[ELSA-2013-2523] Unbreakable Enterprise kernel security and bugfix update

Severity Important

Affected Packages 12

CVEs 1

[2.6.39-400.23.1]
- Parallel mtrr init between cpus (Zhenzhong Duan) [Orabug: 16777774]
- Merge tag 'v2.6.39-400.21.1.16748891' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek-2.6.39-400 (Maxim Uvarov) [Orabug: 16748891]
- xen-blkfront: use a different scatterlist for each request (Roger Pau Monne)
- Fix EN driver to work with newer FWs based on latest mlx4_core (Yuval Shaia) [Orabug: 16748891]

[2.6.39-400.22.1]
- block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387137] {CVE-2012-4542}
- Merge tag 'v2.6.39-400.21.1#bug16684527' of git://ca-git.us.oracle.com/linux-joejin-public into uek-2.6.39-400_errata (Maxim Uvarov) [Orabug: 16684527]
- KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797) (Andy Honig) [Orabug: 16711660] {CVE-2013-1797}
- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711065] {CVE-2013-0349}
- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425358] {CVE-2013-1774}
- keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493354] {CVE-2013-1792}
- KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710951] {CVE-2013-1798}
- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Andy Honig) [Orabug: 16710806] {CVE-2013-1796}
- tmpfs: fix use-after-free of mempolicy object (Greg Thelen) [Orabug: 16515833] {CVE-2013-1767}
- procfs: do not confuse jiffies with cputime64_t (Andreas Schwab) [Orabug: 16673925]
- procfs: do not overflow get_{idle,iowait}_time for nohz (Michal Hocko) [Orabug: 16673925]
- xen/evtchn: Handle VIRQ_TIMER before any other hardirq in event loop. (Keir Fraser) [Orabug: 16093126]
- Fix device removal NULL pointer dereference (Joe Jin) [Orabug: 16684527]
- put stricter guards on queue dead checks (James Bottomley) [Orabug: 16684527]

Package	Affected Version
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	< 2.6.39-400.23.1.el6uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-5	< 2.6.39-400.23.1.el5uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	< 2.6.39-400.23.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-5	< 2.6.39-400.23.1.el5uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	< 2.6.39-400.23.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-5	< 2.6.39-400.23.1.el5uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	< 2.6.39-400.23.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-5	< 2.6.39-400.23.1.el5uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	< 2.6.39-400.23.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-5	< 2.6.39-400.23.1.el5uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	< 2.6.39-400.23.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-5	< 2.6.39-400.23.1.el5uek

ID

ELSA-2013-2523

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2013-2523.html

Published

2013-05-09T00:00:00
(11 years ago)

Modified

2013-05-09T00:00:00
(11 years ago)

Rights

Other Advisories

Source	# ID	Name	URL
elsa	ELSA-2013-2523		http://linux.oracle.com/errata/ELSA-2013-2523.html
CVE	CVE-2012-4542		http://linux.oracle.com/cve/CVE-2012-4542

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	oraclelinux	kernel-uek	< 2.6.39-400.23.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-5	oraclelinux	kernel-uek	< 2.6.39-400.23.1.el5uek	oraclelinux-5
Affected	pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	oraclelinux	kernel-uek-firmware	< 2.6.39-400.23.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-5	oraclelinux	kernel-uek-firmware	< 2.6.39-400.23.1.el5uek	oraclelinux-5
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	oraclelinux	kernel-uek-doc	< 2.6.39-400.23.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-5	oraclelinux	kernel-uek-doc	< 2.6.39-400.23.1.el5uek	oraclelinux-5
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-devel	< 2.6.39-400.23.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-5	oraclelinux	kernel-uek-devel	< 2.6.39-400.23.1.el5uek	oraclelinux-5
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	oraclelinux	kernel-uek-debug	< 2.6.39-400.23.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-5	oraclelinux	kernel-uek-debug	< 2.6.39-400.23.1.el5uek	oraclelinux-5
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-debug-devel	< 2.6.39-400.23.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-5	oraclelinux	kernel-uek-debug-devel	< 2.6.39-400.23.1.el5uek	oraclelinux-5

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date