Oracle alert ELSA-2012-1064 (kernel)

From:
    	     
 
Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 
To:
    	     
 
el-errata@oss.oracle.com 
Subject:
    	     
 
[El-errata] ELSA-2012-1064 Important: Oracle Linux 6 kernel
 security and bug fix update 
Date:
    	     
 
Wed, 11 Jul 2012 15:42:08 -0700
Message-ID:
    	     
 
<4FFE0140.1030904@oracle.com>
Archive-link:
    	     
 
Article, Thread
              
Oracle Linux Security Advisory ELSA-2012-1064

https://rhn.redhat.com/errata/RHSA-2012-1064.html


The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.32-279.1.1.el6.i686.rpm
kernel-debug-2.6.32-279.1.1.el6.i686.rpm
kernel-debug-devel-2.6.32-279.1.1.el6.i686.rpm
kernel-devel-2.6.32-279.1.1.el6.i686.rpm
kernel-doc-2.6.32-279.1.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm
kernel-headers-2.6.32-279.1.1.el6.i686.rpm
perf-2.6.32-279.1.1.el6.i686.rpm
python-perf-2.6.32-279.1.1.el6.i686.rpm

x86_64:
kernel-2.6.32-279.1.1.el6.x86_64.rpm
kernel-debug-2.6.32-279.1.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.1.1.el6.x86_64.rpm
kernel-devel-2.6.32-279.1.1.el6.x86_64.rpm
kernel-doc-2.6.32-279.1.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.1.1.el6.noarch.rpm
kernel-headers-2.6.32-279.1.1.el6.x86_64.rpm
perf-2.6.32-279.1.1.el6.x86_64.rpm
python-perf-2.6.32-279.1.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-279...


Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.

We recommend that all users of  Oracle Linux 6 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

Description of changes:

* ext4 filesystem corruption on fallocate.

Attempting to fallocate() a file over 4GB with insufficient space on an
ext4 filesystem could result in corruption of the filesystem image.

* CVE-2012-2745: Denial-of-service in kernel key management.

A potential double-free of the replacement session keyring on fork()
could result in a denial-of-service by a local, unprivileged user.

* CVE-2012-2744: Remote denial-of-service in IPv6 connection tracking.

A flaw in the IPv6 connection tracking netfilter module could allow a
remote attacker to trigger a NULL pointer dereference and
denial-of-service with specially crafted IPv6 packets.

[2.6.32-279.1.1.el6]
- [kernel] Prevent keyctl new_session from causing a panic (David 
Howells) [833433 827424] {CVE-2012-2745}
- [net] ipv6/netfilter: fix null pointer dereference in 
nf_ct_frag6_reasm() (Petr Matousek) [833410 833412] {CVE-2012-2744}
- [fs] nfs: Map minor mismatch error to protocol not support error 
(Steve Dickson) [832365 796352]
- [fs] ext4: Fix overflow caused by missing cast in ext4_fallocate() 
(Lukas Czerner) [833034 830209]
- [ata] libata: Add 2GB ATA Flash Disk/ADMA428M to DMA blacklist (Prarit 
Bhargava) [832363 812904]
- [netdrv] r8169: fix typo in firmware filenames (Ivan Vecera) [832359 
829211]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata