-unsafe-for-image-creation.patch [bz#848070] - kvm-gluster-Handle-BDRV_O_CACHE_WB-in-gluster-driver.patch [bz#848070] - Resolves: bz#848070 ([RHEL 6.5] Add glusterfs support to qemu) - Resolves: bz#888297 (qemu-ga should be enabled right after installation) - Resolves: bz#903429 ([Fujitsu 6.5 FEAT]: QEMU: Add tracepoints in live migration processing.) [qemu-kvm-0.12.1.2-2.390.el6] - Disable qemu-guest-agent for Win32 build [bz#996580] - kvm-Do-not-quit-QEMU-if-cpu-set-is-called-in-non-ACPI-mo.patch [bz#990237] - kvm-acl-Fix-acl_remove-not-to-mess-up-the-ACL.patch [bz#889255] - kvm-acl-acl_add-can-t-insert-before-last-list-element-fi.patch [bz#970516] - kvm-hw-misc-don-t-create-pvpanic-device-by-default.patch [bz#991100] - kvm-hw-misc-make-pvpanic-known-to-user.patch [bz#991100] - Resolves: bz#889255 (Monitor command acl_remove messes up the ACL) - Resolves: bz#970516 (Monitor command acl_add can't insert before last list element) - Resolves: bz#990237 (qemu-kvm exits when hotplugging a cpu with --no-acpi) - Resolves: bz#991100 (pvpanic device triggers guest bugs when present by default) - Resolves: bz#996580 (Remove qemu-ga-win32 from our rpm packages) [qemu-kvm-0.12.1.2-2.389.el6] - kvm-qemu-socket-zero-initialize-SocketAddress.patch [bz#676568] - kvm-qemu-socket-drop-pointless-allocation.patch [bz#676568] - kvm-qemu-char-check-optional-fields-using-has_.patch [bz#676568] - kvm-qemu-char-use-more-specific-error_setg_-variants.patch [bz#676568] - kvm-qemu-char-print-notification-to-stderr.patch [bz#676568] - kvm-qemu-char-fix-documentation-for-telnet-wait-socket-f.patch [bz#676568] - kvm-qemu-char-don-t-leak-opts-on-error.patch [bz#676568] - kvm-qemu-char-use-ChardevBackendKind-in-CharDriver.patch [bz#676568] - kvm-qemu-char-minor-mux-chardev-fixes.patch [bz#676568] - kvm-qemu-char-add-chardev-mux-support.patch [bz#676568] - kvm-qemu-char-report-udp-backend-errors.patch [bz#676568] - kvm-qemu-socket-don-t-leak-opts-on-error.patch [bz#676568] - kvm-block-Allow-IO-throttling-fields-in-__com.redhat_dri.patch [bz#987745] - kvm-qemu-add-castagnoli-crc32c-checksum-algorithm.patch [bz#963420] - kvm-block-vhdx-header-for-the-QEMU-support-of-VHDX-image.patch [bz#963420] - kvm-block-initial-VHDX-driver-support-framework-supports.patch [bz#963420] - kvm-block-add-read-only-support-to-VHDX-image-format.patch [bz#963420] - Resolves: bz#676568 (RFE: support hotplugging chardev & virtio-serial ports) - Resolves: bz#963420 ([RHEL-6.5] Backport support for vhd(x) image format) - Resolves: bz#987745 (fail to do hotplug with qemu i/o throttling including iops,iops_wr,iops_rd,bps,bps_wr,bps_rd inofs) [qemu-kvm-0.12.1.2-2.388.el6] - kvm-vmdk-fix-comment-for-vmdk_co_write_zeroes.patch [bz#994804] - kvm-vmdk-Make-VMDK3Header-and-VmdkGrainMarker-QEMU_PACKE.patch [bz#994804] - kvm-vmdk-byteswap-VMDK4Header.desc_offset-field.patch [bz#994804] - kvm-vmdk-use-unsigned-values-for-on-disk-header-fields.patch [bz#994804] - kvm-vmdk-check-granularity-field-in-opening.patch [bz#994804] - kvm-vmdk-refuse-to-open-higher-version-than-supported.patch [bz#994804] - kvm-vmdk-check-l2-table-size-when-opening.patch [bz#994804] - kvm-vmdk-check-l1-size-before-opening-image.patch [bz#994804] - kvm-vmdk-use-heap-allocation-for-whole_grain.patch [bz#994804] - kvm-vmdk-rename-num_gtes_per_gte-to-num_gtes_per_gt.patch [bz#994804] - kvm-vmdk-Allow-reading-variable-size-descriptor-files.patch [bz#994804] - kvm-qemu-char-Fix-ID-reuse-after-chardev-remove-for-qapi.patch [bz#994891] - kvm-dataplane-refuse-to-start-if-device-is-already-in-us.patch [bz#995530] - Resolves: bz#994804 (qemu-kvm should verify image header fields before opening VMDK) - Resolves: bz#994891 (duplicate chardev reported after chardev-remove) - Resolves: bz#995530 (dataplane: refuse to start if device is already in use) [qemu-kvm-0.12.1.2-2.387.el6] - kvm-Add-spent-time-for-migration.patch [bz#981235] - kvm-migration-print-total-downtime-for-final-phase-of-mi.patch [bz#981235] - kvm-blockdev-reset-werror-rerror-on-drive_del.patch [bz#970159] - kvm-scsi-generic-fix-sign-extension-of-READ-CAPACITY-10-.patch [bz#963151] - Resolves: bz#963151 ([FJ6.4 Bug] Once a guest OS issues READ_CAPACITY(10), it becomes unable to access beyond 2TB on the disk) - Resolves: bz#970159 (qemu-kvm-rhevm [race]: vm pauses with 'block I/O error in device '': No medium found (123)' when hounplug a disk and cannot be resumed) - Resolves: bz#981235 (RFE: Request detail migration statistics output for live migration on RHEL6.5) [qemu-kvm-0.12.1.2-2.386.el6] - kvm-block-fix-initialization-of-IO-limits-for-RHEL.patch [bz#994374] - Resolves: bz#994374 (boot up guest failed, hung in 'booting from hard disk') [qemu-kvm-0.12.1.2-2.385.el6] - kvm-ccid-card-emul-do-not-crash-if-backend-is-not-provid.patch [bz#917860] - kvm-ccid-make-backend_enum_table-static-const-and-adjust.patch [bz#917860] - kvm-ccid-declare-DEFAULT_ATR-table-to-be-static-const.patch [bz#917860] - kvm-libcacard-vscclient-fix-error-paths-for-socket-creat.patch [bz#917860] - kvm-libcacard-Use-format-specifier-u-instead-of-d-for-un.patch [bz#917860] - kvm-Spelling-fixes-in-comments-it-s-its.patch [bz#917860] - kvm-libcacard-Fix-unchecked-strdup-by-converting-to-g_st.patch [bz#917860] - kvm-libcacard-split-vscclient-main-from-socket-reading.patch [bz#917860] - kvm-libcacard-vscclient-to-use-QemuThread-for-portabilit.patch [bz#917860] - kvm-libcacard-teach-vscclient-to-use-GMainLoop-for-porta.patch [bz#917860] - kvm-libcacard-use-system-config-directory-for-nss-db-on-.patch [bz#917860] - kvm-libcacard-remove-sql-prefix.patch [bz#917860] - kvm-libcacard-remove-default-libcoolkey-loading.patch [bz#917860] - kvm-dev-smartcard-reader-nicer-debug-messages.patch [bz#917860] - kvm-hw-usb-dev-smartcard-reader.c-remove-aborts-never-tr.patch [bz#917860] - kvm-hw-usb-dev-smartcard-reader-support-windows-guest.patch [bz#917860] - kvm-libcacard-change-default-ATR.patch [bz#917860] - kvm-hw-ccid-card-passthru.c-add-atr-check.patch [bz#917860] - kvm-ccid-card-passthru-dev-smartcard-reader-add-debug-en.patch [bz#917860] - kvm-usb-ccid-Drop-unused-CCIDCardInfo-callback-print.patch [bz#917860] - kvm-hw-usb-dev-smartcard-reader.c-define-structs-for-CCI.patch [bz#917860] - kvm-dev-smartcard-reader-change-default-protocol-to-T-0.patch [bz#917860] - kvm-dev-smartcard-reader-copy-atr-protocol-to-ccid-param.patch [bz#917860] - kvm-libcacard-vreader-add-debugging-messages-for-apdu.patch [bz#917860] - kvm-dev-smartcard-reader-empty-implementation-for-Mechan.patch [bz#917860] - kvm-libcacard-cac-change-big-switch-functions-to-single-.patch [bz#917860] - kvm-usb-smartcard-reader-Properly-NAK-interrupt-eps-when.patch [bz#917860] - kvm-uhci-Don-t-allow-the-guest-to-set-port-enabled-when-.patch [bz#917860] - kvm-usb-ccid-remote-wakeup-support.patch [bz#917860] - kvm-uhci-egsm-fix.patch [bz#917860] - kvm-virtio-net-dynamic-network-offloads-configuration.patch [bz#990225] - kvm-char-io_channel_send-don-t-lose-written-bytes.patch [bz#985334] - kvm-monitor-maintain-at-most-one-G_IO_OUT-watch.patch [bz#985334] - kvm-register-exit-function-after-starting-timers.patch [bz#843797] - kvm-virtio-properly-validate-address-before-accessing-co.patch [bz#956953] - Resolves: bz#843797 (qemu-kvm core dumps when virtio-net(w/ tx=timer and vhost=on) RHEL.6(w/ msi-x enabled) guest shutting down) - Resolves: bz#917860 (Smartcard emulation with Windows guest fails) - Resolves: bz#956953 (insufficient address validation during config access of virtio device) - Resolves: bz#985334 (query mem info from monitor would cause qemu-kvm hang [RHEL-6.5]) - Resolves: bz#990225 ([RHEV/RHEL] Integrate dynamic offloads into virtio-net device) [qemu-kvm-0.12.1.2-2.384.el6] - kvm-Fix-compilation-of-I-O-throttling.patch [bz#975468] - Resolves: bz#975468 (RFE: Enable qemu IO throttling only in qemu-kvm-rhev) [qemu-kvm-0.12.1.2-2.383.el6] - kvm-virtio-net-properly-check-the-vhost-status-during-st.patch [bz#957319] - kvm-configure-add-option-for-io-throttling-RHEL-6-only.patch [bz#975468] - kvm-Only-enable-IO-throttling-for-RHEV.patch [bz#975468] - kvm-qapi-qapi-commands-fix-possible-leaks-on-visitor-dea.patch [bz#990316] - Resolves: bz#957319 (Guest w/ vhost=on over virtio-net-pci, under hmp, 'set_link off', then migrate, migrate failed, src qemu-kvm process core dumped) - Resolves: bz#975468 (RFE: Enable qemu IO throttling only in qemu-kvm-rhev) - Resolves: bz#990316 (QMP: possible memory leaks on commands failure) [qemu-kvm-0.12.1.2-2.382.el6] - kvm-vmdk-remove-wrong-calculation-of-relative-path.patch [bz#977767] - kvm-Fix-real-mode-guest-migration.patch [bz#888767] - kvm-Fix-real-mode-guest-segments-dpl-value-in-savevm.patch [bz#888767] - kvm-virtio-scsi-enable-MSI-X-support.patch [bz#987025] - Resolves: bz#888767 ('kvm: unhandled exit 80000021' when migrating to some hosts) - Resolves: bz#977767 (there is wrong backing file specified for making external snapshot with vmdk format disk) - Resolves: bz#987025 (enable MSI-X for virtio-scsi) [qemu-kvm-0.12.1.2-2.381.el6] - kvm-qemu-char-Set-foo_tag-0-when-returning-FALSE-from-ca.patch [bz#676568] - kvm-qapi-generate-correct-enum-names-for-camel-case-enum.patch [bz#676568] - kvm-qapi-don-t-convert-enum-strings-to-lowercase.patch [bz#676568] - kvm-qapi-avoid-reserved-keywords.patch [bz#676568] - kvm-qapi-do-not-protect-enum-values-from-namespace-pollu.patch [bz#676568] - kvm-qapi-add-unix-to-the-set-of-reserved-words.patch [bz#676568] - kvm-qapi-generate-C-types-for-fixed-width-integers.patch [bz#676568] - kvm-qapi-Add-Visitor-interfaces-for-uint-_t-and-int-_t.patch [bz#676568] - kvm-qapi-add-String.patch [bz#676568] - kvm-qapi-add-socket-address-types.patch [bz#676568] - kvm-qmp-add-and-use-q-type-specifier.patch [bz#676568] - kvm-qemu-Add-opt_set_bool-functionality.patch [bz#676568] - kvm-build-add-QAPI-files-to-the-tools.patch [bz#676568] - kvm-qemu-sockets-unix_listen-and-unix_connect-are-portab.patch [bz#676568] - kvm-qemu-sockets-add-nonblocking-connect-for-Unix-socket.patch [bz#676568] - kvm-qemu-sockets-include-strerror-or-gai_strerror-output.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-inet_connect_a.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-inet_dgram_opt.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-inet_parse.patch [bz#676568] - kvm-qemu-sockets-add-error-propagation-to-Unix-socket-fu.patch [bz#676568] - kvm-qemu-ga-drop-temporary-extra-check-for-unix_listen-r.patch [bz#676568] - kvm-qemu-sockets-return-InetSocketAddress-from-inet_pars.patch [bz#676568] - kvm-qemu-sockets-add-socket_listen-socket_connect-socket.patch [bz#676568] - kvm-qemu-sockets-Fix-parsing-of-the-inet-option-to.patch [bz#676568] - kvm-qemu-socket-set-passed-fd-non-blocking-in-socket_con.patch [bz#676568] - kvm-qemu-char-ask-and-print-error-information-from-qemu-.patch [bz#676568] - kvm-vnc-avoid-Yoda-conditionals.patch [bz#676568] - kvm-vnc-introduce-a-single-label-for-error-returns.patch [bz#676568] - kvm-vnc-add-error-propagation-to-vnc_display_open.patch [bz#676568] - kvm-chardev-add-error-reporting-for-qemu_chr_new_from_op.patch [bz#676568] - kvm-chardev-fix-QemuOpts-lifecycle.patch [bz#676568] - kvm-chardev-reduce-chardev-ifdef-mess-a-bit.patch [bz#676568] - kvm-chardev-add-qmp-hotplug-commands-with-null-chardev-s.patch [bz#676568] - kvm-chardev-add-file-chardev-support-to-chardev-add-qmp.patch [bz#676568] - kvm-chardev-add-serial-chardev-support-to-chardev-add-qm.patch [bz#676568] - kvm-chardev-add-parallel-chardev-support-to-chardev-add-.patch [bz#676568] - kvm-chardev-add-socket-chardev-support-to-chardev-add-qm.patch [bz#676568] - kvm-chardev-add-pty-chardev-support-to-chardev-add-qmp.patch [bz#676568] - kvm-qemu-char-Avoid-unused-variable-warning-in-some-conf.patch [bz#676568] - kvm-qapi-Flatten-away-ChardevPort.patch [bz#676568] - kvm-qemu-char-make-char-drivers-dynamically-registerable.patch [bz#676568] - kvm-qemu-char-move-spice-registration-to-spice-qemu-char.patch [bz#676568] - kvm-qemu-char-move-baum-registration-to-baum.c.patch [bz#676568] - kvm-qemu-char-move-msmouse-registeration-to-msmouse.c.patch [bz#676568] - kvm-qemu-char-move-text-console-init-to-console.c.patch [bz#676568] - kvm-qemu-char.c-fix-waiting-for-telnet-connection-messag.patch [bz#676568] - kvm-chardev-add-support-for-qapi-based-chardev-initializ.patch [bz#676568] - kvm-chardev-add-mux-chardev-support-to-qapi.patch [bz#676568] - kvm-chardev-switch-null-init-to-qapi.patch [bz#676568] - kvm-chardev-add-msmouse-support-to-qapi.patch [bz#676568] - kvm-chardev-add-braille-support-to-qapi.patch [bz#676568] - kvm-chardev-switch-file-init-to-qapi.patch [bz#676568] - kvm-chardev-add-stdio-support-to-qapi.patch [bz#676568] - kvm-chardev-switch-serial-tty-init-to-qapi.patch [bz#676568] - kvm-chardev-switch-parallel-init-to-qapi.patch [bz#676568] - kvm-chardev-switch-pty-init-to-qapi.patch [bz#676568] - kvm-chardev-add-console-support-to-qapi.patch [bz#676568] - kvm-chardev-add-pipe-support-to-qapi.patch [bz#676568] - kvm-chardev-add-spice-support-to-qapi.patch [bz#676568] - kvm-create-TextConsole-together-with-the-CharDeviceState.patch [bz#676568] - kvm-remove-text_console_opts.patch [bz#676568] - kvm-chardev-add-vc-support-to-qapi.patch [bz#676568] - kvm-chardev-add-memory-ringbuf-support-to-qapi.patch [bz#676568] - kvm-chardev-add-udp-support-to-qapi.patch [bz#676568] - kvm-chardev-fix-info-chardev-output.patch [bz#676568] - Resolves: bz#676568 (RFE: support hotplugging chardev & virtio-serial ports) [qemu-kvm-0.12.1.2-2.380.el6] - kvm-kvmclock-clock-should-count-only-if-vm-is-running.patch [bz#903454] - kvm-spice-Add-spice-disable-agent-file-transfer-cmdline-.patch [bz#961850] - Update spice-server requirement [bz#961850] - Resolves: bz#903454 (kvm guest crash after long stop/cont cycle) - Resolves: bz#961850 (RFE: add -spice disable-agent-file-transfer cmdline option) [qemu-kvm-0.12.1.2-2.379.el6] - kvm-block-add-the-blockio-limits-command-line-support.patch [bz#956825] - kvm-CoQueue-introduce-qemu_co_queue_wait_insert_head.patch [bz#956825] - kvm-block-add-I-O-throttling-algorithm.patch [bz#956825] - kvm-hmp-qmp-add-block_set_io_throttle.patch [bz#956825] - kvm-block-disable-I-O-throttling-on-sync-api.patch [bz#956825] - kvm-block-add-the-support-to-drain-throttled-requests.patch [bz#956825] - kvm-block-Factor-bdrv_read_unthrottled-out-of-guess_disk.patch [bz#956825] - kvm-block-fix-initialization-in-bdrv_io_limits_enable.patch [bz#956825] - kvm-qapi-Introduce-blockdev-group-snapshot-sync-comman2.patch [bz#956825] - kvm-block-fix-I-O-throttling-accounting-blind-spot.patch [bz#956825] - kvm-block-keep-I-O-throttling-slice-time-constant.patch [bz#956825] - kvm-block-drop-duplicated-slice-extension-code.patch [bz#956825] - kvm-block-clean-up-I-O-throttling-wait_time-code.patch [bz#956825] - kvm-ide-convert-ide_sector_read-to-asynchronous-I-O.patch [bz#956825] - kvm-ide-convert-ide_sector_write-to-asynchronous-I-O.patch [bz#956825] - kvm-serial-add-pci-variant.patch [bz#872015] - kvm-serial-fix-error-handling.patch [bz#872015] - kvm-qapi-shortcut-visits-on-errors.patch [bz#983635] - kvm-qapi-allow-freeing-partially-allocated-objects.patch [bz#983635] - kvm-qapi-untangle-next_list.patch [bz#983635] - kvm-qapi-fix-error-propagation.patch [bz#983635] - Resolves: bz#872015 (A Windows VM can only see 2 of 4 assigned COM ports (Serial Devices)) - Resolves: bz#956825 (Backport IO throttling into RHEL 6.x KVM) - Resolves: bz#983635 (QMP: bad input crashes QEMU) - Resolves: bz#977760 (fail to boot guest attaching with vmdk format data disk(virito/virtio-scsi interface)) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4344 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.8.10-4.0.1.el6] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.8.10-4] - fix memory leak when reassemblying a packet - Related: #711024 [1.8.10-3] - fix config.h conflict - Related: #711024 [1.8.10-2] - do not configure with setcap-install - Related: #711024 [1.8.10-1] - upgrade to 1.8.10 - see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html - Related: #711024 [1.8.8-10] - fix consolehelper path for dumpcap - Related: #711024 [1.8.8-9] - fix dumpcap group - Related: #711024 [1.8.8-8] - fix tshark output streams and formatting for -L, -D - Resolves: #1004636 [1.8.8-7] - fix double free in wiretap/netmon.c - Related: #711024 [1.8.8-6] - security patches - Resolves: CVE-2013-4927 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-3557 [1.8.8-5] - fix desktop file - Related: #711024 [1.8.8-4] - fix tap-iostat buffer overflow - fix dcom string overrun - fix sctp bytes graph crash - fix airpcap dialog crash - Related: #711024 [1.8.8-3] - fix dumpcap privileges to 755 - Related: #711024 [1.8.8-2] - new sources - Related: #711024 [1.8.8-1] - upgrade to 1.8.8 - see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html - Resolves: #711024 - Resolves: #858976 - Resolves: #699636 - Resolves: #750712 - Resolves: #832021 - Resolves: #889346 - Resolves: #659661 - Resolves: #715560 [1.2.15-3] - security patches - Resolves: CVE-2011-1143 CVE-2011-1590 CVE-2011-1957 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-1958 CVE-2011-2597 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0066 CVE-2012-0067 CVE-2012-0042 CVE-2012-1595 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5599 CVE-2013-4083 CVE-2013-4927 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-5598 CVE-2012-5600 CVE-2012-6061 CVE-2012-6062 CVE-2013-3557 CVE-2013-4081 CVE-2013-4932 CVE-2012-2392 CVE-2012-3825 CVE-2012-4285 CVE-2012-4292 CVE-2012-5595 CVE-2012-5597 CVE-2012-6056 CVE-2012-6060 CVE-2013-3561 CVE-2013-5721 CVE-2012-4288 CVE-2012-6059 CVE-2013-3559 CVE-2013-4931 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.6.6-51] - Fixed memory leak in _ssl._get_peer_alt_names Resolves: rhbz#1002983 [2.6.6-50] - Added fix for CVE-2013-4238 Resolves: rhbz#998784 [2.6.6-49] - Fix shebangs in several files in python-tools subpackage Resolves: rhbz#521898 [2.6.6-48] - Fix sqlite3.Cursor.lastrowid under a Turkish locale. Resolves: rhbz#841937 [2.6.6-47] - Urlparse now parses query and fragment of urls for any scheme. Resolves: rhbz#978129 [2.6.6-46] - Add wrapper for select.select to restart a system call Resolves: rhbz#948025 [2.6.6-45] - Add try-except to catch OSError in WatchedFileHandler Resolves: rhbz#919163 [2.6.6-44] - Fix urandom to throw proper exception Resolves: rhbz#893034 [2.6.6-43] - Backport of collections.OrderedDict from Python 2.7 Resolves: rhbz#929258 [2.6.6-42] - Add an explicit RPATH to _elementtree.so pointing at the directory containing system expat Resolves: rhbz#962779 [2.6.6-41] - Don't let failed incoming SSL connection stay open forever Resolves: rhbz#960168 [2.6.6-40] - Fix Python not reading Alternative Subject Names from some SSL certificates Resolves: rhbz#928390 [2.6.6-39] - Remove BOM insertion code from SysLogHandler that causes messages to be treated as EMERG level Resolves: rhbz#845802 [2.6.6-38] - move most of the payload of the core package to the libs subpackage, given that the libs aren't meaningfully usable without the standard libraries - preserve timestamps when fixing shebangs (patch 158) and when installing, to minimize .pyc/.pyo differences across architectures (due to the embedded mtime in .pyc/.pyo headers) - fix multilib issue in /usr/bin/modulator and /usr/bin/pynche Related: rhbz#958256 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4238 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [5.3p1-94] - use dracut-fips package to determine if a FIPS module is installed (#1001565) [5.3p1-93] - use dist tag in suffixes for hmac checksum files (#1001565) [5.3p1-92] - use hmac_suffix for ssh{,d} hmac checksums (#1001565) [5.3p1-91] - fix NSS keys support (#1004763) [5.3p1-90] - change default value of MaxStartups - CVE-2010-5107 - #908707 - add -fips subpackages that contains the FIPS module files (#1001565) [5.3p1-89] - don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835) [5.3p1-88] - do ssh_gssapi_krb5_storecreds() twice - before and after pam sesssion (#974096) [5.3p1-87] - bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A (#993577) - fixed an issue with broken 'ssh -I pkcs11' (#908038) - abort non-subsystem sessions to forced internal sftp-server (#993509) - reverted 'store krb5 credentials after a pam session is created (#974096)' [5.3p1-86] - Add support for certificate key types for users and hosts (#906872) - Apply RFC3454 stringprep to banners when possible (#955792) [5.3p1-85] - fix chroot logging issue (#872169) - change the bad key permissions error message (#880575) - fix a race condition in ssh-agent (#896561) - backport support for PKCS11 from openssh-5.4p1 (#908038) - add a KexAlgorithms knob to the client and server configuration (#951704) - fix parsing logic of ldap.conf file (#954094) - Add HMAC-SHA2 algorithm support (#969565) - store krb5 credentials after a pam session is created (#974096) LOW Copyright 2013 Oracle, Inc. CVE-2010-5107 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.12-1.132] - Revert the addition of gettimeofday vDSO function for ppc and ppc64 until OPD VDSO function call issues are resolved (#1026533). [2.12-1.131] - Call gethostbyname4_r only for PF_UNSPEC (#1022022). [2.12-1.130] - Fix integer overflows in *valloc and memalign. (#1008310). [2.12-1.129] - Initialize res_hconf in nscd (#970090). [2.12-1.128] - Update previous patch for dcigettext.c and loadmsgcat.c (#834386). [2.12-1.127] - Save search paths before performing relro protection (#988931). [2.12-1.126] - Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for slowpow (#905575). [2.12-1.125] - Align value of stacksize in nptl-init (#663641). [2.12-1.124] - Renamed release engineering directory from 'fedora' to `releng' (#903754). [2.12-1.123] - Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc (#929302). - Fall back to local DNS if resolv.conf does not define nameservers (#928318). - Add systemtap probes to slowexp and slowpow (#905575). [2.12-1.122] - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951213). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951213). [2.12-1.121] - Add netgroup cache support for nscd (#629823). [2.12-1.120] - Fix multiple nss_compat initgroups() bugs (#966778). - Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384). [2.12-1.119] - Add MAP_HUGETLB and MAP_STACK support (#916986). - Update translation for stale file handle error (#970776). [2.12-1.118] - Improve performance of _SC_NPROCESSORS_ONLN (#rh952422). - Fix up _init in pt-initfini to accept arguments (#663641). [2.12-1.117] - Set reasonable limits on xdr requests to prevent memory leaks (#848748). [2.12-1.116] - Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars (#552960). - New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size (#663641). [2.12-1.115] - Improved handling of recursive calls in backtrace (#868808). [2.12-1.114] - The ttyname and ttyname_r functions on Linux now fall back to searching for the tty file descriptor in /dev/pts or /dev if /proc is not available. This allows creation of chroots without the procfs mounted on /proc. (#851470) [2.12-1.113] - Don't free rpath strings allocated during startup until after ld.so is re-relocated. (#862094) [2.12-1.112] - Consistantly MANGLE/DEMANGLE function pointers. Fix use after free in dcigettext.c (#834386). [2.12-1.111] - Change rounding mode only when necessary (#966775). [2.12-1.110] - Backport of code to allow incremental loading of library list (#886968). [2.12-1.109] - Fix loading of audit libraries when TLS is in use (#919562) [2.12-1.108] - Fix application of SIMD FP exception mask (#929388). MODERATE Copyright 2013 Oracle, Inc. CVE-2013-1914 CVE-2013-0242 CVE-2013-4332 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [5.3.3-26] - add security fix for CVE-2013-4248 [5.3.3-25] - rename patch to math CVE-2010-3709 name - add security fixes for CVE-2006-7243, CVE-2013-1643 [5.3.3-24] - fix buffer overflow in _pdo_pgsql_error (#969110) - fix double free when destroy_zend_class fails (#910466) - fix segfault in error_handler with allow_call_time_pass_reference = Off (#892158) - fix copy doesn't report failure on partial copy (#947428) - add rpm macros for packagers: %php_inidir, %php_incldir and %__php (#953814) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4248 CVE-2006-7243 CVE-2013-1643 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.13.0-23] - Fix root window damage reports when Xinerama is active (#919165) [1.13.0-22] - Fix Xephyr crashes in 8 and 16 bit mode (#1018405) [1.13.0-21] - Fix Damage reports when Xinerama is active (#919165) [1.13.0-20] - Fix broken Xorg -configure (#1016854) - CVE-2013-1940: Fix xf86FlushInput() to drain evdev events too (#950438) - CVE-2013-4396: Fix use-after free in ImageText requests (#1014561) [1.13.0-19] - Fix bad mouse offset when crossing Xephyr screens (#991077) - Fix doubling of mouse coords in multi-screen setups (#1004241) [1.13.0-18] - Fix freeze if a proximity event is sent after a SyncPointer (#999965) [1.13.0-17] - Fix crash at startup when using a font server (#795858) [1.13.0-16] - Conflict with older synaptics drivers to avoid bad scaling (#893808) [1.13.0-15] - Fix uneven pointer motion for absolute devices in relative mode (#893808) [1.13.0-14] - Restore Xephyr resizability (#915202) [1.13.0-13] - Enable XC-SECURITY (#957298) [1.13.0-12] - Restore GLX in Xvfb (#969538) LOW Copyright 2013 Oracle, Inc. CVE-2013-1940 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.1.10-14] - Log: crmd: Supply arguments in the correct order Resolves: rhbz#996850 - Fix: Invalid formatting of log message causes crash Resolves: rhbz#996850 [1.1.10-13] - Fix: cman: Start clvmd and friends from the init script if enabled [1.1.10-12] - Fix: Consistently use 'Slave' as the role for unpromoted master/slave resources Resolves: rhbz#1011618 - Fix: pengine: Location constraints with role=Started should prevent masters from running at all Resolves: rhbz#902407 - Fix: crm_resource: Observe --master modifier for --move Resolves: rhbz#902407 [1.1.10-11] + Fix: cman: Do not start pacemaker if cman startup fails + Fix: Fencing: Observe pcmk_host_list during automatic unfencing Resolves: rhbz#996850 [1.1.10-10] - Remove unsupported resource agent Resolves: rhbz#1005678 - Provide a meaningful error if --master is used for primitives and groups [1.1.10-9] + Fix: xml: Location constraints are allowed to specify a role + Bug rhbz#902407 - crm_resource: Handle --ban for master/slave resources as advertised Resolves: rhbz#902407 [1.1.10-8] + Fix: mcp: Remove LSB hints that instruct chkconfig to start pacemaker at boot time Resolves: rhbz#997346 [1.1.10-7] + Fencing: Support agents that need the host to be unfenced at startup Resolves: rhbz#996850 + Fix: crm_report: Collect corosync quorum data Resolves: rhbz#989292 [1.1.10-6] - Regenerate patches to have meaningful names [1.1.10-5] + Fix: systemd: Prevent glib assertion - only call g_error_free with non-NULL arguments + Fix: systemd: Prevent additional use-of-NULL assertions in g_error_free + Fix: logging: glib CRIT messages should not produce core files in the background + Fix: crmd: Correcty update the history cache when recurring ops change their return code + Log: crm_mon: Unmangle the output for failed operations + Log: cib: Correctly log short-form xml diffs + Log: pengine: Better indicate when a resource has failed [1.1.10-4] + Fix: crmd: Prevent crash by passing log arguments in the correct order + Fix: pengine: Do not re-allocate clone instances that are blocked in the Stopped state + Fix: pengine: Do not allow colocation with blocked clone instances [1.1.10-3] + Fix: pengine: Do not restart resources that depend on unmanaged resources + Fix: crmd: Prevent recurring monitors being cancelled due to notify operations [1.1.10-2] - Drop rgmanager 'provides' directive [1.1.10-1] - Update source tarball to revision: Pacemaker-1.1.10 - See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details - Resolves: rhbz#891766 - Resolves: rhbz#902407 - Resolves: rhbz#908450 - Resolves: rhbz#913093 - Resolves: rhbz#951340 - Resolves: rhbz#951371 - Related: rhbz#987355 LOW Copyright 2013 Oracle, Inc. CVE-2013-0281 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [2.6.32-431] - [md] Disabling of TRIM on RAID5 for RHEL6.5 was too aggressive (Jes Sorensen) [1028426] [2.6.32-430] - [x86] Revert 'efi: be more paranoid about available space when creating variables' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efivars: firmware bug workarounds should be in platform code' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Export efi_query_variable_store() for efivars.ko' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Check max_size only if it is non-zero' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Distinguish between 'remaining space' and actually used space' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Implement efi_no_storage_paranoia parameter' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'Modify UEFI anti-bricking code' (Rafael Aquini) [1012370 1023173] - [x86] Revert 'efi: Fix dummy variable buffer allocation' (Rafael Aquini) [1012370 1023173] [2.6.32-429] - [fs] revert xfs: prevent deadlock trying to cover an active log (Eric Sandeen) [1014867] [2.6.32-428] - [fs] Revert 'vfs: allow umount to handle mountpoints without revalidating them' (Rafael Aquini) [1024607] - [fs] Revert 'vfs: massage umount_lookup_last() a bit to reduce nesting' (Rafael Aquini) [1024607] - [fs] Revert 'vfs: rename user_path_umountat() to user_path_mountpoint_at()' (Rafael Aquini) [1024607] - [fs] Revert 'vfs: introduce kern_path_mountpoint()' (Rafael Aquini) [1024607] - [fs] Revert 'autofs4: fix device ioctl mount lookup' (Rafael Aquini) [1024607] [2.6.32-427] - [tools] perf: Add ref-cycles into array of tested events (Jiri Olsa) [968806] - [pci] Revert 'make SRIOV resources optional' (Myron Stowe) [1022270] - [pci] Revert 'ability to relocate assigned pci-resources' (Myron Stowe) [1022270] - [pci] Revert 'honor child buses add_size in hot plug configuration' (Myron Stowe) [1022270] - [pci] Revert 'make cardbus-bridge resources optional' (Myron Stowe) [1022270] - [pci] Revert 'code and comments cleanup' (Myron Stowe) [1022270] - [pci] Revert 'make re-allocation try harder by reassigning ranges higher in the heirarchy' (Myron Stowe) [1022270] - [pci] Revert 'Calculate right add_size' (Myron Stowe) [1022270] [2.6.32-426] - [block] loop: unplug_fn only when backing file is attached (Lukas Czerner) [1022997] - [fs] ext4: Remove warning from ext4_da_update_reserve_space() (Lukas Czerner) [1011876] - [kernel] async: Revert MAX_THREADS to 256 (Neil Horman) [1021705] - [net] ipv6: restrict neighbor entry creation to output flow (Jiri Pirko) [997103] - [net] ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Jiri Pirko) [1011930] {CVE-2013-4387} - [net] ipv4: blackhole route should always be recalculated (Herbert Xu) [1010347] - [net] unix: revert/fix race in stream sockets with SOCK_PASS* flags (Daniel Borkmann) [1019343] - [net] Loosen constraints for recalculating checksum in skb_segment() (Vlad Yasevich) [1020298] - [drm] nouveau: fix vblank deadlock (Rob Clark) [1013388] - [usb] xhci: refactor EHCI/xHCI port switching (Don Zickus) [970715] - [fs] compat_ioctl: VIDEO_SET_SPU_PALETTE missing error check (Phillip Lougher) [949573] {CVE-2013-1928} - [fs] vfs: fix d_mountpoint() (Ian Kent) [1011337] - [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [999708] - [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [999708] - [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [999708] - [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [999708] - [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [999708] - [fs] nfs: Remove the 'FIFO' behaviour for nfs41_setup_sequence (Steve Dickson) [1022257] - [fs] nfs: Record the OPEN create mode used in the nfs4_opendata structure (Steve Dickson) [1019439] - [fs] nfs: Simulate the change attribute (Steve Dickson) [1018653] - [scsi] megaraid_sas: Fix synchronization problem between sysPD IO path and AEN path (Tomas Henzl) [1019811] [2.6.32-425] - [md] dm-snapshot: fix data corruption (Mikulas Patocka) [974481] {CVE-2013-4299} - [watchdog] iTCO_wdt: add platform driver module alias (Neil Horman) [1019497] - [hda] alsa: disable 44.1kHz rate for Haswell HDMI/DP audio (Jaroslav Kysela) [831970] - [x86] Update UV3 hub revision ID (George Beshers) [1018962] - [fs] xfs: Don't reference the EFI after it is freed (Eric Sandeen) [1018469] - [security] keys: Fix a race between negating a key and reading the error set (Dave Wysochanski) [890231] - [fs] nfsv4: Ensure memory ordering between nfs4_ds_connect and nfs4_fl_prepare_ds (Jeff Layton) [1012439] - [fs] nfsv4: nfs4_fl_prepare_ds - fix bugs when the connect attempt fails (Jeff Layton) [1012439] - [md] Disable TRIM on RAID5 for RHEL 6.5 (Jes Sorensen) [837097] - [md] raid5: BIO_RW_SYNCIO is a bit number, not a bitmask (Jes Sorensen) [837097] - [virt] hyperv: framebuffer pci stub (Gerd Hoffmann) [1013335] - [netdrv] bnx2x: add missing enum channel_tlvs definitions (Michal Schmidt) [1015137] - [netdrv] bnx2x: KR2 disablement fix (Michal Schmidt) [1015137] - [netdrv] bnx2x: Specific Active-DAC is not detected on 57810 (Michal Schmidt) [1015137] - [netdrv] bnx2x: Generalize KR work-around (Michal Schmidt) [1015137] - [usb] usbnet: use ethd name for known ethernet devices (Don Zickus) [1014224] - [usb] cdc_ether: use ethd name for known ethernet devices (Don Zickus) [1014224] - [mm] Revert 'Find_early_table_space based on ranges that are actually being mapped' (Rafael Aquini) - [mm] Revert 'Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping' (Rafael Aquini) - [mm] Revert 'Group e820 entries together and add map_individual_e820 boot option' (Rafael Aquini) - [net] bridge: update mdb expiration timer upon reports (Vlad Yasevich) [1013816] - [net] veth: Remove NETIF_F_HW_VLAN_RX capability (Thomas Graf) [1018158] - [net] gre/vxlan: handle 802.1Q inner header properly (Thomas Graf) [997632] - [net] disable the new NAPI weight error message for RHEL 6.5 (Michal Schmidt) [1012090] - [scsi] sd: Fix parsing of 'temporary ' cache mode prefix (Ewan Milne) [955441] - [scsi] sd: fix array cache flushing bug causing performance problems (Ewan Milne) [955441] - [scsi] bfa: firmware update to 3.2.1.1 (Rob Evers) [1002770] - [netdrv] bna: firmware update to 3.2.1.1 (Ivan Vecera) [1002771] [2.6.32-424] - [block] loop: fix crash when using unassigned loop device (Mike Snitzer) [989795] - [fs] xfs: prevent deadlock trying to cover an active log (Dave Chinner) [1014867] - [x86] microcode: Fix patch level reporting for AMD family 15h (Prarit Bhargava) [1014401] - [hda] alsa: enable switcheroo code in the snd-hda-intel driver (Jaroslav Kysela) [1013993] - [x86] reboot: Fix a warning message triggered by stop_other_cpus() (Jerome Marchand) [840710] - [kernel] async: Bump up the MAX_THREADS count for the async subsystem (Neil Horman) [1010666] - [pci] Calculate right add_size (Myron Stowe) [997672] - [netdrv] iwlwifi: pcie: add SKUs for 6000, 6005 and 6235 series (Stanislaw Gruszka) [1013951] - [netdrv] iwlwifi: pcie: add new SKUs for 7000 & 3160 NIC series (Stanislaw Gruszka) [1013951] - [netdrv] iwlwifi: enable shadow registers for 7000 (Stanislaw Gruszka) [1013951] - [netdrv] iwlwifi: add new 7260 and 3160 series device IDs (Stanislaw Gruszka) [1013951] - [netdrv] be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd (Ivan Vecera) [1014360] - [netdrv] be2net: call ENABLE_VF cmd for Skyhawk-R too (Ivan Vecera) [1014360] - [netdrv] be2net: Fix to prevent Tx stall on SH-R when packet size < 32 (Ivan Vecera) [1014360] - [scsi] pm8001: Queue rotation logic for inbound and outbound queues (Rich Bono) [1013771] - [scsi] lpfc: Update lpfc version for 8.3.7.21.4p driver release (Rob Evers) [1004841] - [scsi] lpfc: Fixed spinlock hang (Rob Evers) [1004841] - [scsi] lpfc: Fixed spinlock inversion problem (Rob Evers) [1004841] - [scsi] lpfc: Fixed inconsistent spin lock useage (Rob Evers) [1004841] - [scsi] qla2xxx: Update version number to 8.05.00.03.06.5-k2 (Chad Dupuis) [912652] - [scsi] qla2xxx: Fix request queue null dereference (Chad Dupuis) [912652] - [net] tcp: TSQ can use a dynamic limit (Jiri Pirko) [996802] - [net] tcp: TSO packets automatic sizing (Jiri Pirko) [996802] - [net] tcp: Apply device TSO segment limit earlier (Jiri Pirko) [996802] - [net] Allow driver to limit number of GSO segments per skb (Jiri Pirko) [996802] - [net] cleanups in RX queue allocation (Ivan Vecera) [1012388] - [net] Update kernel-doc for netif_set_real_num_rx_queues() (Ivan Vecera) [1012388] - [net] netif_set_real_num_rx_queues may cap num_rx_queues at init time (Ivan Vecera) [1012388] [2.6.32-423] - [kvm] pmu: add proper support for fixed counter 2 (Gleb Natapov) [1000956] - [kvm] vmx: do not check bit 12 of EPT violation exit qualification when undefined (Gleb Natapov) [1006139] - [kvm] vmx: set 'blocked by NMI' flag if EPT violation happens during IRET from NMI (Gleb Natapov) [1006139] - [edac] Fix workqueue-related crashes (Aristeu Rozanski) [831127] - [edac] amd64_edac: Fix driver module removal (Aristeu Rozanski) [831127] - [md] raid5: BIO flags adjust (Jes Sorensen) [837097] - [md] Fix skipping recovery for read-only arrays (Jes Sorensen) [1014102] - [kernel] audit: fix mq_open and mq_unlink to add the MQ root as a hidden parent audit_names record (Richard Guy Briggs) [1009386] - [kernel] audit: log the audit_names record type (Richard Guy Briggs) [1009386] - [kernel] audit: add child record before the create to handle case where create fails (Richard Guy Briggs) [1009386] - [kernel] audit: format user messages to size of MAX_AUDIT_MESSAGE_LENGTH (Richard Guy Briggs) [1007069] - [netdrv] tg3: Expand led off fix to include 5720 (Ivan Vecera) [991498] - [netdrv] tg3: Don't turn off led on 5719 serdes port 0 (Ivan Vecera) [991498] - [netdrv] tg3: Don't turn off led on 5719 serdes port 0 (Ivan Vecera) [991498] - [netdrv] tg3: Fix UDP fragments treated as RMCP (Ivan Vecera) [991498] - [netdrv] tg3: Remove incorrect switch to aux power (Ivan Vecera) [991498] - [i2c] ismt: initialize DMA buffer (Neil Horman) [1014753] - [scsi] libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (Neil Horman) [1014864] - [fs] gfs2: Fix race in iteration of glocks for unfreeze/umount (Abhijith Das) [999909] - [fs] gfs2: dirty inode correctly in gfs2_write_end (Benjamin Marzinski) [991596] - [x86] Mark Intel Atom Avoton processor as supported (Prarit Bhargava) [914842] - [mm] vmscan: fix zone shrinking exit when scan work is done (David Gibson) [985155] - [block] free bios when failing blk_execute_rq_nowait calls (Jeff Moyer) [1009312] - [netdrv] be2net: fix disabling TX in be_close() (Ivan Vecera) [951271] - [crypto] Fix race condition in larval lookup (Herbert Xu) [916361] [2.6.32-422] - [fs] fuse: drop dentry on failed revalidate (Brian Foster) [924014] - [fs] fuse: clean up return in fuse_dentry_revalidate() (Brian Foster) [924014] - [fs] fuse: use d_materialise_unique() (Brian Foster) [924014] - [mm] Group e820 entries together and add map_individual_e820 boot option (Larry Woodman) [876275] - [mm] Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping (Larry Woodman) [876275] - [mm] Find_early_table_space based on ranges that are actually being mapped (Larry Woodman) [876275] - [hid] pantherlord: heap overflow flaw (Radomir Vrbovsky) [1000435] {CVE-2013-2892} - [virt] hv: Correctly support ws2008R2 and earlier (Jason Wang) [1007341] - [powerpc] iommu: Use GFP_KERNEL instead of GFP_ATOMIC in iommu_init_table() (Steve Best) [1012666] - [powerpc] Add isync to copy_and_flush (Steve Best) [1014475] - [block] rsxx: Kernel Panic caused by mapping Discards (Steve Best) [1013728] - [kernel] audit: avoid soft lockup due to audit_log_start() incorrect loop termination (Richard Guy Briggs) [990806] - [fs] nfsv4: Remove the BUG_ON() from nfs4_get_lease_time_prepare() (Steve Dickson) [1012688] - [netdrv] bnx2x: fix loss of VLAN priority information in received TPA-aggregated packets (Michal Schmidt) [1014694] - [fs] gfs2: garbage quota usage reported due to uninitialized inode during creation (Abhijith Das) [1008947] - [fs] nfs: fix filelayout_commit_call_ops (Scott Mayhew) [1012479] - [netdrv] igb: fix driver reload with VF assigned to guest (Stefan Assmann) [985733] - [md] Fix bio flags for md raid5 (Jes Sorensen) [837097] - [md] Fix bio flags for md raid10 (Jes Sorensen) [837097] - [scsi] qla4xxx: 5.03.00.00.06.05-k3 (Chad Dupuis) [1011476] - [scsi] qla4xxx: Support setting of local CHAP index for flash target entry (Chad Dupuis) [1011476] - [scsi] qla4xxx: Correct the check for local CHAP entry type (Chad Dupuis) [1011476] - [scsi] lpfc: Update lpfc version for 8.3.7.21.3p driver release (Rob Evers) [1012961] - [scsi] lpfc: Fixed function mode field defined too small for not recognizing dual-chute mode (Rob Evers) [1012961] - [net] Revert 'net: more accurate skb truesize' (Francesco Fusco) [889181] - [net] fix multiqueue selection (Michal Schmidt) [1011939] [2.6.32-421] - [scsi] bnx2fc: Bump version from 1.0.14 to 2.4.1 (Tomas Henzl) [1008733] - [scsi] bnx2fc: hung task timeout warning observed when rmmod bnx2x with active FCoE targets (Tomas Henzl) [1008733] - [scsi] bnx2fc: Fixed a SCSI CMD cmpl race condition between ABTS and CLEANUP (Tomas Henzl) [1008733] - [scsi] cnic: Fix crash in, cnic_bnx2x_service_kcq() (Tomas Henzl) [1004554] - [hid] zeroplus: validate output report details (Frantisek Hrbata) [999906] {CVE-2013-2889} - [hid] provide a helper for validating hid reports (Frantisek Hrbata) [999906] {CVE-2013-2889} - [netdrv] sfc: Add SIOCEFX:EFX_MCDI_REQUEST ioctl to workaround MTD limits (Nikolay Aleksandrov) [1008705] - [netdrv] sfc: deny changing of unsupported flags (Nikolay Aleksandrov) [1010840] - [kernel] __ptrace_may_access() should not deny sub-threads (Oleg Nesterov) [927360] - [tools] perf: Make kmem work for non numa machines (Jiri Olsa) [984788] - [powerpc] Bring all threads online prior to migration/hibernation (Steve Best) [1010528] - [kvm] introduce guest count uevent (Paolo Bonzini) [1004802] - [scsi] iscsi_tcp: consider session state in iscsi_sw_sk_state_check (Chris Leech) [840638] - [crypto] ansi_cprng: Fix off by one error in non-block size request (Neil Horman) [1007694] {CVE-2013-4345} - [infiniband] cache: don't fill the cache with junk (Doug Ledford) [920306] - [usb] core: don't try to reset_device() a port that got just disconnected (Don Zickus) [1000944] - [usb] Fix connected device switch to Inactive state (Don Zickus) [1000944] - [usb] Don't use EHCI port sempahore for USB 3.0 hubs (Don Zickus) [1000944] - [netdrv] macvtap: Ignore tap features when VNET_HDR is off (Vlad Yasevich) [987201] - [netdrv] macvtap: Correctly set tap features when IFF_VNET_HDR is disabled (Vlad Yasevich) [987201] - [netdrv] macvtap: simplify usage of tap_features (Vlad Yasevich) [987201] - [infiniband] mlx4: Use default pkey when creating tunnel QPs (Doug Ledford) [993587] - [infiniband] core: Create QP1 using the pkey index which contains the default pkey (Doug Ledford) [993587] - [infiniband] ipoib: Make sure child devices use valid/proper pkeys (Doug Ledford) [993587] - [infiniband] ipoib: Fix pkey change flow for virtualization environments (Doug Ledford) [993587] - [netdrv] igb: don't deprecate the max_vfs parameter (Stefan Assmann) [1005877] - [netdrv] igb: Read flow control for i350 from correct EEPROM section (Stefan Assmann) [1005877] - [netdrv] igb: Add additional get_phy_id call for i354 devices (Stefan Assmann) [1005877] - [netdrv] igb: Update version number (Stefan Assmann) [1005877] - [netdrv] igb: Implementation to report advertised/supported link on i354 devices (Stefan Assmann) [1005877] - [netdrv] igb: Get speed and duplex for 1G non_copper devices (Stefan Assmann) [1005877] - [netdrv] igb: Support to get 2_5G link status for appropriate media type (Stefan Assmann) [1005877] - [netdrv] igb: No PHPM support in i354 devices (Stefan Assmann) [1005877] - [netdrv] igb: M88E1543 PHY downshift implementation (Stefan Assmann) [1005877] - [netdrv] igb: New PHY_ID for i354 device (Stefan Assmann) [1005877] - [netdrv] igb: Implementation of 1-sec delay for i210 devices (Stefan Assmann) [1005877] - [netdrv] igb: Don't look for a PBA in the iNVM when flashless (Stefan Assmann) [1005877] - [netdrv] igb: Expose RSS indirection table for ethtool (Stefan Assmann) [1005877] - [netdrv] igb: Add macro for size of RETA indirection table (Stefan Assmann) [1005877] - [netdrv] igb: Fix get_fw_version function for all parts (Stefan Assmann) [1005877] - [netdrv] igb: Add device support for flashless SKU of i210 device (Stefan Assmann) [1005877] - [netdrv] igb: Refactor NVM read functions to accommodate devices with no flash (Stefan Assmann) [1005877] - [netdrv] igb: Refactor of init_nvm_params (Stefan Assmann) [1005877] - [netdrv] igb: Update MTU so that it is always at least a standard frame size (Stefan Assmann) [1005877] - [netdrv] igb: don't allow SR-IOV without MSI-X (Stefan Assmann) [1005877] - [netdrv] igb: Added rcu_lock to avoid race (Stefan Assmann) [1005877] - [netdrv] igb: Read register for latch_on without return value (Stefan Assmann) [1005877] - [netdrv] igb: Reset the link when EEE setting changed (Stefan Assmann) [1005877] - [netdrv] treewide: relase -> release (Stefan Assmann) [1005877] - [scsi] iterate over devices individually for /proc/scsi/scsi (David Milburn) [966170] - [scsi] zfcp: fix lock imbalance by reworking request queue locking (Mikulas Patocka) [803592] - [kernel] pidns: fix two invalid task_active_pid_ns() usages (Aristeu Rozanski) [984597] - [netdrv] be2net: implement ethtool set/get_channel hooks (Ivan Vecera) [975885] - [netdrv] be2net: refactor be_setup() to consolidate queue creation routines (Ivan Vecera) [975885] - [netdrv] be2net: Fix be_cmd_if_create() to use MBOX if MCCQ is not created (Ivan Vecera) [975885] - [netdrv] be2net: refactor be_get_resources() code (Ivan Vecera) [975885] - [netdrv] be2net: don't limit max MAC and VLAN counts (Ivan Vecera) [975885] - [netdrv] be2net: Fixup profile management routines (Ivan Vecera) [975885] - [netdrv] be2net: use EQ_CREATEv2 for SH-R (Ivan Vecera) [975885] - [netdrv] be2net: delete primary MAC address while unloading (Ivan Vecera) [874733] - [netdrv] be2net: use SET/GET_MAC_LIST for SH-R (Ivan Vecera) [874733] - [netdrv] be2net: refactor MAC-addr setup code (Ivan Vecera) [874733] - [netdrv] be2net: fix pmac_id for BE3 VFs (Ivan Vecera) [874733] - [netdrv] be2net: allow VFs to program MAC and VLAN filters (Ivan Vecera) [874733] - [netdrv] be2net: fix MAC address modification for VF (Ivan Vecera) [874733] - [netdrv] be2net: don't use dev_err when AER enabling fails (Ivan Vecera) [986513] - [netdrv] be2net: Clear any capability flags that driver is not interested in (Ivan Vecera) [998856] - [net] ethtool: fix RHEL backport of ETHTOOL_RESET (Jiri Benc) [1008678] - [net] gact: Fix potential panic in tcf_gact() (Jiri Benc) [1003781] - [net] tcp: fix FIONREAD/SIOCINQ (Francesco Fusco) [1001479] - [net] vxlan: Avoid creating fdb entry with NULL destination (Amerigo Wang) [923915] - [net] bridge: sync the definition of struct br_mdb_entry with upstream (Amerigo Wang) [1010251] - [fs] proc/ns: Fix ABI of proc_inode (Thomas Graf) [1005224] - [fs] nfs: Fix writeback performance issue on cache invalidation (Scott Mayhew) [1010038] - [fs] xfs: switch stacks for bmap btree modifications (Dave Chinner) [918359] - [fs] GFS2: Dont flag consistency error if first mounter is a spectator (Robert S Peterson) [997929] - [x86] Mark Intel Haswell-EP as supported (Prarit Bhargava) [948339] - [s390] tx: allow program interruption filtering in user space (Hendrik Brueckner) [1006523] - [tty] hvc_iucv: Disconnect IUCV connection when lowering DTR (Hendrik Brueckner) [1007570] - [tty] hvc_console: Add DTR/RTS callback to handle HUPCL control (Hendrik Brueckner) [1007570] - [netdrv] bonding: fix bond_arp_rcv setting and arp validate desync state (Nikolay Aleksandrov) [1003697] - [netdrv] bonding: fix store_arp_validate race with mode change (Nikolay Aleksandrov) [1003697] - [netdrv] bonding: fix set mode race conditions (Nikolay Aleksandrov) [1003697] - [bluetooth] rfcomm: Fix info leak in RFCOMMGETDEVLIST ioctl() (Radomir Vrbovsky) [922409] {CVE-2012-6545} - [bluetooth] rfcomm: Fix info leak via getsockname() (Radomir Vrbovsky) [922409] {CVE-2012-6545} - [mm] mlock: operate on any regions with protection != PROT_NONE (Larry Woodman) [982460] - [mm] mlock: avoid dirtying pages and triggering writeback (Larry Woodman) [982460] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2164 CVE-2013-4591 CVE-2013-1928 CVE-2012-6542 CVE-2012-6545 CVE-2013-0343 CVE-2013-1929 CVE-2013-2234 CVE-2013-2889 CVE-2013-2892 CVE-2013-3231 CVE-2013-4345 CVE-2013-2851 CVE-2013-2888 CVE-2013-4387 CVE-2013-4592 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [8.4-31.0.1] - clean up empty file if cp is failed [Orabug 15973168] [8.4-31] - adjust the fix for the du bindmounts failure(#836557) * Mon Oct 07 2013 Ondrej Oprala <ooprala@redhat.com - 8.4-30 - Fix su retvals (once again) [8.4-29] - CVE-2013-0221 CVE-2013-0223 CVE-2013-0222 - fix various segmentation faults in sort, uniq and join(#1015019) [8.4-28] - su now returns correct retvals for all cases [8.4-27] - tail -F now disables inotify when encountering a symlink. Polling is used instead. * Mon Sep 16 2013 Ondrej Oprala <ooprala@redhat.com - 8.4-26 - df now properly dereferences long FS names(again) [8.4-25] - pr -n no longer crashes when passed values >= 32. Also line numbers are consistently padded with spaces, rather than with zeros for certain widths. (#997537) [8.4-24] - fix su return codes when NOT killed by a signal (#996190) [8.4-23] - fix several newly introduced defects found by Coverity check [8.4-22] - wait for su child to prevent errorneous execution of some commands (#749679) - correct return values after signal termination (#889531) and propagation of child core dump info (#747592) - dd now accepts 'status=none' to suppress all informational output(#965654) - cut --output-delimiter option was ignored for multibyte locales (#867984) - remove redundant setpwent() and setgrent () syscalls from stat -U/-G to improve NIS performance (#911206) - date: deal correctly with invalid input with special characters (#960160) - dd: provide support for the conv=sparse (#908980) - su/runuser: clarify which envvars are preserved/initialized in -p/-m and -l help/man documentation (#967623) - du: properly detect bindmounts (#836557) - df: fix alignment of columns (#842040) - id,groups: fix correct group printing (#816708) - mv : replace empty directories in cross file system move (#980061) [8.4-21] - fix parsing of field regression in sort command (introduced between RHEL5 and RHEL6 upstream) (#956143) [8.4-20] - revert to polling for unknown filesystems, update known fs for tail and stat based on coreutils-8.21 (#827199) LOW Copyright 2013 Oracle, Inc. CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 ibutils [1.5.7-8] - Add the -output patch to have programs use /var/cache/ibutils instead of /tmp Resolves: bz958569 infinipath-psm * Thu Jan 24 2013 Jay Fenlason <fenlason@redhat.com> - Put the udev rules file in the right place Resolves: rhbz866732 - include a patch from upstream to fix undefined references Resolves: rhbz887730 [3.0.1-115.1015_open.1] - New upstream releas Resolves: rhbz818789 [ 2.9-926.1005_open.2] - Add the udev rules file to close Resolves: rhbz747406 [2.9-926.1005_open.1] - New upstream version. Resolves: rhbz635915 * Fri Nov 05 2010 Jay Fenlason <fenlason@redhat.com> - Include the -execstack patch to get libinfinipath.so correctly labeled as not executing the stack. Resolves: rhbz612936 [1.13-2] - Use macros for lib and include directories, and include dist tag in release field. - Corrected License field. - Corrected Requires lines for libuuid. - Add Exclusive-arch x86_64 Related: rhbz570274 [1.13-1] - Initial build. libibverbs [1.1.7-1] - Update to latest upstream release - Remove patches that are now part of upstream - Fix ibv_srq_pingpong with negative value to -s option - Resolves: bz879191 libmlx4 [1.0.5-4.el6.1] - Fix dracut module for compatibility with RHEL6 version of dracut. - Resolves: bz789121 [1.0.5-4] - Add dracut module - Fix URL [1.0.5-3] - Reduce the dependencies of the setup script even further, it no longer needs grep [1.0.5-2] - The setup script needs to have execute permissions [1.0.5-1] - Update to latest upstream - Drop awk based setup for a bash based setup, making including the setup code on an initramfs easier - Modernize spec file - Related: bz950915 librdmacm [1.0.17-1] - Official 1.0.17 release - The fix to bug 866221 got kicked back as incomplete last time, fix it for real this time. - Intel adapters that use the qib driver don't like using inline data, so use a memory region that is registered instead - Resolves: bz866221, bz828071 mpitests [3.2-9] - Backport fixes from RHEL-7 Resolves: rhbz1002332 [3.2-7] - include BuildRequires: hwloc-devel from RHEL-7.0 - Add win_free patch to close Resolves: rhbz734023 mstflint [3.0-0.6.g6961daa.1] - Update to newer tarball that resolves licensing issues with the last tarball - Related: bz818183 [3.0-0.5.gff93670.1] - Update to latest upstream version, which includes ConnectIB support - Resolves: bz818183 openmpi [1.5.4-2.0.1] - Obsolete openmpi-psm-devel for 32bit [1.5.4-2] - Fix the build process by getting rid of the -build patch and autogen to fix Resolves: rhbz749115 perftest [2.0-2] - Fix rpmdiff detected error. Upstream overrode our cflags so stack protector got turned off. - Related: bz806183 [2.0-1] - Update to latest upstream release - We had to drop ib_clock_test program as no equivalent exists in the latest release - Resolves: bz806183, bz806185, bz830099 [1.3.0-2] - Update to latest upstream release - No longer strip rocee related code out, we can compile with it now - Related: bz739138 qperf [0.4.9-1.0.1] - Rebuild for ULN upgrade [0.4.9-1] - Update to latest upstream release - Resolves: bz814909, bz840269 rdma [3.10-3.0.1] - Append mlx4_* module parameters when insmod the modules [orabug 17429249] (Joe Jin) - Delay load mlx4_* to prevent hung when start udev. [orabug 16897608] (Joe Jin) - Fix FMR load, persistent ib0 subinterfaces, remove kudzu dependency (Chien Yen) - Add SDP to rdma.conf and rdma.init (Chien Yen) - Support Mellanox OFED 1.5.5 (Chien Yen) [3.10-3] - Replace an errant usage of PARENTDEVICE with PHYSDEV in ifdown-ib - Related: bz990288 [3.10-2] - Somehow during editing I accidentally deleted a single character from the post scriptlet. rpmdiff caught it, now I'm fixing it. - Resolves: bz990288 [3.10-1] - Bump version to match final kernel submission - Add support for P_Key interfaces to ifup-ib and ifdown-ib MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4516 CVE-2013-2561 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [004-336.0.1] - do not strip modules with signatures. [orabug 17458249] (Jerry Snitselaar) - scsi_wait module removed in 3.8. Mute errors. [orabug 16977193] (Maxim Uvarov) find firmware in /lib/modules/firmware/2.6.32-400.1.1.el5uek first and /lib/modules/firmware second (<maxim.uvarov@oracle.com) Resolves: Orabug: 13351090 - Fix btrfs discovery [orabug 13388545] [004-336] - install /etc/system-fips in the initramfs Resolves: rhbz#1012626 [004-335] - fixed interface renaming Resolves: rhbz#1019104 [004-334] - fcoe: add --link-retry=100 to fipvlan call Resolves: rhbz#1012316 - ldd: redirect error to /dev/null - do not turn off biosdevname, if not given on kernel cmdline Resolves: rhbz#1011508 - network: fixed ibft parsing Resolves: rhbz#1011508 [004-330] - changed /etc/redhat-fips to /etc/system-fips Resolves: rhbz#1012626 [004-329] - add /etc/redhat-fips Resolves: rhbz#1012626 [004-328] - fixed crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 [004-327] - fixed crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 - fixed booting with iSCSI and without network config Resolves: rhbz#910605 [004-322] - fixed crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 - fixed FIPS module checking Resolves: rhbz#947729 [004-316] - create the initramfs non-world readable - unset LD_LIBRARY_PATH and GREP_OPTIONS Resolves: rhbz#912299 - add mkinitrd man page Resolves: rhbz#610462 - add bonding Resolves: rhbz#851666 - lvm: add '--yes' to lvchange Resolves: rhbz#720684 - crypt: add support for keyfiles in the initramfs Resolves: rhbz#886194 - start iscsi regardless of network, if requested Resolves: rhbz#813687 - install multipath module only, when root is multipath in generic mode Resolves: rhbz#916144 - fips: handle checksum checks for RHEV kernels Resolves: rhbz#947729 - add xhci-hcd driver Resolves: rhbz#960729 MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4453 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.8.6p3-12] - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 Resolves: rhbz#1015355 [1.8.6p3-11] - sssd: fixed a bug in ipa_hostname processing Resolves: rhbz#853542 [1.8.6p3-10] - sssd: fixed buffer size for the ipa_hostname value Resolves: rhbz#853542 [1.8.6p3-9] - sssd: match against ipa_hostname from sssd.conf too when checking sudoHost Resolves: rhbz#853542 [1.8.6p3-8] - updated man-page - fixed handling of RLIMIT_NPROC resource limit - fixed alias cycle detection code - added debug messages for tracing of netgroup matching - fixed aborting on realloc when displaying allowed commands - show the SUDO_USER in logs, if running commands as root - sssd: filter netgroups in the sudoUser attribute Resolves: rhbz#856901 Resolves: rhbz#947276 Resolves: rhbz#886648 Resolves: rhbz#994563 Resolves: rhbz#848111 Resolves: rhbz#994626 Resolves: rhbz#973228 Resolves: rhbz#880150 LOW Copyright 2013 Oracle, Inc. CVE-2013-2776 CVE-2013-1775 CVE-2013-2777 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1:1.15.1-20] - Resolves: #855832 'Installation from NFS: That directory could not be mounted from the server' by switching NFS mount default from UDP to TCP. There was another place (in uclibc this time) which used UDP. [1:1.15.1-19] - Resolves: #1015010 'busybox: insecure directory permissions in /dev' [1:1.15.1-18] - Resolves: #855832 'Installation from NFS: That directory could not be mounted from the server' by switching NFS mount default from UDP to TCP. [1:1.15.1-17] - Resolves: #820097 - 's390x: wc: : No such file or directory' LOW Copyright 2013 Oracle, Inc. CVE-2013-1813 cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:base Oracle Linux 6 [1.2.11.15-30] - Resolves: bug 1024977 CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches [1.2.11.15-29] - Bump version to 1.2.11.15-29 - Resolves: bug 1008013: DS91: ns-slapd stuck in DS_Sleep [1.2.11.15-28] - Bump version to 1.2.11.15-28 - Resolves: Bug 1016038 - Users from AD sub OU does not sync to IPA (ticket 47488) [1.2.11.15-27] - Bump version to 1.2.11.15-27 - Resolves: Bug 1013735 - CLEANALLRUV doesnt run across all replicas (ticket 47509) [1.2.11.15-26] - Bump version to 1.2.11.15-26 - Resolves: Bug 947583 - ldapdelete returns non-leaf entry error while trying to remove a leaf entry (ticket 47534) [1.2.11.15-25] - Bump version to 1.2.11.15-25 - Resolves: Bug 1006846 - 2Master replication with SASL/GSSAPI auth broken (ticket 47523) - Resolves: Bug 1007452 - Under specific values of nsDS5ReplicaName, replication may get broken or updates (ticket 47489) [1.2.11.15-24] - Bump version to 1.2.11.15-24 - Resolves: Bug 982325 - Overflow in nsslapd-disk-monitoring-threshold; Changed CONFIG_INT to CONFIG_LONG for nsslapd-disk-monioring-threshold (ticket 47427) [1.2.11.15-23] - Bump version to 1.2.11.15-23 - Resolves: Bug 1000632 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN - Resolves: Bug 1002260 - server fails to start after upgrade(schema error) (ticket 47318) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4485 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.8.7.352-13] - Workaround build issues against OpenSSL with enabled ECC curves. - Make DRb compatible with OpenSSL 1.0.1. * ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch - Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing * ruby-1.9.3-p484-CVE-2013-4164-ignore-too-long-fraction-part-which-does-not-affect-the-result.patch - Resolves: rhbz#1033500 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-4164 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [2:2.6.9-6] - fix overflow in XWD loader (CVE-2013-1913, CVE-2013-1978) [2:2.6.9-5] - fix overflow in XWD loader (#879302) [2:2.6.9-5] - fix overflow in GIF loader (#847303) [2:2.6.9-5] - fix overflows in GIF, CEL loaders (#727800, #839020) [2:2.6.9-4.1] - fix various overflows (#666793, #703403, #703405, #703407, #704512) MODERATE Copyright 2013 Oracle, Inc. CVE-2012-5576 CVE-2013-1978 CVE-2013-1913 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 5 [1.0.8-19] - Resolves: CVE-2013-4566 - Bugzilla Bug #1030265 - mod_nss: incorrect handling of NSSVerifyClient in directory context [rhel-6.5.z] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4566 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 5 kernel [2.6.18-371.3.