User: Password:
|
|
Subscribe / Log in / New account

Oracle alert ELSA-2012-2008 (enterprise kernel)

From:  Errata Announcements for Oracle Linux <el-errata@oss.oracle.com>
To:  el-errata@oss.oracle.com
Subject:  [El-errata] ELSA-2012-2008 Moderate: Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update
Date:  Mon, 23 Apr 2012 13:21:07 -0700
Message-ID:  <4F95B9B3.30707@oracle.com>
Archive-link:  Article, Thread

Oracle Linux Security Advisory ELSA-2012-2008 The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-uek-2.6.39-100.6.1.el6uek.i686.rpm kernel-uek-debug-2.6.39-100.6.1.el6uek.i686.rpm kernel-uek-debug-devel-2.6.39-100.6.1.el6uek.i686.rpm kernel-uek-devel-2.6.39-100.6.1.el6uek.i686.rpm kernel-uek-doc-2.6.39-100.6.1.el6uek.noarch.rpm kernel-uek-firmware-2.6.39-100.6.1.el6uek.noarch.rpm x86_64: kernel-uek-firmware-2.6.39-100.6.1.el6uek.noarch.rpm kernel-uek-doc-2.6.39-100.6.1.el6uek.noarch.rpm kernel-uek-2.6.39-100.6.1.el6uek.x86_64.rpm kernel-uek-devel-2.6.39-100.6.1.el6uek.x86_64.rpm kernel-uek-debug-devel-2.6.39-100.6.1.el6uek.x86_64.rpm kernel-uek-debug-2.6.39-100.6.1.el6uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.39... Users with Oracle Linux Premier Support can now use Ksplice to patch against this Security Advisory. We recommend that all users of Oracle Linux 6 install these updates. Users of Ksplice Uptrack can install these updates by running : # /usr/sbin/uptrack-upgrade -y On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any additional action. Description of changes: * CVE-2012-1090: Denial of service in the CIFS filesystem reference counting. Under certain circumstances, the CIFS filesystem would open a file on lookup. If the file was determined later to be a FIFO or any other special file the file handle would be leaked, leading to reference counting mismatch and a kernel OOPS on unmount. An unprivileged local user could use this flaw to crash the system. * CVE-2012-1097: NULL pointer dereference in the ptrace subsystem. Under certain circumstances, ptrace-ing a process could lead to a NULL pointer dereference and kernel panic. kernel-uek: [2.6.39-100.6.1.el6uek] - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) {CVE-2012-1097} - regset: Prevent null pointer reference on readonly regsets (H. Peter Anvin) {CVE-2012-1097} - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) {CVE-2012-1090} _______________________________________________ El-errata mailing list El-errata@oss.oracle.com http://oss.oracle.com/mailman/listinfo/el-errata


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds