User: Password:
Subscribe / Log in / New account

Oracle alert ELSA-2012-0481 (kernel)

From:  Errata Announcements for Oracle Linux <>
Subject:  [El-errata] ELSA-2012-0481 Moderate: Oracle Linux 6 kernel security, bug fix, and enhancement update
Date:  Mon, 23 Apr 2012 13:20:34 -0700
Message-ID:  <>
Archive-link:  Article, Thread

Oracle Linux Security Advisory ELSA-2012-0481 The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-2.6.32-220.13.1.el6.i686.rpm kernel-debug-2.6.32-220.13.1.el6.i686.rpm kernel-debug-devel-2.6.32-220.13.1.el6.i686.rpm kernel-devel-2.6.32-220.13.1.el6.i686.rpm kernel-doc-2.6.32-220.13.1.el6.noarch.rpm kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm kernel-headers-2.6.32-220.13.1.el6.i686.rpm perf-2.6.32-220.13.1.el6.i686.rpm python-perf-2.6.32-220.13.1.el6.i686.rpm x86_64: kernel-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-2.6.32-220.13.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-devel-2.6.32-220.13.1.el6.x86_64.rpm kernel-doc-2.6.32-220.13.1.el6.noarch.rpm kernel-firmware-2.6.32-220.13.1.el6.noarch.rpm kernel-headers-2.6.32-220.13.1.el6.x86_64.rpm 2.6.32-220.13.1.el6.x86_64.rpm python-perf-2.6.32-220.13.1.el6.x86_64.rpm SRPMS: Users with Oracle Linux Premier Support can now use Ksplice to patch against this Security Advisory. We recommend that all users of Oracle Linux 6 install these updates. Users of Ksplice Uptrack can install these updates by running : # /usr/sbin/uptrack-upgrade -y On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any additional action. Description of changes: * CVE-2012-0879: Denial of service in CLONE_IO. CLONE_IO reference counting error could be exploited by an unprivileged local user to cause denial of service. * Fix crash on discard in the software RAID driver. The IO module in the software RAID subsystem didn't properly handle DISCARD messages when using a configuration which has disk mirroring on top of a DISCARD enabled hardware. This would lead to kernel BUGs. * Bad access control permissions to dmesg_restrict sysctl. The root user without the CAP_SYS_ADMIN capability was able to reset the contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to 0. Consequently, the unprivileged root user could bypass the protection of the "dmesg_restrict" file and read the kernel ring buffer. * CVE-2012-1097: NULL pointer dereference in the ptrace subsystem. Under certain circumstances, ptrace-ing a process could lead to a NULL pointer dereference and kernel panic. * CVE-2012-1090: Denial of service in the CIFS filesystem reference counting. Under certain circumstances, the CIFS filesystem would open a file on lookup. If the file was determined later to be a FIFO or any other special file the file handle would be leaked, leading to reference counting mismatch and a kernel OOPS on unmount. An unprivileged local user could use this flaw to crash the system. * Inode corruption in XFS inode lookup. The XFS inode cache did not correctly initialize the inode before insertion into the cache which could result in corruption when racing with an inode lookup. [2.6.32-220.13.1.el6] - Revert: [fs] NFSv4: include bitmap in nfsv4 get acl data (Sachin Prabhu) [753231 753232] {CVE-2011-4131} [2.6.32-220.12.1.el6] - [net] net_sched: qdisc_alloc_handle() can be too slow (Jiri Pirko) [805458 785891] - [fs] procfs: add hidepid= and gid= mount options (Jerome Marchand) [770651 770652] - [fs] procfs: parse mount options (Jerome Marchand) [770651 770652] - [fs] fuse: add O_DIRECT support (Josef Bacik) [800552 753798] - [kernel] sysctl: restrict write access to dmesg_restrict (Phillip Lougher) [749248 749251] - [block] dm io: fix