| |||||||||||||||||||
Oracle alert ELSA-2012-2003 (kernel-uek)
Oracle Linux Security Advisory ELSA-2012-2003 The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-uek-firmware-2.6.32-300.11.1.el6uek.noarch.rpm kernel-uek-doc-2.6.32-300.11.1.el6uek.noarch.rpm kernel-uek-2.6.32-300.11.1.el6uek.i686.rpm kernel-uek-headers-2.6.32-300.11.1.el6uek.i686.rpm kernel-uek-devel-2.6.32-300.11.1.el6uek.i686.rpm kernel-uek-debug-devel-2.6.32-300.11.1.el6uek.i686.rpm kernel-uek-debug-2.6.32-300.11.1.el6uek.i686.rpm ofa-2.6.32-300.11.1.el6uek-1.5.1-4.0.47.i686.rpm ofa-2.6.32-300.11.1.el6uekdebug-1.5.1-4.0.47.i686.rpm mlnx_en-2.6.32-300.11.1.el6uek-1.5.7-0.1.i686.rpm mlnx_en-2.6.32-300.11.1.el6uekdebug-1.5.7-0.1.i686.rpm x86_64: kernel-uek-firmware-2.6.32-300.11.1.el6uek.noarch.rpm kernel-uek-doc-2.6.32-300.11.1.el6uek.noarch.rpm kernel-uek-2.6.32-300.11.1.el6uek.x86_64.rpm kernel-uek-headers-2.6.32-300.11.1.el6uek.x86_64.rpm kernel-uek-devel-2.6.32-300.11.1.el6uek.x86_64.rpm kernel-uek-debug-devel-2.6.32-300.11.1.el6uek.x86_64.rpm kernel-uek-debug-2.6.32-300.11.1.el6uek.x86_64.rpm ofa-2.6.32-300.11.1.el6uek-1.5.1-4.0.47.x86_64.rpm ofa-2.6.32-300.11.1.el6uekdebug-1.5.1-4.0.47.x86_64.rpm mlnx_en-2.6.32-300.11.1.el6uek-1.5.7-0.1.x86_64.rpm mlnx_en-2.6.32-300.11.1.el6uekdebug-1.5.7-0.1.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.32... http://oss.oracle.com/ol6/SRPMS-updates/ofa-2.6.32-300.11... http://oss.oracle.com/ol6/SRPMS-updates/mlnx_en-2.6.32-30... Users with Oracle Linux Premier Support can now use Ksplice to patch against this Security Advisory. We recommend that all users of Oracle Linux 6 install these updates. Users of Ksplice Uptrack can install these updates by running : # /usr/sbin/uptrack-upgrade -y On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any additional action. Description of changes: * CVE-2012-0207: Denial of service bug in IGMP. The IGMP subsystem's compatibility handling of v2 packets had a bug in the computation of a delay field which could result in division by zero (causing a kernel panic). * CVE-2012-0045: Denial of service in KVM system call emulation. A bug in the system call emulation for allowed local users on a 32-bit KVM guest system to cause the guest system to panic. * CVE-2012-0038: In-memory corruption in XFS ACL processing. A missing check in xfs_acl_from_disk on the number of XFS ACLs could result in in-memory corruption and a kernel panic. * CVE-2011-4622: NULL pointer deference in KVM interval timer emulation. Starting PIT timers in the absence of irqchip support could cause a NULL pointer dereference and kernel OOPs. * CVE-2011-4347: Denial of service in KVM device assignment. Several bugs that allowed unprivileged users to improperly assign devices to KVM guests could result in a denial of service. * CVE-2011-4132: Denial of service in Journaling Block Device layer. A flaw in the way the Journaling Block Device (JBD) layer handled an invalid log first block value allowed an attacker to mount a malicious ext3 or ext4 image that would crash the system. * CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm. Nick Bowler reported an issue in the GHASH message digest algorithm. ghash_update can pass a NULL pointer to gf128mul_4k_lle in some cases, leading to a NULL pointer dereference (kernel OOPS). * CVE-2011-4077: Buffer overflow in xfs_readlink. A flaw in the way the XFS filesystem implementation handled links with pathnames larger than MAXPATHLEN allowed an attacker to mount a malicious XFS image that could crash the system or result in privilege escalation. [2.6.32-300.11.1.el6uek] - [fs] xfs: Fix possible memory corruption in xfs_readlink (Carlos Maiolino) {CVE-2011-4077} - [scsi] increase qla2xxx firmware ready time-out (Joe Jin) - [scsi] qla2xxx: Module parameter to control use of async or sync port login (Joe Jin) - [net] tg3: Fix single-vector MSI-X code (Joe Jin) - [net] qlge: fix size of external list for TX address descriptors (Joe Jin) - [net] e1000e: Avoid wrong check on TX hang (Joe Jin) - crypto: ghash - Avoid null pointer dereference if no key is set (Nick Bowler) {CVE-2011-4081} - jbd/jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) {CVE-2011-4132} - KVM: Device assignment permission checks (Joe Jin) {CVE-2011-4347} - KVM: x86: Prevent starting PIT timers in the absence of irqchip support (Jan Kiszka) {CVE-2011-4622} - xfs: validate acl count (Joe Jin) {CVE-2012-0038} - KVM: x86: fix missing checks in syscall emulation (Joe Jin) {CVE-2012-0045} - KVM: x86: extend "struct x86_emulate_ops" with "get_cpuid" (Joe Jin) {CVE-2012-0045} - igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Ben Hutchings) {CVE-2012-0207} - ipv4: correct IGMP behavior on v3 query during v2-compatibility mode (David Stevens) - fuse: fix fuse request unique id (Srinivas Eeda) [orabug 13816349] [2.6.32-300.10.1.el6uek] - net: remove extra register in ip_gre (Guru Anbalagane) [Orabug: 13633287] [2.6.32-300.9.1.el6uek] - [netdrv] fnic: return zero on fnic_reset() success (Joe Jin) - [e1000e] Add entropy generation back for network interrupts (John Sobecki) - [nfs4] LINUX CLIENT TREATS NFS4ERR_GRACE AS A PERMANENT ERROR [orabug 13476821] (John Sobecki) - [nfs] NFS CLIENT CONNECTS TO SERVER THEN DISCONNECTS [orabug 13516759] (John Sobecki) - [sunrpc] Add patch for a mount crash in __rpc_create_common [orabug 13322773] (John Sobecki) [2.6.32-300.8.1.el6uek] - SPEC: fix dependency on firmware/mkinitrd (Guru Anbalagane) [orabug 13637902] - xfs: fix acl count validation in xfs_acl_from_disk() (Dan Carpenter) - [SCSI] scsi_dh: check queuedata pointer before proceeding further (Moger Babu) [orabug 13615419] _______________________________________________ El-errata mailing list El-errata@oss.oracle.com http://oss.oracle.com/mailman/listinfo/el-errata (Log in to post comments)
|
|||||||||||||||||||