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203] MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4355 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-371.3.1] - [net] be2net: don't use GRO for packets w/ re-inserted VLAN tags (Ivan Vecera) [1023348 1008691] - [net] tg3: call pci_enable_wake() to set power state (John Feeney) [1014973 996331] - [misc] backport fixes for percpu-rw-semaphore (Mikulas Patocka) [1014715 867997] - [xen] information leak via I/O instruction emulation (Igor Mammedov) [1009602 1009603] {CVE-2013-4355} [2.6.18-371.2.1] - [scsi] mpt2sas: bump version (Tomas Henzl) [1018458 956330] - [scsi] mpt2sas: fix the incorrect scsi_dma_map error checking (Tomas Henzl) [1018458 956330] - [xen] x86: check segment descriptor read result in 64-bit OUTS emulation (Radim Krcmar) [1012958 1012959] {CVE-2013-4368} - [md] dm snapshot: fix data corruption (Mikulas Patocka) [1004734 975353] {CVE-2013-4299} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4355 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 nspr [4.10.2-2] - Fix changelog comments - Resolves: rhbz#1032466 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [rhel-5.10] [4.10.2-1] - Update to nspr-4.10.2 - Remove an unused patch - Resolves: rhbz#1032466 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [rhel-5.10] [4.10.0-2] - Retagging to fix an inconsitency in the release tags - Resolves: rhbz#1002641 - Rebase RHEL 5 to NSPR 4.10 (for FF 24.x) [4.9.5-1] - Rebase to nspr-4.10.0 - Resolves: rhbz#1002641 - Rebase RHEL 5 to NSPR 4.10 (for FF 24.x) nss [3.15.3-3] - remove unnecessary and problematic template-removal patch which was added as part of the 3.15.1 rebase - bump release number [3.15.3-1] - Update to nss-3.15.3 - Remove unused patch - Resolves: rhbz#1032466 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [rhel-5.10] [3.15.1-2] - Remove unused patches - Resolves: rhbz#1033478 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) [3.15.1-1] - Rebase to nss-3.15.1 - Resolves: rhbz#1033478 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Resolves: rhbz#1033499 - [Regression] NSS no longer trusts MD5 certificates - Split %check section tests in two: freebl/softoken and rest of nss tests - Adjust various patches and spec file steps on account of the rebase - Add various patches and remove obsoleted ones on account of the rebase - Renumber patches so freeb/softoken ones match the corresponding ones in rhel-6 nss-softokn IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 CVE-2013-1739 CVE-2013-1741 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [2.6.32-431.1.2] - [x86] kvm: fix cross page vapic_addr access (Paolo Bonzini) [1032214 1032215] {CVE-2013-6368} - [x86] kvm: fix division by zero in apic_get_tmcct (Paolo Bonzini) [1032212 1032213] {CVE-2013-6367} [2.6.32-431.1.1] - [netdrv] mlx4_en: Check device state when setting coalescing (Amir Vadai) [1032395 975908] - [net] ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [1023490 1023491] {CVE-2013-4470} - [net] ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [1023490 1023491] {CVE-2013-4470} - [net] sunrpc: Fix a data corruption issue when retransmitting RPC calls (Jeff Layton) [1032424 1030046] - [fs] gfs2: Implement a rgrp has no extents longer than X scheme (Robert S Peterson) [1032162 998625] - [fs] gfs2: Drop inadequate rgrps from the reservation tree (Robert S Peterson) [1032162 998625] - [fs] gfs2: If requested is too large, use the largest extent in the rgrp (Robert S Peterson) [1032162 998625] - [fs] gfs2: Add allocation parameters structure (Robert S Peterson) [1032162 998625] - [fs] nfs: Don't check lock owner compatability unless file is locked - part 2 (Jeff Layton) [1032260 1007039] - [fs] nfs: Don't check lock owner compatibility in writes unless file is locked (Jeff Layton) [1032260 1007039] - [netdrv] ixgbevf: move API neg to reset path (Andy Gospodarek) [1032168 1019346] - [netdrv] ixgbe: fix inconsistent clearing of the multicast table (Andy Gospodarek) [1032170 975248] - [mm] Group e820 entries together and add map_individual_e820 boot option (Larry Woodman) [1020518 876275] - [mm] Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping (Larry Woodman) [1020518 876275] - [mm] Find_early_table_space based on ranges that are actually being mapped (Larry Woodman) [1020518 876275] - [fs] nfs: Fix the sync mount option for nfs4 mounts (Scott Mayhew) [1030171 915862] - [fs] nfsv4: Missing Chunk of Back Port Patch Causes Hang (Steve Dickson) [1032250 1024006] - [fs] xfs: Ensure sync updates the log tail correctly (Dave Chinner) [1032249 1025439] - [fs] xfs: only update the last_sync_lsn when a transaction completes (Dave Chinner) [1032249 1025439] - [fs] xfs: prevent deadlock trying to cover an active log (Dave Chinner) [1032688 1014867] - [kernel] signal: stop info leak via the tkill and the tgkill syscalls (Petr Holasek) [970876 970878] {CVE-2013-2141} - [block] rsxx: Disallow discards from being unmapped (Steve Best) [1028278 1023897] - [netdrv] brcmsmac: Module alias support missing from backport (John Green) [1029330 1020461] - [netdrv] mlx4_en: Fix pages never dma unmapped on rx (Steve Best) [1027343 1023272] - [netdrv] mlx4_en: Fix BlueFlame race (Amir Vadai) [1029997 987634] - [scsi] lpfc 8.3.42: Fixed failure to allocate SCSI buffer on PPC64 platform for SLI4 devices (Rob Evers) [1030713 1024683] - [scsi] Revert: qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low. [1032167 995576] - [netdrv] tg3: avoid double-freeing of rx data memory (Ivan Vecera) [1032423 1020685] - [hda] alsa: Final fix for the Haswell HDMI audio 44.1kHz rate (Jaroslav Kysela) [1032247 1024548] - [input] wacom: do not report ABS_MISC on TPC2FG touch device (Aristeu Rozanski) [1032426 1032256] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6367 CVE-2013-6368 CVE-2013-2141 CVE-2013-4470 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.2.1-3] - Resolves: #1031955 apply patch for CVE-2013-6630 [1.2.1-2] - Resolves: #1031955 libjpeg-turbo: various flaws (CVE-2013-6629) MODERATE Copyright 2013 Oracle, Inc. CVE-2013-6630 CVE-2013-6629 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:12.1.2.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.3::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:6:7:base cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 5 [6b-38] - Add patch for CVE-2013-6629 - Resolves: #1031952 MODERATE Copyright 2013 Oracle, Inc. CVE-2013-6629 cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:exadata_dbserver:12.1.1.1.2::ol5 cpe:/a:oracle:linux:5:11:base cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [4.0.0-60.rc4] - resolves: #1018039 - Fix CVE-2013-4408. [4.0.0-59.rc4] - Fix usage of client min/max protocol options in winbindd - related: #949993 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4408 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [3.6.9-167] - resolves: #1018037 - Fix CVE-2013-4408. [3.6.9-165] - resolves: #1028086 - Fix CVE-2013-4475. IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4408 CVE-2013-4475 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [24.2.0-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-4] - Fixed mozbz#938730 - avoid mix of memory allocators (crashes) when using system sqlite [24.1.0-3] - Fixed locale pickup (rhbz#1034541) [24.1.0-2] - Fixed package reinstall issue [24.1.0-1] - Update to 24.1.0 ESR [24.0-0.1] - Update to 24.0 ESR CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [5.3.3-27] - add security fix for CVE-2013-6420 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-6420 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [5.1.6-43] - drop unneeded patch [5.1.6-42] - add security fixes for CVE-2012-2688, CVE-2011-1398, CVE-2013-1643, CVE-2013-6420 CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-1643 CVE-2011-1398 CVE-2012-2688 CVE-2013-6420 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 5 [24.2.0-1.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Make sure build with nspr-devel >= 4.10.0 [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-1] - Update to 24.1.0 ESR IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-5614 CVE-2013-6671 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5616 CVE-2013-5618 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 nspr [4.10.0-2] - Rebase to nspr-4.10.2 - Resolves: rhbz#1032485 - CVE-2013-5607 (MFSA 2013-103) Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103) nss [3.15.3-2.0.1] - Added nss-vendor.patch to change vendor [3.15.3-2] - Enable patch with fix for deadlock in trust domain lock and object lock - Resolves: Bug 1036477 - deadlock in trust domain lock and object lock - Disable hw gcm on rhel-5 based build environments where OS lacks support - Rollback changes to build nss without softokn until Bug 689919 is approved - Cipher suite was run as part of the nss-softokn build [3.15.3-1] - Update to NSS_3_15_3_RTM - Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss-util [3.15.3-1] - Update to NSS_3_15_3_RTM - Resolves: rhbz#1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1741 CVE-2013-5606 CVE-2013-5607 CVE-2013-5605 CVE-2013-1739 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 [1.3-10] - Apply patch for CVE-2013-6054 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 Resolves: #1038985 CVE-2013-6054 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6052 CVE-2013-6054 CVE-2013-6045 CVE-2013-1447 cpe:/a:oracle:linux:6:6:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 6 Oracle Linux 5 [3.15.3-3.0.1.el6_5] - Added nss-vendor.patch to change vendor [3.15.3-3] - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-6.6] MODERATE Copyright 2013 Oracle, Inc. cpe:/a:oracle:exadata_dbserver:12.1.1.1.1::ol5 cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:exadata_dbserver:12.1::ol5 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:11.2::ol5 cpe:/a:oracle:exadata_dbserver:11.2.3.3.1::ol5 Oracle Linux 6 [2013.1.95-65.1] - Update to CKBI 1.95 from NSS 3.15.3.1 MODERATE Copyright 2013 Oracle, Inc. cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [1.13.0-23.1] - Fix root window damage reports when Xinerama is active (#919165) IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6424 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [0.26.2-5.1] - Fix CVE 2013-6425 IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6425 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:5:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-300.28.1] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} [2.6.39-300.27.1] - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian Campbell) [Orabug: 16243309] - xen/netback: shutdown the ring if it contains garbage. (Ian Campbell) [Orabug: 16243309] - ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16179639 16168292] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-4398 CVE-2013-0217 CVE-2012-4461 CVE-2013-0231 CVE-2013-0190 CVE-2013-0216 CVE-2012-4530 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-300.39.4] - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286741] {CVE-2012-4530} [2.6.32-300.39.3] - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274192] {CVE-2013-0190} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-0190 CVE-2012-4530 cpe:/a:oracle:linux:6:3:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.17.1] - This is a fix on dlm_clean_master_list() (Xiaowei.Hu) - RDS: fix rds-ping spinlock recursion (jeff.liu) [Orabug: 16223050] - vhost: fix length for cross region descriptor (Michael S. Tsirkin) [Orabug: 16387183] {CVE-2013-0311} - kabifix: block/scsi: Allow request and error handling timeouts to be specified (Maxim Uvarov) - block/scsi: Allow request and error handling timeouts to be specified (Martin K. Petersen) [Orabug: 16372401] - [SCSI] Shorten the path length of scsi_cmd_to_driver() (Li Zhong) [Orabug: 16372401] - Fix NULL dereferences in scsi_cmd_to_driver (Mark Rustad) [Orabug: 16372401] - SCSI: Fix error handling when no ULD is attached (Martin K. Petersen) [Orabug: 16372401] - Handle disk devices which can not process medium access commands (Martin K. Petersen) [Orabug: 16372401] - the ac->ac_allow_chain_relink=0 won't disable group relink (Xiaowei.Hu) [Orabug: 14842737] - pci: hotplug: fix null dereference in pci_set_payload() (Jerry Snitselaar) [Orabug: 16345420] [2.6.39-400.16.0] - epoll: prevent missed events on EPOLL_CTL_MOD (Eric Wong) [Orabug: 16363540] - rds: this resolved crash while removing rds_rdma module. orabug: 16268201 (Bang Nguyen) [Orabug: 16268201] - rds: scheduling while atomic on failover orabug: 16275095 (Bang Nguyen) [Orabug: 16268201] - SRP: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug: 16268201] - iSER: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug: 16268201] [2.6.39-400.15.0] - x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS. (Jan Beulich) {CVE-2013-0228} - xen-blkfront: drop the use of llist_for_each_entry_safe (Konrad Rzeszutek Wilk) [Orabug: 16263164] - Revert 'xen PVonHVM: use E820_Reserved area for shared_info' (Konrad Rzeszutek Wilk) [Orabug: 16297716] - Revert 'xen/PVonHVM: fix compile warning in init_hvm_pv_info' (Konrad Rzeszutek Wilk) [2.6.39-400.14.0] - xfs: use shared ilock mode for direct IO writes by default (Dave Chinner) [Orabug: 16304938] - sched: fix divide by zero at {thread_group,task}_times (Stanislaw Gruszka) [Orabug: 15956690] - Revert 'Revert 'cgroup: notify_on_release may not be triggered in some cases'' (Maxim Uvarov) - xen_fmr: Verify XEN platform before running xen_fmr drivers (Yuval Shaia) [Orabug: 16302435] - rds: unregister IB event handler on shutdown (Bang Nguyen) [Orabug: 16302435] - rds: HAIP support child interface (Bang Nguyen) [Orabug: 16302435] - RDS HAIP misc fixes (Bang Nguyen) [Orabug: 16302435] - Ignore failover groups if HAIP is disabled (Bang Nguyen) [Orabug: 16302435] - RDS: RDS rolling upgrade (Saeed Mahameed) [Orabug: 16302435] - mlx4_core: use correct FMR number of clients according to PRM. (Saeed Mahameed) [Orabug: 16302435] [2.6.39-400.13.0] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - xen/netback: shutdown the ring if it contains garbage. (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} - SCSI: scsi_remove_target: fix softlockup regression on hot remove (Dan Williams) [Orabug: 16242926] [2.6.39-400.12.0] - IB: Add config options for Mellanox driver Xen FMR support. (Ajaykumar Hotchandani) [Orabug: 16234102] - IB: Enable Xen FMR support for Mellanox driver. (Ajaykumar Hotchandani) [Orabug: 16234102] [2.6.39-400.11.0] - cnic: don't use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16207564] - ext4: remove unaligned AIO warning printk (Eric Sandeen) [Orabug: 14096480] - SPEC: add block/net modules to list used by installer (Guru Anbalagane) [Orabug: 14224837] - dm mpath: add retain_attached_hw_handler feature (Mike Snitzer) [Orabug: 16199397] - [SCSI] scsi_dh: add scsi_dh_attached_handler_name (Mike Snitzer) [Orabug: 16199397] - xen/grant-table: Force to use v1 of grants. (Konrad Rzeszutek Wilk) [Oracle- bug: 16039922] - xen: netback: handle compound page fragments on transmit. (Ian Campbell) - xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Andrew Cooper) {CVE-2013-0190} - xen/grant-table: correctly initialize grant table version 1 (Matt Wilson) [2.6.39-400.10.0] - btrfs: fix incompatible pointer warning (Jerry Snitselaar) - bnx2x: enable support for ethtool op get_rxfh_indir_size (Jerry Snitselaar) - Revert 'cgroup: notify_on_release may not be triggered in some cases' (Maxim Uvarov) [Orabug: 16167473] - mlx4: disable build for i686 (Maxim Uvarov) [2.6.39-400.9.0] - mlx4_ib: alias_GUID, calculate slave port state in sa query handler (Ajaykumar Hotchandani) [Orabug: 15997083] - RDS: Fixes warning while rds-info. spin_lock_irqsave() is changed to spin_lock_bh(). (Ajaykumar Hotchandani) [Orabug: 15997083] - mlx4_en: handle HCA events correctly (Ajaykumar Hotchandani) [Orabug: 15997083] - ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16168292] - [patch3/3] kernel config: Mellanox OFED R2, 0080 release (Ajaykumar Hotchandani) [Orabug: 15997083] - [patch2/3] RDS merge for UEK2 (Ajaykumar Hotchandani) [Orabug: 15997083] - [patch1/3] Merge for Mellanox OFED R2, 0080 release (Ajaykumar Hotchandani) [Orabug: 15997083] [2.6.39-400.8.0] - git-changelog: don't print debug info (Maxim Uvarov) - spec: remove not used firmwares (Maxim Uvarov) [Orabug: 16048277] [2.6.39-400.7.0] - git-changelog: search for bug # in merge commit (Maxim Uvarov) - be2iscsi: Bump the driver version (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix Unrecoverable Error Detection (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix for MBX timeout issue (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix the copyright information (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix issue of displaying adapter family. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix Task Completion Event handling (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix session update context with V2 version. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix support for V2 version of WRB. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix support for handling CQ_CREATE V2 version. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix max EQ supported by the driver. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix driver support for an adapter. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix return value and typo. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix kernel panic in blk_iopoll disable mode. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Issue an FLR when driver is loaded (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Display driver name and version in device attribute (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix max supported EQ count to 8. (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix memory leak in control path of driver (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Display Completion Event string instead of Opcode (Jayamohan Kallickal) [Orabug: 16023790] - be2iscsi: Fix the issue with soft reset. (Jayamohan Kallickal) [Orabug: 16023790] - netxen: update to qlogic 4.0.80 (Sritej Velaga) [Orabug: 16025025] - qlge: update to qlogic 1.00.00.31 (Sritej Velaga) [Orabug: 16025042] - qlcnic: Update to 5.1.27.35 (Sritej Velaga) [Orabug: 16024990] - [SCSI] scsi_dh_alua: Add fusionio ION LUNs to scsi_dh_alua device list (Mike Christie) [Orabug: 16081231] - bonding: fixup typo in rlb mode of bond and bridge fix (Guru Anbalagane) [Orabug: 16069448] - qla4xxx: Updated driver version to 5.03.00.01.06.02-uek2 (Tej Parkash) [Orabug: 16067337] - qla4xxx: Correct the validation to check in get_sys_info mailbox (Nilesh Javali) [Orabug: 16067337] - qla4xxx: Pass correct function param to qla4_8xxx_rd_direct (Vikas Chaudhary) [Orabug: 16067337] - qla4xxx: Fix memory corruption issue in qla4xxx_get_ep_fwdb. (Manish Rangankar) [Orabug: 16067337] - qla4xxx: Allow reset in link down case (Harish Zunjarrao) [Orabug: 16067337] - qla4xxx: Fix MBOX intr switching from polling to intr mode for ISP83XX (Vikas Chaudhary) [Orabug: 16067337] - [SCSI] hpsa: change confusing message to be more clear (Mike Miller) [Orabug: 14793661] - [SCSI] hpsa: retry commands completing with status of UNSOLICITED_ABORT (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: use ioremap_nocache instead of ioremap (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: fix incorrect abort diagnostic message (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: dial down lockup detection during firmware flash (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: add new RAID level '1(ADM)' (Mike Miller) [Orabug: 14793661] - [SCSI] hpsa: factor out hpsa_free_irqs_and_disable_msix (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: refine interrupt handler locking for greater concurrency (Matt Gates) [Orabug: 14793661] - [SCSI] hpsa: use multiple reply queues (Matt Gates) [Orabug: 14793661] - [SCSI] hpsa: factor out tail calls to next_command() in process_(non)indexed_cmd() (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: do aborts two ways (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: add abort error handler function (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: remove unused parameter from finish_cmd (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: do not give up retry of driver cmds after only 3 retries (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: retry driver initiated commands on busy status (Matt Bondurant) [Orabug: 14793661] - [SCSI] hpsa: suppress excessively chatty error messages (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: enable bus master bit after pci_enable_device (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: do not skip disabled devices (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: call pci_disable_device on driver unload (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: factor out driver name (Stephen M. Cameron) [Orabug: 14793661] - [SCSI] hpsa: gen8plus Smart Array IDs (Mike Miller) [Orabug: 14793661] [2.6.39-400.6.0] - qla3xxx: Ensure request/response queue addr writes to the registers (Joe Jin) [Orabug: 14614290] - tcp: fix tcp_trim_head() (Eric Dumazet) [Orabug: 14810429] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16020976 Bug-db: 14798] {CVE-2012-5517} - Divide by zero in TCP congestion control Algorithm. (Jesper Dangaard Brouer) [Orabug: 16020656 Bug-db: 14798] {CVE-2012-4565} - Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [Bug- db: 14798] {CVE-2012-2375} - Avoid reading past buffer when calling GETACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} - Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} - Merge tag 'v2.6.39-400#bug16011154' of git://ca-git.us.oracle.com/linux- snits-public (Maxim Uvarov) [Orabug: 16011154] - qla2xxx: Update the driver version to 8.04.00.11.39.0-k. (Saurav Kashyap) - qla2xxx: Obtain loopback iteration count from bsg request. (Joe Carnuccio) - qla2xxx: Update the FTP site references in the driver sources. (Giridhar Malavali) - qla2xxx: Debug ID corrections. (Chad Dupuis) - qla2xxx: Reject loopback request if one is already in progress. (Chad Dupuis) - qla2xxx: Print ignore message when thermal is not supported. (Joe Carnuccio) - qla2xxx: Avoid null pointer dereference in shutdown routine. (Masanari Iida) - qla2xxx: Get VPD information from common location for CNA. (Saurav Kashyap) - qla2xxx: Correct race in loop_state assignment during reset handling. (Andrew Vasquez) - qla2xxx: Display that driver is operating in legacy interrupt mode. (Saurav Kashyap) - qla2xxx: Free rsp_data even on error in qla2x00_process_loopback(). (Steve Hodgson) - qla2xxx: Dont clear drv active on iospace config failure. (Saurav Kashyap) - qla2xxx: Fix typo in qla2xxx driver. (Masanari Iida) - qla2xxx: Update ql2xextended_error_logging parameter description with new option. (Chad Dupuis) - qla2xxx: Parameterize the link speed string conversion function. (Joe Carnuccio) - qla2xxx: Add 16Gb/s case to get port speed capability. (Joe Carnuccio) - qla2xxx: Move marking fcport online ahead of setting iiDMA speed. (Joe Carnuccio) - Merge tag 'v2.6.39-400.5.0#bugdb13826' of ca-git.us.oracle.com:linux-muvarov- public (Maxim Uvarov) [Bug-db: 13826] - be2net: fix INTx ISR for interrupt behaviour on BE2 (Sathya Perla) - be2net: fix a possible events_get() race on BE2 (Sathya Perla) - net: Remove bogus dependencies on INET (Ben Hutchings) - be2net: remove adapter->eq_next_idx (Sathya Perla) - be2net: remove roce on lancer (Sathya Perla) - be2net: fix access to SEMAPHORE reg (Sathya Perla) - be2net: re-factor bar mapping code (Sathya Perla) - be2net: do not use sli_family to identify skyhawk-R chip (Sathya Perla) - be2net: fix wrong usage of adapter->generation (Sathya Perla) - be2net: remove LANCER A0 workaround (Sathya Perla) - be2net: Fix smatch warnings in be_main.c (Padmanabh Ratnakar) - be2net: Update driver version (Padmanabh Ratnakar) - be2net: Fix skyhawk VF PCI Device ID (Padmanabh Ratnakar) - be2net: Fix FW flashing on Skyhawk-R (Padmanabh Ratnakar) - be2net: Enabling Wake-on-LAN is not supported in S5 state (Padmanabh Ratnakar) - be2net: Fix VF driver load on newer Lancer FW (Padmanabh Ratnakar) - be2net: Fix unnecessary delay in PCI EEH (Padmanabh Ratnakar) - be2net: Fix issues in error recovery due to wrong queue state (Padmanabh Ratnakar) - be2net: Fix ethtool get_settings output for VF (Padmanabh Ratnakar) - be2net: Fix error messages while driver load for VFs (Padmanabh Ratnakar) - be2net: Fix configuring VLAN for VF for Lancer (Padmanabh Ratnakar) - be2net: Wait till resources are available for VF in error recovery (Padmanabh Ratnakar) - be2net: Fix change MAC operation for VF for Lancer (Padmanabh Ratnakar) - be2net: Fix setting QoS for VF for Lancer (Padmanabh Ratnakar) - be2net: Fix driver load failure for different FW configs in Lancer (Padmanabh Ratnakar) - be2net: create RSS rings even in multi-channel configs (Sathya Perla) - be2net: set maximal number of default RSS queues (Yuval Mintz) - be2net: Program secondary UC MAC address into MAC filter (Ajit Khaparde) - be2net: Remove code that stops further access to BE NIC based on UE bits (Ajit Khaparde) - be2net: fix vfs enumeration (Ivan Vecera) - be2net: fixup log messages (Sathya Perla) - be2net: cleanup code related to be_link_status_query() (Sathya Perla) - be2net: fix wrong handling of be_setup() failure in be_probe() (Sathya Perla) - be2net: remove type argument of be_cmd_mac_addr_query() (Sathya Perla) - Revert 'be2net: fix vfs enumeration' (David S. Miller) - be2net: fix vfs enumeration (Ivan Vecera) - be2net: use PCIe AER capability (Sathya Perla) - be2net: modify log msg for lack of privilege error (Vasundhara Volam) - be2net: fix FW default for VF tx-rate (Vasundhara Volam) - be2net: fix max VFs reported by HW (Vasundhara Volam) - netpoll: revert 6bdb7fe3104 and fix be_poll() instead (Amerigo Wang) - SPEC: OL5 kernel firmware rpm depends on all others firmwares (Maxim Uvarov) [Orabug: 15987332] [2.6.39-400.5.0] - x86, tsc: Fix SMI induced variation in quick_pit_calibrate() (Linus Torvalds) [Orabug: 13256166] - x86, tsc: Skip TSC synchronization checks for tsc=reliable (Suresh Siddha) [Orabug: 13256166] - bonding: rlb mode of bond should not alter ARP originating via bridge (zheng.li) [Orabug: 14650975] - Merge tag 'v2.6.39-400#rdac' of git://ca-git.us.oracle.com/linux-snits-public (Maxim Uvarov) - [SCSI] scsi_dh_rdac: Fix error path (Richard Weinberger) - [SCSI] scsi_dh_rdac: Adding NetApp as a brand name for rdac (Chauhan, Vijay) - Merge tag 'uek2-merge-400-3.8-fixes-tag' of git://ca-git.us.oracle.com/linux- konrad-public (Maxim Uvarov) - xen-blkfront: handle bvecs with partial data (Roger Pau Monne) - xen-blkfront: implement safe version of llist_for_each_entry (Roger Pau Monne) - xen-blkback: implement safe iterator for the list of persistent grants (Roger Pau Monne) - Merge tag 'uek2-merge-400-3.8-tag' of git://ca-git.us.oracle.com/linux- konrad-public (Maxim Uvarov) - Merge tag 'uek2-merge-backport-3.8' of git://ca-git/linux-konrad-public into uek2-merge-400 (Konrad Rzeszutek Wilk) - xen: arm: implement remap interfaces needed for privcmd mappings. (Ian Campbell) - xen: correctly use xen_pfn_t in remap_domain_mfn_range. (Ian Campbell) - xen: arm: enable balloon driver (Ian Campbell) - xen: balloon: allow PVMMU interfaces to be compiled out (Ian Campbell) - xen: privcmd: support autotranslated physmap guests. (Mukesh Rathor) - xen: add pages parameter to xen_remap_domain_mfn_range (Ian Campbell) - xen/PVonHVM: fix compile warning in init_hvm_pv_info (Olaf Hering) - xen/acpi: Move the xen_running_on_version_or_later function. (Konrad Rzeszutek Wilk) - xen/xenbus: Remove duplicate inclusion of asm/xen/hypervisor.h (Sachin Kamat) - xen/acpi: Fix compile error by missing decleration for xen_domain. (Konrad Rzeszutek Wilk) - xen/acpi: revert pad config check in xen_check_mwait (Liu, Jinsong) - xen/acpi: ACPI PAD driver (Liu, Jinsong) - xen PVonHVM: use E820_Reserved area for shared_info (Olaf Hering) - xen-blkfront: free allocated page (Roger Pau Monne) - xen-blkback: move free persistent grants code (Roger Pau Monne) - xen/blkback: persistent-grants fixes (Roger Pau Monne) - xen/blkback: Persistent grant maps for xen blk drivers (Roger Pau Monne) - xen/blkback: Change xen_vbd's flush_support and discard_secure to have type unsigned int, rather than bool (Oliver Chick) - xen/blkback: use kmem_cache_zalloc instead of kmem_cache_alloc/memset (Wei Yongjun) - xen/blkfront: Add WARN to deal with misbehaving backends. (Konrad Rzeszutek Wilk) - llist-return-whether-list-is-empty-before-adding-in-llist_add-fix (Andrew Morton) - llist: Add back llist_add_batch() and llist_del_first() prototypes (Stephen Rothwell) - llist: Remove cpu_relax() usage in cmpxchg loops (Peter Zijlstra) - llist: Add llist_next() (Peter Zijlstra) - llist: Return whether list is empty before adding in llist_add() (Huang Ying) - llist: Move cpu_relax() to after the cmpxchg() (Huang Ying) - llist: Remove the platform-dependent NMI checks (Ingo Molnar) - llist: Make some llist functions inline (Huang Ying) - lib, Add lock-less NULL terminated single list (Huang Ying) - xen/oprofile: Expose the oprofile_arch_exit_fnc pointer. (Konrad Rzeszutek Wilk) - xen/oprofile: Switch from syscore_ops to platform_ops. (Konrad Rzeszutek Wilk) - xen/oprofile: Fix compile issues when CONFIG_XEN is not defined. (Konrad Rzeszutek Wilk) - xen/oprofile: The arch_ variants for init/exec weren't being called. (Konrad Rzeszutek Wilk) - xen/oprofile: Compile fix (Konrad Rzeszutek Wilk) - xen/oprofile: Patch from Michael Petullo (Konrad Rzeszutek Wilk) [2.6.39-400.4.0] - Merge tag 'uek2-merge-400-3.7-tag' of git://ca-git.us.oracle.com/linux- konrad-public (Maxim Uvarov) - Merge tag 'uek2-merge-backport-3.7' of git://ca-git/linux-konrad-public into uek2-merge-400 (Konrad Rzeszutek Wilk) - Revert 'xen/x86: Workaround 64-bit hypervisor and 32-bit initial domain.' and 'xen/x86: Use memblock_reserve for sensitive areas.' (Konrad Rzeszutek Wilk) - xen/x86: Workaround 64-bit hypervisor and 32-bit initial domain. (Konrad Rzeszutek Wilk) - xen/arm: Fix compile errors when drivers are compiled as modules (export more). (Stefano Stabellini) - xen/arm: Fix compile errors when drivers are compiled as modules. (Konrad Rzeszutek Wilk) - xen/generic: Disable fallback build on ARM. (Konrad Rzeszutek Wilk) - xen/hvm: If we fail to fetch an HVM parameter print out which flag it is. (Konrad Rzeszutek Wilk) - xen/hypercall: fix hypercall fallback code for very old hypervisors (Jan Beulich) - xen/arm: use the __HVC macro (Stefano Stabellini) - xen/xenbus: fix overflow check in xenbus_file_write() (Jan Beulich) - xen-kbdfront: handle backend CLOSED without CLOSING (David Vrabel) - xen-fbfront: handle backend CLOSED without CLOSING (David Vrabel) - xen/gntdev: don't leak memory from IOCTL_GNTDEV_MAP_GRANT_REF (David Vrabel) - x86: remove obsolete comment from asm/xen/hypervisor.h (Olaf Hering) - xen: dbgp: Fix warning when CONFIG_PCI is not enabled. (Ian Campbell) - USB EHCI/Xen: propagate controller reset information to hypervisor (Jan Beulich) - xen: arm: comment on why 64-bit xen_pfn_t is safe even on 32 bit (Ian Campbell) - xen: balloon: use correct type for frame_list (Ian Campbell) - xen/x86: don't corrupt %eip when returning from a signal handler (David Vrabel) - xen: arm: make p2m operations NOPs (Ian Campbell) - xen: balloon: don't include e820.h (Ian Campbell) - xen: events: pirq_check_eoi_map is X86 specific (Ian Campbell) - xen: XENMEM_translate_gpfn_list was remove ages ago and is unused. (Ian Campbell) - xen: sysfs: include err.h for PTR_ERR etc (Ian Campbell) - xen: xenbus: quirk uses x86 specific cpuid (Ian Campbell) - xen/xenbus: Fix compile warning. (Konrad Rzeszutek Wilk) - xen/x86: remove duplicated include from enlighten.c (Wei Yongjun) - xen/pv-on-hvm kexec: add quirk for Xen 3.4 and shutdown watches. (Konrad Rzeszutek Wilk) - xen/bootup: allow {read|write}_cr8 pvops call. (Konrad Rzeszutek Wilk) - xen/bootup: allow read_tscp call for Xen PV guests. (Konrad Rzeszutek Wilk) - xen pv-on-hvm: add pfn_is_ram helper for kdump (Olaf Hering) - xen/hvc: handle backend CLOSED without CLOSING (David Vrabel) - xen/xen_initial_domain: check that xen_start_info is initialized (Stefano Stabellini) - xen: mark xen_init_IRQ __init (Stefano Stabellini) - xen/Makefile: fix dom-y build (Stefano Stabellini) - MAINTAINERS: add myself as Xen ARM maintainer (Stefano Stabellini) - xen/arm: compile netback (Stefano Stabellini) - xen/arm: compile blkfront and blkback (Stefano Stabellini) - xen/arm: implement alloc/free_xenballooned_pages with alloc_pages/kfree (Stefano Stabellini) - xen/arm: receive Xen events on ARM (Stefano Stabellini) - xen/arm: initialize grant_table on ARM (Stefano Stabellini) - xen/arm: get privilege status (Stefano Stabellini) - xen/arm: introduce CONFIG_XEN on ARM (Stefano Stabellini) - xen: do not compile manage, balloon, pci, acpi, pcpu and cpu_hotplug on ARM (Stefano Stabellini) - xen/tmem: cleanup (Jan Beulich) - xen: Add selfballoning memory reservation tunable. (Jana Saout) - xen: constify all instances of 'struct attribute_group' (Jan Beulich) - xen: Fix selfballooning and ensure it doesn't go too far (Dan Magenheimer) - xen: self-balloon needs module.h (Randy Dunlap) - xen/balloon: Fix compile errors - missing header files. (Konrad Rzeszutek Wilk) - xen: tmem: self-ballooning and frontswap-selfshrinking (Dan Magenheimer) - xen: grant: use xen_pfn_t type for frame_list. (Ian Campbell) - xen: sysfs: fix build warning. (Ian Campbell) - xen/arm: Introduce xen_ulong_t for unsigned long (Stefano Stabellini) - xen: Introduce xen_pfn_t for pfn and mfn types (Stefano Stabellini) - xen/arm: Xen detection and shared_info page mapping (Stefano Stabellini) - docs: Xen ARM DT bindings (Stefano Stabellini) - xen/arm: empty implementation of grant_table arch specific functions (Stefano Stabellini) - xen/arm: sync_bitops (Stefano Stabellini) - xen/arm: page.h definitions (Stefano Stabellini) - xen/arm: hypercalls (Stefano Stabellini) - arm: initial Xen support (Stefano Stabellini) - xen/vga: add the xen EFI video mode support (Jan Beulich) - xen: allow enable use of VGA console on dom0 (Jeremy Fitzhardinge) - xen/pcifront: Use Xen-SWIOTLB when initting if required. (Konrad Rzeszutek Wilk) - xen/swiotlb: For early initialization, return zero on success. (Konrad Rzeszutek Wilk) - xen/swiotlb: Use the swiotlb_late_init_with_tbl to init Xen-SWIOTLB late when PV PCI is used. (Konrad Rzeszutek Wilk) - xen/swiotlb: Move the error strings to its own function. (Konrad Rzeszutek Wilk) - xen/swiotlb: Move the nr_tbl determination in its own function. (Konrad Rzeszutek Wilk) - xen: Use correct masking in xen_swiotlb_alloc_coherent. (Ronny Hegewald) - xen/swiotlb: Use page alignment for early buffer allocation. (Konrad Rzeszutek Wilk) - swiotlb: Expose swiotlb_nr_tlb function to modules (Konrad Rzeszutek Wilk) - xen-swiotlb: When doing coherent alloc/dealloc check before swizzling the MFNs. (Konrad Rzeszutek Wilk) - xen-swiotlb: fix printk and panic args (Randy Dunlap) - xen-swiotlb: Fix wrong panic. (Konrad Rzeszutek Wilk) - xen-swiotlb: Retry up three times to allocate Xen-SWIOTLB (Konrad Rzeszutek Wilk) - swiotlb: add the late swiotlb initialization function with iotlb memory (Konrad Rzeszutek Wilk) - xen/swiotlb: With more than 4GB on 64-bit, disable the native SWIOTLB. (Konrad Rzeszutek Wilk) - xen/swiotlb: Simplify the logic. (Konrad Rzeszutek Wilk) - xen/gndev: Xen backend support for paged out grant targets V4. (Andres Lagar- Cavilla) - xen/arm: compile and run xenbus (Stefano Stabellini) - xen: clear IRQ_NOAUTOEN and IRQ_NOREQUEST (Stefano Stabellini) - xen/events: fix unmask_evtchn for PV on HVM guests (Stefano Stabellini) - xen/privcmd: Correctly return success from IOCTL_PRIVCMD_MMAPBATCH (Mats Petersson) - xen/mmu: Use Xen specific TLB flush instead of the generic one. (Konrad Rzeszutek Wilk) [Oracle-bug: 14630170] - xen/enlighten: Disable MWAIT_LEAF so that acpi-pad won't be loaded. (Konrad Rzeszutek Wilk) - x86, amd, xen: Avoid NULL pointer paravirt references (Konrad Rzeszutek Wilk) - xen/setup: filter APERFMPERF cpuid feature out (Andre Przywara) - xen/enlighten: Expose MWAIT and MWAIT_LEAF if hypervisor OKs it. (Konrad Rzeszutek Wilk) - xen/acpi: Fix potential memory leak IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0228 CVE-2013-0309 CVE-2013-0311 CVE-2013-0310 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_base cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.17.2] - x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007] {CVE-2013-0268} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0268 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-300.39.5uek] - x86/msr: Add capabilities check (Alan Cox) [Orabug: 16481233] {CVE-2013-0268} ofa-2.6.32-300.39.5.el6uek mlnx_en-2.6.32-300.39.5.el6uek * Mon Dec 12 2011 Guru Anbalagane <guru.anbalagane@oracle.com> - version 1.5.7-0.1 * Tue Nov 01 2011 Joe Jin <joe.jin@oracle.com> - 1.5.7 for UEK kernel. * Mon Sep 08 2008 Vladimir Sokolovsky <vlad@mellanox.co.il> - Added nfsrdma support * Wed Aug 13 2008 Vladimir Sokolovsky <vlad@mellanox.co.il> - Added mlx4_en support * Tue Aug 21 2007 Vladimir Sokolovsky <vlad@mellanox.co.il> - Added %build LANG=C export LANG unset DISPLAY macro * Sun Jan 28 2007 Vladimir Sokolovsky <vlad@mellanox.co.il> - Created spec file for kernel-ib IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0268 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.21.1] - SPEC: v2.6.39-400.21.1 (Maxim Uvarov) - xen/mmu: On early bootup, flush the TLB when changing RO->RW bits Xen provided pagetables. (Konrad Rzeszutek Wilk) [2.6.39-400.20.1] - SPEC: v2.6.39-400.20.1 (Maxim Uvarov) - PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [Orabug: 16482495] - sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13740515] - sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13740515] - sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13740515] [2.6.39-400.19.1] - IB/core: Allow device-specific per-port sysfs files (Ralph Campbell) - RDMA/cma: Pass QP type into rdma_create_id() (Sean Hefty) - IB: Rename RAW_ETY to RAW_ETHERTYPE (Aleksey Senin) - IB: Warning Resolution. (Ajaykumar Hotchandani) - mlx4_core: fix FMR flags in free MTT range (Saeed Mahameed) - mlx4_core/ib: sriov fmr bug fixes (Saeed Mahameed) - mlx4_core: Change bitmap allocator to work in round-robin fashion (Saeed Mahameed) - mlx4_vnic: move host admin vnics to closed state when closing the vnic. (Saeed Mahameed) - mlx4_ib: make sure to flush clean_wq while closing sriov device (Saeed Mahameed) - ib_sdp: fix deadlock when sdp_cma_handler is called while socket is being closed (Saeed Mahameed) - ib_sdp: add unhandled events to rdma_cm_event_str (Saeed Mahameed) - mlx4_core: use dev->sriov instead of hardcoed 127 vfs when initializing FMR MPT tables (Saeed Mahameed) - mlx4_vnic: print vnic keep alive info in mlx4_vnic_info (Saeed Mahameed) - rds: Congestion flag does not get cleared causing the connection to hang (Bang Nguyen) [Orabug: 16424692] - dm table: set flush capability based on underlying devices (Mike Snitzer) [Orabug: 16392584] - wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871} - drm/i915: bounds check execbuffer relocation count (Kees Cook) [Orabug: 16482650] {CVE-2013-0913} - NLS: improve UTF8 -> UTF16 string conversion routine (Alan Stern) [Orabug: 16425571] {CVE-2013-1773} - ipmi: make kcs timeout parameters as module options (Pavel Bures) [Orabug: 16470881] - drm/i915/lvds: ditch ->prepare special case (Daniel Vetter) [Orabug: 14394113] - drm/i915: Leave LVDS registers unlocked (Keith Packard) [Orabug: 14394113] - drm/i915: dont clobber the pipe param in sanitize_modesetting (Daniel Vetter) [Orabug: 14394113] - drm/i915: Sanitize BIOS debugging bits from PIPECONF (Chris Wilson) [Orabug: 14394113] [2.6.39-400.18.1] - SPEC: fix doc build (Guru Anbalagane) - floppy: Fix a crash during rmmod (Vivek Goyal) [Orabug: 16040504] - x86: ignore changes to paravirt_lazy_mode while in an interrupt context (Chuck Anderson) [Orabug: 16417326] - x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007] {CVE-2013-0268} - spec: unique debuginfo (Maxim Uvarov) [Orabug: 16245366] - xfs: Use preallocation for inodes with extsz hints (Dave Chinner) [Orabug: 16307993] - Add SIOCRDSGETTOS to get the current TOS for the socket (bang.nguyen) [Orabug: 16397197] - Changes to connect/TOS interface (bang.nguyen) [Orabug: 16397197] - floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called (Vivek Goyal) [Orabug: 16040504] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0871 CVE-2013-1773 CVE-2013-0913 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.21.2] - KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796} - tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug: 16515833] {CVE-2013-1767} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1774 CVE-2013-1796 CVE-2013-1797 CVE-2013-0349 CVE-2013-1767 CVE-2013-1798 CVE-2013-1792 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-400.26.2] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6546 CVE-2013-1796 CVE-2012-6537 CVE-2013-0309 CVE-2013-0310 CVE-2013-1792 CVE-2013-1798 CVE-2013-0871 CVE-2013-1774 CVE-2012-6547 CVE-2012-5517 CVE-2013-0349 CVE-2013-1827 CVE-2012-4508 CVE-2013-1826 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.23.1] - Parallel mtrr init between cpus (Zhenzhong Duan) [Orabug: 16777774] - Merge tag 'v2.6.39-400.21.1.16748891' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek-2.6.39-400 (Maxim Uvarov) [Orabug: 16748891] - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) - Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891] [2.6.39-400.22.1] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387137] {CVE-2012-4542} - Merge tag 'v2.6.39-400.21.1#bug16684527' of git://ca-git.us.oracle.com/linux-joejin-public into uek-2.6.39-400_errata (Maxim Uvarov) [Orabug: 16684527] - KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796} - tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug: 16515833] {CVE-2013-1767} - procfs: do not confuse jiffies with cputime64_t (Andreas Schwab) [Orabug: 16673925] - procfs: do not overflow get_{idle,iowait}_time for nohz (Michal Hocko) [Orabug: 16673925] - xen/evtchn: Handle VIRQ_TIMER before any other hardirq in event loop. (Keir Fraser) [Orabug: 16093126] - Fix device removal NULL pointer dereference (Joe Jin) [Orabug: 16684527] - put stricter guards on queue dead checks (James Bottomley) [Orabug: 16684527] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-4542 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.24.1] - perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094} CRITICAL Copyright 2013 Oracle, Inc. CVE-2013-2094 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.109.1] - while removing a non-empty directory, the kernel dumps a message: (rmdir,21743,1):ocfs2_unlink:953 ERROR: status = -39 (Xiaowei.Hu) [Orabug: 16790405] - stop mig handler when lockres in progress ,and return -EAGAIN (Xiaowei.Hu) [Orabug: 16876446] [2.6.39-400.108.1] - Revert 'dlmglue race condition,wrong lockres_clear_pending' (Maxim Uvarov) [Orabug: 16897450] - Suppress the error message from being printed in ocfs2_rename (Xiaowei.Hu) [Orabug: 16790405] - fnic: return zero on fnic_reset() success (Joe Jin) [Orabug: 16885029] [2.6.39-400.107.1] - xen/pci: Track PVHVM PIRQs. (Zhenzhong Duan) - ocfs2_prep_new_orphaned_file return ret (Xiaowei.Hu) [Orabug: 16823825] - Revert 'Btrfs: remove ->dirty_inode' (Guangyu Sun) [Orabug: 16841843] - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16750157] - net: fix incorrect credentials passing (Linus Torvalds) [Orabug: 16836975] {CVE-2013-1979} - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16836958] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16836943] {CVE-2013-1860} - ext3: Fix format string issues (Lars-Peter Clausen) [Orabug: 16836934] {CVE-2013-1848} - cnic: dont use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16780307] - Revert 'drm/i915: correctly order the ring init sequence' (Guangyu Sun) [Orabug: 16486689] - x86/boot-image: Dont leak phdrs in arch/x86/boot/compressed/misc.c::Parse_elf() (Jesper Juhl) [Orabug: 16833437] - spec: add /boot/vmlinuz*.hmac needed for fips mode (John Haxby) [Orabug: 16807114] - perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094} - spec: ol6 add multipath version deps (Maxim Uvarov) [Orabug: 16763586] - Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) - fuse: enhance fuse dev to be numa aware (Srinivas Eeda) [Orabug: 16218187] - fuse: add fuse numa node struct (Srinivas Eeda) [Orabug: 16218187] - fuse: add numa mount option (Srinivas Eeda) [Orabug: 16218187] - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) [Orabug: 16660413] - bonding: allow all slave speeds (Jiri Pirko) [Orabug: 16759490] - dlmglue race condition,wrong lockres_clear_pending (Xiaowei.Hu) [Orabug: 13611997] [2.6.39-400.106.0] - spec: fix suffix order of a directory name (Guangyu Sun) [Orabug: 16682371] - Merge tag 'v2.6.39-400#qu4bcom' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16626319] - Merge tag 'v2.6.39-400#qu4qlge' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16732027] - Merge tag 'v2.6.39-400#qu4lpfc' of git://ca-git.us.oracle.com/linux-snits-public into uek2-master (Maxim Uvarov) [Orabug: 16749881] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387137] {CVE-2012-4542} - Parallel mtrr init between cpus (Zhenzhong Duan) [Orabug: 16434164] - fuse: return -EGAIN if not connected (Josef Bacik) [Orabug: 16740418] - qlcnic: update to version 5.2.29.45 (Jerry Snitselaar) [Orabug: 16694438] - qlge: update to version 1.00.00.32 (Jerry Snitselaar) [Orabug: 16732027] - lpfc: Corrected Copyright string (Gairy Grannum) [Orabug: 16749881] - lpfc: enable BlockGuard Support by default (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed exhausted retry for plogi to nameserver. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed ELS_REC received on the unsolicited receive queue (James Smart) [Orabug: 16749881] - lpfc 8.3.36: Correct mask error (James Smart) [Orabug: 16749881] - lpfc 8.3.36: Correct buffer length overrun (James Smart) [Orabug: 16749881] - lpfc: typo cleanup (Linus Torvalds) [Orabug: 16749881] - lpfc 8.3.36: Update DIF support for passthru/strip/insert (James Smart) [Orabug: 16749881] - lpfc 8.3.36: Fix bug with Target Resets and FCP2 devices (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed not reporting logical link speed to SCSI midlayer when QoS not on (James Smart) [Orabug: 16749881] - lpfc: Update lpfc version for 8.3.7.10.4p driver release (Gairy Grannum) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc: Fixed driver handling of CLEAR_LA with NPIV enabled causing SID=0 frames out (James Smart) [Orabug: 16749881] - scsi: fix lpfc build when wmb() is defined as mb() (Randy Dunlap) [Orabug: 16749881] - lpfc: Reduced tmo value set to FLOGI WQE for quick recovery from FLOGI sequence timeout (James Smart) [Orabug: 16749881] - lpfc: Add log message when completes with clean address bit set to zero (James Smart) [Orabug: 16749881] - lpfc: Fixed driver vector mapping to CPU affinity (James Smart) [Orabug: 16749881] - lpfc: Fixed driver vector mapping to CPU affinity (James Smart) [Orabug: 16749881] - lpfc: Fixed iocb flags not being reset for scsi commands (James Smart) [Orabug: 16749881] - lpfc: Fixed system panic during EEH recovery due to midlayer acting on outstanding I/O (James Smart) [Orabug: 16749881] - lpfc: Fixed not returning FAILED status when SCSI invoking host reset handler failed (James Smart) [Orabug: 16749881] - lpfc: Fixed bad book keeping in posting els sgls to port (James Smart) [Orabug: 16749881] - lpfc: Fixed deadlock between hbalock and nlp_lock use (James Smart) [Orabug: 16749881] - lpfc: Fixed BlockGuard to take advantage of rdprotect/wrprotect info when available (James Smart) [Orabug: 16749881] - lpfc: Reduced spinlock contention on SCSI buffer list (James Smart) [Orabug: 16749881] - lpfc: Fixed crash when processing bsgs sg list with high memory pages (James Smart) [Orabug: 16749881] - lpfc: Fix lpfc_fcp_look_ahead module parameter (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with SCSI Host reset (James Smart) [Orabug: 16749881] - lpfc: Doorbell formation information logged in dual-chute mode WQ and RQ setup (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large s/g lists for BlockGuard (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large lpfc_sg_seg_cnt values (James Smart) [Orabug: 16749881] - lpfc: Fixed pt2pt and loop discovery problems on topology changes. (James Smart) [Orabug: 16749881] - lpfc: Remove driver dependency on HZ (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: Fixed BlockGuard error reporting (James Smart) [Orabug: 16749881] - lpfc: Fixed VPI allocation issues after firmware dump is performed (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed potential mis-interpretation of READ_TOPOLOGY reserved fields (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fix default value for lpfc_enable_rrq. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed circular locking dependency and inconsistent lock state issues (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed PT2PT bring up problem for FC SLI4. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed OXID reuse issue. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: fix potential NULL pointer dereference in lpfc_sli4_rq_put() (Wei Yongjun) [Orabug: 16749881] - lpfc 8.3.38: Fixed deadlock condition in FCF round robin handling (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed bsg timeout handling issues that would result in crashes (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed NMI watch dog panics when resetting the hba. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed degraded performance after cable pulls (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for change_queue_type (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed infinite loop in lpfc_sli4_fcf_rr_next_index_get. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed crash due to SLI Port invalid resource count (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fix potential memory corruption bug (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for FCoE protocol dual-chute (ULP) operation (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed stale ndlp state when the node is marked for deferred removal. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed not checking solicition in progress bit when verifying FCF record for use (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed PRLI not being retried if a LS_RJT with a reason (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Expand I/O channel support for large systems (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fix interrupt delay multipler conversion for eq_create (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Correct typecasts for snprintf messages (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add Interrupts per second stats via debugfs (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Adjust IO Channels to 1 when INTx (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Fix number of IO channels to match CPUs (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add debugfs interface to display SLI queue information (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Fixed debugfs queInfo to include queue stats (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add lpfc_fcp_look_ahead module parameter (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with SCSI Host reset (James Smart) [Orabug: 16749881] - lpfc: Doorbell formation information logged in dual-chute mode WQ and RQ setup (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large s/g lists for BlockGuard (James Smart) [Orabug: 16749881] - lpfc: Fix driver issues with large lpfc_sg_seg_cnt values (James Smart) [Orabug: 16749881] - lpfc: Fixed pt2pt and loop discovery problems on topology changes. (James Smart) [Orabug: 16749881] - lpfc: Remove driver dependency on HZ (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: Fixed BlockGuard error reporting (James Smart) [Orabug: 16749881] - lpfc: Fixed VPI allocation issues after firmware dump is performed (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed potential mis-interpretation of READ_TOPOLOGY reserved fields (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fix default value for lpfc_enable_rrq. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed circular locking dependency and inconsistent lock state issues (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed PT2PT bring up problem for FC SLI4. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed OXID reuse issue. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed async FCF modified event to in-use FCF failure to trigger recovery (James Smart) [Orabug: 16749881] - lpfc: fix potential NULL pointer dereference in lpfc_sli4_rq_put() (Wei Yongjun) [Orabug: 16749881] - lpfc 8.3.38: Fixed deadlock condition in FCF round robin handling (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed bsg timeout handling issues that would result in crashes (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed NMI watch dog panics when resetting the hba. (James Smart) [Orabug: 16749881] - lpfc 8.3.38: Fixed degraded performance after cable pulls (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for change_queue_type (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed infinite loop in lpfc_sli4_fcf_rr_next_index_get. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed crash due to SLI Port invalid resource count (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fix potential memory corruption bug (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Provide support for FCoE protocol dual-chute (ULP) operation (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Fixed stale ndlp state when the node is marked for deferred removal. (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.37: Removed use of NOP mailboxes for interrupt verification (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed not checking solicition in progress bit when verifying FCF record for use (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fixed PRLI not being retried if a LS_RJT with a reason (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Correct request_firmware use that was increasing boot times (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Expand I/O channel support for large systems (James Smart) [Orabug: 16749881] - lpfc 8.3.35: Fix interrupt delay multipler conversion for eq_create (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Correct typecasts for snprintf messages (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add Interrupts per second stats via debugfs (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Adjust IO Channels to 1 when INTx (James Smart) [Orabug: 16749881] - lpfc 8.3.34: Fix number of IO channels to match CPUs (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add debugfs interface to display SLI queue information (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Fixed debugfs queInfo to include queue stats (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add lpfc_fcp_look_ahead module parameter (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Parallelize SLI-4 Q distribution (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Make I/O to hw queue distribution algorithm a module parameter (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Change Naming convention for SLI4 Interrupt vector (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Allow per-hba interrupt rate tuning (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Tie parallel I/O queues into separate MSIX vectors (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Formally separate lpfc_sli_ring SLI-3 and SLI-4 variantions (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add Interrupts per second stats via debugfs (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Parallelize SLI-4 Q distribution (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Misc changes to optimize critical path (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Formally separate lpfc_sli_ring SLI-3 and SLI-4 variantions (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Convert to no SCSI host lock in queuecommand (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Convert to no SCSI host lock in queuecommand (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Convert to no SCSI host lock in queuecommand (James Smart) [Orabug: 16749881] - lpfc 8.3.33: Add debugfs interface to display SLI queue information (James Smart) [Orabug: 16749881] - bnx2x: update to broadcom version 1.76.54 (Jerry Snitselaar) - bnx2fc: update to broadcom version 2.3.4 (Jerry Snitselaar) - bnx2i: update to broadcom version 2.7.6.1d (Jerry Snitselaar) - cnic: update to broadcom version 2.5.16g (Jerry Snitselaar) - bnx2: update to broadcom version 2.2.3n (Jerry Snitselaar) - tg3: update to broadcom version 3.129d (Jerry Snitselaar) - drivers:net: dma_alloc_coherent: use __GFP_ZERO instead of memset(, 0) (Joe Perches) - drivers:net: Remove dma_alloc_coherent OOM messages (Joe Perches) - be2net: Use new F/W mailbox cmd to manipulate interrupts. (Somnath Kotur) - be2net: enable interrupts in be_probe() (RoCE and other ULPs need them) (Somnath Kotur) - be2net: Update copyright year (Vasundhara Volam) - be2net: use CSR-BAR SEMAPHORE reg for BE2/BE3 (Sathya Perla) - benet: Wait f/w POST until timeout (Gavin Shan) - be2net: remove BUG_ON() in be_mcc_compl_is_new() (Sathya Perla) - be2net: update driver version to 4.6.x (Sathya Perla) - be2net: fix re-loaded PF driver to re-gain control of its VFs (Sathya Perla) - be2net: Updating Module Author string and log message string to 'Emulex Corporation' (Sarveshwar Bandi) - be2net: fix unconditionally returning IRQ_HANDLED in INTx (Sathya Perla) - ethtool: fix drvinfo strings set in drivers (Jiri Pirko) - be2net: fix wrong frag_idx reported by RX CQ (Sathya Perla) - be2net: fix be_close() to ensure all events are acked (Sathya Perla) - drivers/net: fix up function prototypes after __dev* removals (Greg Kroah-Hartman) - be2net: remove __dev* attributes (Bill Pemberton) - [scsi] fnic driver update to 1.5.0.41 (Maxim Uvarov) - [SCSI] sd: Permit merged discard requests (Martin K. Petersen) - [SCSI] scsi_dh_alua: backoff alua rtpg retry linearly vs. geometrically (Rob Evers) - [SCSI] scsi_dh_alua: retry alua rtpg extended header for illegal request response (Rob Evers) - [SCSI] scsi_dh_alua: implement 'implied transition timeout' (Rob Evers) - [SCSI] scsi_dh_alua: Fix the time inteval for alua rtpg commands (Moger, Babu) - [SCSI] scsi_dh_alua: Decrease retry interval (Hannes Reinecke) - [SCSI] scsi_dh_alua: Fix Erroneous TPG ID check (Hannes Reinecke) - [SCSI] scsi_dh_alua: always update TPGS status on activate (Hannes Reinecke) - [SCSI] scsi scan: dont fail scans when host is in recovery (Mike Christie) - [SCSI] scsi_lib: pause between error retries (James Smart) - RDS: Fixes race conditions that may lead to non-optimal paths, causing lower throughput. (Bang Nguyen) [Orabug: 16571410] - Merge tag 'v2.6.39-400.20.1.16313854' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek2-master (Maxim Uvarov) [Orabug: 16313854] - sched: Use resched IPI to kick off the nohz idle balance (Suresh Siddha) [Orabug: 16424589] - x86, efi/efi.c: Suppress error message when desc_size not equal size from UEFI Porting from Yinghais patch from following link http://permalink.gmane.org/gmane.linux.kernel/1131668 x86, efi: Only print warning when desc_size is smaller than defined one. Used to suppress the error message when desc_size not equal size from UEFI. (ethan.zhao) [Orabug: 15814305] - SPEC: add x86_energy_perf_policy tool Add tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy to ol5 ol6 uek kernel rpmbuild spec file and create shell wrapper for this tool. (ethan.zhao) [Orabug: 16036151] - igbvf: Update to 2.0.4 (ethan.zhao) [Orabug: 16626308] - ixgbevf: Update to 2.8.7 (ethan.zhao) [Orabug: 16626308] - ixgbe: Update to 3.14.5 (ethan.zhao) [Orabug: 16626308] - igb: Update to 4.1.2 (ethan.zhao) [Orabug: 16626308] - e1000e: Update to 2.3.2 (ethan.zhao) [Orabug: 16626308] [2.6.39-400.105.0] - Revert 'Parallel mtrr init between cpus' (Maxim Uvarov) [2.6.39-400.104.0] - Merge tag 'v2.6.39-400.20.1.16313854' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek2-master (Maxim Uvarov) [Orabug: 16313854] - spec: fix instalation if hardlink is installed (Maxim Uvarov) - Parallel mtrr init between cpus (Zhenzhong Duan) - KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796} - be2iscsi : Bump the driver version (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix issue in passing the exp_cmdsn and max_cmdsn (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix possible reentrancy issue in be_iopoll (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix the copyright information (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix checking Adapter state while establishing CXN (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix dynamic CID allocation Mechanism in driver (John Soni Jose) [Orabug: 16704553] - be2iscsi : Fix the NOP-In handling code path (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix the Port Link Status issue (John Soni Jose) [Orabug: 16704553] - beiscsi: Fix displaying the Active Session Count from driver (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix displaying the FW Version from driver. (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix support for DEFQ extension (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix MACRO for checking the adapter type (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix freeing CXN specific driver resources. (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix MSIx support in SKH-R to 32 (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix MBX Command issues (John Soni Jose) [Orabug: 16704553] - be2iscsi: Fix when MBX fails with Insufficient buffer error (John Soni Jose) [Orabug: 16704553] - be2iscsi: Send uninitialize pattern to FW (John Soni Jose) [Orabug: 16704553] - be2iscsi: Get Port State and Speed of the Adapter (John Soni Jose) [Orabug: 16704553] - hpwdt: Only BYTE reads/writes to WD Timer port 0x72 (Mingarelli, Thomas) - misc: hpilo: ignore auxiliary HP iLO BMCs (Mark Rusk) - MISC: hpilo, remove pci_disable_device (Jiri Slaby) - misc: hpilo: increase number of max supported channels (Camuso, Tony) - Fix device removal NULL pointer dereference (Joe Jin) [Orabug: 16684527] - put stricter guards on queue dead checks (James Bottomley) [Orabug: 16684527] - RDS: Fixes race conditions that may lead to non-optimal paths, causing lower throughput (Bang Nguyen) [Orabug: 16571410] - 8139cp: Prevent dev_close/cp_interrupt race on MTU change (John Greene) - 8139cp: properly support change of MTU values [v2] (John Greene) - 8139cp: fix coherent mapping leak in error path. (francois romieu) - 8139cp: re-enable interrupts after tx timeout (David Woodhouse) - 8139cp: set ring address after enabling C+ mode (David Woodhouse) - 8139cp: revert 'set ring address before enabling receiver' (francois romieu) - sched: Use resched IPI to kick off the nohz idle balance (Suresh Siddha) [Orabug: 16424589] - llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675488] {CVE-2012-6542} - qla4xxx: update driver version to v5.03.00.02.06.02-uek2 (Tej Parkash) - qla4xxx: Silence the compile warning for uint comparison (Adheer Chandravanshi) - qla4xxx: changing default behaviour of ql4xdisablesysfsboot to true (Tej Parkash) - qla4xxx: Silence gcc warning for uninitialized veriable (Vikas Chaudhary) - qla4xxx: Added print statements to display AENs (Vikas Chaudhary) - qla4xxx: Use correct value for max flash node entries (Adheer Chandravanshi) - qla4xxx: Restrict logout from boot target session using session id (Adheer Chandravanshi) - qla4xxx: Use correct flash ddb offset for ISP40XX (Adheer Chandravanshi) - qla4xxx: Replace dev type macros with generic portal type macros (Adheer Chandravanshi) - scsi_transport_iscsi: Declare portal type string macros for generic use (Adheer Chandravanshi) - qla4xxx: Add flash node mgmt support (Adheer Chandravanshi) - libiscsi: export function iscsi_switch_str_param (Adheer Chandravanshi) - scsi_transport_iscsi: Add flash node mgmt support (Adheer Chandravanshi) - qla4xxx: Skip retry of initialize_adapter only for ISP8XXX (Nilesh Javali) - qla4xxx: Assign correct CHAP table address to FLT (Vikas Chaudhary) - qla4xxx: Added missing check for ISP83XX in CHAP related functions (Vikas Chaudhary) - qla4xxx: dont free NULL dma pool (Dan Carpenter) - qla4xxx: Fixed request queue count manipulation on response path (Tej Parkash) - qla4xxx: Fix debug level to avoid floods of same message (Vikas Chaudhary) - qla4xxx: Pass correct LUN address to firmware in case of lun_reset (Vikas Chaudhary) - qla4xxx: Fix double reset in case of firmware hung for ISP83XX (Vikas Chaudhary) - qla4xxx: Set graceful reset bit for ISP83XX (Vikas Chaudhary) - qla4xxx: Boot from SAN fix for ISP83XX (Vikas Chaudhary) - qla4xxx: Take E-port out of reset before disabling pause frames (Manish Dusane) - qla4xxx: Fix return code for qla4xxx_session_get_param. (Manish Rangankar) - qla4xxx: wait for boot target login response during probe (Manish Rangankar) - qla4xxx: Added support for force firmware dump (Vikas Chaudhary) - qla4xxx: Re-register IRQ handler while retrying initialize of adapter (Poornima Vonti) - qla4xxx: Throttle active IOCBs to firmware limits (Karen Higgins) - qla4xxx: Remove unnecessary code from qla4xxx_init_local_data (Karen Higgins) - qla4xxx: Quiesce driver activities while loopback (Nilesh Javali) - qla4xxx: Rename MBOX_ASTS_IDC_NOTIFY to MBOX_ASTS_IDC_REQUEST_NOTIFICATION (Nilesh Javali) - qla4xxx: Add spurious interrupt messages under debug level 2 (Nilesh Javali) - scsi_transport_iscsi: export iscsi class sessions target_id in sysfs. (Manish Rangankar) - r8169: fix auto speed down issue (hayeswang) - r8169: honor jumbo settings when chipset is requested to start. (francois romieu) - Revert 'r8169: enable internal ASPM and clock request settings'. (Francois Romieu) - Revert 'r8169: enable ALDPS for power saving'. (Francois Romieu) - r8169: fix vlan tag read ordering. (francois romieu) - r8169: remove the obsolete and incorrect AMD workaround (Timo Teras) - r8169: remove unneeded dirty_rx index (Timo Teras) - remove init of dev->perm_addr in drivers (Jiri Pirko) - r8169: workaround for missing extended GigaMAC registers (francois romieu) - r8169: remove __dev* attributes (Bill Pemberton) - r8169: Drop tp arg from rtl8169_tx_vlan_tag() (Kirill Smelkov) - r8169: remove unused macros. (Dayanidhi Sreenivasan) - r8169: enable internal ASPM and clock request settings (hayeswang) - r8169: allow multicast packets on sub-8168f chipset. (Nathan Walp) - r8169: Fix WoL on RTL8168d/8111d. (Cyril Brulebois) - r8169: Kill SafeMtu macro (Kirill Smelkov) - r8169: enable ALDPS for power saving (hayeswang) - hpsa: check for dma_mapping_error in hpsa_passthru ioctls (Stephen M. Cameron) - hpsa: reorganize error handling in hpsa_passthru_ioctl (Stephen M. Cameron) - hpsa: check for dma_mapping_error in hpsa_map_sg_chain_block (Stephen M. Cameron) - hpsa: Check for dma_mapping_error for all code paths using fill_cmd (Stephen M. Cameron) - hpsa: Check for dma_mapping_error in hpsa_map_one (Shuah Khan) - Drivers: scsi: remove __dev* attributes. (Greg Kroah-Hartman) - hpsa: removed unused member maxQsinceinit (Stephen M. Cameron) - hpsa: use check_signature (Akinobu Mita) - iser: panic on iser connect (Shamir Rabinovitch) [Orabug: 16313854] - Btrfs: fix backport conflicts (Liu Bo) - Revert 'Btrfs: using for_each_set_bit_from to simplify the code' (Liu Bo) - Revert 'Btrfs: move the sb_end_intwrite until after the throttle logic' (Liu Bo) - Revert 'btrfs: Convert to new freezing mechanism' (Liu Bo) - Revert 'Btrfs: add qgroup inheritance' (Liu Bo) - Revert 'Btrfs: call the qgroup acco IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1860 CVE-2013-1979 CVE-2012-6542 CVE-2013-1848 CVE-2013-1929 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.32-400.29.1] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943} [2.6.32-400.28.1] - do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974] - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860} - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025] - sched: Fix ancient race in do_exit() (Joe Jin) - open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542} - vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568] - svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} [2.6.32-400.27.1] - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6542} - x86/mm: Check if PUD is large when validating a kernel address (Mel Gorman) [Orabug: 14251997] MODERATE Copyright 2013 Oracle, Inc. CVE-2012-6542 CVE-2013-1929 CVE-2013-1860 CVE-2012-4542 CVE-2013-1943 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.29.2uek] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173824] {CVE-2013-3222} - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173824] {CVE-2013-2634} - udf: avoid info leak on export (Mathias Krause) [Orabug: 17173824] {CVE-2012-6548} - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173824] {CVE-2013-2852} - signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173824] {CVE-2013-0914} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-3224 CVE-2013-3222 CVE-2013-2634 CVE-2012-6548 CVE-2013-3225 CVE-2013-2852 CVE-2013-0914 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.109.3] - Revert 'be2net: enable interrupts in probe' (Jerry Snitselaar) [Orabug: 17179597] [2.6.39-400.109.2] - be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 17173830] {CVE-2013-3222} - rtnl: fix info leak on RTM_GETLINK request for VF devices (Mathias Krause) [Orabug: 17173830] {CVE-2013-2635} - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17173830] {CVE-2013-2634} - udf: avoid info leak on export (Mathias Krause) [Orabug: 17173830] {CVE-2012-6548} - tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 17173830] {CVE-2013-3301} - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 17173830] {CVE-2013-2852} - signal: always clear sa_restorer on execve (Kees Cook) [Orabug: 17173830] {CVE-2013-0914} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-2635 CVE-2013-2634 CVE-2013-3225 CVE-2013-3224 CVE-2013-3222 CVE-2012-6548 CVE-2013-3301 CVE-2013-2852 CVE-2013-0914 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.29.3uek] - block: do not pass disk names as format strings (Jerry Snitselaar) [Orabug: 17230124] {CVE-2013-2851} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370765] {CVE-2013-2237} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371054] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371072] {CVE-2012-6544} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371079] {CVE-2013-2232} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371121] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372129] {CVE-2013-2206} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2206 CVE-2013-2851 CVE-2012-6544 CVE-2013-2237 CVE-2013-2232 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:9:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.109.6] - block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230083] {CVE-2013-2851} - libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230108] {CVE-2013-1059} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371078] {CVE-2013-2232} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370788] {CVE-2013-2237} - Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370892] {CVE-2012-6544} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371050] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371065] {CVE-2012-6544} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371118] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372121] {CVE-2013-2206} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2012-6544 CVE-2013-2206 CVE-2013-2232 CVE-2013-2237 CVE-2013-1059 CVE-2013-2851 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.209.1] - Revert 'stop mig handler when lockres in progress ,and return -EAGAIN' (Srinivas Eeda) [Orabug: 16924802] - ocfs2/dlm: Fix list traversal in dlm_process_recovery_data (Srinivas Eeda) [Orabug: 17432400] - ocfs2/dlm: ocfs2 dlm umount skip migrating lockres (Srinivas Eeda) [Orabug: 16859627] [2.6.39-400.208.1] - Btrfs: make the chunk allocator completely tree lockless (Josef Bacik) [Orabug: 17334251] - mpt2sas: protect mpt2sas_ioc_list access with lock (Jerry Snitselaar) [Orabug: 17383579] - mptsas: update to 4.28.20.02 (Jerry Snitselaar) [Orabug: 17294806] - RDS: protocol negotiation fails during reconnect (Bang Nguyen) [Orabug: 17375389] - config:remove LM80 modules to void blindly loading cause crash (ethan.zhao) [Orabug: 16976462] [2.6.39-400.207.0] - Update lpfc version for 8.3.7.26.3p driver release (Gairy Grannum) [Orabug: 17340816] - lpfc 8.3.36: Update DIF support for passthru/strip/insert (James Smart) [Orabug: 17340816] - Update lpfc version for 8.3.7.26.1p driver release (Gairy Grannum) [Orabug: 17376967] - lpfc: whitespace fix (Vaios Papadimitriou) [Orabug: 17376967] - Update copyrights for 8.3.41 modifications (James Smart) [Orabug: 17376967] - Add first burst support to driver (James Smart) [Orabug: 17376967] - Fixed the format of some log message fields (James Smart) [Orabug: 17376967] - Add first burst support to driver (James Smart) [Orabug: 17376967] - Fixed not able to perform PCI function reset when board was not in online mode (James Smart) [Orabug: 17376967] - Fixed failure in setting SLI3 board mode (James Smart) [Orabug: 17376967] - Fixed SLI3 failing FCP write on check-condition no-sense with residual zero (James Smart) [Orabug: 17376967] - Fixed support for 128 byte WQEs (James Smart) [Orabug: 17376967] - Ensure driver properly zeros unused fields in SLI4 mailbox commands (James Smart) [Orabug: 17376967] - Fixed max value of lpfc_lun_queue_depth (James Smart) [Orabug: 17376967] - Fixed Receive Queue varied frame size handling (James Smart) [Orabug: 17376967] - Fix mailbox byteswap issue on PPC (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Update Copyrights to 2013 for 8.3.38, 8.3.39, and 8.3.40 modifications (James Smart) [Orabug: 17376967] - Fixed freeing of iocb when internal loopback times out (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed a race condition between SLI host and port failed FCF rediscovery (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed issue mailbox wait routine failed to issue dump memory mbox command (James Smart) [Orabug: 17376967] - treewide: Fix typos in kernel messages (Masanari Iida) [Orabug: 17376967] - lpfc 8.3.40: Fixed system panic due to unsafe walking and deleting linked list (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed FCoE connection list vlan identifier and add FCF list debug (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Clarified the behavior of the lpfc_max_luns module parameter (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fix to allow OCM to report FEC status (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed a missing return code in a logging message (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed some logging message fields (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed list corruption when lpfc_drain_tx runs (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fix inconsistent list removal causes crash (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed system panic during handling unsolicited receive buffer error condition (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fixed crash during FCoE failover testing. (James Smart) [Orabug: 17376967] - lpfc 8.3.40: Fix lpfc_used_cpu to be more dynamic (James Smart) [Orabug: 17376967] - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17371930] {CVE-2013-2206} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371037] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370887] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371061] {CVE-2012-6544} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371114] {CVE-2013-2206} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370761] {CVE-2013-2237} - dm: allow error target to replace either bio-based and request-based targets (Joe Jin) [Orabug: 17357884] - Btrfs: handle a bogus chunk tree nicely (Josef Bacik) [Orabug: 17361069] - OFED: Move R2 field to bottom of mlx4_caps for backward compatibility (Yuval Shaia) [Orabug: 17303785] - RDS: double free rdma_cm_id (Bang Nguyen) [Orabug: 17192816] - xen: initialize xen panic handler for PVHVM (Vaughan Cao) [Orabug: 17200031] - sg: push file descriptor list locking down to per-device locking (Vaughan Cao) [Orabug: 16835013] - sg: checking sdp->detached isnt protected when open (Vaughan Cao) [Orabug: 16835013] - sg: no need sg_open_exclusive_lock (Vaughan Cao) [Orabug: 16835013] - sg: use rwsem to solve race during exclusive open (Vaughan Cao) [Orabug: 16835013] - sg: remove sg_mutex (Jorn Engel) [Orabug: 16835013] - sg: completely protect sfds (Jorn Engel) [Orabug: 16835013] - sg: protect sdp->exclude (Jorn Engel) [Orabug: 16835013] - sg: prevent unwoken sleep (Jorn Engel) [Orabug: 16835013] - sg: remove closed flag (Jorn Engel) [Orabug: 16835013] - sg: use wait_event_interruptible() (Jorn Engel) [Orabug: 16835013] - sg: remove while (1) non-loop (Jorn Engel) [Orabug: 16835013] - sg: remove unnecessary indentation (Jorn Engel) [Orabug: 16835013] - RDS: ActiveBonding IP exclusion filter (Bang Nguyen) [Orabug: 17075950] - RDS: Reconnect stalls for 15s (Bang Nguyen) [Orabug: 17277974] - sk_buff: fix kabi broken for add new for union (Joe Jin) [Orabug: 14500568] - tcp: fix skb_availroom() (Eric Dumazet) [Orabug: 14500568] - tcp: avoid order-1 allocations on wifi and tx path (Eric Dumazet) [Orabug: 14500568] - tcp: Reallocate headroom if it would overflow csum_start (Thomas Graf) [Orabug: 14500568] - tcp: take care of misalignments (Eric Dumazet) [Orabug: 14500568] - RDS: Reconnect causes panic at completion phase (Bang Nguyen) [Orabug: 17213597] - RDS: added stats to track and display receive side memory usage (Venkat Venkatsubra) [Orabug: 17045536] - RDS: RDS reconnect stalls (Bang Nguyen) [Orabug: 1731355] - ext4: fix race between sync and completed io work (Jeff Moyer) [Orabug: 16908825] - ext4: optimize locking for end_io extent conversion (Theodore Tso) [Orabug: 16908825] - ext4: remove unnecessary call to waitqueue_active() (Theodore Tso) [Orabug: 16908825] - ext4: Use correct locking for ext4_end_io_nolock() (Tao Ma) [Orabug: 16908825] - xen/pci: Track PVHVM PIRQs. (Zhenzhong Duan) [Orabug: 16908825] - ocfs2_prep_new_orphaned_file return ret (Xiaowei.Hu) [Orabug: 16823825] - Revert 'Btrfs: remove ->dirty_inode' (Guangyu Sun) [Orabug: 16841843] - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16750157] - net: fix incorrect credentials passing (Linus Torvalds) [Orabug: 16836975] {CVE-2013-1979} - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16836958] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16836943] {CVE-2013-1860} - ext3: Fix format string issues (Lars-Peter Clausen) [Orabug: 16836934] {CVE-2013-1848} - cnic: dont use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: 16780307] - Revert 'drm/i915: correctly order the ring init sequence' (Guangyu Sun) [Orabug: 16486689] - x86/boot-image: Dont leak phdrs in arch/x86/boot/compressed/misc.c::Parse_elf() (Jesper Juhl) [Orabug: 16833437] - spec: add /boot/vmlinuz*.hmac needed for fips mode (John Haxby) [Orabug: 16807114] - perf: Treat attr.config as u64 in perf_swevent_init() (Tommi Rantala) [Orabug: 16808734] {CVE-2013-2094} - spec: ol6 add multipath version deps (Maxim Uvarov) [Orabug: 16763586] [2.6.39-400.206.0] - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (Hannes Frederic Sowa) [Orabug: 17296421] {CVE-2013-4163} - fib_trie: potential out of bounds access in trie_show_stats() (Jerry Snitselaar) [Orabug: 16840280] - aacraid: update from 1.1-7 to 1.2-0 (Jerry Snitselaar) [Orabug: 17296044] - qlcnic: update from 5.2.29.45 to 5.2.43 (Jerry Snitselaar) [Orabug: 17267102] - net: init perm_addr in register_netdevice() (Jiri Pirko) [Orabug: 17280581] - config: disable THP for OL6 builds (Jerry Snitselaar) [Orabug: 17279055] - ACPI / memhotplug: Fix a stale pointer in error path (Toshi Kani) [Orabug: 17271787] - xhci: Avoid NULL pointer deref when host dies. (Sarah Sharp) [Orabug: 17271780] - xhci: fix null pointer dereference on ring_doorbell_for_active_rings (Oleksij Rempel) [Orabug: 17271777] - SCSI: sd: fix crash when UA received on DIF enabled device (Ewan D. Milne) [Orabug: 17271761] - hrtimers: Move SMP function call to thread context (Thomas Gleixner) [Orabug: 17237808] - lockd: protect nlm_blocked access in nlmsvc_retry_blocked (David Jeffery) [Orabug: 17237800] - SCSI: megaraid_sas: fix memory leak if SGL has zero length entries (Bj?rn Mork) [Orabug: 17237796] - vlan: fix a race in egress prio management (Eric Dumazet) [Orabug: 17237794] - ifb: fix oops when loading the ifb failed (dingtianhong) [Orabug: 17237783] - dummy: fix oops when loading the dummy failed (dingtianhong) [Orabug: 17237779] - ifb: fix rcu_sched self-detected stalls (dingtianhong) [Orabug: 17237770] - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17237766] - ipv6,mcast: always hold idev->lock before mca_lock (Amerigo Wang) [Orabug: 17237756] - af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17237752] {CVE-2013-2234} - perf: Fix perf_lock_task_context() vs RCU (Peter Zijlstra) [Orabug: 17237744] - perf: Remove WARN_ON_ONCE() check in __perf_event_enable() for valid scenario (Jiri Olsa) [Orabug: 17237744] - perf: Clone child context from parent context pmu (Jiri Olsa) [Orabug: 17237744] - tracing: Use current_uid() for critical time tracing (Steven Rostedt (Red Hat)) [Orabug: 17237735] - ext4: fix overflow when counting used blocks on 32-bit architectures (Jan Kara) [Orabug: 17231269] - ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs (Jan Kara) [Orabug: 17231264] - xhci: check for failed dma pool allocation (Mathias Nyman) [Orabug: 17231247] - crypto: sanitize argument for format string (Kees Cook) - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17230700] {CVE-2013-2164} - pch_uart: fix a deadlock when pch_uart as console (Liang Li) [Orabug: 17061700] - UBIFS: fix a horrid bug (Artem Bityutskiy) [Orabug: 17061699] - UBIFS: prepare to fix a horrid bug (Artem Bityutskiy) [Orabug: 17061697] - dlci: validate the net device in dlci_del() (Zefan Li) [Orabug: 17061696] - dlci: acquire rtnl_lock before calling __dev_get_by_name() (Zefan Li) [Orabug: 17061695] - Bluetooth: Fix crash in l2cap_build_cmd() with small MTU (Anderson Lizardo) [Orabug: 17061694] - fnic driver update from 1.5.0.41 to 1.5.0.45 (Maxim Uvarov) [Orabug: 17187644] - mpt3sas: update from v02.100.00.00 to v3.00.00.00 (Sreekanth Reddy) [Orabug: 17249188] - mpt3sas: enable build of mpt3sas driver (Jerry Snitselaar) [Orabug: 17187698] - mpt3sas: Updated driver code to have a compatibility with UEK r2 u5 kernel (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: Bump driver version to v02.100.00.00 (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: when async scanning is enabled then while scanning, devices are removed but their transport layer entries are not removed (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: MPI2.5 Rev F v2.5.1.1 specification (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: Infinite loops can occur if MPI2_IOCSTATUS_CONFIG_INVALID_PAGE is not returned (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: fix for kernel panic when driver loads with HBA conected to non LUN 0 configured expander (Sreekanth Reddy) [Orabug: 1718 7698] - mpt3sas: Updated the Hardware timing requirements (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: 2013 source code copyright (Sreekanth Reddy) [Orabug: 17187698] - mpt3sas: dont wank with fasync on ->release() (Al Viro) [Orabug: 17187698] - mpt3sas: remove unused variables (Wei Yongjun) [Orabug: 17187698] - mpt3sas: Remove unneeded version.h header inclusion (Sachin Kamat) [Orabug: 17187698] - mpt3sas: cut and paste bug storing trigger mpi (Dan Carpenter) [Orabug: 17187698] - mpt3sas: add new driver supporting 12GB SAS (Sreekanth Reddy) [Orabug: 17187698] - scsi_transport_sas: add 12GB definitions for mpt3sas (Sreekanth Reddy) [Orabug: 17187698] - miscdevice: Adding support for MPT3SAS_MINOR(222) (Sreekanth Reddy) [Orabug: 17187698] [2.6.39-400.205.0] - xen/time: remove blocked time accounting from xen 'clockchip' (Laszlo Ersek) [Orabug: 17073675] - unix: fix a race condition in unix_release() (Paul Moore) [Orabug: 17209195] - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17215196] {CVE-2013-2232} - block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230067] {CVE-2013-2851} - libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230100] {CVE-2013-1059} - config: add xsigo config options (Ajaykumar Hotchandani) [Orabug: 17248170] - mpt2sas: update from 16.05.01.00 to 17.00.00.00 (Jerry Snitselaar) [Orabug: 17237402] - qla4xxx: Updated driver version to 5.03.00.03.06.02-uek2 (Tej Parkash) [Orabug: 17220575] - libiscsi: Add missing prints for session and connection sysfs attrs (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Export more firmware info in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Only BIOS boot target entries should be at index 0 and 1. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: discovery_parent_idx can be shown without any check. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Set IPv6 traffic class if device type is IPv6. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Use discovery_parent_idx instead of discovery_parent_type (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Allow removal of failed session using logout. (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (Adheer Chandravanshi) [Orabug: 17220575] - libiscsi: Added new boot entries in the session sysfs (Eddie Wai) [Orabug: 17220575] - iscsi class, qla4xxx: fix sess/conn refcounting when find fns are used (Mike Christie) [Orabug: 17220575] - qla4xxx: Fix iocb_cnt calculation in qla4xxx_send_mbox_iocb() (Vikas Chaudhary) [Orabug: 17220575] - scsi_transport_iscsi: fix error return code in iscsi_transport_init() (Wei Yongjun) [Orabug: 17220575] - qla4xxx: Assign values using correct datatype (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Fix smatch warnings (Adheer Chandravanshi) [Orabug: 17220575] - qla4xxx: Fix sparse warning for qla4xxx_sysfs_ddb_tgt_create (Vikas Chaudhary) [Orabug: 17220575] - RDS: (Bang Nguyen) [Orabug: 17206167] - neighbour: fix a race in neigh_destroy() (Eric Dumazet) [Orabug: 17230315] - be2net: Updating version number (Sarveshwar Bandi) [Orabug: 17219620] - be2net: Fix to avoid hardware workaround when not needed (Sarveshwar Bandi) [Orabug: 17219620] - net/trivial: replace numeric with standard PM state macros (Yijing Wang) [Orabug: 17219620] - be2net: Fix 32-bit DMA Mask handling (Somnath Kotur) [Orabug: 17219620] - be2net: Implement initiate FW dump feature for Lancer (Somnath Kotur) [Orabug: 17219620] - be2net: Fix crash on 2nd invocation of PCI AER/EEH error_detected hook (Somnath Kotur) [Orabug: 17219620] - be2net: Mark checksum fail for IP fragmented packets (Somnath Kotur) [Orabug: 17219620] - be2net: Trim padded packets for Lancer (Somnath Kotur) [Orabug: 17219620] - be2net: Pad skb to meet min Tx pkt size in lancer (Somnath Kotur) [Orabug: 17219620] - be2net: cleanup be_get_drvinfo() (Somnath Kotur) [Orabug: 17219620] - be2net: refactor HW workarounds in be_xmit() (Sathya Perla) [Orabug: 17219620] - be2net: bug fix on returning an invalid nic descriptor (Wei Yang) [Orabug: 17219620] - be2net: Avoid double insertion of vlan tags. (Sarveshwar Bandi) [Orabug: 17219620] - be2net: disable TX in be_close() (Sathya Perla) [Orabug: 17219620] - be2net: fix EQ from getting full while cleaning RX CQ (Sathya Perla) [Orabug: 17219620] - be2net: fix payload_len value for GET_MAC_LIST cmd req (Sathya Perla) [Orabug: 17219620] - be2net: provision VF resources before enabling SR-IOV (Sathya Perla) [Orabug: 17219620] - be2net: Fix to fail probe if MSI-X enable fails for a VF (Somnath Kotur) [Orabug: 17219620] - be2net: avoid napi_disable() when it has not been enabled (Somnath Kotur) [Orabug: 17219620] - be2net: Fix firmware download for Lancer (Somnath Kotur) [Orabug: 17219620] - be2net: Fix to receive Multicast Packets when Promiscuous mode is enabled on certain devices (Ajit Khaparde) [Orabug: 17219620] - be2net: Fix to show tx priority pause counter in ethtool -S (Ajit Khaparde) [Orabug: 17219620] - be2net: Fix to use 32-bit stats to report rx_drops_no_fragment (Ajit Khaparde) [Orabug: 17219620] - be2net: Fix to use version 2 of cq_create for SkyHawk-R devices (Ajit Khaparde) [Orabug: 17219620] - be2net: FLR must be first cmd issued to Lancer FW (Kalesh AP) [Orabug: 17219620] - be2net: Use GET_FUNCTION_CONFIG V1 cmd (Kalesh AP) [Orabug: 17219620] - be2net: Fix to show wol disabled/enabled state correctly. (Sarveshwar Bandi) [Orabug: 17219620] - be2net: Fixed memory leak (Suresh Reddy) [Orabug: 17219620] - be2net: Avoid diagnostic test in certain versions of firmware to avoid NIC freeze. (Suresh Reddy) [Orabug: 17219620] - be2net: Renamed rx_address_mismatch_errors to rx_address_filtered (Suresh Reddy) [Orabug: 17219620] - be2net: Add support for setting and getting rx flow hash options (Suresh Reddy) [Orabug: 17219620] - be2net: Fix PVID tag offload for packets with inline VLAN tag. (Ajit Khaparde) [Orabug: 17219620] - be2net: fix a Tx stall bug caused by a specific ipv6 packet (Ajit Khaparde) [Orabug: 17219620] - be2net: Remove an incorrect pvid check in Tx (Ajit Khaparde) [Orabug: 17219620] - be2net: enable IOMMU pass through for be2net (Craig Hada) [Orabug: 17219620] - be2net: Use GET_PROFILE_CONFIG V1 cmd for BE3-R (Vasundhara Volam) [Orabug: 17219620] - be2net: Avoid flashing BE3 UFI on BE3-R chip. (Vasundhara Volam) [Orabug: 17219620] - be2net: Dont log 'Out of MCCQ wrbs' error (Vasundhara Volam) [Orabug: 17219620] - be2net: Use TXQ_CREATE_V2 cmd (Vasundhara Volam) [Orabug: 17219620] - be2net: take care of __vlan_put_tag return value (Ivan Vecera) [Orabug: 17219620] - be2net: remove unused variable 'sge' (Ivan Vecera) [Orabug: 17219620] - megaraid: update from 6.505 to 6.600.18.00 (Jerry Snitselaar) [Orabug: 17187623] - xsigo: Kconfig and Makefile updates (Ajaykumar Hotchandani) [Orabug: 17248170] - xsigo: Integrate 7489 release in UEK2 (Ajaykumar Hotchandani) [Orabug: 17248170] - fs writeback: fix race in mark inode dirty.patch (Srinivas Eeda) [Orabug: 17198525] - sxge: Check link state before xmit (Joe Jin) [Orabug: 17201198] - writeback: Fix periodic writeback after fs mount (Srinivas Eeda) [Orabug: 17185874] - spec: use _target_cpu in suffix for devel dir (Jerry Snitselaar) [Orabug: 17181059] - mm: leave hugepage pmd (Guru Anbalagane) [Orabug: 17186750] - Disable THP config (Guru Anbalagane) [Orabug: 17186750] - RDS: Fix a bug in QoS protocol negotiation (Bang Nguyen) [Orabug: 17079972] - RDS: alias failover is not working properly (Bang Nguyen) [Orabug: 17177994] - rdma_cm: CMA_QUERY_HANDLER: BAD STATUS -110 and -22 (Chien-Hua Yen) [Orabug: 16708786] - [RDS] add NETFILTER suppport (Ahmed Abbas) [Orabug: 17082619] [2.6.39-400.204.0] - be2net: enable interrupts in probe (Jerry Snitselaar) [Orabug: 17080364] - xen-netfront: use skb_partial_csum_set() to simplify the codes (Li RongQing) - xen-netfront: split event channels support for Xen frontend driver (Wei Liu) - xen-netfront: avoid leaking resources when setup_netfront fails (Wei Liu) - xen-netfront: reduce gso_max_size to account for max TCP header (Wei Liu) - xen-netfront: frags -> slots in log message (Wei Liu) - xen-netfront: frags -> slots in xennet_get_responses (Wei Liu) - xen-netfront: remove unused variable 'extra' (Wei Liu) - xen/netfront: improve truesize tracking (Ian Campbell) - xen-netfront: remove __dev* attributes (Bill Pemberton) - xen/netfront: handle compound page fragments on transmit (Ian Campbell) - xen-netfront: use __pskb_pull_tail to ensure linear area is big enough on RX (Ian Campbell) - ocfs2: xattr: fix inlined xattr reflink (Junxiao Bi) [Orabug: 15914937] - futex: Revert 'futex: Mark get_robust_list as deprecated' (Thomas Gleixner) [Orabug: 16818441] - xen: do not disable netfront in dom0 (Marek Marczykowski) - xen-netfront: correct MAX_TX_TARGET calculation. (Wei Liu) - xen-netback: xenbus.c: use more current logging styles (Wei Liu) - xen: Use more current logging styles (Joe Perches) - xen-netback: double free on unload (Dan Carpenter) - xen-netback: dont de-reference vif pointer after having called xenvif_put() (Jan Beulich) - xen-netback: split event channels support for Xen backend driver (Wei Liu) - xen-netback: enable user to unload netback module (Wei Liu) - xen-netback: remove dead code (Wei Liu) - xen-netback: better names for thresholds (Wei Liu) - xen-netback: avoid allocating variable size array on stack (Wei Liu) - xen-netback: remove redundent parameter in netbk_count_requests (Wei Liu) [2.6.39-400.203.0] - xen/netback: correctly calculate required slots of skb. (Annie Li) [Orabug: 16934362] - RDS: Local address resolution may be delayed after IP has moved. RDS to update local ARP cache directly to speed it up. (Bang Nguy en) [Orabug: 16979994] - mlx4: fix data corruption in hugetlb_user_mr (Chien Yen) [Orabug: 16772016] - fix compilation blk-core.c with missing rate-limit header (Maxim Uvarov) - block: rate-limit the error message from failing commands (Yi Zou) [Orabug: 15918663] - Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk) - xen/pciback: Fix for backport compilation issues. (Konrad Rzeszutek Wilk) - Revert 'xen-blkfront: use a different scatterlist for each request' (Konrad Rzeszutek Wilk) - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) - xen-blkback: check the number of iovecs before allocating a bios (Roger Pau Monne) - xen-blkfront: set blk_queue_max_hw_sectors correctly (Roger Pau Monne) - xen-blkback: workaround compiler bug in gcc 4.1 (Roger Pau Monne) - xen/blkback: Check for insane amounts of request on the ring (v6). (Konrad Rzeszutek Wilk) - xen/io/ring.h: new macro to detect whether there are too many requests on the ring (Jan Beulich) - xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140} - xen/blkback: Fix backporting of printk_ratelimit. (Konrad Rzeszutek Wilk) - xen/blkback: Check device permissions before allowing OP_DISCARD (Konrad Rzeszutek Wilk) {CVE-2013-2140} - xen/blkback: Use physical sector size for setup (Stefan Bader) - xen-blkback/sysfs: Move the parameters for the persistent grant features (Konrad Rzeszutek Wilk) - xen-blkfront: Introduce a 'max' module parameter to alter the amount of indirect segments. (Konrad Rzeszutek Wilk) - xen-blkfront: use a different scatterlist for each request (Roger Pau Monne) - xen-blkback: allocate list of pending reqs in small chunks (Roger Pau Monne) - xen-block: implement indirect descriptors (Roger Pau Monne) - xen-blkback: expand map/unmap functions (Roger Pau Monne) - xen-blkback: make the queue of free requests per backend (Roger Pau Monne) - xen-blkback: move pending handles list from blkbk to pending_req (Roger Pau Monne) - xen-blkback: implement LRU mechanism for persistent grants (Roger Pau Monne) - xen-blkback: use balloon pages for all mappings (Roger Pau Monne) - xen-blkback: print stats about persistent grants (Roger Pau Monne) [2.6.39-400.202.0] - l2tp: Fix sendmsg() return value (Guillaume Nault) - l2tp: Fix PPP header erasure and memory leak (Guillaume Nault) [Orabug: 17030957] - packet: packet_getname_spkt: make sure string is always 0-terminated (Daniel Borkmann) [Orabug: 17030956] - net: sctp: fix NULL pointer dereference in socket destruction (Daniel Borkmann) [Orabug: 17030954] - ip_tunnel: fix kernel panic with icmp_dest_unreach (Eric Dumazet) [Orabug: 17030953] - netlabel: improve domain mapping validation (Paul Moore) [Orabug: 17030951] - ipv6: fix possible crashes in ip6_cork_release() (Eric Dumazet) [Orabug: 17030950] - tcp: fix tcp_md5_hash_skb_data() (Eric Dumazet) [Orabug: 17030948] - fmr: D-NFS/RDM (FMR) patches for OFED (abhishek varshney) [Orabug: 16966484] - lpfc: Update lpfc version for 8.3.7.10.7p driver release (James Smart) [Orabug: 17026768] - lpfc: Fix starting reference tag when calculating BG error (James Smart) [Orabug: 17026768] - lpfc: Fix BlockGuard error checking (James Smart) [Orabug: 17026768] - tg3: update from broadcom version 3.129d to 3.131d (Jerry Snitselaar) [Orabug: 17024939] - mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer (Aneesh Kumar K.V) [Orabug: 17025306] - mac80211: close AP_VLAN interfaces before unregistering all (Johannes Berg) [Orabug: 17025303] - batman-adv: Only write requested number of byte to user buffer (Sven Eckelmann) [Orabug: 17025019] - x25: Validate incoming call user data lengths (Matthew Daley) [Orabug: 17025021] - aoe: reserve enough headroom on skbs (Eric Dumazet) [Orabug: 17025018] - perf,x86: fix kernel crash with PEBS/BTS after suspend/resume (Stephane Eranian) [Orabug: 17024915] - dcbnl: fix various netlink info leaks (Mathias Krause) [Orabug: 17024912] {CVE-2013-2634} - e1000e driver update from 2.3.2 to 2.4.14 (Maxim Uvarov) Merge Intel drivers update. - ixgbe driver update from 3.14.5 to 3.15.1 (Maxim Uvarov) Merge Intel drivers update. - igbvf driver update from 2.0.4 to 2.3.2 (Maxim Uvarov) Merge Intel drivers update. - igb driver update from 4.1.2 to 4.3.0 (Maxim Uvarov) Merge Intel drivers update. - spec: change version to 400.200.0 for ol5 (Maxim Uvarov) - RDS: restore two-sided reconnect with the lower IP node having a constant 100 ms backoff. (Bang Nguyen) [Orabug: 16710287] - scsi_prep_fn() check for empty queue (Maxim Uvarov) [Orabug: 17015328] - x86: Fix typo in kexec register clearing (Kees Cook) [Orabug: 16992876] - mm: migration: add migrate_entry_wait_huge() (Naoya Horiguchi) [Orabug: 16992874] - swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [Orabug: 16992871] - b43: stop format string leaking into error msgs (Kees Cook) [Orabug: 16992869] {CVE-2013-2852} - nohz: Fix update_ts_time_stat idle accounting (Michal Hocko) [Orabug: 16985182] - tracing: Fix possible NULL pointer dereferences (Namhyung Kim) [Orabug: 16963984] - drm: fix a use-after-free when GPU acceleration disabled (Huacai Chen) [Orabug: 16963983] - cifs: fix potential buffer overrun when composing a new options string (Jeff Layton) [Orabug: 16963818] - drivers/block/brd.c: fix brd_lookup_page() race (Brian Behlendorf) [Orabug: 16963816] - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (Xiao Guangrong) [Orabug: 16963814] - klist: del waiter from klist_remove_waiters before wakeup waitting process (wang, biao) [Orabug: 16963813] - ocfs2: goto out_unlock if ocfs2_get_clusters_nocache() failed in ocfs2_fiemap() (Joseph Qi) [Orabug: 16963812] - fat: fix possible overflow for fat_clusters (OGAWA Hirofumi) [Orabug: 16963811] - cifs: only set ops for inodes in I_NEW state (Jeff Layton) [Orabug: 16963810] - usermodehelper: check subprocess_info->path != NULL (Oleg Nesterov) [Orabug: 16909862] - ipv6: do not clear pinet6 field (Eric Dumazet) [Orabug: 16909856] - macvlan: fix passthru mode race between dev removal and rx path (Jiri Pirko) [Orabug: 16909854] - bridge: fix race with topology change timer (stephen hemminger) [Orabug: 16909638] - tick: Cleanup NOHZ per cpu data on cpu down (Thomas Gleixner) [Orabug: 16909637] - timer: Dont reinitialize the cpu base lock during CPU_UP_PREPARE (Tirupathi Reddy) [Orabug: 16909635] - x86/mm: account for PGDIR_SIZE alignment (Jerry Hoemann) [Orabug: 16903170] - kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() (Chen Gang) [Orabug: 16903120] - clockevents: Set dummy handler on CPU_DEAD shutdown (Thomas Gleixner) [Orabug: 16902369] - cgroup: fix an off-by-one bug which may trigger BUG_ON() (Li Zefan) [Orabug: 16902267] - hrtimer: Add expiry time overflow check in hrtimer_interrupt (Prarit Bhargava) [Orabug: 16902194] - hrtimer: Fix ktime_add_ns() overflow on 32bit architectures (David Engraf) [Orabug: 16902186] - fs/fscache/stats.c: fix memory leak (Anurup m) [Orabug: 16901677] - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (Mathias Krause) [Orabug: 16888256] {CVE-2013-3225} - Bluetooth: fix possible info leak in bt_sock_recvmsg() (Mathias Krause) [Orabug: 16888251] {CVE-2013-3224} - atm: update msg_namelen in vcc_recvmsg() (Mathias Krause) [Orabug: 16888219] {CVE-2013-3222} - net: sctp: sctp_auth_key_put: use kzfree instead of kfree (Daniel Borkmann) [Orabug: 16888213] - Btrfs: make sure nbytes are right after log replay (Josef Bacik) [Orabug: 16864338] - Revert 'sysfs: fix race between readdir and lseek' (Jiri Kosina) [Orabug: 16858013] - crypto: algif - suppress sending source address information in recvmsg (Mathias Krause) [Orabug: 16864292] - sched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s (Tejun Heo) [Orabug: 16864274] - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 16864214] - Revert '8021q: fix a potential use-after-free' (Greg Kroah-Hartman) [Orabug: 16858417] - hrtimer: Dont reinitialize a cpu_base lock on CPU_UP (Michael Bohan) [Orabug: 16864124] - PM / reboot: call syscore_shutdown() after disable_nonboot_cpus() (Huacai Chen) [Orabug: 16863936] - tracing: Fix double free when function profile init failed (Namhyung Kim) [Orabug: 16863887] - mm: prevent mmap_cache race in find_vma() (Jan Stancek) [Orabug: 16863788] - block: avoid using uninitialized value in from queue_var_store (Arnd Bergmann) [Orabug: 16863776] - bonding: get netdev_rx_handler_unregister out of locks (Veaceslav Falico) [Orabug: 16863608] - net: add a synchronize_net() in netdev_rx_handler_unregister() (Eric Dumazet) [Orabug: 16863608] - 8021q: fix a potential use-after-free (Cong Wang) [Orabug: 16858417] - efivars: Handle duplicate names from get_next_variable() (Matt Fleming) [Orabug: 16858386] - efivars: explicitly calculate length of VariableName (Matt Fleming) [Orabug: 16858386] - loop: prevent bdev freeing while device in use (Anatol Pomozov) [Orabug: 16858270] - Btrfs: limit the global reserve to 512mb (Josef Bacik) [Orabug: 16858090] - sysfs: handle failure path correctly for readdir() (Ming Lei) [Orabug: 16858013] - sysfs: fix race between readdir and lseek (Ming Lei) [Orabug: 16858013] IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2140 CVE-2012-6549 CVE-2013-1772 CVE-2013-2234 CVE-2013-3076 CVE-2013-4163 CVE-2013-2164 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.33.2] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17618900] {CVE-2013-4299} - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17618897] {CVE-2013-4162} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4162 CVE-2013-4299 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:4:patch Oracle Linux 5 Oracle Linux 6 [2.6.39-400.209.2] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17618492] {CVE-2013-4299} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4299 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 kernel-uek [3.8.13-16.1.1.el6uek] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17617582] {CVE-2013-4299} MODERATE Copyright 2013 Oracle, Inc. CVE-2013-4299 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 [3.8.13-16.2.2.el6uek] - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-0343 CVE-2013-4387 CVE-2013-4592 CVE-2013-2892 CVE-2013-4345 CVE-2013-2889 CVE-2013-2888 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.211.2] - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17842208] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17842129] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17842105] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17842095] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17842084] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Jerry Snitselaar) [Orabug: 17842075] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17842072] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17842063] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17842056] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17842050] {CVE-2013-4387} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-1928 CVE-2013-3231 CVE-2012-6545 CVE-2013-2892 CVE-2013-2889 CVE-2013-2888 CVE-2013-4592 CVE-2013-4345 CVE-2013-0343 CVE-2013-4387 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.33.3uek] - af_key: fix info leaks in notify messages (Mathias Krause) [Orabug: 17837974] {CVE-2013-2234} - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (Jonathan Salwan) [Orabug: 17837971] {CVE-2013-2164} - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17837966] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17837959] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17838023] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17837945] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17837942] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17837936] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17837936] - NFSv4: Check for buffer length in __nfs4_get_acl_uncached (Sven Wegener) [Orabug: 17837931] {CVE-2013-4591} - ansi_cprng: Fix off by one error in non-block size request (Neil Horman) [Orabug: 17837999] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17837925] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17837923] {CVE-2013-0343} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-2234 CVE-2013-1928 CVE-2013-2892 CVE-2013-2889 CVE-2013-4345 CVE-2013-3231 CVE-2013-2164 CVE-2012-6545 CVE-2013-4591 CVE-2013-2888 CVE-2013-0343 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 kernel-uek [3.8.13-16.2.3.el6uek] - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951080] {CVE-2013-4470} - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (Gleb Natapov) [Orabug: 17951067] {CVE-2013-6376} - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (Andy Honig) [Orabug: 17951071] {CVE-2013-6368} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4470 CVE-2013-6368 CVE-2013-6376 CVE-2013-6367 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.211.3] - ip6_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951806] {CVE-2013-4470} - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951818] {CVE-2013-4470} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951705] {CVE-2013-6367} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-6367 CVE-2013-4470 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.33.4uek] - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (Emese Revfy) [Orabug: 17951083] {CVE-2013-2141} - ip_output: do skb ufo init for peeked non ufo skb as well (Jiri Pirko) [Orabug: 17951078] {CVE-2013-4470} - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (Andy Honig) [Orabug: 17951073] {CVE-2013-6367} IMPORTANT Copyright 2013 Oracle, Inc. CVE-2013-4470 CVE-2013-2141 CVE-2013-6367 cpe:/a:oracle:linux:5::u10_patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:10:patch cpe:/a:oracle:linux:6:5:patch cpe:/a:oracle:linux:5::latest