[ELSA-2012-0743] kernel security and bug fix update

Severity Important

Affected Packages 9

CVEs 9

[2.6.32-220.23.1.el6]
- [net] bond: Make LRO flag follow slave settings (Neil Horman) [831176 794647]

[2.6.32-220.22.1.el6]
- [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [824429 812108]

[2.6.32-220.21.1.el6]
- [security] fix compile error in commoncap.c (Eric Paris) [806725 806726] {CVE-2012-2123}
- [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806725 806726] {CVE-2012-2123}
- [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [822757 803936] {CVE-2012-2372}
- [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [816292 814504] {CVE-2012-2136}
- [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816154 816155] {CVE-2012-2137}
- [drm] integer overflow in drm_mode_dirtyfb_ioctl() (Dave Airlie) [773249 773250] {CVE-2012-0044}
- [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [824429 812108]
- [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [824429 812108]
- [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [823903 822697]
- [infiniband] mlx4: fix RoCE oops (Doug Ledford) [799946 749059]
- [mm] read_pmd_atomic: fix pmd_populate SMP race condition (Andrea Arcangeli) [822824 820762] {CVE-2012-2373}
- [infiniband] mlx4: check return code and bail on error (Doug Ledford) [799946 749059]
- [infiniband] mlx4: use locking when walking netdev list (Doug Ledford) [799946 749059]
- [mm] thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) [803808 800328] {CVE-2012-1179}

[2.6.32-220.20.1.el6]
- [vhost] net: fix possible NULL pointer dereference of vq->bufs (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: validate zerocopy vectors before building skb (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: put zerocopy page when fail to get all requested user pages (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] macvtap: fix zerocopy offset calculation when building skb (Jason Wang) [814286 814288] {CVE-2012-2119}
- [net] bonding: remove entries for master_ip and vlan_ip and query devices instead (Andy Gospodarek) [816197 810299]
- [virt] KVM: lock slots_lock around device assignment (Alex Williamson) [814154 811653] {CVE-2012-2121}
- [virt] kvm: unmap pages from the iommu when slots are removed (Alex Williamson) [814154 811653] {CVE-2012-2121}
- [virt] xenfv: fix hangs when kdumping (Andrew Jones) [812953 811815]
- [s390x] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [810125 808487]
- [drm] i915: suspend fbdev device around suspend/hibernate (Dave Airlie) [818503 746169]
- [fs] tmpfs: fix off-by-one in max_blocks checks (Eric Sandeen) [809399 783497]
- [net] bonding: Allow Bonding driver to disable/enable LRO on slaves (Neil Horman) [818504 772317]
- [virt] xen-blkfront: conditionally drop name and minor adjustments for emulated scsi devs (Laszlo Ersek) [818505 729586]
- [virt] xen-blk: plug device number leak on error path in xlblk_init (Laszlo Ersek) [818505 729586]

[2.6.32-220.19.1.el6]
- [pci] Fix unbootable HP DL385G6 on 2.6.32-220 by properly disabling pcie aspm (Dave Wysochanski) [819614 769626]

[2.6.32-220.18.1.el6]
- [netdrv] iwlwifi: add option to disable 5Ghz band (Stanislaw Gruszka) [816226 812259]
- [netdrv] iwlwifi: cancel scan before nulify ctx->vif (Stanislaw Gruszka) [816225 801730]
- [netdrv] iwlwifi: do not nulify ctx->vif on reset (Stanislaw Gruszka) [816225 801730]
- [net] mac80211: workaround crash at ieee80211_mgd_probe_ap_send (Stanislaw Gruszka) [814657 808095]
- [net] bonding: 802.3ad - fix agg_device_up (Veaceslav Falico) [817466 806081]
- [scsi] st: fix memory leak with 1MB tape I/O (David Milburn) [816271 811703]

Package	Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/perf?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6	< 2.6.32-220.23.1.el6
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6	< 2.6.32-220.23.1.el6

ID

ELSA-2012-0743

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2012-0743.html

Published

2012-06-18T00:00:00
(12 years ago)

Modified

2012-06-18T00:00:00
(12 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2012-0743	http://linux.oracle.com/errata/ELSA-2012-0743.html
CVE	CVE-2012-2121	http://linux.oracle.com/cve/CVE-2012-2121
CVE	CVE-2012-2136	http://linux.oracle.com/cve/CVE-2012-2136
CVE	CVE-2012-0044	http://linux.oracle.com/cve/CVE-2012-0044
CVE	CVE-2012-1179	http://linux.oracle.com/cve/CVE-2012-1179
CVE	CVE-2012-2119	http://linux.oracle.com/cve/CVE-2012-2119
CVE	CVE-2012-2123	http://linux.oracle.com/cve/CVE-2012-2123
CVE	CVE-2012-2137	http://linux.oracle.com/cve/CVE-2012-2137
CVE	CVE-2012-2372	http://linux.oracle.com/cve/CVE-2012-2372
CVE	CVE-2012-2373	http://linux.oracle.com/cve/CVE-2012-2373

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6	oraclelinux	python-perf	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-6	oraclelinux	perf	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6	oraclelinux	kernel	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6	oraclelinux	kernel-headers	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6	oraclelinux	kernel-firmware	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6	oraclelinux	kernel-doc	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6	oraclelinux	kernel-devel	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6	oraclelinux	kernel-debug	< 2.6.32-220.23.1.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6	oraclelinux	kernel-debug-devel	< 2.6.32-220.23.1.el6	oraclelinux-6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date