discard support (Mike Snitzer) [799943 758404] - [net] netlink: wrong size was calculated for vfinfo list blob (Andy Gospodarek) [790338 772136] - [netdrv] mlx4_en: fix endianness with blue frame support (Steve Best) [789911 750166] - [usb] Fix deadlock in hid_reset when Dell iDRAC is reset (Shyam Iyer) [797205 782374] - [virt] vmxnet3: Cap the length of the pskb_may_pull on transmit (bz 790673) (Neil Horman) [801723 790673] - [scsi] megaraid_sas: Fix instance access in megasas_reset_timer (Tomas Henzl) [790341 759318] - [netdrv] macvtap: Fix the minor device number allocation (Steve Best) [796828 786518] - [net] tcp: bind() fix autoselection to share ports (Flavio Leitner) [787764 784671] - [fs] cifs: change oplock break slow work to very slow work (Jeff Layton) [789373 772874] - [net] sunrpc: remove xpt_pool (J. Bruce Fields) [795338 753301] - [net] Potential null skb->dev dereference (Flavio Leitner) [795335 769590] - [net] pkt_sched: Fix sch_sfq vs tcf_bind_filter oops (Jiri Pirko) [786873 667925] - [net] mac80211: cancel auth retries when deauthenticating (John Linville) [797241 754356] [2.6.32-220.11.1.el6] - [netdrv] igb: reset PHY after recovering from PHY power down (Frantisek Hrbata) [789371 737714] - [drm] Ivybridge force wake fixes (Dave Airlie) [790007 786272] - [fs] xfs: fix inode lookup race (Dave Chinner) [804961 796277] - [kernel] regset: Return -EFAULT, not -EIO, on host-side memory fault (Jerome Marchand) [799212 799213] {CVE-2012-1097} - [kernel] regset: Prevent null pointer reference on readonly regsets (Jerome Marchand) [799212 799213] {CVE-2012-1097} - [block] Fix io_context leak after failure of clone with CLONE_IO (Vivek Goyal) [796846 791125] {CVE-2012-0879} - [block] Fix io_context leak after clone with CLONE_IO (Vivek Goyal) [796846 791125] {CVE-2012-0879} - [fs] cifs: fix dentry refcount leak when opening a FIFO on lookup (Sachin Prabhu) [798298 781893] {CVE-2012-1090} - [fs] NFSv4: include bitmap in nfsv4 get acl data (Sachin Prabhu) [753231 753232] {CVE-2011-4131} - [mm] fix nrpages assertion (Josef Bacik) [797182 766861] - [mm] Eliminate possible panic in page compaction code (Larry Woodman) [802430 755885] - [mm] Prevent panic on 2-node x3850 X5 w/2 MAX5 memory drawers panics while running certification tests caused by page list corruption (Larry Woodman) [802430 755885] - [sched] Fix cgroup movement of waking process (Larry Woodman) [795326 773517] - [sched] Fix cgroup movement of forking process (Larry Woodman) [795326 773517] - [sched] Fix cgroup movement of newly created process (Larry Woodman) [795326 773517] - [sched] Fix ->min_vruntime calculation in dequeue_entity() (Larry Woodman) [795326 773517] - [sched] cgroup: Fixup broken cgroup movement (Larry Woodman) [795326 773517] - [kernel] Prevent system deadlock when moving tasks between cgroups (Larry Woodman) [789060 773522] - [kernel] sched: fix {s,u}time values decrease (Stanislaw Gruszka) [789061 748559] - [mm] mempolicy.c: refix mbind_range() vma issue (Motohiro Kosaki) [802379 727700] - [mm] mempolicy.c: fix pgoff in mbind vma merge (Motohiro Kosaki) [802379 727700] [2.6.32-220.10.1.el6] - [sched] Fix Kernel divide by zero panic in find_busiest_group() (Larry Woodman) [801718 785959] [2.6.32-220.9.1.el6] - [x86] Fix c-state transitions when !NOHZ (Prarit Bhargava) [798572 767753] - [x86] tsc: Skip TSC synchronization checks for tsc=reliable (Prarit Bhargava) [798572 767753] [2.6.32-220.8.1.el6] - [fs] nfs: don't try to migrate pages with active requests (Jeff Layton) [790905 739811] _______________________________________________ El-errata mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds