kernel security and bug fix update

{"result": {"cve": [{"id": "CVE-2008-0598", "type": "cve", "title": "CVE-2008-0598", "description": "Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.", "published": "2008-06-30T18:41:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0598", "cvelist": ["CVE-2008-0598"], "lastseen": "2017-09-29T14:25:44"}, {"id": "CVE-2005-0504", "type": "cve", "title": "CVE-2005-0504", "description": "Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.", "published": "2005-03-14T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0504", "cvelist": ["CVE-2005-0504"], "lastseen": "2017-10-11T11:06:10"}, {"id": "CVE-2008-2365", "type": "cve", "title": "CVE-2008-2365", "description": "Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to \"late ptrace_may_attach() check\" and \"race around &dead_engine_ops setting,\" a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.", "published": "2008-06-30T17:41:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2365", "cvelist": ["CVE-2008-2365"], "lastseen": "2017-09-29T14:25:54"}, {"id": "CVE-2008-2729", "type": "cve", "title": "CVE-2008-2729", "description": "arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.", "published": "2008-06-30T18:41:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2729", "cvelist": ["CVE-2008-2729"], "lastseen": "2017-09-29T14:25:56"}, {"id": "CVE-2008-1367", "type": "cve", "title": "CVE-2008-1367", "description": "gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.", "published": "2008-03-17T19:44:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1367", "cvelist": ["CVE-2008-1367"], "lastseen": "2017-09-29T14:25:48"}, {"id": "CVE-2008-1673", "type": "cve", "title": "CVE-2008-1673", "description": "The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.", "published": "2008-06-09T20:32:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1673", "cvelist": ["CVE-2008-1673"], "lastseen": "2017-08-08T11:24:36"}], "nessus": [{"id": "SUSE_KERNEL-7059.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 7059)", "description": "This SUSE Linux Enterprise 10 SP3 kernel update fixes a severe regression introduced by previous bugfix updates that would corrupt NFSv4 mounted data.\n\nThe update also fixes several other bugs and following security issue :\n\n - drivers/net/r8169.c in the r8169 driver of Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the maximum transmission unit (MTU), which allows remote attackers to.\n (CVE-2009-4537)\n\n 1. cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or 2. cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.\n\n - An information leak in 32bit emulation on x86_64 machines could disclose sensitive information to local attackers. (CVE-2008-0598)", "published": "2010-10-11T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49871", "cvelist": ["CVE-2009-4537", "CVE-2008-0598"], "lastseen": "2016-12-23T06:10:30"}, {"id": "SUSE_KERNEL-7063.NASL", "type": "nessus", "title": "SuSE 10 Security Update : the Linux kernel (x86_64) (ZYPP Patch Number 7063)", "description": "This SUSE Linux Enterprise 10 SP3 kernel update fixes a severe regression introduced by previous bugfix updates that would corrupt NFSv4 mounted data.\n\nThe update also fixes several other bugs and following security issue :\n\n - drivers/net/r8169.c in the r8169 driver of Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the maximum transmission unit (MTU), which allows remote attackers to.\n (CVE-2009-4537)\n\n 1. cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or 2. cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.\n\n - An information leak in 32bit emulation on x86_64 machines could disclose sensitive information to local attackers. (CVE-2008-0598)", "published": "2012-05-17T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59149", "cvelist": ["CVE-2009-4537", "CVE-2008-0598"], "lastseen": "2016-12-23T06:13:03"}, {"id": "ORACLELINUX_ELSA-2008-0519.NASL", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2008-0519)", "description": "From Red Hat Security Advisory 2008:0519 :\n\nUpdated kernel packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* Brandon Edwards discovered a missing length validation check in the Linux kernel DCCP module reconciliation feature. This could allow a local unprivileged user to cause a heap overflow, gaining privileges for arbitrary code execution. (CVE-2008-2358, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n* Due to a regression, 'gettimeofday' may have gone backwards on certain x86 hardware. This issue was quite dangerous for time-sensitive systems, such as those used for transaction systems and databases, and may have caused applications to produce incorrect results, or even crash.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67706", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358"], "lastseen": "2016-12-08T05:37:04"}, {"id": "CENTOS_RHSA-2008-0519.NASL", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2008:0519)", "description": "Updated kernel packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* Brandon Edwards discovered a missing length validation check in the Linux kernel DCCP module reconciliation feature. This could allow a local unprivileged user to cause a heap overflow, gaining privileges for arbitrary code execution. (CVE-2008-2358, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n* Due to a regression, 'gettimeofday' may have gone backwards on certain x86 hardware. This issue was quite dangerous for time-sensitive systems, such as those used for transaction systems and databases, and may have caused applications to produce incorrect results, or even crash.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2010-01-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43692", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358"], "lastseen": "2016-11-18T05:26:09"}, {"id": "REDHAT-RHSA-2008-0519.NASL", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2008:0519)", "description": "Updated kernel packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* Brandon Edwards discovered a missing length validation check in the Linux kernel DCCP module reconciliation feature. This could allow a local unprivileged user to cause a heap overflow, gaining privileges for arbitrary code execution. (CVE-2008-2358, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n* Due to a regression, 'gettimeofday' may have gone backwards on certain x86 hardware. This issue was quite dangerous for time-sensitive systems, such as those used for transaction systems and databases, and may have caused applications to produce incorrect results, or even crash.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2008-07-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=33377", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358"], "lastseen": "2017-01-04T06:10:15"}, {"id": "SL_20080625_KERNEL_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "description": "These updated packages fix the following security issues :\n\n - A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data.\n (CVE-2008-2729, Important)\n\n - Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.\n (CVE-2008-0598, Important)\n\n - Brandon Edwards discovered a missing length validation check in the Linux kernel DCCP module reconciliation feature. This could allow a local unprivileged user to cause a heap overflow, gaining privileges for arbitrary code execution. (CVE-2008-2358, Moderate)\n\nAs well, these updated packages fix the following bug :\n\n - Due to a regression, 'gettimeofday' may have gone backwards on certain x86 hardware. This issue was quite dangerous for time-sensitive systems, such as those used for transaction systems and databases, and may have caused applications to produce incorrect results, or even crash.", "published": "2012-08-01T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60430", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358"], "lastseen": "2016-12-15T10:13:42"}, {"id": "REDHAT-RHSA-2008-0508.NASL", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2008:0508)", "description": "Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)\n\n* Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang).\n(CVE-2008-2365, Important)\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption.\n(CVE-2008-1367, Low)\n\nAs well, these updated packages fix the following bug :\n\n* On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang.\n\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2008-07-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=33376", "cvelist": ["CVE-2008-0598", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-1367"], "lastseen": "2017-10-17T20:21:18"}, {"id": "UBUNTU_USN-637-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-637-1)", "description": "It was discovered that there were multiple NULL pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. (CVE-2008-2812)\n\nThe do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931)\n\nTobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272)\n\nZoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275)\n\nIn certain situations, the fix for CVE-2008-0598 from USN-623-1 was causing infinite loops in the writev syscall. This update corrects the mistake. We apologize for the inconvenience.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-08-26T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=34048", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-2931", "CVE-2008-3275", "CVE-2008-2812"], "lastseen": "2016-12-02T05:35:06"}, {"id": "SL_20080625_KERNEL_ON_SL4_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "description": "These updated packages fix the following security issues :\n\n - A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data.\n (CVE-2008-2729, Important)\n\n - Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important)\n\n - Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.\n (CVE-2008-0598, Important)\n\n - It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low)\n\nAs well, these updated packages fix the following bug :\n\n - On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang.", "published": "2012-08-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60429", "cvelist": ["CVE-2008-0598", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-1367"], "lastseen": "2016-12-15T10:13:14"}, {"id": "ORACLELINUX_ELSA-2008-0508.NASL", "type": "nessus", "title": "Oracle Linux 4 : kernel (ELSA-2008-0508)", "description": "From Red Hat Security Advisory 2008:0508 :\n\nUpdated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important)\n\n* Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang).\n(CVE-2008-2365, Important)\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption.\n(CVE-2008-1367, Low)\n\nAs well, these updated packages fix the following bug :\n\n* On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang.\n\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67703", "cvelist": ["CVE-2008-0598", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-1367"], "lastseen": "2017-10-17T20:15:46"}], "openvas": [{"id": "OPENVAS:870042", "type": "openvas", "title": "RedHat Update for kernel RHSA-2008:0519-01", "description": "Check for the Version of kernel", "published": "2009-03-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870042", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358"], "lastseen": "2017-07-27T10:56:43"}, {"id": "OPENVAS:1361412562310122573", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0519", "description": "Oracle Linux Local Security Checks ELSA-2008-0519", "published": "2015-10-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122573", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358", "CVE-2008-1673"], "lastseen": "2017-07-24T12:52:39"}, {"id": "OPENVAS:840325", "type": "openvas", "title": "Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-637-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-637-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840325", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-2931", "CVE-2008-3275", "CVE-2008-2812"], "lastseen": "2017-07-25T10:57:01"}, {"id": "OPENVAS:880043", "type": "openvas", "title": "CentOS Update for kernel CESA-2008:0508 centos4 x86_64", "description": "Check for the Version of kernel", "published": "2009-02-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880043", "cvelist": ["CVE-2008-0598", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-1367"], "lastseen": "2017-07-25T10:57:10"}, {"id": "OPENVAS:870138", "type": "openvas", "title": "RedHat Update for kernel RHSA-2008:0508-01", "description": "Check for the Version of kernel", "published": "2009-03-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870138", "cvelist": ["CVE-2008-0598", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-1367"], "lastseen": "2017-07-27T10:56:47"}, {"id": "OPENVAS:65920", "type": "openvas", "title": "SLES10: Security update for Linux Kernel (x86)", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-kdump\n kernel-smp\n kernel-source\n kernel-syms\n kernel-vmi\n kernel-vmipae\n kernel-xen\n kernel-xenpae\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65920", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3275", "CVE-2008-1673"], "lastseen": "2017-07-26T08:55:41"}, {"id": "OPENVAS:850019", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2008:048", "description": "Check for the Version of kernel", "published": "2009-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850019", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3275", "CVE-2008-1673"], "lastseen": "2017-07-26T08:55:19"}, {"id": "OPENVAS:880015", "type": "openvas", "title": "CentOS Update for kernel CESA-2008:0508 centos4 i386", "description": "Check for the Version of kernel", "published": "2009-02-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880015", "cvelist": ["CVE-2008-0598", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-1367"], "lastseen": "2017-07-25T10:57:11"}, {"id": "OPENVAS:850008", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2008:047", "description": "Check for the Version of kernel", "published": "2009-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850008", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3525", "CVE-2007-6716", "CVE-2008-2812", "CVE-2008-1673"], "lastseen": "2017-07-26T08:55:29"}, {"id": "OPENVAS:65175", "type": "openvas", "title": "SLES9: Security update for Linux kernel", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-smp\n kernel-source\n kernel-syms\n kernel-um\n kernel-xen\n kernel-xenpae\n um-host-install-initrd\n um-host-kernel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5036146 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65175", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3525", "CVE-2007-6716", "CVE-2008-2812", "CVE-2008-1673"], "lastseen": "2017-07-26T08:55:09"}], "centos": [{"id": "CESA-2008:0519", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0519\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\r\noperating system.\r\n\r\nThese updated packages fix the following security issues:\r\n\r\n* A security flaw was found in the Linux kernel memory copy routines, when\r\nrunning on certain AMD64 systems. If an unsuccessful attempt to copy kernel\r\nmemory from source to destination memory locations occurred, the copy\r\nroutines did not zero the content at the destination memory location. This\r\ncould allow a local unprivileged user to view potentially sensitive data.\r\n(CVE-2008-2729, Important)\r\n\r\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\r\n64-bit emulation. This could allow a local unprivileged user to prepare and\r\nrun a specially crafted binary, which would use this deficiency to leak\r\nuninitialized and potentially sensitive data. (CVE-2008-0598, Important)\r\n\r\n* Brandon Edwards discovered a missing length validation check in the Linux\r\nkernel DCCP module reconciliation feature. This could allow a local\r\nunprivileged user to cause a heap overflow, gaining privileges for\r\narbitrary code execution. (CVE-2008-2358, Moderate)\r\n\r\nAs well, these updated packages fix the following bug:\r\n\r\n* Due to a regression, \"gettimeofday\" may have gone backwards on certain\r\nx86 hardware. This issue was quite dangerous for time-sensitive systems,\r\nsuch as those used for transaction systems and databases, and may have\r\ncaused applications to produce incorrect results, or even crash.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015036.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015037.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0519.html", "published": "2008-06-26T11:40:24", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-June/015036.html", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358"], "lastseen": "2017-10-03T18:26:46"}, {"id": "CESA-2008:0508", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0508\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\r\noperating system.\r\n\r\nThese updated packages fix the following security issues:\r\n\r\n* A security flaw was found in the Linux kernel memory copy routines, when\r\nrunning on certain AMD64 systems. If an unsuccessful attempt to copy kernel\r\nmemory from source to destination memory locations occurred, the copy\r\nroutines did not zero the content at the destination memory location. This\r\ncould allow a local unprivileged user to view potentially sensitive data.\r\n(CVE-2008-2729, Important)\r\n\r\n* Alexey Dobriyan discovered a race condition in the Linux kernel\r\nprocess-tracing system call, ptrace. A local unprivileged user could\r\nuse this flaw to cause a denial of service (kernel hang).\r\n(CVE-2008-2365, Important)\r\n\r\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\r\n64-bit emulation. This could allow a local unprivileged user to prepare and\r\nrun a specially crafted binary, which would use this deficiency to leak\r\nuninitialized and potentially sensitive data. (CVE-2008-0598, Important)\r\n\r\n* It was discovered that the Linux kernel handled string operations in the\r\nopposite way to the GNU Compiler Collection (GCC). This could allow a local\r\nunprivileged user to cause memory corruption. (CVE-2008-1367, Low)\r\n\r\nAs well, these updated packages fix the following bug:\r\n\r\n* On systems with a large number of CPUs (more than 16), multiple\r\napplications calling the \"times()\" system call may have caused a system\r\nhang.\r\n\r\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015050.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-June/015051.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0508.html", "published": "2008-06-27T10:43:30", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-June/015050.html", "cvelist": ["CVE-2008-0598", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-1367"], "lastseen": "2017-10-12T14:45:52"}, {"id": "CESA-2008:0973", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0973\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues:\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to prepare\nand run a specially-crafted binary which would use this deficiency to leak\nuninitialized and potentially sensitive data. (CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a local,\nunprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could\nallow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear\nthe setuid and setgid bits. This could allow a local, unprivileged user to\nobtain access to privileged information. (CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network\n(ISDN) subsystem. A local, unprivileged user could use this flaw to cause a\ndenial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel\nnetwork drivers. These drivers were missing checks for terminal validity,\nwhich could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt file\ncreation within deleted directories, possibly causing a denial of service.\n(CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs:\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap()\nwas used where kunmap_atomic() should have been. As a consequence, if an\nNFSv2 or NFSv3 server exported a volume containing a symlink which included\na path equal to or longer than the local system's PATH_MAX, accessing the\nlink caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a\npointer. This caused a kernel panic in mptctl_gettargetinfo in some\ncircumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client, this\nspurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3\nto present highly inaccurate times. With this update the lost tick\ncompensation code is turned off when the operating system is running as a\nfully-virtualized client under Xen or VMWare\u00ae.\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel\nwhich addresses these vulnerabilities and fixes these bugs.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/015501.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-December/015502.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/015578.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/015579.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0973.html", "published": "2008-12-17T15:30:17", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-December/015501.html", "cvelist": ["CVE-2008-2136", "CVE-2008-0598", "CVE-2008-3525", "CVE-2008-4210", "CVE-2008-3275", "CVE-2007-6063", "CVE-2008-2812"], "lastseen": "2017-10-12T14:44:57"}, {"id": "CESA-2008:0237", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0237\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code has been found in the Linux kernel open file\ndescriptors control mechanism, fcntl. This could allow a local unprivileged\nuser to simultaneously execute code, which would otherwise be protected\nagainst parallel execution. As well, a race condition when handling locks\nin the Linux kernel fcntl functionality, may have allowed a process\nbelonging to a local unprivileged user to gain re-ordered access to the\ndescriptor table. (CVE-2008-1669, Important)\n\n* on AMD64 architectures, the possibility of a kernel crash was discovered\nby testing the Linux kernel process-trace ability. This could allow a local\nunprivileged user to cause a denial of service (kernel crash).\n(CVE-2008-1615, Important)\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code, as well as a race condition, have been found\nin the Linux kernel file system event notifier, dnotify. This could allow a\nlocal unprivileged user to get inconsistent data, or to send arbitrary\nsignals to arbitrary system processes. (CVE-2008-1375, Important)\n\nRed Hat would like to thank Nick Piggin for responsibly disclosing the\nfollowing issue:\n\n* when accessing kernel memory locations, certain Linux kernel drivers\nregistering a fault handler did not perform required range checks. A local\nunprivileged user could use this flaw to gain read or write access to\narbitrary kernel memory, or possibly cause a kernel crash.\n(CVE-2008-0007, Important)\n\n* the possibility of a kernel crash was found in the Linux kernel IPsec\nprotocol implementation, due to improper handling of fragmented ESP\npackets. When an attacker controlling an intermediate router fragmented\nthese packets into very small pieces, it would cause a kernel crash on the\nreceiving node during packet reassembly. (CVE-2007-6282, Important)\n\n* a flaw in the MOXA serial driver could allow a local unprivileged user\nto perform privileged operations, such as replacing firmware.\n(CVE-2005-0504, Important)\n\nAs well, these updated packages fix the following bugs:\n\n* multiple buffer overflows in the neofb driver have been resolved. It was\nnot possible for an unprivileged user to exploit these issues, and as such,\nthey have not been handled as security issues.\n\n* a kernel panic, due to inconsistent detection of AGP aperture size, has\nbeen resolved.\n\n* a race condition in UNIX domain sockets may have caused \"recv()\" to\nreturn zero. In clustered configurations, this may have caused unexpected\nfailovers.\n\n* to prevent link storms, network link carrier events were delayed by up to\none second, causing unnecessary packet loss. Now, link carrier events are\nscheduled immediately.\n\n* a client-side race on blocking locks caused large time delays on NFS file\nsystems.\n\n* in certain situations, the libATA sata_nv driver may have sent commands\nwith duplicate tags, which were rejected by SATA devices. This may have\ncaused infinite reboots.\n\n* running the \"service network restart\" command may have caused networking\nto fail.\n\n* a bug in NFS caused cached information about directories to be stored\nfor too long, causing wrong attributes to be read.\n\n* on systems with a large highmem/lowmem ratio, NFS write performance may\nhave been very slow when using small files.\n\n* a bug, which caused network hangs when the system clock was wrapped\naround zero, has been resolved.\n\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014888.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014889.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014891.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014895.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0237.html", "published": "2008-05-10T02:08:23", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-May/014888.html", "cvelist": ["CVE-2007-6282", "CVE-2008-1669", "CVE-2005-0504", "CVE-2008-1375", "CVE-2008-1615", "CVE-2008-0007"], "lastseen": "2017-10-12T14:44:49"}, {"id": "CESA-2005:663", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:663\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThis is the sixth regular kernel update to Red Hat Enterprise Linux 3.\r\n\r\nNew features introduced by this update include:\r\n\r\n - diskdump support on HP Smart Array devices\r\n - netconsole/netdump support over bonded interfaces\r\n - new chipset and device support via PCI table updates\r\n - support for new \"oom-kill\" and \"kscand_work_percent\" sysctls\r\n - support for dual core processors and ACPI Power Management timers on\r\n AMD64 and Intel EM64T systems\r\n\r\nThere were many bug fixes in various parts of the kernel. The ongoing\r\neffort to resolve these problems has resulted in a marked improvement in\r\nthe reliability and scalability of Red Hat Enterprise Linux 3.\r\n\r\nThere were numerous driver updates and security fixes (elaborated below).\r\nOther key areas affected by fixes in this update include kswapd, inode\r\nhandling, the SATA subsystem, diskdump handling, ptrace() syscall support,\r\nand signal handling.\r\n\r\nThe following device drivers have been upgraded to new versions:\r\n\r\n 3w-9xxx ---- 2.24.03.008RH\r\n cciss ------ 2.4.58.RH1\r\n e100 ------- 3.4.8-k2\r\n e1000 ------ 6.0.54-k2\r\n emulex ----- 7.3.2\r\n fusion ----- 2.06.16i.01\r\n iscsi ------ 3.6.2.1\r\n ipmi ------- 35.4\r\n lpfcdfc ---- 1.2.1\r\n qlogic ----- 7.05.00-RH1\r\n tg3 -------- 3.27RH\r\n\r\nThe following security bugs were fixed in this update:\r\n\r\n - a flaw in syscall argument checking on Itanium systems that allowed\r\n a local user to cause a denial of service (crash) (CAN-2005-0136)\r\n\r\n - a flaw in stack expansion that allowed a local user of mlockall()\r\n to cause a denial of service (memory exhaustion) (CAN-2005-0179)\r\n\r\n - a small memory leak in network packet defragmenting that allowed a\r\n remote user to cause a denial of service (memory exhaustion) on\r\n systems using netfilter (CAN-2005-0210)\r\n\r\n - flaws in ptrace() syscall handling on AMD64 and Intel EM64T systems\r\n that allowed a local user to cause a denial of service (crash)\r\n (CAN-2005-0756, CAN-2005-1762, CAN-2005-2553)\r\n\r\n - flaws in ISO-9660 file system handling that allowed the mounting of\r\n an invalid image on a CD-ROM to cause a denial of service (crash)\r\n or potentially execute arbitrary code (CAN-2005-0815)\r\n\r\n - a flaw in ptrace() syscall handling on Itanium systems that allowed\r\n a local user to cause a denial of service (crash) (CAN-2005-1761)\r\n\r\n - a flaw in the alternate stack switching on AMD64 and Intel EM64T\r\n systems that allowed a local user to cause a denial of service\r\n (crash) (CAN-2005-1767)\r\n\r\n - race conditions in the ia32-compat support for exec() syscalls on\r\n AMD64, Intel EM64T, and Itanium systems that could allow a local\r\n user to cause a denial of service (crash) (CAN-2005-1768)\r\n\r\n - flaws in IPSEC network handling that allowed a local user to cause\r\n a denial of service or potentially gain privileges (CAN-2005-2456,\r\n CAN-2005-2555)\r\n\r\n - a flaw in sendmsg() syscall handling on 64-bit systems that allowed\r\n a local user to cause a denial of service or potentially gain\r\n privileges (CAN-2005-2490)\r\n\r\n - flaws in unsupported modules that allowed denial-of-service attacks\r\n (crashes) or local privilege escalations on systems using the drm,\r\n coda, or moxa modules (CAN-2004-1056, CAN-2005-0124, CAN-2005-0504)\r\n\r\n - potential leaks of kernel data from jfs and ext2 file system handling\r\n (CAN-2004-0181, CAN-2005-0400)\r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\r\nkernels to the packages associated with their machine architectures\r\nand configurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012214.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012233.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012234.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-September/012235.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-663.html", "published": "2005-09-28T16:08:41", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-September/012214.html", "cvelist": ["CVE-2005-3273", "CVE-2005-0124", "CVE-2005-0504", "CVE-2005-2490", "CVE-2005-1762", "CVE-2005-0136", "CVE-2005-3274", "CVE-2005-1768", "CVE-2005-2553", "CVE-2005-0179", "CVE-2005-0210", "CVE-2004-1056", "CVE-2005-1761", "CVE-2005-1767", "CVE-2005-0815", "CVE-2005-2456", "CVE-2005-0756", "CVE-2005-0400", "CVE-2004-0181", "CVE-2005-2555"], "lastseen": "2017-10-12T14:45:05"}, {"id": "CESA-2008:0233", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0233\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code has been found in the Linux kernel open file\ndescriptors control mechanism, fcntl. This could allow a local unprivileged\nuser to simultaneously execute code, which would otherwise be protected\nagainst parallel execution. As well, a race condition when handling locks\nin the Linux kernel fcntl functionality, may have allowed a process\nbelonging to a local unprivileged user to gain re-ordered access to the\ndescriptor table. (CVE-2008-1669, Important)\n\n* a possible hypervisor panic was found in the Linux kernel. A privileged\nuser of a fully virtualized guest could initiate a stress-test File\nTransfer Protocol (FTP) transfer between the guest and the hypervisor,\npossibly leading to hypervisor panic. (CVE-2008-1619, Important)\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code, as well as a race condition, have been found\nin the Linux kernel file system event notifier, dnotify. This could allow a\nlocal unprivileged user to get inconsistent data, or to send arbitrary\nsignals to arbitrary system processes. (CVE-2008-1375, Important)\n\nRed Hat would like to thank Nick Piggin for responsibly disclosing the\nfollowing issue:\n\n* when accessing kernel memory locations, certain Linux kernel drivers\nregistering a fault handler did not perform required range checks. A local\nunprivileged user could use this flaw to gain read or write access to\narbitrary kernel memory, or possibly cause a kernel crash.\n(CVE-2008-0007, Important)\n\n* the absence of sanity-checks was found in the hypervisor block backend\ndriver, when running 32-bit paravirtualized guests on a 64-bit host. The\nnumber of blocks to be processed per one request from guest to host, or\nvice-versa, was not checked for its maximum value, which could have allowed\na local privileged user of the guest operating system to cause a denial of\nservice. (CVE-2007-5498, Important)\n\n* it was discovered that the Linux kernel handled string operations in the\nopposite way to the GNU Compiler Collection (GCC). This could allow a local\nunprivileged user to cause memory corruption. (CVE-2008-1367, Low)\n\nAs well, these updated packages fix the following bugs:\n\n* on IBM System z architectures, when running QIOASSIST enabled QDIO\ndevices in an IBM z/VM environment, the output queue stalled under heavy\nload. This caused network performance to degrade, possibly causing network\nhangs and outages.\n\n* multiple buffer overflows were discovered in the neofb video driver. It\nwas not possible for an unprivileged user to exploit these issues, and as\nsuch, they have not been handled as security issues.\n\n* when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused\nnetwork performance to degrade.\n\n* on certain architectures, a bug in the libATA sata_nv driver may have\ncaused infinite reboots, and an \"ata1: CPB flags CMD err flags 0x11\" error.\n\n* repeatedly hot-plugging a PCI Express card may have caused \"Bad DLLP\"\nerrors.\n\n* a NULL pointer dereference in NFS, which may have caused applications to\ncrash, has been resolved.\n\n* when attempting to kexec reboot, either manually or via a panic-triggered\nkdump, the Unisys ES7000/one hanged after rebooting in the new kernel,\nafter printing the \"Memory: 32839688k/33685504k available\" line.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014886.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014887.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0233.html", "published": "2008-05-09T09:41:42", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-May/014886.html", "cvelist": ["CVE-2008-1669", "CVE-2008-1375", "CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1619", "CVE-2008-1367"], "lastseen": "2017-10-03T18:24:56"}, {"id": "CESA-2008:0211", "type": "centos", "title": "kernel security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0211\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\r\noperating system.\r\n\r\nThese updated packages fix the following security issues:\r\n\r\n* the absence of a protection mechanism when attempting to access a\r\ncritical section of code has been found in the Linux kernel open file\r\ndescriptors control mechanism, fcntl. This could allow a local unprivileged\r\nuser to simultaneously execute code, which would otherwise be protected\r\nagainst parallel execution. As well, a race condition when handling locks\r\nin the Linux kernel fcntl functionality, may have allowed a process\r\nbelonging to a local unprivileged user to gain re-ordered access to the\r\ndescriptor table. (CVE-2008-1669, Important)\r\n\r\n* the absence of a protection mechanism when attempting to access a\r\ncritical section of code, as well as a race condition, have been found in\r\nthe Linux kernel file system event notifier, dnotify. This could allow a\r\nlocal unprivileged user to get inconsistent data, or to send arbitrary\r\nsignals to arbitrary system processes. (CVE-2008-1375, Important)\r\n\r\nRed Hat would like to thank Nick Piggin for responsibly disclosing the\r\nfollowing issue:\r\n\r\n* when accessing kernel memory locations, certain Linux kernel drivers\r\nregistering a fault handler did not perform required range checks. A local\r\nunprivileged user could use this flaw to gain read or write access to\r\narbitrary kernel memory, or possibly cause a kernel crash.\r\n(CVE-2008-0007, Important)\r\n\r\n* a flaw was found when performing asynchronous input or output operations\r\non a FIFO special file. A local unprivileged user could use this flaw to\r\ncause a kernel panic. (CVE-2007-5001, Important)\r\n\r\n* a flaw was found in the way core dump files were created. If a local user\r\ncould get a root-owned process to dump a core file into a directory, which\r\nthe user has write access to, they could gain read access to that core\r\nfile. This could potentially grant unauthorized access to sensitive\r\ninformation. (CVE-2007-6206, Moderate)\r\n\r\n* a buffer overflow was found in the Linux kernel ISDN subsystem. A local\r\nunprivileged user could use this flaw to cause a denial of service.\r\n(CVE-2007-6151, Moderate)\r\n\r\n* a race condition found in the mincore system core could allow a local\r\nuser to cause a denial of service (system hang). (CVE-2006-4814, Moderate)\r\n\r\n* it was discovered that the Linux kernel handled string operations in the\r\nopposite way to the GNU Compiler Collection (GCC). This could allow a local\r\nunprivileged user to cause memory corruption. (CVE-2008-1367, Low)\r\n\r\nAs well, these updated packages fix the following bugs:\r\n\r\n* a bug, which caused long delays when unmounting mounts containing a large\r\nnumber of unused dentries, has been resolved.\r\n\r\n* in the previous kernel packages, the kernel was unable to handle certain\r\nfloating point instructions on Itanium(R) architectures.\r\n\r\n* on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not\r\nflushed correctly, which caused machine check errors.\r\n\r\nRed Hat Enterprise Linux 3 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014880.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014881.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014890.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014894.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0211.html", "published": "2008-05-07T14:58:01", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-May/014880.html", "cvelist": ["CVE-2008-1669", "CVE-2006-4814", "CVE-2007-6151", "CVE-2008-1375", "CVE-2008-0007", "CVE-2007-5001", "CVE-2007-6206", "CVE-2008-1367"], "lastseen": "2017-10-12T14:45:52"}], "redhat": [{"id": "RHSA-2008:0519", "type": "redhat", "title": "(RHSA-2008:0519) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\r\noperating system.\r\n\r\nThese updated packages fix the following security issues:\r\n\r\n* A security flaw was found in the Linux kernel memory copy routines, when\r\nrunning on certain AMD64 systems. If an unsuccessful attempt to copy kernel\r\nmemory from source to destination memory locations occurred, the copy\r\nroutines did not zero the content at the destination memory location. This\r\ncould allow a local unprivileged user to view potentially sensitive data.\r\n(CVE-2008-2729, Important)\r\n\r\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\r\n64-bit emulation. This could allow a local unprivileged user to prepare and\r\nrun a specially crafted binary, which would use this deficiency to leak\r\nuninitialized and potentially sensitive data. (CVE-2008-0598, Important)\r\n\r\n* Brandon Edwards discovered a missing length validation check in the Linux\r\nkernel DCCP module reconciliation feature. This could allow a local\r\nunprivileged user to cause a heap overflow, gaining privileges for\r\narbitrary code execution. (CVE-2008-2358, Moderate)\r\n\r\nAs well, these updated packages fix the following bug:\r\n\r\n* Due to a regression, \"gettimeofday\" may have gone backwards on certain\r\nx86 hardware. This issue was quite dangerous for time-sensitive systems,\r\nsuch as those used for transaction systems and databases, and may have\r\ncaused applications to produce incorrect results, or even crash.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.", "published": "2008-06-25T04:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0519", "cvelist": ["CVE-2008-0598", "CVE-2008-2358", "CVE-2008-2729"], "lastseen": "2017-09-09T07:20:20"}, {"id": "RHSA-2008:0508", "type": "redhat", "title": "(RHSA-2008:0508) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\r\noperating system.\r\n\r\nThese updated packages fix the following security issues:\r\n\r\n* A security flaw was found in the Linux kernel memory copy routines, when\r\nrunning on certain AMD64 systems. If an unsuccessful attempt to copy kernel\r\nmemory from source to destination memory locations occurred, the copy\r\nroutines did not zero the content at the destination memory location. This\r\ncould allow a local unprivileged user to view potentially sensitive data.\r\n(CVE-2008-2729, Important)\r\n\r\n* Alexey Dobriyan discovered a race condition in the Linux kernel\r\nprocess-tracing system call, ptrace. A local unprivileged user could\r\nuse this flaw to cause a denial of service (kernel hang).\r\n(CVE-2008-2365, Important)\r\n\r\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\r\n64-bit emulation. This could allow a local unprivileged user to prepare and\r\nrun a specially crafted binary, which would use this deficiency to leak\r\nuninitialized and potentially sensitive data. (CVE-2008-0598, Important)\r\n\r\n* It was discovered that the Linux kernel handled string operations in the\r\nopposite way to the GNU Compiler Collection (GCC). This could allow a local\r\nunprivileged user to cause memory corruption. (CVE-2008-1367, Low)\r\n\r\nAs well, these updated packages fix the following bug:\r\n\r\n* On systems with a large number of CPUs (more than 16), multiple\r\napplications calling the \"times()\" system call may have caused a system\r\nhang.\r\n\r\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.", "published": "2008-06-25T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0508", "cvelist": ["CVE-2008-0598", "CVE-2008-1367", "CVE-2008-2365", "CVE-2008-2729"], "lastseen": "2017-09-09T07:19:29"}, {"id": "RHSA-2008:0973", "type": "redhat", "title": "(RHSA-2008:0973) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues:\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to prepare\nand run a specially-crafted binary which would use this deficiency to leak\nuninitialized and potentially sensitive data. (CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a local,\nunprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could\nallow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear\nthe setuid and setgid bits. This could allow a local, unprivileged user to\nobtain access to privileged information. (CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network\n(ISDN) subsystem. A local, unprivileged user could use this flaw to cause a\ndenial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel\nnetwork drivers. These drivers were missing checks for terminal validity,\nwhich could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt file\ncreation within deleted directories, possibly causing a denial of service.\n(CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs:\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap()\nwas used where kunmap_atomic() should have been. As a consequence, if an\nNFSv2 or NFSv3 server exported a volume containing a symlink which included\na path equal to or longer than the local system's PATH_MAX, accessing the\nlink caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a\npointer. This caused a kernel panic in mptctl_gettargetinfo in some\ncircumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client, this\nspurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3\nto present highly inaccurate times. With this update the lost tick\ncompensation code is turned off when the operating system is running as a\nfully-virtualized client under Xen or VMWare\u00ae.\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel\nwhich addresses these vulnerabilities and fixes these bugs.", "published": "2008-12-16T05:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0973", "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "lastseen": "2017-08-01T06:57:28"}, {"id": "RHSA-2008:0237", "type": "redhat", "title": "(RHSA-2008:0237) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code has been found in the Linux kernel open file\ndescriptors control mechanism, fcntl. This could allow a local unprivileged\nuser to simultaneously execute code, which would otherwise be protected\nagainst parallel execution. As well, a race condition when handling locks\nin the Linux kernel fcntl functionality, may have allowed a process\nbelonging to a local unprivileged user to gain re-ordered access to the\ndescriptor table. (CVE-2008-1669, Important)\n\n* on AMD64 architectures, the possibility of a kernel crash was discovered\nby testing the Linux kernel process-trace ability. This could allow a local\nunprivileged user to cause a denial of service (kernel crash).\n(CVE-2008-1615, Important)\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code, as well as a race condition, have been found\nin the Linux kernel file system event notifier, dnotify. This could allow a\nlocal unprivileged user to get inconsistent data, or to send arbitrary\nsignals to arbitrary system processes. (CVE-2008-1375, Important)\n\nRed Hat would like to thank Nick Piggin for responsibly disclosing the\nfollowing issue:\n\n* when accessing kernel memory locations, certain Linux kernel drivers\nregistering a fault handler did not perform required range checks. A local\nunprivileged user could use this flaw to gain read or write access to\narbitrary kernel memory, or possibly cause a kernel crash.\n(CVE-2008-0007, Important)\n\n* the possibility of a kernel crash was found in the Linux kernel IPsec\nprotocol implementation, due to improper handling of fragmented ESP\npackets. When an attacker controlling an intermediate router fragmented\nthese packets into very small pieces, it would cause a kernel crash on the\nreceiving node during packet reassembly. (CVE-2007-6282, Important)\n\n* a flaw in the MOXA serial driver could allow a local unprivileged user\nto perform privileged operations, such as replacing firmware.\n(CVE-2005-0504, Important)\n\nAs well, these updated packages fix the following bugs:\n\n* multiple buffer overflows in the neofb driver have been resolved. It was\nnot possible for an unprivileged user to exploit these issues, and as such,\nthey have not been handled as security issues.\n\n* a kernel panic, due to inconsistent detection of AGP aperture size, has\nbeen resolved.\n\n* a race condition in UNIX domain sockets may have caused \"recv()\" to\nreturn zero. In clustered configurations, this may have caused unexpected\nfailovers.\n\n* to prevent link storms, network link carrier events were delayed by up to\none second, causing unnecessary packet loss. Now, link carrier events are\nscheduled immediately.\n\n* a client-side race on blocking locks caused large time delays on NFS file\nsystems.\n\n* in certain situations, the libATA sata_nv driver may have sent commands\nwith duplicate tags, which were rejected by SATA devices. This may have\ncaused infinite reboots.\n\n* running the \"service network restart\" command may have caused networking\nto fail.\n\n* a bug in NFS caused cached information about directories to be stored\nfor too long, causing wrong attributes to be read.\n\n* on systems with a large highmem/lowmem ratio, NFS write performance may\nhave been very slow when using small files.\n\n* a bug, which caused network hangs when the system clock was wrapped\naround zero, has been resolved.\n\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.", "published": "2008-05-07T04:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0237", "cvelist": ["CVE-2005-0504", "CVE-2007-6282", "CVE-2008-0007", "CVE-2008-1375", "CVE-2008-1615", "CVE-2008-1669"], "lastseen": "2017-09-09T07:19:28"}, {"id": "RHSA-2005:663", "type": "redhat", "title": "(RHSA-2005:663) Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThis is the sixth regular kernel update to Red Hat Enterprise Linux 3.\r\n\r\nNew features introduced by this update include:\r\n\r\n - diskdump support on HP Smart Array devices\r\n - netconsole/netdump support over bonded interfaces\r\n - new chipset and device support via PCI table updates\r\n - support for new \"oom-kill\" and \"kscand_work_percent\" sysctls\r\n - support for dual core processors and ACPI Power Management timers on\r\n AMD64 and Intel EM64T systems\r\n\r\nThere were many bug fixes in various parts of the kernel. The ongoing\r\neffort to resolve these problems has resulted in a marked improvement in\r\nthe reliability and scalability of Red Hat Enterprise Linux 3.\r\n\r\nThere were numerous driver updates and security fixes (elaborated below).\r\nOther key areas affected by fixes in this update include kswapd, inode\r\nhandling, the SATA subsystem, diskdump handling, ptrace() syscall support,\r\nand signal handling.\r\n\r\nThe following device drivers have been upgraded to new versions:\r\n\r\n 3w-9xxx ---- 2.24.03.008RH\r\n cciss ------ 2.4.58.RH1\r\n e100 ------- 3.4.8-k2\r\n e1000 ------ 6.0.54-k2\r\n emulex ----- 7.3.2\r\n fusion ----- 2.06.16i.01\r\n iscsi ------ 3.6.2.1\r\n ipmi ------- 35.4\r\n lpfcdfc ---- 1.2.1\r\n qlogic ----- 7.05.00-RH1\r\n tg3 -------- 3.27RH\r\n\r\nThe following security bugs were fixed in this update:\r\n\r\n - a flaw in syscall argument checking on Itanium systems that allowed\r\n a local user to cause a denial of service (crash) (CAN-2005-0136)\r\n\r\n - a flaw in stack expansion that allowed a local user of mlockall()\r\n to cause a denial of service (memory exhaustion) (CAN-2005-0179)\r\n\r\n - a small memory leak in network packet defragmenting that allowed a\r\n remote user to cause a denial of service (memory exhaustion) on\r\n systems using netfilter (CAN-2005-0210)\r\n\r\n - flaws in ptrace() syscall handling on AMD64 and Intel EM64T systems\r\n that allowed a local user to cause a denial of service (crash)\r\n (CAN-2005-0756, CAN-2005-1762, CAN-2005-2553)\r\n\r\n - flaws in ISO-9660 file system handling that allowed the mounting of\r\n an invalid image on a CD-ROM to cause a denial of service (crash)\r\n or potentially execute arbitrary code (CAN-2005-0815)\r\n\r\n - a flaw in ptrace() syscall handling on Itanium systems that allowed\r\n a local user to cause a denial of service (crash) (CAN-2005-1761)\r\n\r\n - a flaw in the alternate stack switching on AMD64 and Intel EM64T\r\n systems that allowed a local user to cause a denial of service\r\n (crash) (CAN-2005-1767)\r\n\r\n - race conditions in the ia32-compat support for exec() syscalls on\r\n AMD64, Intel EM64T, and Itanium systems that could allow a local\r\n user to cause a denial of service (crash) (CAN-2005-1768)\r\n\r\n - flaws in IPSEC network handling that allowed a local user to cause\r\n a denial of service or potentially gain privileges (CAN-2005-2456,\r\n CAN-2005-2555)\r\n\r\n - a flaw in sendmsg() syscall handling on 64-bit systems that allowed\r\n a local user to cause a denial of service or potentially gain\r\n privileges (CAN-2005-2490)\r\n\r\n - flaws in unsupported modules that allowed denial-of-service attacks\r\n (crashes) or local privilege escalations on systems using the drm,\r\n coda, or moxa modules (CAN-2004-1056, CAN-2005-0124, CAN-2005-0504)\r\n\r\n - potential leaks of kernel data from jfs and ext2 file system handling\r\n (CAN-2004-0181, CAN-2005-0400)\r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\r\nkernels to the packages associated with their machine architectures\r\nand configurations as listed in this erratum.", "published": "2005-09-28T04:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:663", "cvelist": ["CVE-2004-0181", "CVE-2004-1056", "CVE-2005-0124", "CVE-2005-0136", "CVE-2005-0179", "CVE-2005-0210", "CVE-2005-0400", "CVE-2005-0504", "CVE-2005-0756", "CVE-2005-0815", "CVE-2005-1761", "CVE-2005-1762", "CVE-2005-1767", "CVE-2005-1768", "CVE-2005-2456", "CVE-2005-2490", "CVE-2005-2553", "CVE-2005-2555", "CVE-2005-3273", "CVE-2005-3274"], "lastseen": "2017-08-02T16:57:53"}, {"id": "RHSA-2008:0233", "type": "redhat", "title": "(RHSA-2008:0233) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code has been found in the Linux kernel open file\ndescriptors control mechanism, fcntl. This could allow a local unprivileged\nuser to simultaneously execute code, which would otherwise be protected\nagainst parallel execution. As well, a race condition when handling locks\nin the Linux kernel fcntl functionality, may have allowed a process\nbelonging to a local unprivileged user to gain re-ordered access to the\ndescriptor table. (CVE-2008-1669, Important)\n\n* a possible hypervisor panic was found in the Linux kernel. A privileged\nuser of a fully virtualized guest could initiate a stress-test File\nTransfer Protocol (FTP) transfer between the guest and the hypervisor,\npossibly leading to hypervisor panic. (CVE-2008-1619, Important)\n\n* the absence of a protection mechanism when attempting to access a\ncritical section of code, as well as a race condition, have been found\nin the Linux kernel file system event notifier, dnotify. This could allow a\nlocal unprivileged user to get inconsistent data, or to send arbitrary\nsignals to arbitrary system processes. (CVE-2008-1375, Important)\n\nRed Hat would like to thank Nick Piggin for responsibly disclosing the\nfollowing issue:\n\n* when accessing kernel memory locations, certain Linux kernel drivers\nregistering a fault handler did not perform required range checks. A local\nunprivileged user could use this flaw to gain read or write access to\narbitrary kernel memory, or possibly cause a kernel crash.\n(CVE-2008-0007, Important)\n\n* the absence of sanity-checks was found in the hypervisor block backend\ndriver, when running 32-bit paravirtualized guests on a 64-bit host. The\nnumber of blocks to be processed per one request from guest to host, or\nvice-versa, was not checked for its maximum value, which could have allowed\na local privileged user of the guest operating system to cause a denial of\nservice. (CVE-2007-5498, Important)\n\n* it was discovered that the Linux kernel handled string operations in the\nopposite way to the GNU Compiler Collection (GCC). This could allow a local\nunprivileged user to cause memory corruption. (CVE-2008-1367, Low)\n\nAs well, these updated packages fix the following bugs:\n\n* on IBM System z architectures, when running QIOASSIST enabled QDIO\ndevices in an IBM z/VM environment, the output queue stalled under heavy\nload. This caused network performance to degrade, possibly causing network\nhangs and outages.\n\n* multiple buffer overflows were discovered in the neofb video driver. It\nwas not possible for an unprivileged user to exploit these issues, and as\nsuch, they have not been handled as security issues.\n\n* when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused\nnetwork performance to degrade.\n\n* on certain architectures, a bug in the libATA sata_nv driver may have\ncaused infinite reboots, and an \"ata1: CPB flags CMD err flags 0x11\" error.\n\n* repeatedly hot-plugging a PCI Express card may have caused \"Bad DLLP\"\nerrors.\n\n* a NULL pointer dereference in NFS, which may have caused applications to\ncrash, has been resolved.\n\n* when attempting to kexec reboot, either manually or via a panic-triggered\nkdump, the Unisys ES7000/one hanged after rebooting in the new kernel,\nafter printing the \"Memory: 32839688k/33685504k available\" line.\n\nRed Hat Enterprise Linux 5 users are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.", "published": "2008-05-07T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0233", "cvelist": ["CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1619", "CVE-2008-1669"], "lastseen": "2017-09-09T07:19:40"}, {"id": "RHSA-2008:0211", "type": "redhat", "title": "(RHSA-2008:0211) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\r\noperating system.\r\n\r\nThese updated packages fix the following security issues:\r\n\r\n* the absence of a protection mechanism when attempting to access a\r\ncritical section of code has been found in the Linux kernel open file\r\ndescriptors control mechanism, fcntl. This could allow a local unprivileged\r\nuser to simultaneously execute code, which would otherwise be protected\r\nagainst parallel execution. As well, a race condition when handling locks\r\nin the Linux kernel fcntl functionality, may have allowed a process\r\nbelonging to a local unprivileged user to gain re-ordered access to the\r\ndescriptor table. (CVE-2008-1669, Important)\r\n\r\n* the absence of a protection mechanism when attempting to access a\r\ncritical section of code, as well as a race condition, have been found in\r\nthe Linux kernel file system event notifier, dnotify. This could allow a\r\nlocal unprivileged user to get inconsistent data, or to send arbitrary\r\nsignals to arbitrary system processes. (CVE-2008-1375, Important)\r\n\r\nRed Hat would like to thank Nick Piggin for responsibly disclosing the\r\nfollowing issue:\r\n\r\n* when accessing kernel memory locations, certain Linux kernel drivers\r\nregistering a fault handler did not perform required range checks. A local\r\nunprivileged user could use this flaw to gain read or write access to\r\narbitrary kernel memory, or possibly cause a kernel crash.\r\n(CVE-2008-0007, Important)\r\n\r\n* a flaw was found when performing asynchronous input or output operations\r\non a FIFO special file. A local unprivileged user could use this flaw to\r\ncause a kernel panic. (CVE-2007-5001, Important)\r\n\r\n* a flaw was found in the way core dump files were created. If a local user\r\ncould get a root-owned process to dump a core file into a directory, which\r\nthe user has write access to, they could gain read access to that core\r\nfile. This could potentially grant unauthorized access to sensitive\r\ninformation. (CVE-2007-6206, Moderate)\r\n\r\n* a buffer overflow was found in the Linux kernel ISDN subsystem. A local\r\nunprivileged user could use this flaw to cause a denial of service.\r\n(CVE-2007-6151, Moderate)\r\n\r\n* a race condition found in the mincore system core could allow a local\r\nuser to cause a denial of service (system hang). (CVE-2006-4814, Moderate)\r\n\r\n* it was discovered that the Linux kernel handled string operations in the\r\nopposite way to the GNU Compiler Collection (GCC). This could allow a local\r\nunprivileged user to cause memory corruption. (CVE-2008-1367, Low)\r\n\r\nAs well, these updated packages fix the following bugs:\r\n\r\n* a bug, which caused long delays when unmounting mounts containing a large\r\nnumber of unused dentries, has been resolved.\r\n\r\n* in the previous kernel packages, the kernel was unable to handle certain\r\nfloating point instructions on Itanium(R) architectures.\r\n\r\n* on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not\r\nflushed correctly, which caused machine check errors.\r\n\r\nRed Hat Enterprise Linux 3 users are advised to upgrade to these updated\r\npackages, which contain backported patches to resolve these issues.", "published": "2008-05-07T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0211", "cvelist": ["CVE-2006-4814", "CVE-2007-5001", "CVE-2007-6151", "CVE-2007-6206", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1669"], "lastseen": "2017-08-01T06:57:20"}], "ubuntu": [{"id": "USN-637-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "It was discovered that there were multiple NULL-pointer function \ndereferences in the Linux kernel terminal handling code. A local attacker \ncould exploit this to execute arbitrary code as root, or crash the system, \nleading to a denial of service. ([CVE-2008-2812](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2812>))\n\nThe do_change_type routine did not correctly validation administrative \nusers. A local attacker could exploit this to block mount points or cause \nprivate mounts to be shared, leading to denial of service or a possible \nloss of privacy. ([CVE-2008-2931](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2931>))\n\nTobias Klein discovered that the OSS interface through ALSA did not \ncorrectly validate the device number. A local attacker could exploit this \nto access sensitive kernel memory, leading to a denial of service or a loss \nof privacy. ([CVE-2008-3272](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-3272>))\n\nZoltan Sogor discovered that new directory entries could be added to \nalready deleted directories. A local attacker could exploit this, filling \nup available memory and disk space, leading to a denial of service. \n([CVE-2008-3275](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-3275>))\n\nIn certain situations, the fix for [CVE-2008-0598](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-0598>) from USN-623-1 was causing \ninfinite loops in the writev syscall. This update corrects the mistake. We \napologize for the inconvenience.", "published": "2008-08-25T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-637-1/", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-2931", "CVE-2008-3275", "CVE-2008-2812"], "lastseen": "2017-08-09T19:14:00"}, {"id": "USN-625-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Dirk Nehring discovered that the IPsec protocol stack did not correctly \nhandle fragmented ESP packets. A remote attacker could exploit this to \ncrash the system, leading to a denial of service. ([CVE-2007-6282](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2007-6282>))\n\nJohannes Bauer discovered that the 64bit kernel did not correctly handle \nhrtimer updates. A local attacker could request a large expiration value \nand cause the system to hang, leading to a denial of service. \n([CVE-2007-6712](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2007-6712>))\n\nTavis Ormandy discovered that the ia32 emulation under 64bit kernels did \nnot fully clear uninitialized data. A local attacker could read private \nkernel memory, leading to a loss of privacy. ([CVE-2008-0598](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-0598>))\n\nJan Kratochvil discovered that PTRACE did not correctly handle certain \ncalls when running under 64bit kernels. A local attacker could exploit this \nto crash the system, leading to a denial of service. ([CVE-2008-1615](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-1615>))\n\nWei Wang discovered that the ASN.1 decoding routines in CIFS and SNMP NAT \ndid not correctly handle certain length values. Remote attackers could \nexploit this to execute arbitrary code or crash the system. ([CVE-2008-1673](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-1673>))\n\nPaul Marks discovered that the SIT interfaces did not correctly manage \nallocated memory. A remote attacker could exploit this to fill all \navailable memory, leading to a denial of service. ([CVE-2008-2136](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2136>))\n\nDavid Miller and Jan Lieskovsky discovered that the Sparc kernel did not \ncorrectly range-check memory regions allocated with mmap. A local attacker \ncould exploit this to crash the system, leading to a denial of service. \n([CVE-2008-2137](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2137>))\n\nThe sys_utimensat system call did not correctly check file permissions in \ncertain situations. A local attacker could exploit this to modify the file \ntimes of arbitrary files which could lead to a denial of service. \n([CVE-2008-2148](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2148>))\n\nBrandon Edwards discovered that the DCCP system in the kernel did not \ncorrectly check feature lengths. A remote attacker could exploit this to \nexecute arbitrary code. ([CVE-2008-2358](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2358>))\n\nA race condition was discovered between ptrace and utrace in the kernel. A \nlocal attacker could exploit this to crash the system, leading to a denial \nof service. ([CVE-2008-2365](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2365>))\n\nThe copy_to_user routine in the kernel did not correctly clear memory \ndestination addresses when running on 64bit kernels. A local attacker could \nexploit this to gain access to sensitive kernel memory, leading to a loss \nof privacy. ([CVE-2008-2729](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2729>))\n\nThe PPP over L2TP routines in the kernel did not correctly handle certain \nmessages. A remote attacker could send a specially crafted packet that \ncould crash the system or execute arbitrary code. ([CVE-2008-2750](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2750>))\n\nGabriel Campana discovered that SCTP routines did not correctly check for \nlarge addresses. A local user could exploit this to allocate all available \nmemory, leading to a denial of service. ([CVE-2008-2826](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2826>))", "published": "2008-07-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-625-1/", "cvelist": ["CVE-2008-2136", "CVE-2007-6282", "CVE-2008-2826", "CVE-2008-0598", "CVE-2007-6712", "CVE-2008-2137", "CVE-2008-1615", "CVE-2008-2365", "CVE-2008-2729", "CVE-2008-2358", "CVE-2008-2750", "CVE-2008-2148", "CVE-2008-1673"], "lastseen": "2017-08-09T19:12:20"}, {"id": "USN-508-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "A buffer overflow was discovered in the Moxa serial driver. Local \nattackers could execute arbitrary code and gain root privileges. \n([CVE-2005-0504](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2005-0504>))\n\nA flaw was discovered in the IPv6 stack's handling of type 0 route headers. \nBy sending a specially crafted IPv6 packet, a remote attacker could cause \na denial of service between two IPv6 hosts. ([CVE-2007-2242](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2007-2242>))\n\nA flaw in the sysfs_readdir function allowed a local user to cause a \ndenial of service by dereferencing a NULL pointer. ([CVE-2007-3104](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2007-3104>))\n\nA buffer overflow was discovered in the random number generator. In \nenvironments with granular assignment of root privileges, a local attacker \ncould gain additional privileges. ([CVE-2007-3105](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2007-3105>))\n\nIt was discovered that certain setuid-root processes did not correctly \nreset process death signal handlers. A local user could manipulate this \nto send signals to processes they would not normally have access to. \n([CVE-2007-3848](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2007-3848>))\n\nIt was discovered that the aacraid SCSI driver did not correctly check \npermissions on certain ioctls. A local attacker could cause a denial \nof service or gain privileges. ([CVE-2007-4308](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2007-4308>))", "published": "2007-08-30T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-508-1/", "cvelist": ["CVE-2007-3848", "CVE-2007-3104", "CVE-2005-0504", "CVE-2007-3105", "CVE-2007-4308", "CVE-2007-2242"], "lastseen": "2017-08-09T19:14:44"}], "suse": [{"id": "SUSE-SA:2008:048", "type": "suse", "title": "remote denial of service in kernel", "description": "This kernel security update for SUSE Linux Enterprise 10 Service Pack 2 fixes lots of bugs and some security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-10-01T17:25:47", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3275", "CVE-2008-1673"], "lastseen": "2016-09-04T12:06:22"}, {"id": "SUSE-SA:2008:047", "type": "suse", "title": "remote denial of service in kernel", "description": "The Linux kernel in the SUSE Linux Enterprise Server 9 Service Pack 4 was released to fix various bugs and also some security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-10-01T15:09:37", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3525", "CVE-2007-6716", "CVE-2008-2812", "CVE-2008-1673"], "lastseen": "2016-09-04T12:13:25"}, {"id": "SUSE-SA:2008:049", "type": "suse", "title": "remote denial of service in kernel", "description": "The SUSE Linux Enterprise 10 Service Pack 1 kernel was updated to fix lots of bugs and also contains several security fixes: CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-0598: On AMD64 some string operations could leak kernel information into userspace. CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. CVE-2008-3275: Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory. CVE-2008-2931: The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. CVE-2008-2812: Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. For more information consult the RPM changelog. 2) Solution or Work-Around\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-10-02T11:55:46", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", "cvelist": ["CVE-2008-3272", "CVE-2008-0598", "CVE-2008-3525", "CVE-2008-2931", "CVE-2008-3275", "CVE-2008-2812", "CVE-2008-1673"], "lastseen": "2016-09-04T12:19:06"}, {"id": "SUSE-SA:2010:036", "type": "suse", "title": "remote denial of service in kernel", "description": "This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. Following security issues were fixed: CVE-2010-2521: A crafted NFS write request might have caused a buffer overwrite, potentially causing a kernel crash. CVE-2008-0598: The x86_64 copy_to_user implementation might have leaked kernel memory depending on specific user buffer setups. CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel did not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. CVE-2010-1188: Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a listening socket, allowed remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled causes the skb structure to be freed. CVE-2008-3275: The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel did not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allowed local users to cause a denial of service (\"overflow\" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. CVE-2007-6733: The nfs_lock function in fs/nfs/file.c in the Linux kernel did not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this files permissions, a related issue to CVE-2010-0727. CVE-2007-6206: The do_coredump function in fs/exec.c in Linux kernel did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might have allowed local users to obtain sensitive information. CVE-2010-1088: fs/namei.c in the Linux kernel did not always follow NFS automount \"symlinks,\" which allowed attackers to have an unknown impact, related to LOOKUP_FOLLOW. CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-1083: The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel did not clear the transfer buffer before returning to userspace when a USB command fails, which might have made it easier for physically proximate attackers to obtain sensitive information (kernel memory).\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2010-09-01T13:59:34", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00001.html", "cvelist": ["CVE-2009-4537", "CVE-2010-2521", "CVE-2008-0598", "CVE-2010-0727", "CVE-2007-6733", "CVE-2009-4020", "CVE-2010-1083", "CVE-2007-6206", "CVE-2010-1188", "CVE-2009-1389", "CVE-2008-3275", "CVE-2010-1088"], "lastseen": "2016-09-04T12:03:38"}, {"id": "SUSE-SA:2005:018", "type": "suse", "title": "remote denial of service in kernel", "description": "The Linux kernel is the core component of the Linux system.\n#### Solution\nNone. Please install the updated packages.", "published": "2005-03-24T16:30:19", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2005-03/msg00020.html", "cvelist": ["CVE-2005-0003", "CVE-2005-2801", "CVE-2004-1333", "CVE-2005-0529", "CVE-2005-0504", "CVE-2005-0736", "CVE-2005-0384", "CVE-2005-0530", "CVE-2005-0209", "CVE-2005-0210", "CVE-2005-0532", "CVE-2005-0867", "CVE-2005-0449", "CVE-2004-0814"], "lastseen": "2016-09-04T11:24:48"}, {"id": "SUSE-SA:2008:031", "type": "suse", "title": "remote denial of service in kernel", "description": "This kernel update fixes the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-07-02T13:19:53", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html", "cvelist": ["CVE-2007-6282", "CVE-2008-1375", "CVE-2008-1615", "CVE-2008-1367"], "lastseen": "2016-09-04T12:05:50"}, {"id": "SUSE-SA:2008:032", "type": "suse", "title": "remote denial of service in kernel", "description": "The Linux kernel on the SUSE Linux Enterprise 10 Service Pack 1 line of products was updated to fix quite a number of security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-07-07T14:54:24", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html", "cvelist": ["CVE-2008-2136", "CVE-2007-6282", "CVE-2008-1669", "CVE-2007-6151", "CVE-2008-1375", "CVE-2008-1615", "CVE-2007-6206", "CVE-2008-1367", "CVE-2007-5500"], "lastseen": "2016-09-04T12:15:09"}, {"id": "SUSE-SA:2008:030", "type": "suse", "title": "remote denial of service in kernel", "description": "The Linux kernel update was updated on openSUSE 10.2 and 10.3 to fix the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-06-20T16:05:15", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html", "cvelist": ["CVE-2008-2136", "CVE-2007-5904", "CVE-2007-6282", "CVE-2008-1669", "CVE-2008-1375", "CVE-2007-6712", "CVE-2008-1615", "CVE-2007-6206", "CVE-2008-0600", "CVE-2008-2358", "CVE-2008-1367", "CVE-2008-2148", "CVE-2007-5500"], "lastseen": "2016-09-04T11:49:41"}, {"id": "SUSE-SA:2008:044", "type": "suse", "title": "remote denial of service in kernel", "description": "The openSUSE 11.0 kernel was updated to 2.6.25.16.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-09-11T13:24:55", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00001.html", "cvelist": ["CVE-2008-3272", "CVE-2008-3276", "CVE-2008-3275", "CVE-2008-1673"], "lastseen": "2016-09-04T11:49:16"}, {"id": "SUSE-SA:2008:035", "type": "suse", "title": "remote denial of service in kernel", "description": "The Linux kernel on SUSE Linux Enterprise 10 Service Pack 2 and fixes the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-07-21T10:42:10", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", "cvelist": ["CVE-2008-1669", "CVE-2008-1615", "CVE-2008-2372", "CVE-2008-2931", "CVE-2008-2812", "CVE-2008-1673"], "lastseen": "2016-09-04T11:27:56"}], "oraclelinux": [{"id": "ELSA-2008-0519", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.18-92.1.6.0.2.el5]\n- [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [orabug 6045759]\n- [splice] Fix bad unlock_page() in error case (Jens Axboe) [orabug 6263574]\n- [dio] fix error-path crashes (Linus Torvalds) [orabug 6242289]\n- [NET] fix netpoll race (Tina Yang) [orabugz 5791]\n[2.6.18-92.1.6.el5]\n- [x86] sanity checking for read_tsc on i386 (Brian Maly ) [447686 443435]\n[2.6.18-92.1.5.el5]\n- [x86_64] copy_user doesn't zero tail bytes on page fault (Vitaly Mayatskikh) [451275 451276] {CVE-2008-2729}\n[2.6.18-92.1.4.el5]\n- Revert: [misc] ttyS1 loses interrupt and stops transmitting (Simon McGrath ) [443071 440121]\n[2.6.18-92.1.3.el5]\n- [x86_64] fix possible data leaks in copy_from_user() routine (Anton Arapov ) [433944 433945] {CVE-2008-0598}\n[2.6.18-92.1.2.el5]\n- [misc] ttyS1 loses interrupt and stops transmitting (Simon McGrath ) [443071 440121]\n- [net] DCCP sanity check feature length (Anton Arapov ) [447395 447396] {CVE-2008-2358}\n- [misc] fix possible buffer overflow in ASN.1 parsing routine (Anton Arapov ) [444464 444465] {CVE-2008-1673}", "published": "2008-06-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0519.html", "cvelist": ["CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2358", "CVE-2008-1673"], "lastseen": "2016-09-04T11:17:03"}, {"id": "ELSA-2008-0665", "type": "oraclelinux", "title": "Updated kernel packages for Oracle Enterprise Linux 4.7", "description": "[2.6.9-78]\n-alsa: Fix mic not working for HP XW series (Brian Maly) [453783]\n[2.6.9-77]\n-alsa: Add missing quirks for alc262 (Brian Maly) [453783]\n-Revert 'i8042: remove polling timer support - Original bz 246233' (Vivek Goyal) [450918]\n[2.6.9-76]\n-tty: fix tty holes (Vivek Goyal) [453155] {CVE-2008-2812}\n-xen: fix use of pvdisk or blkfront or xen-vbd for boot device (Don Dutile) [452210]\n-ppc64: fix restore of vmx registers in signal return (Brad Peters) [403471]\n-pci: correct pci bus assignments (Pete Zaitcev) [181648]\n-Fix diskdump failure on new mpt fusion driver (Chip Coldwell) [268921]\n[2.6.9-75]\n-mptfusion: Fix regression where commands timeout when issuing host reset to mpt fusion hba (Chip Coldwell) [452265]\n-copy_user_generic_c does not zero bytes left at destination after GPF (Vitaly Mayatskikh) [451274] {CVE-2008-2729}\n-sctp: make sure length argument passed does not overflow (Neil Horman) [452480] {CVE-2008-2826}\n-[infiniband] ehca: fixes lost interrupts problem over ib ehca after lpar to lpar communication (Brad Peters) [450689]\n-cifs: don t allow demultiplex thread to exit until kthread_stop is called (Jeff Layton) [442789]\n-Fix copy_from_user vulnerability (Vitaly Mayatskikh) [433943] {CVE-2008-0598}\n-Revert 'Enable fb_radeon driver on ppc64' (Vivek Goyal) [350931]\n[2.6.9-74]\n-[xen] pv on hvm: Fix cant open /dev/xvda while probing disks during installation issue (Don Dutile) [447315]\n-bnx2x: correct chip reset (Andy Gospodarek) [328001]\n-Fix race in switch_uid (Vince Worthington) [441282]\n[2.6.9-73]\n-Add more PCI IDs to support hdmi audio on amd chipsets (Bhavana Nagendra) [428964]\n-powernow k8: Repost to fix unnecessary error messages with synchronized p state transitions (Ed Pollard) [276771]\n-[usb] ohci-hcd: Fix kernel failed to boot and dropped to xmon on ppc64 (Vitaly Mayatskikh) [443052]\n-bonding: Fix interface flags issue (Andy Gospodarek) [442124]\n-qla4xxx: fix time outs, syncronization and re-logins (Marcus Barrow) [437898]\n-qla2xxx: update version to 8.02.09-d0-rhel4.7-04 (Marcus Barrow) [450645]\n-qla2xxx: correct srb usage after completion free issues resulting in slab corruption (Marcus Barrow) [450645]\n-qla2xxx: add 4 and 8 gb to port speed reporting (Marcus Barrow) [450645]\n-qla2xxx: add isp85xx in some ioctl paths for nvram and flash handling (Marcus Barrow) [450645]\n-qla2xxx: fix debug messages (Marcus Barrow) [450645]\n-qla2xxx: allocated firmware dump space for isp85xx (Marcus Barrow) [450645]\n-qla2xxx: correct isp84xx verify chip response handling (Marcus Barrow) [450645]\n-qla2xxx: add isp84xx to list of optionrom layout ids (Marcus Barrow) [450645]\n-qla2xxx: correct isp84xx logic operations in qla2x00_fw_ready (Marcus Barrow) [450645]\n-qla2xxx: correct isp84xx structure size mismatch with api (Marcus Barrow) [450645]\n-qla2xxx: correct isp84xx ioctl handling (Marcus Barrow) [450645]\n-Enable fb_radeon driver on ppc64 (Brad Peters) [350931]\n-ehca: fix for event queue overflow on ib ehca adapters (Brad Peters) [446714]\n-Fix deadlock possibility in arch_get_unmapped_area_topdown() (Vitaly Mayatskikh) [450094]\n-megaraid: Add support ibm blackrock controller (Chip Coldwell) [449718]\n-sit: Fix exploitable remote memory leak (Jiri Pirko) [446036] {CVE-2008-2136}\n-ehca: fix race possibility between qp async handler and destroy_qp (Brad Peters) [446110]\n-Fix hang when using /proc/sys/vm/drop_caches under heavy load on large system (Larry Woodman) [449381]\n-Fix possible buffer overflow in asn.1 parsing routines (Anton Arapov) [444463] {CVE-2008-1673}\n-[s390] Fix vmrm cmm use triggering oom killer (Hans-Joachim Picht) [446257]\n-[s390] fix iucv limit and cmm proc permissions (Hans-Joachim Picht) [446257]\n-Extend mce banks support to more than 6 for dunnington and nehalem (Geoff Gustafson) [446675]\n-ppc64: Fix slb shadow buffer support (Brad Peters) [440138]\n-Add hp DL385 G2 and DL585 G2 to whitelist for bfsort (Tony Camuso) [251032]\n[2.6.9-72]\n-Minor code cleanup to sys_times() call (Vitaly Mayatskikh) [448934]\n-qla2xxx: Update firmware for 4,8 gb/s adapters to version 8.02.09-d0-rhel4.7-03 (Marcus Barrow) [448641]\n-xen: minimize loss of network connectivity after guest migration (Don Dutile) [444473]\n-dm-raid: Fix bad performance of dm-raid (Mikulas Patocka) [432566]\n-Re-apply: Add HP DL580 G5 to bfsort whitelist (Tony Camuso) [429727]\n-Revert '[MOXA] buffer overflow in moxa driver' (Vivek Goyal) [423141]\n-Revert 'neofb: avoid overwriting fb_info fields' (Vivek Goyal) [430252]\n[2.6.9-71]\n-cciss: disable scsi_ioctl_send_command in cciss driver (Doug Chapman) [443053]\n-bnx2: fix panic when changing device settings while running netconsole (Andy Gospodarek) [444041]\n-Infiniband: Fix ipoib oops (Doug Ledford) [445736]\n-Fix system lockup in eventpoll (Josef Bacik) [446409]\n-ptrace: fix ptrace_attach and ptrace_detach race (Jerome Marchand) [311931]\n-diskdump: Fix diskdump regression in rhel 4.6 (Chip Coldwell) [268921]\n-[s390] ptrace: restore single_step behavior after do_signal (Jerome Marchand) [426647]\n-[NET] change skb_reserve to have signed length (Neil Horman) [445774]\n-x86_64: ia32 syscall restart fix (Jerome Marchand) [435000]\n-ehca: fix ehca driver for use with dapl (Doug Ledford) [443072]\n-ibmebus: Cleanup all devices upon module rmmod (Brad Peters) [441739]\n-sys_times: Fix system unresponsiveness during many concurrent invocation of sys_times (Vitaly Mayatskikh) [435280]\n-ehea: support ipv4 checksum capability only (Brad Peters) [439445]\n-xen: Fix blkfront deadlock on pv restore (Don Dutile) [429103]\n-Re-apply: Fix usb stress test issue on amd sbx00 systems (Bhavana Nagendra) [435787]\n-libata: ahci kill spurious ncq completion detection (David Milburn) [432396]\n-libata: implement ATA_PFLAG_RESETTING (David Milburn) [432396]\n[2.6.9-70]\n-proc pid limits: fix duplicate file names (Neil Horman) [443825]\n-md: make md pack rdev list (Doug Ledford) [194585]\n-Add needed locking to fcheck() in both dnotify.c and locks.c (Alexander Viro) [443438 439757] {CVE-2008-1669 CVE-2008-1375}\n-bonding: fix link monitor capability check (Andy Gospodarek) [441897]\n-Kernel doesn not clear DF for signal handlers (Vitaly Mayatskikh) [437315] {CVE-2008-1367}\n-Fix pv on hvm crash due to vnif increase patch (Don Dutile) [442538]\n-pv on hvm: memory corruption due to vnif increase (Don Dutile) [442298]\n-oprofile fix for penryn based procs (Geoff Gustafson) [439540]\n-sound: Fix sound driver update compilation error (Vivek Goyal) [319701 228440 228443 216447 248060 240912]\n-sound: Enable CONFIG_SND_INTEL_HDA=m driver (Vivek Goyal) [319701 228440 228443 216447 248060 240912]\n-Add HDMI audio support for AMD ATI chipsets (Bhavana Nagendra) [428964]\n-Dual core chips reported as quad core in cpuinfo (Geoff Gustafson) [326781]\n-alsa: Unmute DACs on AMD shiner (ad1884) (Brian Maly) [351911 314391]\n-[SOUND] azx sound driver update (Brian Maly) [319701 228440 228443 216447 248060 240912 234358]\n-Revert 's390: qeth: tcpdump does not work with osa Layer2 and VLAN enabled' (Vivek Goyal) [379031]\n[2.6.9-69]\n-Updated the spec file for beta build numbering (Vivek Goyal)\n[2.6.9-68.34]\n-Fix memory leak of struct percpu_data in free_percpu (Larry Woodman) [441321]\n-Do not limit shmem locked memory when rlimit_memlock is rlim_infinity (Larry Woodman) [439926]\n-sata: fix work around sb600 sata hw errata (Bhavana Nagendra) [300861]\n-diskdump: Fix flush_cpu_workqueue so that diskdump can work after momentary link down of lpfc (Takao Indoh) [216618]\n-Revert 'Fix usb stress test issue on amd sbx00 systems' (Vivek Goyal) [435787]\n[2.6.9-68.33]\n-enhanced partition statistics: fix update partition statitics (Jerome Marchand) [233579]\n-enhanced partition statistics: fix core statistics (Jerome Marchand) [233579]\n-qla2xxx: isp84xx variant ioctl support (Marcus Barrow) [441445]\n-qla2xxx: isp84xx variant support (Marcus Barrow) [441445]\n-pci: fix quirk for ht1000 bridge chips (Andy Gospodarek) [439109]\n-rpc: do not block on skb allocation (Jeff Layton) [439436]\n-nmi: kill disable_irq calls (Aristeu Rozanski) [172749]\n-nmi: disable lapic and io apic nmis on unknown_nmi_panic (Aristeu Rozanski) [172749]\n-nmi: use perfctr functions for probing (Aristeu Rozanski) [172749]\n-nmi: update check_nmi_watchdog (Aristeu Rozanski) [172749]\n-nmi: update reserve_lapic_nmi (Aristeu Rozanski) [172749]\n-nmi: use setup_apic_nmi_watchdog and stop_apic_nmi_watchdog in suspend resume (Aristeu Rozanski) [172749]\n-nmi: change nmi_active usage (Aristeu Rozanski) [172749]\n-nmi: update nmi_watchdog_tick (Aristeu Rozanski) [172749]\n-nmi: modify setup_acpi_nmi_watchdog to handle both io apic and lapic (Aristeu Rozanski) [172749]\n-nmi: introduce do_nmi_callback (Aristeu Rozanski) [172749]\n-nmi: introduce per cpu wd_enabled (Aristeu Rozanski) [172749]\n-nmi: add perfctr infrastructure (Aristeu Rozanski) [172749]\n-[SCSI] aic79xx: fix timer handling (David Milburn) [243936]\n[2.6.9-68.32]\n-xen: Fix gettimeofday is not monotonically increasing on xenU (Don Dutile) [438975]\n-xen: config file additions for xen pv-on-hvm drivers (Don Dutile) [437423]\n-xen: pv-on-hvm driver subsystem for non xen kernels (Don Dutile) [437423]\n-xen: modifications to drivers/xen/ files for pv on hvm use (Don Dutile) [437423]\n-xen: pv on hvm kconfig and makefile changes (Don Dutile) [437423]\n-xen: pv.h file modifications for compilation on xen and non xen kernels (Don Dutile) [437423]\n[2.6.9-68.31]\n-qla4xxx: race condition fixes with constant qla3xxx ifup/ifdown (Marcus Barrow) [430313]\n-qla4xxx: Fix targets not seen on first port (Marcus Barrow) [425721]\n-Fix compilation warnings coming from module.h (Vivek Goyal) [280431]\n-qla4xxx: Handle multiple ports per target (Marcus Barrow) [412671]\n-qla4xxx: Update driver version string to 5.01.02-d1 (Marcus Barrow) [317631]\n-qla4xxx: Throttle on queue full errors (version 5.01.02-d1) (Marcus Barrow) [317631]\n[2.6.9-68.30]\n-Fix __call_usermodehelper wait_for_helper race condition (Dave Anderson) [438800]\n-nfs: 32 bit nfs server returns eio for readdirplus request when backing file system has 32bit inodes (Peter Staubach) [438723]\n-Ensure IV is in linear part of the skb to avoid BUG due to OOB access (Thomas Graf) [427246]\n-Enhanced partition statistics: documentation (Jerome Marchand) [233579 310521]\n-Enhanced partition statistics: Fill old partition statistics with right data (Jerome Marchand) [233579 310521]\n-Enhanced partition statistics: procfs changes (Jerome Marchand) [233579 310521]\n-Enhanced partition statistics: sysfs changes (Jerome Marchand) [233579 310521]\n-Enhanced partition statistics: update partition statitics (Jerome Marchand) [233579 310521]\n-Enhanced partition statistics: core statistics (Jerome Marchand) [233579 310521]\n[2.6.9-68.29]\n-Revert 'Add HP DL580 G5 to bfsort whitelist' (Vivek Goyal) [429727]\n-fix unprivileged crash on x86_64 cs corruption (Jarod Wilson) [439786]\n-ixgbe: Build module ixgbe CONFIG_IXGBE=m (Andy Gospodarek) [305051]\n-x86_64: add /dev/msr[0-n] device files (Jason Baron) [249514]\n-i386: Fix extended cpu model field being ignored (Geoff Gustafson) [439539]\n-x86_64: Fix hpet bug where system hangs during reboot cycle (Geoff Gustafson) [434854]\n-i386: Allow apicid to be 8 bit (Geoff Gustafson) [437821]\n-ixgbe: initial support code (Andy Gospodarek) [305051]\n-nfs: fix setgid handling in notify_change (Jeff Layton) [439253]\n-e1000: upstream update and alternate mac address support (Andy Gospodarek) [298901]\n[2.6.9-68.28]\n-powernow k8: fix UP kernel to register freq driver (David Milburn) [429519]\n-spec: fix summary description of largesmp kernel package (Vivek Goyal) [186606]\n-qla2xxx: Avoid delay for loop ready when loop dead (Marcus Barrow) [426411]\n-qla2xxx: Build qla25xx as module CONFIG_SCSI_QLA25XX=m (Marcus Barrow) [253287]\n-qla2xxx: Clean up firmware dumping mechanism for ISP25xx adapter (Marcus Barrow) [253287]\n-qla2xxx: Support ISP25xx adapters for 8GB/s (Marcus Barrow) [253287]\n-qla2xxx: Firmware support for new 8 GB/s adapter QLE25xx (Marcus Barrow) [253287]\n-qla2xxx: update 4 GB/s firmware to match 8 GB/s firmware (Marcus Barrow) [253287]\n-ext3: lighten up resize transaction requirements (Eric Sandeen) [166038]\n-nfs: Fix nfs_access_cache_shrinker race with umount (Peter Staubach) [433249]\n-hangcheck timer: remove monotomic clock dependencies (Brian Maly) [429928]\n-Fix execve returning EFBIG when running 4 GB executable (Dave Anderson) [393501]\n-[NET] Fix the redirect packet of the router if the jiffies wraparound (Thomas Graf) [428934]\n-bnx2: update to upstream version 1.6.9 (Andy Gospodarek) [311531 303051 310851]\n-Fix race condition in proc file reading that leads to module refcnt imbalance (Neil Horman) [280431]\n[2.6.9-68.27]\n-infiniband: hotcpu_notifier backport (Doug Ledford) [309591]\n-infiniband: Remove the unused cxgb3/core directory and files (Doug Ledford) [309591]\n-infiniband: Dont set CONFIG_MLX4_CORE on ppc64 iseries (Vivek Goyal) [309591]\n-infiniband: Enable various infiniband related config options (Vivek Goyal) [309591]\n-infiniband: additional kernel backports needed for ppc64 (Doug Ledford) [309591]\n-infiniband: update kconfig files so that setting infiniband off kills it all (Doug Ledford) [309591]\n-infiniband: backport for interrupt handler changes (Doug Ledford) [309591]\n-infiniband: add the genalloc backport (Doug Ledford) [309591]\n-infiniband: minor backports (Doug Ledford) [309591]\n-infiniband: util updates (Doug Ledford) [309591]\n-infiniband: srp updates (Doug Ledford) [309591]\n-infiniband: sdp updates (Doug Ledford) [309591]\n-infiniband: core updates and makefile kconfig changes (Doug Ledford) [309591]\n-infiniband: additional backport (Doug Ledford) [309591]\n-infiniband: move vnic to qlgc_vnic (Doug Ledford) [309591]\n-infiniband: ipoib updates (Doug Ledford) [309591]\n-infiniband: various header config updates (Doug Ledford) [309591]\n-infiniband: ehca driver update (Doug Ledford) [309591]\n-infiniband: nes hardware driver update (Doug Ledford) [309591]\n-infiniband: mthca driver update (Doug Ledford) [309591]\n-infiniband: ipath driver update (Doug Ledford) [309591]\n-infiniband: cxgb3 driver update (Doug Ledford) [309591]\n-infiniband: amso1100 driver update (Doug Ledford) [309591]\n-infiniband: kill off some uninitialized_var usage that breaks our kernel (Doug Ledford) [309591]\n-additional kernel.h backports (Doug Ledford) [309591]\n-infiniband: move a couple backports (Doug Ledford) [309591]\n-infiniband: add the mlx4 core net and infiniband drivers (Doug Ledford) [309591]\n-infiniband: move the vnic driver to qlgc_vnic (Doug Ledford) [309591]\n-bnx2x: enable bnx2x module CONFIG_BNX2X=m (Vivek Goyal) [328001]\n-Fix ext3 direct IO problem that occurs under memory pressure (Josef Bacik) [381221]\n-wacom: add support to cintiq 20wsx tablets (Aristeu Rozanski) [436890]\n-io_apic: fix irq race in check_timer (Brian Maly) [432405]\n-cxgb3: update to driver to support ofed 1 3 (Andy Gospodarek) [253452]\n-igb: update to upstream version 1.0.8-k2 (Andy Gospodarek) [298881]\n-e1000e: update to latest upstream (Andy Gospodarek) [311961 432364]\n-usb: Fix sporadic hangs in usb (Pete Zaitcev) [239723]\n-bnx2x: initial support for bcm57710 (Andy Gospodarek) [328001]\n-Fix usb stress test issue on amd sbx00 systems (Bhavana Nagendra) [435787]\n-mptfusion: Fix IO failures when host reset of adapter is in progress (Chip Coldwell) [429368]\n-mptfusion: Fix oops in mptctl_gettargetinfo due to null ioc raid_data piocpg3 (Chip Coldwell) [429623]\n-mptfusion: update mptfusion to version 3-12-19-00 (Chip Coldwell) [308341]\n-lpfc: update lpfc driver to version 8.0.16.40 (Chip Coldwell) [326931]\n-aacraid: update aacraid driver to version 1.1.5-2455 (Chip Coldwell) [300021]\n-aacraid: update aacraid driver to version 1.1.5-2453 (Chip Coldwell) [300021]\n-megaraid: Update megaraid_sas driver to version 3.18 (Chip Coldwell) [312061]\n-x86_64: fix 32-bit thread debugging (Jerome Marchand) [311881]\n-arcmsr: update the arcmsr driver to version 1.20.00.15.rh (Tomas Henzl) [428801]\n-e1000: disable pci-e completion timeouts on pseries (Andy Gospodarek) [231676]\n-[SCSI] ibmvscsi: add slave_configure to allow device restart (Brad Peters) [364601]\n-Request to demand load dm cluster logging module (Jonathan Brassow) [438834]\n-nfsv4: create dedicated workqueue for handling nfs4_close_state_work (Jeff Layton) [402581]\n-nfs: allow nfsv4 files open for write to invalidate caches (Jeff Layton) [359651]\n-k8_edac: add option to report gart errors (Aristeu Rozanski) [232488]\n-nfs: Allow RHEL4 to do READDIR on directory containing a referral (Jeff Layton) [227610]\n[2.6.9-68.26]\n-[SPEC] fix add call to weak modules script in spec file (Vivek Goyal) [438688]\n-[s390] qdio: FCP/SCSI write IO stagnates on LPAR (Hans-Joachim Picht) [436992]\n-lro: Build lro as module CONFIG_INET_LRO=m (Ed Pollard) [300201]\n-ehea: driver update and modifications to sync with upstream (Ed Pollard) [300201]\n-ehea: Fixes to make LRO compile in RHEL 4.7 (Ed Pollard) [300201]\n-ehea: Pull LRO support from upstream (Ed Pollard) [300201]\n-getrusage: fill ru_inblock and ru_oublock fields if possible (Jerome Marchand) [247285]\n-io accounting: set up config_task_io_accounting (Jerome Marchand) [247285]\n-io accounting: report in procfs (Jerome Marchand) [247285]\n-io accounting: account for direct io (Jerome Marchand) [247285]\n-io accounting: read accounting cifs fix (Jerome Marchand) [247285]\n-io accounting: read accounting nfs fix (Jerome Marchand) [247285]\n-io accounting: read accounting (Jerome Marchand) [247285]\n-io accounting: write cancel accounting (Jerome Marchand) [247285]\n-io accounting: write accounting (Jerome Marchand) [247285]\n-io accounting: core statistics (Jerome Marchand) [247285]\n-[PPC64] Add kernel support for storing slb entries, for cpu failure recovery (Brad Peters) [300081]\n-[Power6] Extend alignment exception handler to handle new floating point load, store instructions (Brad Peters) [300071]\n[2.6.9-68.25]\n-alsa: fix 32 to 64 bit pcm api conversion layer (Jaroslav Kysela) [429944]\n-[SPEC] Add call to weak modules script in spec file (Jon Masters) [438115]\n-bonding: 802.3ad: Fix no carrier on no partner found (Vince Worthington) [437865]\n-stex: update stex driver (Jeff Garzik) [251560]\n-s2io: Update to driver version 2.0.25.1 (Andy Gospodarek) [298551]\n-diskdump: fix diskdump to print warning message about large block_order (Takao Indoh) [219639]\n-[IPV4]: Fix fragmentation with header options (Thomas Graf) [214903]\n-sctp: backport new sctp receive buffer management code to rhel4 (Neil Horman) [200813]\n-diskdump: Diskdump performance regression in mptfusion driver (Takao Indoh) [438027]\n-[NETFILTER]: fix module to prevent deadlock via module refcounting (Neil Horman) [212922]\n[2.6.9-68.24]\n-Fix greyhound event based profiling support patch (Bhavana Nagendra) [437982]\n-forcedeth: update to upstream version 0.61 (Andy Gospodarek) [253592]\n-sata: work around sb600 sata hw errata (Jeff Garzik) [300861]\n-tg3: update to upstream version 3.86 (Andy Gospodarek) [324251]\n-[TCP] Fix tcp assertion where packets_out exceeds fackets_out (Thomas Graf) [296561]\n-i2c_piix4: Enable i2c_piix4 module on x86_64 (Prarit Bhargava) [424541]\n-Fix 64 bit dma issue on sb700 systems (Bhavana Nagendra) [434742]\n-ipr: dual sas raid adds support for new pci-e ipr adapters (Brad Peters) [299101]\n-ipr: dual sas raid escalates error handler failures all the way to host reset (Brad Peters) [299101]\n-[XEN] Fix xen pv netfront oops during live migrate (Chris Lalancette) [435351]\n-ICH10: Add relevant PCI device IDs to support ICH10 (Geoff Gustafson) [304101]\n-Retry: check to see if agp is valid before reporting aperture size warnings (Brian Maly) [392771 431897]\n[2.6.9-68.23]\n-pci: mmconfig patches 68.22 build breakage fix (Tony Camuso) [437837]\n-Add config_dm_multipath_hp to generic config (David Wysochanski) [195685]\n-xen: expand vnif number per a guest domain over four (Don Dutile) [435448]\n-sata_svw: update sata_svw driver to support broadcom HT1100 chipset (John Feeney) [234159]\n-qla3xxx: new 4032 does not work with vlan (Marcus Barrow) [314301]\n-Add greyhound event based profiling support (Bhavana Nagendra) [433524]\n-Adding sb800 sata controller support (Bhavana Nagendra) [299901]\n-dm-multipath: path group initialization retry support for hp hardware handler (David Wysochanski) [195685]\n-dm-multipath: add path group initialization retry support to generic multipath layer (David Wysochanski) [195685]\n-dm-multipath: add hp handler for HP active/passive array (David Wysochanski) [195685]\n-[s390] qeth: ifenslave -c causes kernel panic with vlan and osa layer2 (Hans-Joachim Picht) [387041]\n-[s390] zfcp: scsi LUNs going offline during cablepull or MC update (Hans-Joachim Picht) [207558]\n-[s390] zfcp: Various driver bugfixes from upstream (Hans-Joachim Picht) [248934]\n-Build PowerNow-k8 as module (Brian Maly) [234145]\n[2.6.9-68.22.EL]\n-xen: save restore migration of 32 bit pv guests can fail under load (Don Dutile) [431081]\n-sysfs: Keep away from adding an existing dirent (Josef Bacik) [383101]\n-[IA64] Avoid unnecessary tlb flushes when allocating memory (Doug Chapman) [424771]\n-[PCI] pci config: remove mmconf blacklist (Tony Camuso) [250313]\n-[PCI] pci config: Use PortIO to access config offsets below 256 byte (Tony Camuso) [250313]\n-wacom: add support to intuos3 12x19 (Aristeu Rozanski) [278681 253088]\n-wacom: add support to intuos3 12x12 (Aristeu Rozanski) [278681 253088]\n-wacom: fix the maximum distance value (Aristeu Rozanski) [278681 253088]\n-wacom: change cintiq interrupt handler (Aristeu Rozanski) [278681 253088]\n-wacom: add support for intuos3 4x6 (Aristeu Rozanski) [278681 253088]\n-wacom: use enum definitions for wacom models (Aristeu Rozanski) [278681 253088]\n-neofb: avoid overwriting fb_info fields (Vitaly Mayatskikh) [430252]\n[2.6.9-68.21.EL]\n-skge: do not clear multicast state on link down (Andy Gospodarek) [377611]\n-net: drop duplicate frames on vlan accelerated bonding interfaces (Andy Gospodarek) [295161]\n-ipmi: initialize second bmc properly (Peter Martuccelli) [411041]\n-diskdump: do not disregard crc error of the diskdump module (Takao Indoh) [248766]\n-Make kernel build when CONFIG_HIGHMEM is not set (Jason Baron) [185202]\n-Add HP DL580 G5 to bfsort whitelist (Tony Camuso) [429727]\n-sched: Exiting process returns its first time_slice to wrong process (Vitaly Mayatskikh) [238034]\n-Fix e820 map hole size calculations (Larry Woodman) [206113]\n-[NET] bonding: add MAC based failover support to bonding driver (Brad Peters) [300031]\n-[SCSI] aic7xxx: fix ahc_done check SCB_ACTIVE for tagged transactions (David Milburn) [223333]\n[2.6.9-68.20.EL]\n-EDAC: Add CONFIG_EDAC_I5000 option to config files (Vivek Goyal) [235936]\n-Reset LEDS on dell usb keyboards (John Feeney) [225361]\n-Tolapai: Report correct cpu cache info (Geoff Gustafson) [426301]\n-Tolapai: sata and i2c support (Geoff Gustafson) [304131]\n-Fix memory leak in alloc_disk_node (Jerome Marchand) [435892]\n-jbd: Fix journal overflow issues (Josef Bacik) [183119]\n-knfsd: Ratelimit remotely triggered rpc error messages (Chris Snook) [428149]\n-pata_jmicron: match devices using vendor and device class only and update quirk for JMB361/3/5/6 (Aristeu Rozanski) [337671]\n-cciss: Add SG_IO ioctl and fix error reporting for SG_IOCTL (Tomas Henzl) [293651]\n-cciss: add init of drv->cylinders back to cciss_geometry_inquiry (Tomas Henzl) [432026]\n-cciss : Modify /proc/driver/cciss entries to avoid system crash (Tomas Henzl) [432480]\n-EDAC: add support to intel 5000 chipsets (Aristeu Rozanski) [235936]\n[2.6.9-68.19.EL]\n-edac: Add CONFIG_EDAC_I3000 option to config files (Vivek Goyal) [427799]\n-cdrom: kill 'open failed' message (John Feeney) [247446]\n-Insufficient range checks in fault handlers with mremap (Vitaly Mayatskikh) [428969] {CVE-2008-0007}\n-Fix CDROM mounting problem when changing isos in iseries legacy (Brad Peters) [334651]\n-[PPC64] xmon: Make xmon= off work on rhel 4 (Brad Peters) [426878]\n-cciss: Change version number to 3.6.20-RH1 (Tomas Henzl) [426109]\n-cciss: Support new SAS/SATA controllers (Tomas Henzl) [426111]\n-cciss: Copyright information updated as per HP Legal (Tomas Henzl) [426110]\n-cciss: Remove read_ahead and use block layer defaults instead (Tomas Henzl) [426114]\n-Fix unix stream socket recv race condition (Hideo AOKI) [433685]\n-[NET] Fix socket name string length returned by sys_getsockname (Doug Ledford) [434554]\n-EDAC: add support to intel 3000 3010 chipsets (Aristeu Rozanski) [427799]\n-Revert 's390:qdio/qeth: make sure sent skbs are freed in time' (Vivek Goyal) [381041]\n[2.6.9-68.18.EL]\n-nlm: fix a client side race on blocking locks (Jeff Layton) [432855]\n-nlm: cleanup for blocked locks (Jeff Layton) [432855]\n-[PPC] Support for cpu freq values great than 32 bit on power5/6 (Guy Streeter) [373031]\n-[SCSI] fix kernel panic caused by scsi medium error (Takahiro Yasui) [242046]\n-forcedeth: msi bugfix: Stop using stale irq number (Andy Gospodarek) [359231]\n-ide: __ide_end_request check for empty list before dequeuing request (David Milburn) [426279]\n-redhat will not ipl with more than 64 procs (Scott Moser) [248428]\n-[MOXA] buffer overflow in moxa driver (Vitaly Mayatskikh) [423141] {CVE-2005-0504}\n-s390: cio: collection of update patches (Hans-Joachim Picht) [380931]\n-s390:qdio/qeth: make sure sent skbs are freed in time (Hans-Joachim Picht) [381041]\n-s390: qeth: tcpdump does not work with osa Layer2 and VLAN enabled (Hans-Joachim Picht) [379031]\n-make concurrent proc net dev reads return sane stats for bonds (Chris Snook) [430576]\n[2.6.9-68.17.EL]\n-Missing sb600 sb700 40 pin ide cable support (Bhavana Nagendra) [431440]\n-SB700 contains two ide channels (Bhavana Nagendra) [335361]\n-smbus: AMD ATI SB600 700 800 use same smbus controller devid (Bhavana Nagendra) [252287]\n-libata: un-blacklist hitachi drives to enable NCQ (David Milburn) [430293]\n-libata: sata_nv may send commands with duplicate tags (David Milburn) [430293]\n-add mutex_destroy() definition (Jason Baron) [233234]\n-sunrpc: print unsigned integers in stats (Jeff Layton) [401861]\n-nfsd: don t try to cache reply to nfsv2 readdir (Jeff Layton) [430946]\n-sunrpc: make sure portmap calls are always soft RPC tasks (Jeff Layton) [248787]\n-[NET] link_watch: always schedule urgent events (Don Dutile) [429930]\n-nfs: don t expose internal readdir errors to userspace (Jeff Layton) [354371]\n-nfs4: Make sure nfs4 mounts are interruptable when intr is specified (Jeff Layton) [151085]\n[2.6.9-68.16.EL]\n-[XEN] Fix xen pv oops when mmaping prot_none during save restore (Chris Lalancette) [311431]\n-[NET] link_watch: handle jiffies wraparound (Vince Worthington) [433698]\n-IA64: user data corruption on misaligned access with certain fp instructions (Luming Yu) [430918]\n-xen: xenbus suspend_mutex remains locked after transaction failure (Don Dutile) [250381]\n-hotplug: acpiphp: avoid acpiphp cannot get bridge info pci hotplug failure (Konrad Rzeszutek) [287741]\n-[COREDUMP] add MMF_DUMP_ELF_HEADERS flag support (Hideo AOKI) [235742]\n-[COREDUMP]: Documentation for coredump filter (Hideo AOKI) [235742]\n-[COREDUMP] elf: add coredump filtering feature (Hideo AOKI) [235742]\n-[COREDUMP]: add an interface for coredump filter (Hideo AOKI) [235742]\n-kswapd: kswapd does not use lower_zone_protection value properly, resulting in oomkill (Larry Woodman) [358731]\n[2.6.9-68.15.EL]\n-nfs: Introduce nfs.enable_ino64 command line parameter to enable/disable 32bit inode numbers (Peter Staubach) [213518]\n-nfs: 32 bit nfs client does not handle 64 inodes correctly. Server side changes. (Peter Staubach) [213518]\n-nfs: 32 bit nfs client does not handle 64 inodes correctly. Client side change (Peter Staubach) [213518]\n-xen: rapid block device plug unplug leads to kernel crash and or soft lockup (Don Dutile) [426031]\n-[NET] make tcp_input_metrics get minimum rto via tcp_rto_min (Anton Arapov) [427204]\n-acpiphp: differentiate between slot empty and slot power off (Prarit Bhargava) [248489]\n-Fix IPI interrupt storm on IA64 (Prarit Bhargava) [359671]\n-smbfs: Fix calculation of size parameter in smb_receive (Jeff Layton) [355141]\n-smbfs: fix more warnings and errors with debug builds (Jeff Layton) [355141]\n-smbfs: Fix debug logging only compilation error (Jeff Layton) [355141]\n-smbfs: smbfs readdir vs signal fix (Jeff Layton) [355141]\n-smbfs: Fix names_cache memory leak (Jeff Layton) [355141]\n-smbfs: smb_file_open retval fix (Jeff Layton) [355141]\n-smbfs: Turn null dereference into BUG() (Jeff Layton) [355141]\n-smbfs: fix data corruption in smb_proc_setattr_unix (Jeff Layton) [355141]\n[2.6.9-68.14.EL]\n-epoll_wait with negative timeout value results in bogus printk (Peter Staubach) [278961]\n-proc: add /proc/\n/limits (Neil Horman) [207340]\n-ACPI PCIE hotplug fails due to non receipt of acpi events (Konrad Rzeszutek) [252262]\n-Powernow-k8: Get rid of unnecessary error messages with synchronized p state transitions (Konrad Rzeszutek) [276771]\n-ide : handle ide removeable drives properly (Josef Bacik) [249061]\n-[AIO] account for io wait properly (Jeff Moyer) [220902]\n-nfs:for nfs4_create_exclusive, reset any fields set in attrmask (Jeff Layton) [196180]\n-nfs: set attrmask correctly on nfs4_create_exclusive reply (Jeff Layton) [196180]\n-Implement udp_poll to reduce likelyhood of false positive return from select() (Neil Horman) [212321]\n[2.6.9-68.13.EL]\n-sunrpc: dont retry portmap query forever if it is not responding (Jeff Layton) [204309]\n-nfs: Discard pagecache data for dirs on denty_iput (Jeff Layton) [364361]\n-Fix /proc/cpuinfo giving wrong model number information (John Feeney) [313631]\n-nfs: fix ATTR_KILL_S*ID handling on NFS (Jeff Layton) [225557]\n-[NET] kernel needs to support TCP_RTO_MIN (Anton Arapov) [251240]\n[2.6.9-68.12.EL]\n-eHEA: add poll_controller support to eHEA to support netdump and netconsole (Neil Horman) [249041]\n-Display count of pagecache pages in show_mem output (Larry Woodman) [428014]\n-Prevent long delay before OOM killer launches (Larry Woodman) [252939]\n-x86_64: Prevent iounmap from sleeping with a spinlock held (Larry Woodman) [361931]\n-i8042: remove polling timer support (David Milburn) [340561]\n-hfs: Do not mount the fs if hfs can t find the root inode (Josef Bacik) [223514]\n[2.6.9-68.11.EL]\n-cifs: update changes file and version string (Jeff Layton) [427544]\n-cifs: fix endian conversion problem in posix mkdir (Jeff Layton) [427544]\n-cifs: fix potential data corruption when writing out cached dirty pages (Jeff Layton) [427544]\n-cifs: when mount helper missing fix slash wrong direction in share (Jeff Layton) [427544]\n-cifs: fix error message about packet signing (Jeff Layton) [427544]\n-cifs: fix cifsd to shut down when signing fails during mount (Jeff Layton) [427544]\n-cifs: reduce chance of list corruption in find_writable_file (Jeff Layton) [427544]\n-cifs: fix memory leak in statfs to very old servers (Jeff Layton) [427544]\n-cifs: fix buffer overflow if server sends corrupt response to small request (Jeff Layton) [372981] {CVE-2007-5904}\n-cifs: log better errors on failed mounts (Jeff Layton) [427544]\n-cifs: fix oops on second mount to same server when null auth is used (Jeff Layton) [427544]\n-cifs: fix spurious reconnect on 2nd peek from read of SMB length (Jeff Layton) [427544]\n-cifs: fix bad handling of EAGAIN error on kernel_recvmsg in cifs_demultiplex_thread (Jeff Layton) [427544]\n-cifs: have older kernels clean out pages list in cifs_readpages (Jeff Layton) [427544]\n-cifs: add inline cifs_filemap_write_and_wait for older kernels (Jeff Layton) [427544]\n-cifs: add mutex_lock and mutex_unlock definitions (Jeff Layton) [427544]\n-cifs: account for change of kmem_cache_t to struct kmem_cache (Jeff Layton) [427544]\n-cifs: remove duplicate kzalloc definition (Jeff Layton) [427544]\n-cifs: Import cifs stock version 1.50c (Jeff Layton) [427544]\n-audit: break execve records into smaller parts (Eric Paris) [427532] {CVE-2008-0004}\n-eHEA: Fix kernel panic on DLPAR remove of eHEA (real fix) (Scott Moser) [253765]\n-Revert 'check to see if agp is valid before reporting aperture size warnings' (Vivek Goyal) [392771]\n[2.6.9-68.10.EL]\n-s390: qeth: discard inbound packets with unknown header id (Hans-Joachim Picht) [350871]\n-s390: qeth: hipersockets layer-3 interface to drop non-IP packets (Hans-Joachim Picht) [380961]\n-check to see if agp is valid before reporting aperture size warnings (Brian Maly) [392771]\n-xen: local domu to domu ssh broken when firewall enabled (Don Dutile) [414131]\n-nfs: multithreaded file lock/unlock issues over NFS (Sachin Prabhu) [346331]\n-Dont truncate /proc/PID/environ at 4096 characters (Anton Arapov) [254037]\n[2.6.9-68.9.EL]\n-udf: fix possible leakage of blocks (Eric Sandeen) [202765]\n-udf: fix possible udf data corruption (Eric Sandeen) [202765]\n-udf: support files larger than 1g (Eric Sandeen) [202765]\n-udf: add assertions in udf_discard_prealloc (Eric Sandeen) [202765]\n-udf: use get_bh instead of directly accessing b_count (Eric Sandeen) [202765]\n-udf: introduce struct extent_position (Eric Sandeen) [202765]\n-udf: use sector_t and loff_t for file offsets (Eric Sandeen) [202765]\n-udf: fix possible udf deadlock and memory corruption (Eric Sandeen) [202765]\n-udf: deadlock on unmount fix (Eric Sandeen) [202765]\n-udf: fix reservation discarding (Eric Sandeen) [202765]\n-nfs: Fix nfs read performance regression. Introduce a new tunable. (Larry Woodman) [396081]\n-nfs: High vm pagecache reclaim latency on systems with large highmem to lowmem ratio fix (Larry Woodman) [371191]\n-Do not mmap a page at address zero without MAP_FIXED (Vitaly Mayatskikh) [360281]\n[2.6.9-68.8.EL]\n-Fix unserialized task->files updation (Vitaly Mayatskikh) [250799]\n-nfs: fix redundant and incorrect protocol for nfs4 in /proc/mounts (Jeff Layton) [171712]\n-psmouse: Add support for cortps protocol (Aristeu Rozanski) [221467]\n-Potential deadlock in DM mirror code fix (Jonathan Brassow) [247879]\n-SIGKILL not respected under special circumstances fix (Michal Schmidt) [253665]\n-ide: Introduce command line option to disable ide drivers (Gerd Hoffmann) [270661]\n-networking: kernel oopses when multicasting with connection oriented socket (Anton Arapov) [250842]\n[2.6.9-68.7]\n-Fix possible NULL pointer dereference inside of strncmp() if of_get_property() failed (Vitaly Mayatskikh) [396811]\n-fix sys_waitid() hang (Jerome Marchand) [382191] {CVE-2007-5500}\n-dm mirror: fix pvmove causes kernel panic (Milan Broz) [179201]\n-fix possible filesystem corruption (Vitaly Mayatskikh) [428795] {CVE-2008-0001}\n[2.6.9-68.6]\n-add support for Realtek RTL8111/8168 PCI-Express NIC (Ivan Vecera) [251383]\n-ISDN: fix isdn_net_setcfg() vulnerability (Aristeu Rozanski) [392131] {CVE-2007-6063}\n-fix panic caused by set_mempolicy with MPOL_BIND (Vitaly Mayatskikh) [293211] {CVE-2007-4130}\n-fix core dump file permissions (Don Howard) [396981] {CVE-2007-6206}\n-I4L: fix isdn_ioctl memory issue (Vitaly Mayatskikh) [425161] {CVE-2007-6151}\n-fix dput after mntput bugs (Josef Bacik) [403361]\n-fix xenbus has use-after-free (Don Dutile) [249727]\n-acpiphp: Examine slots below P2P bridges (Prarit Bhargava) [415981]\n[2.6.9-68.5]\n-add tick divider capability (Chris Lalancette) [248488]\n[2.6.9-68.4]\n-do not call set_page_dirty_lock() on compound pages (Luming Yu) [248954 252400]\n-disables irqs in core sysrq code (Prarit Bhargava) [253573]\n-ipv6: fix inet6_dev refcnt leak (Neil Horman) [252222]\n-i386: ensure compressed diskdump header contains correct panic cpu (Dave Anderson) [309081]\n-fix up kabi for: enhance criteria for dead peer detection in ip_conntrack (Neil Horman)\n[2.6.9-68.3]\n-enhance criteria for dead peer detection in ip_conntrack (Neil Horman) [205966]\n-i386/x86_64 segment register access update (Peter Zijlstra) [414251]\n-Remove duplicated FAKE_STACK_FRAME macro (Peter Zijlstra) [414261]\n-add new CIFS Kconfig options (Jeff Layton) [282591]\n-dm: fix bd_mount_sem counter corruption (Milan Broz) [377351]\n-dm: fix panic on shrinking device size (Milan Broz) [360311]\n-dm crypt: fix oops on device removal (Milan Broz) [377371]\n[2.6.9-68.2]\n-add missing dput() in do_lookup() error case (Eric Sandeen) [363471]\n-fix diskdump performance regression on mpt fustion driver (Takao Indoh) [284991]\n-add missing pskb_may_pull in icmp_filter (Jerome Marchand) [356501]\n-Fix incorrect logic in AMD NMI code (Prarit Bhargava) [387451]\n-Get rid of Tuxs O_ATOMICLOOKUP (Michal Schmidt) [358681]\n-lcs: After channel failure do not drive normal shutdown sequence (Hans-Joachim Picht) [354141]\n[2.6.9-68.1]\n-add back: eliminate excessive latency when writing to a large file\n-add back: setting better values for dirty limits\n-serial: assert DTR for serial console devices (Michal Schmidt) [244248]\n-bonding: only do ipv6 addrconf on master bond devices (Vince Worthington) [249631]\n-lsm: reduce noise during security_register (Ivan Vecera) [249404]\n-selinux: quiet complaints when using OpenAFS (Eric Paris) [239628]\n-Fix for NFS attribute timeout handling (Fabio Leite) [247905]\n-tty: set pending_signal() when returning -ERESTARTSYS (Aristeu Rozanski) [245343]\n-ieee80211 off-by-two integer underflow (Anton Arapov) [346381] {CVE-2007-4997}\n-fix bad schedule_timeout() call causing excessive delay (Jonathan Brassow) [381081]\n-do not return zero in mmap (Rik van Riel) [360281]\n[2.6.9-68]\n-revert: eliminate excessive latency when writing to a large file\n-revert: setting better values for dirty limits", "published": "2008-08-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0665.html", "cvelist": ["CVE-2008-2136", "CVE-2007-5904", "CVE-2008-0004", "CVE-2008-2826", "CVE-2008-1669", "CVE-2008-0001", "CVE-2008-0598", "CVE-2005-0504", "CVE-2007-6151", "CVE-2008-1375", "CVE-2007-4997", "CVE-2008-0007", "CVE-2008-2729", "CVE-2006-4145", "CVE-2007-6206", "CVE-2008-1367", "CVE-2007-6063", "CVE-2008-2812", "CVE-2007-5500", "CVE-2008-1673", "CVE-2007-4130"], "lastseen": "2016-09-04T11:17:10"}, {"id": "ELSA-2009-0225", "type": "oraclelinux", "title": "Oracle Enterprise Linux 5.3 kernel security and bug fix update", "description": "[2.6.18-128.el5]\n- [cifs] cifs_writepages may skip unwritten pages (Jeff Layton ) [470267]\n[2.6.18-127.el5]\n- Revert: [i386]: check for dmi_data in powernow_k8 driver (Prarit Bhargava ) [476184]\n- [xen] re-enable using xenpv in boot path for FV guests (Don Dutile ) [473899]\n- [xen] pv_hvm: guest hang on FV save/restore (Don Dutile ) [475778]\n- [openib] fix ipoib oops in unicast_arp_send (Doug Ledford ) [476005]\n- [scsi] fnic: remove link down count processing (mchristi@redhat.com ) [474935]\n- Revert: [x86] disable hpet on machine_crash_shutdown (Neil Horman ) [475652]\n- [scsi] ibmvscsi: EH fails due to insufficient resources (AMEET M. PARANJAPE ) [475618]\n- [x86_64] proc: export GART region through /proc/iomem (Neil Horman ) [475507]\n- [acpi] add xw8600 and xw6600 to GPE0 block blacklist (Prarit Bhargava ) [475418]\n- [net] cxgb3: fixup embedded firmware problems take 2 (Andy Gospodarek ) [469774]\n[2.6.18-126.el5]\n- [scsi] mpt fusion: disable msi by default (Tomas Henzl ) [474465]\n- [scsi] fcoe: update drivers (mchristi@redhat.com ) [474089]\n- [scsi] fix error handler to call scsi_decide_disposition (Tom Coughlan ) [474345]\n- [scsi] lpfc: fix cancel_retry_delay (Tom Coughlan ) [470610]\n- [x86] disable hpet on machine_crash_shutdown (Neil Horman ) [473038]\n- Revert [mm] keep pagefault from happening under pagelock (Don Zickus ) [473150]\n- [net] enic: update to version 1.0.0.648 (Andy Gospodarek ) [473871]\n- [scsi] qla4xxx: increase iscsi session check to 3-tuple (Marcus Barrow ) [474736]\n- [agp] update the names of some graphics drivers (John Villalovos ) [472438]\n- [net] atm: prevent local denial of service (Eugene Teo ) [473701] {CVE-2008-5079}\n- [scsi] remove scsi_dh_alua (mchristi@redhat.com ) [471920]\n- [scsi] qla2xx/qla84xx: occasional panic on loading (Marcus Barrow ) [472382]\n- [net] cxgb3: eeh and eeprom fixups (Andy Gospodarek ) [441959]\n- [net] cxgb3: fixup embedded firmware problems (Andy Gospodarek ) [469774]\n- [wireless] iwlwifi/mac80211: various small fixes (John W. Linville ) [468967]\n- [x86_64] fix AMD IOMMU boot issue (Joachim Deguara ) [473464]\n- [x86_64] limit num of mce sysfs files removed on suspend (Prarit Bhargava ) [467725]\n- [xen] console: make LUKS passphrase readable (Bill Burns ) [466240]\n- [x86_64] Calgary IOMMU sysdata fixes (Prarit Bhargava ) [474047]\n- [alsa] select 3stack-dig model for SC CELSIUS R670 (Jaroslav Kysela ) [470449]\n- [ata] libata: lba_28_ok sector off by one (David Milburn ) [464868]\n- [ppc64] fix system calls on Cell entered with XER.SO=1 (Jesse Larrew ) [474196]\n- [block] fix max_segment_size, seg_boundary mask setting (Milan Broz ) [471639]\n- [fs] jbd: alter EIO test to avoid spurious jbd aborts (Eric Sandeen ) [472276]\n- [acpi] acpi_cpufreq: fix panic when removing module (Prarit Bhargava ) [472844]\n- [openib] ehca: fix generating flush work completions (AMEET M. PARANJAPE ) [472812]\n- [ata] libata: sata_nv hard reset mcp55 (David Milburn ) [473152]\n- [misc] fix add return signal to ptrace_report_exec (AMEET M. PARANJAPE ) [471112]\n- [misc] utrace: prevent ptrace_induce_signal() crash (Oleg Nesterov ) [469754]\n- [misc] utrace: make ptrace_state refcountable (Oleg Nesterov ) [469754]\n- [net] virtio_net: mergeable receive buffers (Mark McLoughlin ) [473120]\n- [net] virtio_net: jumbo frame support (Mark McLoughlin ) [473114]\n- [net] tun: jumbo frame support (Mark McLoughlin ) [473110]\n- [net] fix unix sockets kernel panic (Neil Horman ) [470436] {CVE-2008-5029}\n- [xen] x86: emulate movzwl with negative segment offsets (Chris Lalancette ) [471801]\n[2.6.18-125.el5]\n- [net] cxgb3: embed firmware in driver (Andy Gospodarek ) [469774]\n- [net] cxgb3: eeh, lro, and multiqueue fixes (Andy Gospodarek ) [441959]\n- [misc] support for Intels Ibex Peak (peterm@redhat.com ) [472961]\n- [audit] race between inotify watch removal and unmount (Josef Bacik ) [472329] {CVE-2008-5182}\n- [net] mlx4: panic when inducing pci bus error (AMEET M. PARANJAPE ) [472769]\n- [s390] cio: DASD device driver times out (Hans-Joachim Picht ) [459803]\n- [misc] hugepages: ia64 stack overflow and corrupt memory (Larry Woodman ) [472802]\n- [net] niu: fix obscure 64-bit read issue (Andy Gospodarek ) [472849]\n- [x86] nmi_watchdog: call do_nmi_callback from traps-xen (Aristeu Rozanski ) [471111]\n- [GFS2] recovery stuck (Abhijith Das ) [465856]\n- [misc] fix check_dead_utrace vs do_wait() race (Oleg Nesterov ) [466774]\n- [scsi] cciss: add two new PCI IDs (Tom Coughlan ) [471679]\n- [x86] fix memory-less NUMA node booting (Prarit Bhargava ) [471424]\n- [pci] generic fix for EEH restore all registers (Jesse Larrew ) [470580]\n- [net] e1000e: remove fix for EEH restore all registers (Jesse Larrew ) [470580]\n- [agp] use contiguous memory to support xen (Rik van Riel ) [412691]\n- [edac] i5000_edac: fix misc/thermal error messages (Aristeu Rozanski ) [471933]\n- [alsa] fix PCM write blocking (Jaroslav Kysela ) [468202]\n- [xen] build xen-platform-pci as a module (Don Dutile ) [472504]\n- [scsi] qla2xx/qla84xx: failure to establish link (Marcus Barrow ) [472382]\n- [acpi] add systems to GPE register blacklist (Prarit Bhargava ) [471341]\n- [ia64] replace printk with mprintk in MCA/INIT context (Kei Tokunaga ) [471970]\n- [usb] add support for dell keyboard 431c:2003 (Mauro Carvalho Chehab ) [471469]\n- [net] e1000e: enable ECC correction on 82571 silicon (Andy Gospodarek ) [472095]\n- [dlm] fix up memory allocation flags (David Teigland ) [471871]\n- [xen] x86: fix highmem-xen.c BUG() (Chris Lalancette ) [452175]\n- [xen] guest crashes if RTL8139 NIC is only one specified (Don Dutile ) [471110]\n- [net] bnx2: fix oops on call to poll_controller (Neil Horman ) [470625]\n- [scsi] update fcoe drivers (mchristi@redhat.com ) [436051]\n- [net] bnx2: add support for 5716s (Andy Gospodarek ) [471903]\n- [openib] IPoIB: fix oops on fabric events (Doug Ledford ) [471890]\n- [libata] force sb600/700 ide mode into ahci on resume (David Milburn ) [466422]\n- [xen] increase maximum DMA buffer size (Rik van Riel ) [412691]\n- [xen] fix physical memory address overflow (Rik van Riel ) [412691]\n[2.6.18-124.el5]\n- [s390] qeth: EDDP for large TSO skb fragment list (Hans-Joachim Picht ) [468068]\n- [s390] missing bits for audit-fork (Alexander Viro ) [461831]\n- [net] ixgbe: add support for 82598AT (Andy Gospodarek ) [454910]\n- [libata] avoid overflow in ata_tf_read_block (David Milburn ) [471576]\n- [md] dm-mpath: NULL ptr access in path activation code (Milan Broz ) [471393]\n- [scsi] qla2xxx: no NPIV for loop connections (Marcus Barrow ) [471269]\n- [ppc64] spufs: clean up page fault error checking (AMEET M. PARANJAPE ) [470301]\n- [fs] cifs: corrupt data due to interleaved write calls (Jeff Layton ) [470267]\n- [misc] lots of interrupts with /proc/.../hz_timer=0 (Hans-Joachim Picht ) [470289]\n- [selinux] recognize addrlabel netlink messages (Thomas Graf ) [446063]\n- [acpi] thinkpad: fix autoloading (Matthew Garrett ) [466816]\n- [net] bnx2x: eeh, unload, probe, and endian fixes (Andy Gospodarek ) [468922]\n- [firewire] various bug and module unload hang fixes (Jay Fenlason ) [469710 469711]\n[2.6.18-123.el5]\n- [s390] cio: reduce cpu utilization during device scan (Hans-Joachim Picht ) [459793]\n- [s390] cio: fix double unregistering of subchannels (Hans-Joachim Picht ) [456087]\n- [video] uvc: buf overflow in format descriptor parsing (Jay Fenlason ) [470427] {CVE-2008-3496}\n- [usb] add HID_QUIRK_RESET_LEDS to some keyboards (mchehab@infradead.org ) [434538]\n- [acpi] always use 32 bit value for GPE0 on HP xw boxes (Prarit Bhargava ) [456638]\n- [wireless] iwlagn/mac80211 IBSS fixes (John W. Linville ) [438388]\n- [ppc64] cell: fix page fault error checking in spufs (AMEET M. PARANJAPE ) [470301]\n- [input] atkbd: cancel delayed work before freeing struct (Jiri Pirko ) [461233]\n- [openib] ehca: deadlock race when creating small queues (Jesse Larrew ) [470137]\n- [openib] mthca: fix dma mapping leak (AMEET M. PARANJAPE ) [469902]\n- [openib] ib_core: use weak ordering for user memory (AMEET M. PARANJAPE ) [469902]\n- [ppc64] dma-mapping: provide attributes on cell platform (AMEET M. PARANJAPE ) [469902]\n- [net] bnx2: prevent ethtool -r EEH event (AMEET M. PARANJAPE ) [469962]\n- [net] bonding: update docs for arp_ip_target behavior (Andy Gospodarek ) [468870]\n- [xen] uninitialized watch structure can lead to crashes (Don Dutile ) [465849]\n- [openib] ehca: remove ref to QP if port activation fails (AMEET M. PARANJAPE ) [469941]\n- [usb] fix locking for input devices (James Paradis ) [468915]\n- [nfs] oops in direct I/O error handling (Steve Dickson ) [466164]\n- [md] crash in device mapper if the user removes snapshot (Mikulas Patocka ) [468473]\n- [openib] config update: enable some debugging (Doug Ledford ) [469410]\n- [sata] libata is broken with large disks (David Milburn ) [469715]\n- [md] dm-raid1: support extended status output (Jonathan Brassow ) [437177]\n- [s390] qdio: repair timeout handling for qdio_shutdown (Hans-Joachim Picht ) [463164]\n- [openib] race in ipoib_cm_post_receive_nonsrq (AMEET M. PARANJAPE ) [463485]\n- [xen] remove contiguous_bitmap (Chris Lalancette ) [463500]\n- [xen] ia64: backport check_pages_physically_contiguous (Chris Lalancette ) [463500]\n- [ppc64] cell: corrupt SPU coredump notes (AMEET M. PARANJAPE ) [431881]\n- [ppc64] spufs: missing context switch notification log-2 (AMEET M. PARANJAPE ) [462622]\n- [ppc64] spufs: missing context switch notification log-1 (AMEET M. PARANJAPE ) [462622]\n- [misc] spec: add generic Obsoletes for 3rd party drivers (Jon Masters ) [460047]\n- [x86] vDSO: use install_special_mapping (Peter Zijlstra ) [460276] {CVE-2008-3527}\n- [xen] limit node poking to available nodes (Joachim Deguara ) [449803]\n- [xen] live migration of PV guest fails (Don Dutile ) [469230]\n[2.6.18-122.el5]\n- [acpi] check common dmi tables on systems with acpi (Andy Gospodarek ) [469444]\n- [scsi] qla3xxx, qla4xxx: update/use new version format (Marcus Barrow ) [469414]\n- [md] dm-stripe.c: RAID0 event handling (Heinz Mauelshagen ) [437173]\n- [md] dm-raid45.c: add target to makefile (Heinz Mauelshagen ) [437180]\n- [md] dm-raid45.c: revert to RHEL5 dm-io kabi (Heinz Mauelshagen ) [437180]\n- [wireless] iwlwifi: avoid sleep in softirq context (John W. Linville ) [467831]\n- [net] bonding: allow downed interface before mod remove (Andy Gospodarek ) [467244]\n- [acpi] fix boot hang on old systems without _CST methods (Matthew Garrett ) [467927]\n- [scsi] qla2xxx: fix entries in class_device_attributes (Marcus Barrow ) [468873]\n- [ppc64] clock_gettime is not incrementing nanoseconds (AMEET M. PARANJAPE ) [469073]\n- [scsi] add fnic driver (mchristi@redhat.com ) [462385]\n- [scsi] add libfc and software fcoe driver (mchristi@redhat.com ) [436051]\n- [openib] ppc64: fix using SDP on 64K page systems (AMEET M. PARANJAPE ) [468872]\n- [fs] ext4: delay capable checks to avoid avc denials (Eric Sandeen ) [467216]\n- [fs] ext3: fix accessing freed memory in ext3_abort (Eric Sandeen ) [468547]\n- [fs] autofs4: correct offset mount expire check (Ian Kent ) [468187]\n- [fs] autofs4: cleanup autofs mount type usage (Ian Kent ) [468187]\n- [openib] ehca: queue and completion pair setup problem (AMEET M. PARANJAPE ) [468237]\n- [xen] PV: dom0 hang when device re-attached to in guest (Don Dutile ) [467773]\n- [scsi] qla2xxx: correct Atmel flash-part handling (Marcus Barrow ) [468573]\n- [scsi] qla2xxx: 84xx show FW VER and netlink code fixes (Marcus Barrow ) [464681]\n- [scsi] qla2xxx: restore disable by default of MSI, MSI-X (Marcus Barrow ) [468555]\n- [scsi] lpfc: Emulex RHEL-5.3 bugfixes (Tom Coughlan ) [461795]\n- [s390] qdio: speedup multicast on full HiperSocket queue (Hans-Joachim Picht ) [463162]\n- [ppc64] kexec/kdump: disable ptcal on QS21 (AMEET M. PARANJAPE ) [462744]\n- [ppc64] ptcal has to be disabled to use kexec on QS21 (AMEET M. PARANJAPE ) [462744]\n- [net] ixgbe: bring up device without crashing fix (AMEET M. PARANJAPE ) [467777]\n- [fs] ecryptfs: storing crypto info in xattr corrupts mem (Eric Sandeen ) [468192]\n- [misc] rtc: disable SIGIO notification on close (Vitaly Mayatskikh ) [465747]\n- [net] allow rcv on inactive slaves if listener exists (Andy Gospodarek ) [448144]\n- [net] e1000e: update driver to support recovery (AMEET M. PARANJAPE ) [445299]\n- [xen] virtio_net: some relatively minor fixes (Mark McLoughlin ) [468034]\n- [kabi] add dlm_posix_set_fsid (Jon Masters ) [468538]\n- [wireless] iwlwifi: fix busted tkip encryption _again_ (John W. Linville ) [467831]\n- [x86] make halt -f command work correctly (Ivan Vecera ) [413921]\n- [ppc64] EEH PCI-E: recovery fails E1000; support MSI (AMEET M. PARANJAPE ) [445299]\n- [x86_64] create a fallback for IBM Calgary (Pete Zaitcev ) [453680]\n- [drm] i915 driver arbitrary ioremap (Eugene Teo ) [464509] {CVE-2008-3831}\n- [xen] x86: allow the kernel to boot on pre-64 bit hw (Chris Lalancette ) [468083]\n[2.6.18-121.el5]\n- [net] tun: fix printk warning (Mark McLoughlin ) [468536]\n- [xen] FV: fix lockdep warnings when running debug kernel (Don Dutile ) [459876]\n- [xen] fix crash on IRQ exhaustion (Bill Burns ) [442736]\n- [net] ipv4: fix byte value boundary check (Jiri Pirko ) [468148]\n- [ia64] fix ptrace hangs when following threads (Denys Vlasenko ) [461456]\n- [net] tcp: let skbs grow over a page on fast peers (Mark McLoughlin ) [467845]\n- [md] random memory corruption in snapshots (Mikulas Patocka ) [465825]\n- [misc] ptrace: fix exec report (Jerome Marchand ) [455060]\n- [gfs2] set gfp for data mappings to GFP_NOFS (Steven Whitehouse ) [467689]\n- [nfs] remove recoverable BUG_ON (Steve Dickson ) [458774]\n- [openib] ehca: attempt to free srq when none exists (AMEET M. PARANJAPE ) [463487]\n- [fs] dont allow splice to files opened with O_APPEND (Eugene Teo ) [466710] {CVE-2008-4554}\n- [fs] ext4: add missing aops (Eric Sandeen ) [466246]\n- [ppc64] add missing symbols to vmcoreinfo (Neil Horman ) [465396]\n- [net] sctp: INIT-ACK indicates no AUTH peer support oops (Eugene Teo ) [466082] {CVE-2008-4576}\n- [ppc64] fix race for a free SPU (AMEET M. PARANJAPE ) [465581]\n- [ppc64] SPUs hang when run with affinity-2 (AMEET M. PARANJAPE ) [464686]\n- [ppc64] SPUs hang when run with affinity-1 (AMEET M. PARANJAPE ) [464686]\n- [openib] ehca: add flush CQE generation (AMEET M. PARANJAPE ) [462619]\n- [x86] PAE: limit RAM to 64GB/PAE36 (Larry Woodman ) [465373]\n- [nfs] portmap client race (Steve Dickson ) [462332]\n- [input] atkbd: delay executing of LED switching request (Jiri Pirko ) [461233]\n- [x86] powernow_k8: depend on newer version of cpuspeed (Brian Maly ) [468764]\n- [fs] ext4: fix warning on x86_64 build (Eric Sandeen ) [463277]\n- [crypto] fix ipsec crash with MAC longer than 16 bytes (Neil Horman ) [459812]\n- [fs] ecryptfs: depend on newer version of ecryptfs-utils (Eric Sandeen ) [468772]\n- [ppc64] support O_NONBLOCK in /proc/ppc64/rtas/error_log (Vitaly Mayatskikh ) [376831]\n- [xen] ia64: make viosapic SMP-safe by adding lock/unlock (Tetsu Yamamoto ) [466552]\n- [xen] ia64: VT-i2 performance restoration (Bill Burns ) [467487]\n[2.6.18-120.el5]\n- [misc] futex: fixup futex compat for private futexes (Peter Zijlstra ) [467459]\n- [pci] set domain/node to 0 in PCI BIOS enum code path (Prarit Bhargava ) [463418]\n- [scsi] qla2xxx: prevent NPIV conf for older hbas (Marcus Barrow ) [467153]\n- [scsi] fix oops after trying to removing rport twice (Marcus Barrow ) [465945]\n- [agp] re-introduce 82G965 graphics support (Prarit Bhargava ) [466307]\n- [agp] correct bug in stolen size calculations (Dave Airlie ) [463853]\n- [scsi] qla2xxx: merge errors caused initialize failures (Marcus Barrow ) [442946]\n- [dm] mpath: moving path activation to workqueue panics (Milan Broz ) [465570]\n- [scsi] aacraid: remove some quirk AAC_QUIRK_SCSI_32 bits (Tomas Henzl ) [453472]\n- Revert: [ppc64] compile and include the addnote binary (Don Zickus ) [462663]\n- [scsi] cciss: the output of LUN size and type wrong (Tomas Henzl ) [466030]\n- [misc] posix-timers: event vs dequeue_signal() race (Mark McLoughlin ) [466167]\n- [ata] libata: ahci enclosure management support (David Milburn ) [437190]\n- [gfs2] fix jdata page invalidation (Steven Whitehouse ) [437803]\n- [net] sky2: fix hang resulting from link flap (Neil Horman ) [461681]\n- [ata] libata: ata_piix sata/ide combined mode fix (David Milburn ) [463716]\n- [gfs2] fix for noatime support (Steven Whitehouse ) [462579]\n- [fs] remove SUID when splicing into an inode (Eric Sandeen ) [464452]\n- [fs] open() allows setgid bit when user is not in group (Eugene Teo ) [463687] {CVE-2008-4210}\n- [dlm] add old plock interface (David Teigland ) [462354]\n- [audit] fix NUL handling in TTY input auditing (Miloslav Trmac ) [462441]\n- [xen] ia64: fix INIT injection (Tetsu Yamamoto ) [464445]\n[2.6.18-119.el5]\n- [ppc64] compile and include the addnote binary (Don Zickus ) [462663]\n- [scsi] qla2xxx: new version string defintion (Marcus Barrow ) [465023]\n- [acpi] configs update for acpi-cpufreq driver (Matthew Garrett ) [449787]\n[2.6.18-118.el5]\n- [scsi] fix QUEUE_FULL retry handling (mchristi@redhat.com ) [463709]\n- [drm] support for Intel Cantiga and Eaglelake (Dave Airlie ) [438400]\n- [agp] add support for Intel Cantiga and Eaglelake (Dave Airlie ) [463853]\n- Revert: [mm] fix support for fast get user pages (Dave Airlie ) [447649]\n- [ppc64] netboot image too large (Ameet Paranjape ) [462663]\n- [scsi] scsi_error: retry cmd handling of transport error (mchristi@redhat.com ) [463206]\n- [net] correct mode setting for extended sysctl interface (Neil Horman ) [463659]\n- [net] e1000e: protect ICHx NVM from malicious write/erase (Andy Gospodarek ) [463503]\n- [s390] qdio: fix module ref counting in qdio_free (Hans-Joachim Picht ) [458074]\n- [scsi] qla2xxx: use the NPIV table to instantiate port (Marcus Barrow ) [459015]\n- [scsi] qla2xxx: use the Flash Layout Table (Marcus Barrow ) [459015]\n- [scsi] qla2xxx: use the Flash Descriptor Table (Marcus Barrow ) [459015]\n- [net] enic: add new 10GbE device (Andy Gospodarek ) [462386]\n- [net] ipt_CLUSTERIP: fix imbalanced ref count (Neil Horman ) [382491]\n- [scsi] qla2xxx: update 24xx,25xx firmware for RHEL-5.3 (Marcus Barrow ) [442946]\n- [net] bnx2: fix problems with multiqueue receive (Andy Gospodarek ) [441964]\n- [net] e1000: add module param to set tx descriptor power (Andy Gospodarek ) [436966]\n- [misc] preempt-notifier fixes (Eduardo Habkost ) [459838]\n- [tty] termiox support missing mutex lock (aris ) [445211]\n- [fs] ecryptfs: off-by-one writing null to end of string (Eric Sandeen ) [463478]\n- [misc] add tracepoints to activate/deactivate_task (Jason Baron ) [461966]\n- [scsi] qla2xxx: use rport dev loss timeout consistently (Marcus Barrow ) [462109]\n- [ata] libata: rmmod pata_sil680 hangs (David Milburn ) [462743]\n- [scsi] qla2xxx: support PCI Enhanced Error Recovery (Marcus Barrow ) [462416]\n- [ppc64] subpage protection for pAVE (Brad Peters ) [439489]\n- [ppc64] edac: enable for cell platform (Brad Peters ) [439507]\n[2.6.18-117.el5]\n- [mm] filemap: fix iov_base data corruption (Josef Bacik ) [463134]\n- Revert: [misc] create a kernel checksum file per FIPS140-2 (Don Zickus ) [444632]\n- [x86_64] NMI wd: clear perf counter registers on P4 (Aristeu Rozanski ) [461671]\n- [scsi] failfast bit setting in dm-multipath/multipath (mchristi@redhat.com ) [463470]\n- [scsi] fix hang introduced by failfast changes (Mark McLoughlin ) [463416]\n- [x86_64] revert time syscall changes (Prarit Bhargava ) [461184]\n[2.6.18-116.el5]\n- [x86] mm: fix endless page faults in mount_block_root (Larry Woodman ) [455491]\n- [mm] check physical address range in ioremap (Larry Woodman ) [455478]\n- [scsi] modify failfast so it does not always fail fast (mchristi@redhat.com ) [447586]\n- Revert: [mm] NUMA: system is slow when over-committing memory (Larry Woodman ) [457264]\n- [docs] update kernel-parameters with tick-divider (Chris Lalancette ) [454792]\n- [openib] add an enum for future RDS support (Doug Ledford ) [462551]\n- [pci] allow multiple calls to pcim_enable_device (John Feeney ) [462500]\n- [xen] virtio: include headers in kernel-headers package (Eduardo Pereira Habkost ) [446214]\n- [scsi] libiscsi: data corruption when resending packets (mchristi@redhat.com ) [460158]\n- [gfs2] glock deadlock in page fault path (Bob Peterson ) [458684]\n- [gfs2] panic if you misspell any mount options (Abhijith Das ) [231369]\n- [xen] allow guests to hide the TSC from applications (Chris Lalancette ) [378481] {CVE-2007-5907}\n[2.6.18-115.el5]\n- [scsi] qla2xxx: additional residual-count correction (Marcus Barrow ) [462117]\n- [audit] audit-fork patch (Alexander Viro ) [461831]\n- [net] ipv6: extra sysctls for additional TAHI tests (Neil Horman ) [458270]\n- [nfs] disable the fsc mount option (Steve Dickson ) [447474]\n- [acpi] correctly allow WoL from S4 state (Neil Horman ) [445890]\n- [ia64] procfs: show the size of page table cache (Takao Indoh ) [458410]\n- [ia64] procfs: reduce the size of page table cache (Takao Indoh ) [458410]\n- [fs] ecryptfs: disallow mounts on nfs, cifs, ecryptfs (Eric Sandeen ) [435115]\n- [md] add device-mapper message parser interface (heinzm@redhat.com ) [437180]\n- [md] add device-mapper RAID4/5 stripe locking interface (heinzm@redhat.com ) [437180]\n- [md] add device-mapper dirty region hash file (heinzm@redhat.com ) [437180]\n- [md] add device-mapper object memory cache interface (heinzm@redhat.com ) [437180]\n- [md] add device-mapper object memory cache (heinzm@redhat.com ) [437180]\n- [md] export dm_disk and dm_put (heinzm@redhat.com ) [437180]\n- [md] add device-mapper RAID4/5 target (heinzm@redhat.com ) [437180]\n- [md] add device-mapper message parser (heinzm@redhat.com ) [437180]\n- [md] add device mapper dirty region hash (heinzm@redhat.com ) [437180]\n- [md] add config option for dm RAID4/5 target (heinzm@redhat.com ) [437180]\n- [scsi] qla2xxx: update 8.02.00-k5 to 8.02.00-k6 (Marcus Barrow ) [459722]\n- [kabi] add vscnprintf, down_write_trylock to whitelist (Jon Masters ) [425341]\n- [kabi] add dlm_posix_get/lock/unlock to whitelist (Jon Masters ) [456169]\n- [kabi] add mtrr_add and mtrr_del to whitelist (Jon Masters ) [437129]\n- [kabi] add iounmap to whitelist (Jon Masters ) [435144]\n- [x86] make powernow_k8 a module (Brian Maly ) [438835]\n- [fs] ecryptfs: delay lower file opens until needed (Eric Sandeen ) [429142]\n- [fs] ecryptfs: unaligned access helpers (Eric Sandeen ) [457143]\n- [fs] ecryptfs: string copy cleanup (Eric Sandeen ) [457143]\n- [fs] ecryptfs: discard ecryptfsd registration messages (Eric Sandeen ) [457143]\n- [fs] ecryptfs: privileged kthread for lower file opens (Eric Sandeen ) [457143]\n- [fs] ecryptfs: propagate key errors up at mount time (Eric Sandeen ) [440413]\n- [fs] ecryptfs: update to 2.6.26 codebase (Eric Sandeen ) [449668]\n- Revert [misc] fix wrong test in wait_task_stopped (Anton Arapov ) [382211]\n[2.6.18-114.el5]\n- [xen] cpufreq: fix Nehalem/Supermicro systems (Rik van Riel ) [458894]\n- [net] enable TSO if supported by at least one device (Herbert Xu ) [461866]\n- [crypto] fix panic in hmac self test (Neil Horman ) [461537]\n- [scsi] qla2xxx/qla84xx: update to upstream for RHEL-5.3 (Marcus Barrow ) [461414]\n- [misc] hpilo: cleanup device_create for RHEL-5.3 (tcamuso@redhat.com ) [437212]\n- [misc] hpilo: update driver to 0.5 (tcamuso@redhat.com ) [437212]\n- [misc] hpilo: update to upstream 2.6.27 (tcamuso@redhat.com ) [437212]\n- [misc] futex: private futexes (Peter Zijlstra ) [460593]\n- [misc] preempt-notifiers implementation (Eduardo Habkost ) [459838]\n- [scsi] fusion: update to version 3.04.07 (Tomas Henzl ) [442025]\n- [fs] ext4/vfs/mm: core delalloc support (Eric Sandeen ) [455452]\n- [net] r8169: add support and fixes (Ivan Vecera ) [251252 441626 442635 443623 452761 453563 457892]\n- [md] LVM raid-1 performance fixes (Mikulas Patocka ) [438153]\n- [md] LVM raid-1 performance fixes (Mikulas Patocka ) [438153]\n- [xen] kdump: ability to use makedumpfile with vmcoreinfo (Neil Horman ) [454498]\n- [scsi] aic79xx: reset HBA on kdump kernel boot (Neil Horman ) [458620]\n- [fs] implement fallocate syscall (Eric Sandeen ) [450566]\n- [misc] better clarify package descriptions (Don Zickus ) [249726]\n- [audit] audit TTY input (Miloslav Trmac ) [244135]\n- [scsi] qla2xxx - mgmt. API for FCoE, NetLink (Marcus Barrow ) [456900]\n- [scsi] qla2xxx - mgmt. API, CT pass thru (Marcus Barrow ) [455900]\n- [misc] hrtimer optimize softirq (George Beshers ) [442148]\n- [misc] holdoffs in hrtimer_run_queues (George Beshers ) [442148]\n- [xen] netfront xenbus race (Markus Armbruster ) [453574]\n- [gfs2] NFSv4 delegations fix for cluster systems (Brad Peters ) [433256]\n- [scsi] qla2xxx: update 8.02.00-k1 to 8.02.00.k4 (Marcus Barrow ) [455264]\n- [scsi] qla2xxx: upstream changes from 8.01.07-k7 (Marcus Barrow ) [453685]\n- [scsi] qla2xxx: add more statistics (Marcus Barrow ) [453441]\n- [scsi] qla2xxx: add ISP84XX support (Marcus Barrow ) [442083]\n- [ia64] set default max_purges=1 regardless of PAL return (Luming Yu ) [451593]\n- [ia64] param for max num of concurrent global TLB purges (Luming Yu ) [451593]\n- [ia64] multiple outstanding ptc.g instruction support (Luming Yu ) [451593]\n- [scsi] ST: buffer size doesnt match block size panics (Ivan Vecera ) [443645]\n- [scsi] fix medium error handling with bad devices (Mike Christie ) [431365]\n- [xen] ia64: VT-i2 performance addendum (Bill Burns ) [437096]\n- [xen] HV: ability to use makedumpfile with vmcoreinfo (Neil Horman ) [454498]\n- [xen] ia64: vps save restore patch (Bill Burns ) [437096]\n[2.6.18-113.el5]\n- [xen] remove /proc/xen*/* from bare-metal and FV guests (Don Dutile ) [461532]\n[2.6.18-112.el5]\n- [fs] jbd: test BH_write_EIO to detect errors on metadata (Hideo AOKI ) [439581]\n- [wireless] rt2x00: avoid NULL-ptr deref when probe fails (John W. Linville ) [448763]\n- [x86_64] suspend to disk fails with >4GB of RAM (Matthew Garrett ) [459980]\n- [char] add range_is_allowed check to mmap_mem (Eugene Teo ) [460857]\n- [acpi] add 3.0 _TSD _TPC _TSS _PTC throttling support (Brian Maly ) [440099]\n- [scsi] add scsi device handlers config options (Mike Christie ) [438761]\n- [scsi] scsi_dh: add ALUA handler (mchristi@redhat.com ) [438761]\n- [scsi] scsi_dh: add rdac handler (mchristi@redhat.com ) [438761]\n- [md] dm-mpath: use SCSI device handler (mchristi@redhat.com ) [438761]\n- [scsi] add infrastructure for SCSI Device Handlers (mchristi@redhat.com ) [438761]\n- [misc] driver core: port bus notifiers (mchristi@redhat.com ) [438761]\n- [fs] binfmt_misc: avoid potential kernel stack overflow (Vitaly Mayatskikh ) [459463]\n- [CRYPTO] tcrypt: Change the XTEA test vectors (Herbert Xu ) [446522]\n- [CRYPTO] skcipher: Use RNG instead of get_random_bytes (Herbert Xu ) [446526]\n- [CRYPTO] rng: RNG interface and implementation (Herbert Xu ) [446526]\n- [CRYPTO] api: Add fips_enable flag (Herbert Xu ) [444634]\n- [CRYPTO] cryptomgr - Test ciphers using ECB (Herbert Xu ) [446522]\n- [CRYPTO] api - Use test infrastructure (Herbert Xu ) [446522]\n- [CRYPTO] cryptomgr - Add test infrastructure (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt - Add alg_test interface (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: self test for des3_ebe cipher (Herbert Xu ) [446522]\n- [CRYPTO] api: missing accessors for new crypto_alg field (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Abort and only log if there is an error (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Avoid using contiguous pages (Herbert Xu ) [446522]\n- [CRYPTO] tcrpyt: Remove unnecessary kmap/kunmap calls (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Catch cipher destination mem corruption (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Shrink the tcrypt module (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: AES CBC test vector from NIST SP800-38A (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Change the usage of the test vectors (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Shrink speed templates (Herbert Xu ) [446522]\n- [CRYPTO] tcrypt: Group common speed templates (Herbert Xu ) [446522]\n- [fs] jdb: fix error handling for checkpoint I/O (Hideo AOKI ) [439581]\n- [fs] ext3: add checks for errors from jbd (Hideo AOKI ) [439581]\n- [fs] jbd: fix commit code to properly abort journal (Hideo AOKI ) [439581]\n- [fs] jbd: dont dirty original metadata buffer on abort (Hideo AOKI ) [439581]\n- [fs] jdb: abort when failed to log metadata buffers (Hideo AOKI ) [439581]\n- [fs] ext3: dont read inode block if buf has write error (Hideo AOKI ) [439581]\n- [fs] jdb: add missing error checks for file data writes (Hideo AOKI ) [439581]\n- [net] tun: add IFF_VNET_HDR, TUNGETFEATURES, TUNGETIFF (Herbert Xu ) [459719]\n- [acpi] increase deep idle state residency on platforms-2 (Matthew Garrett ) [455449]\n- [acpi] increase deep idle state residency on platforms (Matthew Garrett ) [455447]\n- [acpi] cpufreq: update to upstream for RHEL-5.3 (Matthew Garrett ) [449787]\n- [acpi] thinkpad_acpi: update to upstream for RHEL-5.3 (Matthew Garrett ) [457101]\n- [xen] fix crash on IRQ exhaustion and increase NR_IRQS (Bill Burns ) [442736]\n- [ide] enable DRAC4 (John Feeney ) [459197]\n- [md] move include files to include/linux for exposure (Jonathan Brassow ) [429337]\n- [md] expose dm.h macros (Jonathan Brassow ) [429337]\n- [md] remove internal mod refs fields from interface (Jonathan Brassow ) [429337]\n- [md] dm-log: move register functions (Jonathan Brassow ) [429337]\n- [md] dm-log: clean interface (Jonathan Brassow ) [429337]\n- [md] clean up the dm-io interface (Jonathan Brassow ) [429337]\n- [md] dm-log: move dirty log into separate module (Jonathan Brassow ) [429337]\n- [md] device-mapper interface exposure (Jonathan Brassow ) [429337]\n- [cifs] enable SPNEGO and DFS upcalls in config-generic (Jeff Layton ) [453462]\n- [fs] cifs: latest upstream for RHEL-5.3 (Jeff Layton ) [453462 431868 443395 445522 446142 447400]\n- [fs] introduce a function to register iget failure (Jeff Layton ) [453462]\n- [fs] proc: fix ->openless usage due to ->proc_fops flip (Jeff Layton ) [453462]\n- [security] key: fix lockdep warning when revoking auth (Jeff Layton ) [453462]\n- [security] key: increase payload size when instantiating (Jeff Layton ) [453462]\n- [fs] call flush_disk after detecting an online resize (Jeff Moyer ) [444964]\n- [fs] add flush_disk to flush out common buffer cache (Jeff Moyer ) [444964]\n- [fs] check for device resize when rescanning partitions (Jeff Moyer ) [444964]\n- [fs] adjust block device size after an online resize (Jeff Moyer ) [444964]\n- [fs] wrapper for lower-level revalidate_disk routines (Jeff Moyer ) [444964]\n- [scsi] sd: revalidate_disk wrapper (Jeff Moyer ) [444964]\n- [xen] virtio: add PV network and block drivers for KVM (Mark McLoughlin ) [446214]\n- [misc] remove MAX_ARG_PAGES limit: var length argument (Jerome Marchand ) [443659]\n- [misc] remove MAX_ARG_PAGES limit: rework execve audit (Jerome Marchand ) [443659]\n- [misc] remove MAX_ARG_PAGES limit: independent stack top (Jerome Marchand ) [443659]\n- [ia64] kprobes: support kprobe-booster (Masami Hiramatsu ) [438733]\n- [audit] fix compile when CONFIG_AUDITSYSCALL is disabled (Prarit Bhargava ) [452577]\n- [nfs] v4: handle old format exports gracefully (Brad Peters ) [427424]\n- [xen] x86: fix building with max_phys_cpus=128 (Bill Burns ) [447958]\n- [xen] Intel EPT 2MB patch (Bill Burns ) [426679]\n- [xen] Intel EPT Migration patch (Bill Burns ) [426679]\n- [xen] Intel EPT Patch (Bill Burns ) [426679]\n- [xen] Intel pre EPT Patch (Bill Burns ) [426679]\n- [xen] AMD 2MB backing pages support (Bhavna Sarathy ) [251980]\n[2.6.18-111.el5]\n- [ia64] kabi: remove sn symbols from whitelist (Jon Masters ) [455308]\n- [net] bnx2x: update to upstream version 1.45.21 (Andy Gospodarek ) [442026]\n- [net] cxgb3: updates and lro fixes (Andy Gospodarek ) [441959]\n- [net] niu: enable support for Sun Neptune cards (Andy Gospodarek ) [441416]\n- [scsi] scsi_host_lookup: error returns and NULL pointers (Tom Coughlan ) [460195]\n- [scsi] scsi_netlink: transport/LLD receive/event support (Tom Coughlan ) [460195]\n- [misc] install correct kernel chksum file for FIPS140-2 (Chris Lalancette ) [444632]\n- [net] ixgbe: update to version 1.3.18-k4 (Andy Gospodarek ) [436044]\n- [dlm] fix address compare (David Teigland ) [459585]\n- [net] bonding: fix locking in 802.3ad mode (Andy Gospodarek ) [457300]\n- [openib] OFED-1.3.2-pre update (Doug Ledford ) [439565 443476 453110 458886 459052 458375 459052 230035 460623]\n- [md] dm snapshot: use per device mempools (Mikulas Patocka ) [460846]\n- [md] dm kcopyd: private mempool (Mikulas Patocka ) [460845]\n- [md] deadlock with nested LVMs (Mikulas Patocka ) [460845]\n- [net] skge: dont clear MC state on link down (Andy Gospodarek ) [406051]\n- [net] sky2: re-enable 88E8056 for most motherboards (Andy Gospodarek ) [420961]\n- [net] update myri10ge 10Gbs ethernet driver (Flavio Leitner ) [357191]\n- [net] bnx2: update to upstream version 1.7.9 (Andy Gospodarek ) [441964]\n- [net] e1000e: update to upstream version 0.3.3.3-k2 (Andy Gospodarek ) [436045]\n- [net] tg3: update to upstream version 3.93 (Andy Gospodarek ) [441975 440958 436686]\n- [net] igb: update to upstream version 1.2.45-k2 (Andy Gospodarek ) [436040]\n- [misc] intel: new SATA, USB, HD Audio and I2C(SMBUS) ids (John Villalovos ) [433538]\n- [net] bnx2x: update to upstream version 1.45.20 (Andy Gospodarek ) [442026]\n- [net] ixgb: hardware support and other upstream fixes (Andy Gospodarek ) [441609]\n- [x86] amd oprofile: support instruction based sampling (Bhavna Sarathy ) [438385]\n- [scsi] cciss: support for sg_ioctl (Tomas Henzl ) [250483]\n- [scsi] cciss: support for new controllers (Tomas Henzl ) [437497 447427]\n- [net] pppoe: check packet length on all receive paths (Jiri Pirko ) [457013]\n- [scsi] iscsi: fix nop timeout detection (mchristi@redhat.com ) [453969]\n- [scsi] lpfc: update to version 8.2.0.30 (Tom Coughlan ) [441746]\n- [md] fix handling of sense buffer in eh commands (Doug Ledford ) [441640]\n- [md] fix error propogation in raid arrays (Doug Ledford ) [430984]\n- [md] dm: reject barrier requests (Milan Broz ) [458936]\n- [scsi] 3w-9xxx: update to version 2.26.08.003 (Tomas Henzl ) [451946]\n- [scsi] 3w-xxxx: update to version 1.26.03.000 (Tomas Henzl ) [451945]\n- [scsi] megaraid_sas: update to version 4.01-rh1 (Tomas Henzl ) [442913]\n- [md] dm snapshot: fix race during exception creation (Mikulas Patocka ) [459337]\n- [md] dm-snapshots: race condition and data corruption (Mikulas Patocka ) [459337]\n- [md] dm crypt: use cond_resched (Milan Broz ) [459095]\n- [md] dm mpath: fix bugs in error paths (Milan Broz ) [459092]\n- [mm] fix support for fast get user pages (Ed Pollard ) [447649]\n- [xen] ia64 PV: config file changes to add support (Don Dutile ) [442991]\n- [xen] ia64 PV: Kconfig additions (Don Dutile ) [442991]\n- [xen] ia64 PV: Makefile changes (Don Dutile ) [442991]\n- [xen] ia64 PV: shared used header file changes (Don Dutile ) [442991]\n- [IA64] Correct pernodesize calculation (George Beshers ) [455308]\n- [IA64] Fix large MCA bootmem allocation (George Beshers ) [455308]\n- [IA64] Disable/re-enable CPE interrupts on Altix (George Beshers ) [455308]\n- [IA64] Dont set psr.ic and psr.i simultaneously (George Beshers ) [455308]\n- [IA64] Support multiple CPUs going through OS_MCA (George Beshers ) [455308]\n- [IA64] Remove needless delay in MCA rendezvous (George Beshers ) [455308]\n- [IA64] Clean up CPE handler registration (George Beshers ) [455308]\n- [IA64] CMC/CPE: Reverse fetching log and checking poll (George Beshers ) [455308]\n- [IA64] Force error to surface in nofault code (George Beshers ) [455308]\n- [IA64] Fix Altix BTE error return status (George Beshers ) [455308]\n- [IA64] BTE error timer fix (George Beshers ) [455308]\n- [IA64] Update processor_info features (George Beshers ) [455308]\n- [IA64] More Itanium PAL spec updates (George Beshers ) [455308]\n- [IA64] Add se bit to Processor State Parameter structure (George Beshers ) [455308]\n- [IA64] Add dp bit to cache and bus check structs (George Beshers ) [455308]\n- [IA64] PAL calls need physical mode, stacked (George Beshers ) [455308]\n- [IA64] Cache error recovery (George Beshers ) [455308]\n- [IA64] handle TLB errors from duplicate itr.d dropins (George Beshers ) [455308]\n- [IA64] MCA recovery: Montecito support (George Beshers ) [455308]\n[2.6.18-110.el5]\n- [x86_64] use strncmp for memmap=exactmap boot argument (Prarit Bhargava ) [450244]\n- [wireless] compiler warning fixes for mac80211 update (John W. Linville ) [438391]\n- [serial] 8250: support for DTR/DSR hardware flow control (Aristeu Rozanski ) [445215]\n- [tty] add termiox support (Aristeu Rozanski ) [445211]\n- [vt] add shutdown method (Aristeu Rozanski ) [239604]\n- [tty] add shutdown method (Aristeu Rozanski ) [239604]\n- [tty] cleanup release_mem (Aristeu Rozanski ) [239604]\n- [mm] keep pagefault from happening under page lock (Josef Bacik ) [445433]\n- [wireless] iwlwifi: post-2.6.27-rc3 to support iwl5x00 (John W. Linville ) [438388]\n- [net] random32: seeding improvement (Jiri Pirko ) [458019]\n- [usb] work around ISO transfers in SB700 (Pete Zaitcev ) [457723]\n- [x86_64] AMD 8-socket APICID patches (Prarit Bhargava ) [459813]\n- [misc] make printk more robust against kexec shutdowns (Neil Horman ) [458368]\n- [fs] ext4: backport to rhel5.3 interfaces (Eric Sandeen ) [458718]\n- [fs] ext4: Kconfig/Makefile/config glue (Eric Sandeen ) [458718]\n- [fs] ext4: fixes from upstream pending patch queue (Eric Sandeen ) [458718]\n- [fs] ext4: revert delalloc upstream mods (Eric Sandeen ) [458718]\n- [fs] ext4: 2.6.27-rc3 upstream codebase (Eric Sandeen ) [458718]\n- [fs] ext4: new s390 bitops (Eric Sandeen ) [459436]\n- [usb] wacom: add support for Cintiq 20WSX (Aristeu Rozanski ) [248903]\n- [usb] wacom: add support for Intuos3 4x6 (Aristeu Rozanski ) [370471]\n- [usb] wacom: fix maximum distance values (Aristeu Rozanski ) [248903]\n- [x86] hpet: consolidate assignment of hpet_period (Brian Maly ) [435726]\n- [openib] lost interrupt after LPAR to LPAR communication (Brad Peters ) [457838]\n- [firmware] fix ibft offset calculation (mchristi@redhat.com ) [444776]\n- [block] performance fix for too many physical devices (Mikulas Patocka ) [459527]\n- [ide] Fix issue when appending data on an existing DVD (Mauro Carvalho Chehab ) [457025]\n- [misc] fix kernel builds on modern userland (Matthew Garrett ) [461540]\n- [x86_64] AMD IOMMU driver support (Bhavna Sarathy ) [251970]\n- [x86_64] GART iommu alignment fixes (Prarit Bhargava ) [455813]\n- [firewire] latest upstream snapshot for RHEL-5.3 (Jay Fenlason ) [449520 430300 429950 429951]\n- [net] ipv6: configurable address selection policy table (Neil Horman ) [446063]\n- [fs] relayfs: support larger on-memory buffer (Masami Hiramatsu ) [439269]\n- [xen] ia64: speed up hypercall for guest domain creation (Tetsu Yamamoto ) [456171]\n- [xen] make last processed event channel a per-cpu var (Tetsu Yamamoto ) [456171]\n- [xen] process event channel notifications in round-robin (Tetsu Yamamoto ) [456171]\n- [xen] use unlocked_ioctl in evtchn, gntdev and privcmd (Tetsu Yamamoto ) [456171]\n- [xen] disallow nested event delivery (Tetsu Yamamoto ) [456171]\n- [ppc64] spu: add cpufreq governor (Ed Pollard ) [442410]\n- [misc] cleanup header warnings and enable header check (Don Zickus ) [458360]\n- [mm] NUMA: over-committing memory compiler warnings (Larry Woodman ) [457264]\n- [misc] mmtimer: fixes for high resolution timers (George Beshers ) [442186]\n- [x86_64] xen: local DOS due to NT bit leakage (Eugene Teo ) [457722] {CVE-2006-5755}\n- [xen] ia64: mark resource list functions __devinit (Tetsu Yamamoto ) [430219]\n- [xen] ia64: issue ioremap HC in pci_acpi_scan_root (Tetsu Yamamoto ) [430219]\n- [xen] ia64: revert paravirt to ioremap /proc/pci (Tetsu Yamamoto ) [430219]\n- [xen] ia64: disable paravirt to remap /dev/mem (Tetsu Yamamoto ) [430219]\n- [x86_64] kprobe: kprobe-booster and return probe-booster (Masami Hiramatsu ) [438725]\n- [xen] NUMA: extend physinfo sysctl to export topo info (Tetsu Yamamoto ) [454711]\n- [xen] ia64: kludge for XEN_GUEST_HANDLE_64 (Tetsu Yamamoto ) [454711]\n- [xen] ia64: NUMA support (Tetsu Yamamoto ) [454711]\n- [misc] pipe support to /proc/sys/net/core_pattern (Neil Horman ) [410871]\n- [xen] ia64: fix and cleanup move to psr (Tetsu Yamamoto ) [447453]\n- [xen] ia64: turn off psr.i after PAL_HALT_LIGHT (Tetsu Yamamoto ) [447453]\n- [xen] ia64: fix ia64_leave_kernel (Tetsu Yamamoto ) [447453]\n- [xen] page scrub: serialise softirq with a new lock (Tetsu Yamamoto ) [456171]\n- [xen] serialize scrubbing pages (Tetsu Yamamoto ) [456171]\n- [xen] ia64: dont warn for EOI-ing edge triggered intr (Tetsu Yamamoto ) [430219]\n- [xen] ia64: remove regNaT fault message (Tetsu Yamamoto ) [430219]\n- [xen] ia64: suppress warning of __assign_domain_page (Tetsu Yamamoto ) [430219]\n- [xen] ia64: remove annoying log message (Tetsu Yamamoto ) [430219]\n- [xen] ia64: quieter Xen boot (Tetsu Yamamoto ) [430219]\n- [xen] ia64: quiet lookup_domain_mpa when domain is dying (Tetsu Yamamoto ) [430219]\n- [xen] ia64: fix XEN_SYSCTL_physinfo to handle NUMA info (Tetsu Yamamoto ) [454711]\n- [xen] ia64: fixup physinfo (Tetsu Yamamoto ) [454711]\n[2.6.18-109.el5]\n- [misc] cpufreq: fix format string bug (Vitaly Mayatskikh ) [459460]\n- [x86_64] perfctr: dont use CCCR_OVF_PMI1 on Pentium 4 Ds (Aristeu Rozanski ) [447618]\n- [wireless] iwlwifi: fix busted tkip encryption (John W. Linville ) [438388]\n- [wireless] ath5k: fixup Kconfig mess from update (John W. Linville ) [445578]\n- [fs] cifs: fix O_APPEND on directio mounts (Jeff Layton ) [460063]\n- [ia64] oprofile: recognize Montvale cpu as Itanium2 (Dave Anderson ) [452588]\n- [block] aoe: use use bio->bi_idx to avoid panic (Tom Coughlan ) [440506]\n- [x86] make bare-metal oprofile recognize other platforms (Markus Armbruster ) [458441]\n- [scsi] areca: update for RHEL-5.3 (Tomas Henzl ) [436068]\n- [sata] prep work for rhel5.3 (David Milburn ) [439247 445727 450962 451586 455445]\n- [sata] update driver to 2.6.26-rc5 (David Milburn ) [439247 442906 445727 450962 451586 455445 459197]\n- [openib] race between QP async handler and destroy_qp (Brad Peters ) [446109]\n- [mm] dont use large pages to map the first 2/4MB of mem (Larry Woodman ) [455504]\n- [mm] holdoffs in refresh_cpu_vm_stats using latency test (George Beshers ) [447654]\n- [ppc64] cell spufs: fix HugeTLB (Brad Peters ) [439483]\n- [ppc64] cell spufs: update with post 2.6.25 patches (Brad Peters ) [439483]\n- [xen] ia64 oprofile: recognize Montvale cpu as Itanium2 (Dave Anderson ) [452588]\n- [xen] x86: make xenoprof recognize other platforms (Markus Armbruster ) [458441]\n[2.6.18-108.el5]\n- [net] NetXen: remove performance optimization fix (Tony Camuso ) [457958]\n- [net] NetXen: update to upstream 2.6.27 (tcamuso@redhat.com ) [457958]\n- [net] NetXen: fixes from upstream 2.6.27 (tcamuso@redhat.com ) [457958]\n- [net] NetXen: cleanups from upstream 2.6.27 (tcamuso@redhat.com ) [457958]\n- [fs] anon_inodes implementation (Eduardo Habkost ) [459835]\n- [x86] PCI domain support (Jeff Garzik ) [228290]\n- [net] udp: possible recursive locking (Hideo AOKI ) [458909]\n- [gfs2] multiple writer performance issue (Abhijith Das ) [459738]\n- [alsa] asoc: double free and mem leak in i2c codec (Jaroslav Kysela ) [460103]\n- [net] ibmveth: cluster membership problems (Brad Peters ) [460379]\n- [net] ipv6: drop outside of box loopback address packets (Neil Horman ) [459556]\n- [net] dccp_setsockopt_change integer overflow (Vitaly Mayatskikh ) [459235] {CVE-2008-3276}\n- [x86] execute stack overflow warning on interrupt stack (Michal Schmidt ) [459810]\n- [ppc] export LPAR CPU utilization stats for use by hv (Brad Peters ) [439516]\n- [acpi] error attaching device data (peterm@redhat.com ) [459670]\n- [md] fix crashes in iterate_rdev (Doug Ledford ) [455471]\n- [utrace] signal interception breaks systemtap uprobes (Roland McGrath ) [459786]\n- [misc] markers and tracepoints: config patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: kabi fix-up patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: probes (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: sched patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: irq patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: create Module.markers (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: markers docs (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: markers samples (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: markers (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: tracepoint samples (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: tracepoints (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: samples patch (jbaron@redhat.com ) [329821]\n- [misc] markers and tracepoints: rcu-read patch (jbaron@redhat.com ) [329821]\n- [x86] nmi: fix disable and enable _timer_nmi_watchdog (Aristeu Rozanski ) [447618]\n- [x86] nmi: disable LAPIC/IO APIC on unknown_nmi_panic (Aristeu Rozanski ) [447618]\n- [x86] nmi: use lapic_adjust_nmi_hz (Aristeu Rozanski ) [447618]\n- [x86] nmi: update check_nmi_watchdog (Aristeu Rozanski ) [447618]\n- [x86] nmi: update reserve_lapic_nmi (Aristeu Rozanski ) [447618]\n- [x86] nmi: use setup/stop routines in suspend/resume (Aristeu Rozanski ) [447618]\n- [x86] nmi: change nmi_active usage (Aristeu Rozanski ) [447618]\n- [x86] nmi: update nmi_watchdog_tick (Aristeu Rozanski ) [447618]\n- [x86] nmi: introduce do_nmi_callback (Aristeu Rozanski ) [447618]\n- [x86] nmi: introduce per-cpu wd_enabled (Aristeu Rozanski ) [447618]\n- [x86] nmi: add perfctr infrastructure (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: add missing prototypes in xen headers (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: kill disable_irq calls (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: disable LAPIC/IO APIC on unknown_nmi_panic (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: use perfctr functions for probing (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: update check_nmi_watchdog (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: update reserve_lapic_nmi (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: use new setup/stop routines in suspend/resume (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: change nmi_active usage (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: update nmi_watchdog_tick (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: setup apic to handle both IO APIC and LAPIC (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: introduce do_nmi_callback (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: introduce per-cpu wd_enabled (Aristeu Rozanski ) [447618]\n- [x86_64] nmi: add perfctr infrastructure (Aristeu Rozanski ) [447618]\n- [mm] drain_node_page: drain pages in batch units (George Beshers ) [442179]\n- [mm] optimize ZERO_PAGE in 'get_user_pages' and fix XIP (Anton Arapov ) [452668] {CVE-2008-2372}\n- [x86_64] UEFI code support (Brian Maly ) [253295]\n[2.6.18-107.el5]\n- [scsi] mptscsi: check for null device in error handler (Doug Ledford ) [441832]\n- [openib] ehca: local CA ACK delay has an invalid value (Brad Peters ) [458378]\n- [gfs2] fix metafs (Abhijith Das ) [457798]\n- [sound] HDMI Audio: new PCI device ID (Bhavna Sarathy ) [459221]\n- [s390] cio: memory leak when ccw devices are discarded (Hans-Joachim Picht ) [459495]\n- [openib] ehca: handle two completions for one work req (Brad Peters ) [459142]\n- [scsi] cciss: possible race condition during init (Ivan Vecera ) [455663]\n- [wireless] rtl818x: add driver from 2.6.26 (John W. Linville ) [448764]\n- [wireless] rt2x00: add driver from 2.6.26 (John W. Linville ) [448763]\n- [wireless] ath5k: add driver from 2.6.26 (John W. Linville ) [445578]\n- [wireless] iwlwifi update to version from 2.6.26 (John W. Linville ) [438395]\n- [wireless] mac80211 update to version from 2.6.26 (John W. Linville ) [438391 438464 446076]\n- [wireless] infrastructure changes for mac80211 update (John W. Linville ) [438391]\n- [xen] xennet: coordinate ARP with backend network status (Herbert Xu ) [458934]\n- [x86] oprofile: enable additional perf counters (Markus Armbruster ) [426096]\n- [wireless] update zd1211rw to last non-mac80211 version (John W. Linville ) [448762]\n- [wireless] update bcm43xx driver to 2.6.25 (John W. Linville ) [448762]\n- [wireless] update ipw2x00 driver to 2.6.25 (John W. Linville ) [448762]\n- [wireless] update ieee80211 to 2.6.25 (John W. Linville ) [448762]\n- [xen] hv: support up to 128 cpus (Bill Burns ) [447958]\n- [gfs2] rm on multiple nodes causes panic (Bob Peterson ) [458289]\n- [gfs2] d_rwdirectempty fails with short read (Benjamin Marzinski ) [456453]\n- [sound] snd_seq_oss_synth_make_info info leak (Eugene Teo ) [458001] {CVE-2008-3272}\n- Revert: [mm] add support for fast get user pages (Ed Pollard ) [447649]\n- [xen] fix GDT allocation for 128 CPUs (Bill Burns ) [447958]\n- [xen] fix building with max_phys_cpus=128 (Bill Burns ) [447958]\n- [xen] limit dom0 to 32GB by default (Rik van Riel ) [453467]\n- [xen] automatically make heap larger on large mem system (Rik van Riel ) [453467]\n[2.6.18-106.el5]\n- [x86_64] resume from s3 in text mode with >4GB of mem (Matthew Garrett ) [452961]\n- [x86] kdump: calgary iommu: use boot kernels TCE tables (Tom Coughlan ) [239272]\n- [net] neigh_destroy: call destructor before unloading (Brad Peters ) [449161]\n- [usb] removing bus with an open file causes an oops (Pete Zaitcev ) [450786]\n- [nfs] missing nfs_fattr_init in nfsv3 acl functions (Jeff Layton ) [453711]\n- [xen] x86: fix endless loop when GPF (Chris Lalancette ) [457093]\n- [dlm] user.c input validation fixes (David Teigland ) [458760]\n- [serial] support for Digi PCI-E 4-8port Async IO adapter (Brad Peters ) [439443]\n- [cpufreq] acpi: boot crash due to _PSD return-by-ref (John Villalovos ) [428909]\n- [x86] io_apic: check timer with irq off (Brian Maly ) [432407]\n- [nfs] v4: dont reuse expired nfs4_state_owner structs (Jeff Layton ) [441884]\n- [nfs] v4: credential ref leak in nfs4_get_state_owner (Jeff Layton ) [441884]\n- [xen] PVFB probe & suspend fixes fix (Markus Armbruster ) [459107]\n- [x86] acpi: prevent resources from corrupting memory (Prarit Bhargava ) [458988]\n- [mm] add support for fast get user pages (Ed Pollard ) [447649]\n- [ipmi] control BMC device ordering (peterm@redhat.com ) [430157]\n- [net] pppoe: fix skb_unshare_check call position (Jiri Pirko ) [459062]\n- [net] ipv6: use timer pending to fix bridge ref count (Jiri Pirko ) [457006]\n- [nfs] v4: Poll aggressively when handling NFS4ERR_DELAY (Jeff Layton ) [441884]\n- [net] ixgbe: fix EEH recovery time (Brad Peters ) [457466]\n- [net] pppoe: unshare skb before anything else (Jiri Pirko ) [457018]\n- [ppc64] EEH: facilitate vendor driver recovery (Brad Peters ) [457253]\n- [ia64] fix to check module_free parameter (Masami Hiramatsu ) [457961]\n- [video] make V4L2 less verbose (Mauro Carvalho Chehab ) [455230]\n- [autofs4] remove unused ioctls (Ian Kent ) [452139]\n- [autofs4] reorganize expire pending wait function calls (Ian Kent ) [452139]\n- [autofs4] fix direct mount pending expire race (Ian Kent ) [452139]\n- [autofs4] fix indirect mount pending expire race (Ian Kent ) [452139]\n- [autofs4] fix pending checks (Ian Kent ) [452139]\n- [autofs4] cleanup redundant readdir code (Ian Kent ) [452139]\n- [autofs4] keep most direct and indirect dentrys positive (Ian Kent ) [452139]\n- [autofs4] fix waitq memory leak (Ian Kent ) [452139]\n- [autofs4] check communication pipe is valid for write (Ian Kent ) [452139]\n- [autofs4] fix waitq locking (Ian Kent ) [452139]\n- [autofs4] fix pending mount race (Ian Kent ) [452139]\n- [autofs4] use struct qstr in waitq.c (Ian Kent ) [452139]\n- [autofs4] use lookup intent flags to trigger mounts (Ian Kent ) [448869]\n- [autofs4] hold directory mutex if called in oz_mode (Ian Kent ) [458749]\n- [autofs4] use rehash list for lookups (Ian Kent ) [458749]\n- [autofs4] dont make expiring dentry negative (Ian Kent ) [458749]\n- [autofs4] fix mntput, dput order bug (Ian Kent ) [452139]\n- [autofs4] bad return from root.c:try_to_fill_dentry (Ian Kent ) [452139]\n- [autofs4] sparse warn in waitq.c:autofs4_expire_indirect (Ian Kent ) [452139]\n- [autofs4] check for invalid dentry in getpath (Ian Kent ) [452139]\n- [misc] create a kernel checksum file per FIPS140-2 (Don Zickus ) [444632]\n- [net] h323: Fix panic in conntrack module (Thomas Graf ) [433661]\n- [misc] NULL pointer dereference in kobject_get_path (Jiri Pirko ) [455460]\n- [audit] new filter type, AUDIT_FILETYPE (Alexander Viro ) [446707]\n- [ppc64] missed hw breakpoints across multiple threads (Brad Peters ) [444076]\n- [net] race between neigh_timer_handler and neigh_update (Brad Peters ) [440555]\n- [security] NULL ptr dereference in __vm_enough_memory (Jerome Marchand ) [443659]\n- [ppc64] cell: spufs update for RHEL-5.3 (Brad Peters ) [439483]\n- [misc] null pointer dereference in register_kretprobe (Jerome Marchand ) [452308]\n- [alsa] HDA: update to 2008-07-22 (Jaroslav Kysela ) [456215]\n- [ia64] xen: handle ipi case IA64_TIMER_VECTOR (Luming Yu ) [451745]\n- [misc] batch kprobe register/unregister (Jiri Pirko ) [437579]\n- [ia64] add gate.lds to Documentation/dontdiff (Prarit Bhargava ) [449948]\n- [xen] fix netloop restriction (Bill Burns ) [358281]\n- [nfs] revert to sync writes when background write errors (Jeff Layton ) [438423]\n- [ia64] kdump: implement greater than 4G mem restriction (Doug Chapman ) [446188]\n- [nfs] clean up short packet handling for NFSv4 readdir (Jeff Layton ) [428720]\n- [nfs] clean up short packet handling for NFSv2 readdir (Jeff Layton ) [428720]\n- [nfs] clean up short packet handling for NFSv3 readdir (Jeff Layton ) [428720]\n[2.6.18-105.el5]\n- [misc] pnp: increase number of devices (Prarit Bhargava ) [445590]\n- [ppc] PERR/SERR disabled after EEH error recovery (Brad Peters ) [457468]\n- [ppc] eHEA: update from version 0076-05 to 0091-00 (Brad Peters ) [442409]\n- [net] modifies inet_lro for RHEL (Brad Peters ) [442409]\n- [net] adds inet_lro module (Brad Peters ) [442409]\n- [ppc] adds crashdump shutdown hooks (Brad Peters ) [442409]\n- [ppc] xmon: setjmp/longjmp code generically available (Brad Peters ) [442409]\n- [xen] PV: config file changes (Don Dutile ) [442991]\n- [xen] PV: Makefile and Kconfig additions (Don Dutile ) [442991]\n- [xen] PV: add subsystem (Don Dutile ) [442991]\n- [xen] PV: shared used header file changes (Don Dutile ) [442991]\n- [xen] PV: shared use of xenbus, netfront, blkfront (Don Dutile ) [442991]\n- [fs] backport zero_user_segments and friends (Eric Sandeen ) [449668]\n- [fs] backport list_first_entry helper (Eric Sandeen ) [449668]\n- [ia64] fix boot failure on ia64/sn2 (Luming Yu ) [451745]\n- [ia64] move SAL_CACHE_FLUSH check later in boot (Luming Yu ) [451745]\n- [ia64] use platform_send_ipi in check_sal_cache_flush (Luming Yu ) [451745]\n- [xen] avoid dom0 hang when tearing down domains (Chris Lalancette ) [347161]\n- [xen] ia64: SMP-unsafe with XENMEM_add_to_physmap on HVM (Tetsu Yamamoto ) [457137]\n[2.6.18-104.el5]\n- [crypto] IPsec memory leak (Vitaly Mayatskikh ) [455238]\n- [ppc] edac: add support for Cell processor (Brad Peters ) [439507]\n- [ppc] edac: add pre-req support for Cell processor (Brad Peters ) [439507]\n- [scsi] DLPAR remove operation fails on LSI SCSI adapter (Brad Peters ) [457852]\n- [net] bridge: eliminate delay on carrier up (Herbert Xu ) [453526]\n- [mm] tmpfs: restore missing clear_highpage (Eugene Teo ) [426083]{CVE-2007-6417}\n- [scsi] aic94xx: update to 2.6.25 (Ed Pollard ) [439573]\n- [fs] dio: lock refcount operations (Jeff Moyer ) [455750]\n- [fs] vfs: fix lookup on deleted directory (Eugene Teo ) [457866]{CVE-2008-3275}\n- [fs] jbd: fix races that lead to EIO for O_DIRECT (Brad Peters ) [446599]\n- [fs] add percpu_counter_add & _sub (Eric Sandeen ) [443896]\n- [xen] event channel lock and barrier (Markus Armbruster ) [457086]\n- [ppc] adds DSCR support in sysfs (Brad Peters ) [439567]\n- [ppc] oprofile: wrong cpu_type returned (Brad Peters ) [441539]\n- [s390] utrace: PTRACE_POKEUSR_AREA corrupts ACR0 (Anton Arapov ) [431183]\n- [pci] fix problems with msi interrupt management (Michal Schmidt ) [428696]\n- [misc] fix wrong test in wait_task_stopped (Jerome Marchand ) [382211]\n- [fs] ecryptfs: use page_alloc to get a page of memory (Eric Sandeen ) [457058]\n- [misc] serial: fix break handling for i82571 over LAN (Aristeu Rozanski ) [440018]\n- [xen] blktap: expand for longer busids (Chris Lalancette ) [442723]\n- [xen] fix blkfront to accept > 16 devices (Chris Lalancette ) [442723]\n- [xen] expand SCSI majors in blkfront (Chris Lalancette ) [442077]\n- [misc] core dump: remain dumpable (Jerome Marchand ) [437958]\n- [fs] inotify: previous event should be last in list (Jeff Burke ) [453990]\n- [block] Enhanced Partition Statistics: documentation (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: retain old stats (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: procfs (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: sysfs (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: cpqarray fix (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: cciss fix (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: aoe fix (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: update statistics (Jerome Marchand ) [224322]\n- [block] Enhanced Partition Statistics: core statistics (Jerome Marchand ) [224322]\n- [fs] add clear_nlink, drop_nlink (Eric Sandeen ) [443896]\n- [fs] add buffer_submit_read and bh_uptodate_or_lock (Eric Sandeen ) [443896]\n- [fs] noinline_for_stack attribute (Eric Sandeen ) [443896]\n- [fs] i_version updates (Eric Sandeen ) [443896]\n- [fs] add an ERR_CAST function (Eric Sandeen ) [443896]\n- [fs] introduce is_owner_or_cap (Eric Sandeen ) [443896]\n- [fs] add generic_find_next_le_bit (Eric Sandeen ) [443896]\n- [fs] add le32_add_cpu and friends (Eric Sandeen ) [443896]\n- [net] sctp: export needed data to implement RFC 3873 (Neil Horman ) [277111]\n- [xen] x86: xenoprof enable additional perf counters (Markus Armbruster ) [426096]\n[2.6.18-103.el5]\n- [fs] dio: use kzalloc to zero out struct dio (Jeff Moyer ) [439918]\n- [x86] hugetlb: inconsistent get_user_pages (x86 piece) (Brad Peters ) [456449]\n- [fs] fix softlockups when repeatedly dropping caches (Bryn M. Reeves ) [444961]\n- [char] add hp-ilo driver (Tony Camuso ) [437212]\n- [net] do liberal tracking for picked up connections (Anton Arapov ) [448328]\n- [scsi] BusLogic: typedef bool to boolean for compiler (Chip Coldwell ) [445095]\n- [misc] ioc4: fixes - pci_put_dev, printks, mem resource (Jonathan Lim ) [442424]\n[2.6.18-102.el5]\n- [net] slow_start_after_idle influences cwnd validation (Thomas Graf ) [448918]\n- [dlm] fix a couple of races (David Teigland ) [457569]\n- [net] NetXen driver update to 3.4.18 (Ed Pollard ) [443619]\n- [mm] NUMA: system is slow when over-committing memory (Larry Woodman ) [457264]\n- [net] ixgbe: remove device ID for unsupported device (Andy Gospodarek ) [454910]\n- [ppc] Event Queue overflow on eHCA adapters (Brad Peters ) [446713]\n- [ppc] IOMMU Performance Enhancements (Brad Peters ) [439469]\n- [ppc] RAS update for Cell (Brad Peters ) [313731]\n- [ppc] fast little endian implementation for System p AVE (Brad Peters ) [439505]\n- [net] proc: add unresolved discards stat to ndisc_cache (Neil Horman ) [456732]\n- [x86_64] ia32: increase stack size (Larry Woodman ) [442331]\n- [mm] fix PAE pmd_bad bootup warning (Larry Woodman ) [455434]\n- [video] add uvcvideo module (Jay Fenlason ) [439899]\n- [crypto] add tests for cipher types to self test module (Neil Horman ) [446514]\n- [mm] fix debug printks in page_remove_rmap() (Larry Woodman ) [457458]\n- [mm] fix /proc/sys/vm/lowmem_reserve_ratio (Larry Woodman ) [457471]\n- [xen] add VPS sync read/write according to spec (Bill Burns ) [437096]\n- [xen] use VPS service to take place of PAL call (Bill Burns ) [437096]\n- [xen] enable serial console for new ia64 chip (Bill Burns ) [437096]\n[2.6.18-101.el5]\n- [ipmi] restrict keyboard I/O port reservation (peterm@redhat.com ) [456300]\n- [mm] xpmem: inhibit page swapping under heavy mem use (George Beshers ) [456574]\n- [fs] vfs: wrong error code on interrupted close syscalls (Jeff Layton ) [455729]\n- [misc] dont randomize when no randomize personality set (Bryn M. Reeves ) [444611]\n- [ia64] holdoffs in sn_ack_irq when running latency tests (Jonathan Lim ) [447838]\n- [xen] x86: new vcpu_op call to get physical CPU identity (Bhavana Nagendra ) [434548]\n- [xen] HV: memory corruption with large number of cpus (Chris Lalancette ) [449945]\n- [xen] save phys addr for crash utility (Bill Burns ) [443618]\n- [xen] kexec: allocate correct memory reservation (Bill Burns ) [442661]\n[2.6.18-100.el5]\n- [gfs2] glock dumping missing out some glocks (Steven Whitehouse ) [456334]\n- [scsi] ibmvscsi: add tape device support (Brad Peters ) [439488]\n- [misc] irq: reset stats when installing new handler (Eugene Teo ) [456218]\n- [scsi] ibmvscsi: latest 5.3 fixes and enhancements (Brad Peters ) [439487]\n- [selinux] prevent illegal selinux options when mounting (Eugene Teo ) [456052]\n- [xen] remove blktap sysfs entries before shutdown (Chris Lalancette ) [250104]\n- [xen] dont collide symbols with blktap (Chris Lalancette ) [250104]\n- [xen] blktap: modify sysfs entries to match blkback (Chris Lalancette ) [250104]\n- [xen] dont try to recreate sysfs entries (Chris Lalancette ) [250104]\n- [xen] blktap: stats error cleanup (Chris Lalancette ) [250104]\n- [xen] blktap: add statistics (Chris Lalancette ) [250104]\n- [xen] rename blktap kernel threads to blktap.dom.blkname (Chris Lalancette ) [250104]\n- [ia64] xen: incompatibility with HV and userspace tools (Tetsu Yamamoto ) [444589]\n- [usb] add ids for WWAN cards (John Feeney ) [253137]\n- [ia64] handle invalid ACPI SLIT table (Luming Yu ) [451591]\n- [pci] mmconfig: use conf1 for access below 256 bytes (Tony Camuso ) [441615 251493]\n- [pci] mmconfig: rm pci_legacy_ops and nommconf blacklist (Tony Camuso ) [441615 251493]\n- [pci] mmconfig: remove pci_bios_fix_bus_scan_quirk (Tony Camuso ) [441615 251493]\n- [fs] nlm: tear down RPC clients in nlm_shutdown_hosts (Jeff Layton ) [254195]\n- [fs] nlm: dont reattempt GRANT_MSG with an inflight RPC (Jeff Layton ) [254195]\n- [fs] nlm: canceled inflight GRANT_MSG shouldnt requeue (Jeff Layton ) [254195]\n- [fs] potential race in mark_buffer_dirty (Mikulas Patocka ) [442577]\n[2.6.18-99.el5]\n- [fs] lockd: nlmsvc_lookup_host called with f_sema held (Jeff Layton ) [453094]\n- [x86] dont call MP_processor_info for disabled cpu (Prarit Bhargava ) [455425]\n- [x86_64] dont call MP_processor_info for disabled cpu (Prarit Bhargava ) [455427]\n- [x86] show apicid in /proc/cpuinfo (Prarit Bhargava ) [455424]\n- [acpi] disable lapic timer on C2 states (John Villalovos ) [438409]\n- [acpi] enable deep C states for idle efficiency (Matthew Garrett ) [443516]\n- [fs] missing check before setting mount propagation (Eugene Teo ) [454393]\n- [xen] pvfb: frontend mouse wheel support (Markus Armbruster ) [446235]\n- [ppc] use ibm,slb-size from device tree (Brad Peters ) [432127]\n- [mm] dio: fix cache invalidation after sync writes (Jeff Moyer ) [445674]\n- [misc] fix UP compile in skcipher.h (Prarit Bhargava ) [453038]\n- [ia64] softlock: prevent endless warnings in kdump (Neil Horman ) [453200]\n- [net] s2io: fix documentation about intr_type (Michal Schmidt ) [450921]\n- [net] make udp_encap_rcv use pskb_may_pull (Neil Horman ) [350281]\n- [misc] fix compile when selinux is disabled (Prarit Bhargava ) [452535]\n- [scsi] update aacraid to 1.1.5-2455 (Chip Coldwell ) [429862]\n- [x86_64] ptrace: sign-extend orig_rax to 64 bits (Jerome Marchand ) [437882]\n- [x86_64] ia32 syscall restart fix (Jerome Marchand ) [434998]\n- [misc] optimize byte-swapping, fix -pedantic compile (Jarod Wilson ) [235699]\n- [dm] snapshot: reduce default memory allocation (Milan Broz ) [436494]\n- [dm] snapshot: fix chunksize sector conversion (Milan Broz ) [443627]\n- [net] ip tunnel cant be bound to another device (Michal Schmidt ) [451196]\n- [net] bnx2x: chip reset and port type fixes (Andy Gospodarek ) [441259]\n- [audit] records sender of SIGUSR2 for userspace (Eric Paris ) [428277]\n- [audit] deadlock under load and auditd takes a signal (Eric Paris ) [429941]\n- [audit] send EOE audit record at end of syslog events (Eric Paris ) [428275]\n- [x86] brk: fix RLIMIT_DATA check (Vitaly Mayatskikh ) [315681]\n- [misc] fix ?!/!? inversions in spec file (Jarod Wilson ) [451008]\n- [scsi] fix high I/O wait using 3w-9xxx (Tomas Henzl ) [444759]\n- [net] ipv6: fix unbalanced ref count in ndisc_recv_ns (Neil Horman ) [450855]\n- [fs] cifs: wait on kthread_stop before thread exits (Jeff Layton ) [444865]\n- [net] fix the redirected packet if jiffies wraps (Ivan Vecera ) [445536]\n- [nfs] pages of a memory mapped file get corrupted (Peter Staubach ) [435291]\n- [net] sunrpc: memory corruption from dead rpc client (Jeff Layton ) [432867]\n- [fs] debugfs: fix dentry reference count bug (Josef Bacik ) [445787]\n- [acpi] remove processor module errors (John Feeney ) [228836]\n- [fs] ext3: make fdatasync not sync metadata (Josef Bacik ) [445649]\n- [pci] acpiphp_ibm: let ACPI determine _CID buffer size (Prarit Bhargava ) [428874]\n- [fs] need process map reporting for swapped pages (Anton Arapov ) [443749]\n- [misc] optional panic on softlockup warnings (Prarit Bhargava ) [445422]\n- [net] sctp: support remote address table oid (Neil Horman ) [435110]\n- [nfs] knfsd: revoke setuid/setgid when uid/gid changes (Jeff Layton ) [443043]\n- [nfs] remove error field from nfs_readdir_descriptor_t (Jeff Layton ) [437479]\n[2.6.18-98.el5]\n- [nfs] sunrpc: sleeping rpc_malloc might deadlock (Jeff Layton ) [451317]\n- [gfs2] initial write performance very slow (Benjamin Marzinski ) [432826]\n- [ia64] avoid unnecessary TLB flushes when allocating mem (Doug Chapman ) [435362]\n- [gfs2] lock_dlm: deliver callbacks in the right order (Bob Peterson ) [447748]\n- [sound] alsa: HDA driver update from upstream 2008-06-11 (Jaroslav Kysela ) [451007]\n- [x86_64] xen: fix syscall return when tracing (Chris Lalancette ) [453394]\n- [fs] ext3: lighten up resize transaction requirements (Eric Sandeen ) [425955]\n- [xen] PVFB probe & suspend fixes (Markus Armbruster ) [434800]\n- [nfs] ensure that options turn off attribute caching (Peter Staubach ) [450184]\n- [x86_64] memmap flag results in bogus RAM map output (Prarit Bhargava ) [450244]\n- [nfs] sunrpc: fix a race in rpciod_down (Jeff Layton ) [448754]\n- [nfs] sunrpc: fix hang due to eventd deadlock (Jeff Layton ) [448754]\n- [gfs2] d_doio stuck in readv waiting for pagelock (Bob Peterson ) [432057]\n- [fs] ext3: fix lock inversion in direct io (Josef Bacik ) [439194]\n- [fs] jbd: fix journal overflow issues (Josef Bacik ) [439193]\n- [fs] jbd: fix typo in recovery code (Josef Bacik ) [447742]\n- [openib] small ipoib packet can cause an oops (Doug Ledford ) [445731]\n- [sched] domain range turnable params for wakeup_idle (Kei Tokunaga ) [426971]\n- [edac] k8_edac: fix typo in user visible message (Aristeu Rozanski ) [446068]\n- [net] ipv6: dont handle default routes specially (Neil Horman ) [426895 243526]\n- [fs] ext3: unmount hang when quota-enabled goes error-RO (Eric Sandeen ) [429054]\n- [net] ipv6: no addrconf for bonding slaves (Andy Gospodarek ) [236750]\n- [misc] fix race in switch_uid and user signal accounting (Vince Worthington ) [441762 440830]\n- [misc] /proc/pid/limits : fix duplicate array entries (Neil Horman ) [443522]\n- [nfs] v4: fix ref count and signal for callback thread (Jeff Layton ) [423521]\n- [mm] do not limit locked memory when using RLIM_INFINITY (Larry Woodman ) [442426]\n- [xen] ia64: add srlz instruction to asm (Aron Griffis ) [440261]\n- [nfs] fix transposed deltas in nfs v3 (Jeff Layton ) [437544]\n- [x86_64] gettimeofday fixes for HPET, PMTimer, TSC (Prarit Bhargava ) [250708]\n- [ia64] remove assembler warnings on head.S (Luming Yu ) [438230]\n- [misc] allow hugepage allocation to use most of memory (Larry Woodman ) [438889]\n- [edac] k8_edac: add option to report GART errors (Aristeu Rozanski ) [390601]\n- [ia64] add TIF_RESTORE_SIGMASK and pselect/ppoll syscall (Luming Yu ) [206806]\n[2.6.18-97.el5]\n- [misc] signaling msgrvc() should not pass back error (Jiri Pirko ) [452533]\n- [ia64] properly unregister legacy interrupts (Prarit Bhargava ) [445886]\n- [s390] zfcp: status read locking race (Hans-Joachim Picht ) [451278]\n- [s390] fix race with stack local wait_queue_head_t. (Hans-Joachim Picht ) [451279]\n- [s390] cio: fix system hang with reserved DASD (Hans-Joachim Picht ) [451222]\n- [s390] cio: fix unusable zfcp device after vary off/on (Hans-Joachim Picht ) [451223]\n- [s390] cio: I/O error after cable pulls (Hans-Joachim Picht ) [451281]\n- [s390] tape: race condition in tape block device driver (Hans-Joachim Picht ) [451277]\n- [gfs2] cannot use fifo nodes (Steven Whitehouse ) [450276]\n- [gfs2] bad subtraction in while-loop can cause panic (Bob Peterson ) [452004]\n- [tux] crashes kernel under high load (Anton Arapov ) [448973]\n- [dlm] move plock code from gfs2 (David Teigland ) [450138]\n- [dlm] fix basts for granted CW waiting PR/CW (David Teigland ) [450137]\n- [dlm] check for null in device_write (David Teigland ) [450136]\n- [dlm] save master info after failed no-queue request (David Teigland ) [450135]\n- [dlm] keep cached master rsbs during recovery (David Teigland ) [450133]\n- [dlm] change error message to debug (David Teigland ) [450132]\n- [dlm] fix possible use-after-free (David Teigland ) [450132]\n- [dlm] limit dir lookup loop (David Teigland ) [450132]\n- [dlm] reject normal unlock when lock waits on lookup (David Teigland ) [450132]\n- [dlm] validate messages before processing (David Teigland ) [450132]\n- [dlm] reject messages from non-members (David Teigland ) [450132]\n- [dlm] call to confirm_master in receive_request_reply (David Teigland ) [450132]\n- [dlm] recover locks waiting for overlap replies (David Teigland ) [450132]\n- [dlm] clear ast_type when removing from astqueue (David Teigland ) [450132]\n- [dlm] use fixed errno values in messages (David Teigland ) [450130]\n- [dlm] swap bytes for rcom lock reply (David Teigland ) [450130]\n- [dlm] align midcomms message buffer (David Teigland ) [450130]\n- [dlm] use dlm prefix on alloc and free functions (David Teigland ) [450130]\n- [s390] zfcp: memory handling for GID_PN (Hans-Joachim Picht ) [447727]\n- [s390] zfcp: out-of-memory handling for status_read req (Hans-Joachim Picht ) [447726]\n- [s390] zfcp: deadlock in slave_destroy handler (Hans-Joachim Picht ) [447329]\n- [s390] dasd: fix timeout handling in interrupt handler (Hans-Joachim Picht ) [447316]\n- [s390] zfcp: fix check for handles in abort handler (Hans-Joachim Picht ) [447331]\n- [s390] aes_s390 decrypt may produce wrong results in CBC (Hans-Joachim Picht ) [446191]\n- [s390x] CPU Node Affinity (Hans-Joachim Picht ) [447379]\n- [gfs2] inode indirect buffer corruption (Bob Peterson ) [345401]\n- [s390] cio: avoid machine check vs. not operational race (Hans-Joachim Picht ) [444082]\n- [s390] qeth: avoid inconsistent lock state for inet6_dev (Hans-Joachim Picht ) [444077]\n- [s390] qdio: missed inb. traffic with online FCP devices (Hans-Joachim Picht ) [444146]\n- [s390] qeth: eddp skb buff problem running EDDP guestlan (Hans-Joachim Picht ) [444014]\n- [s390] cio: kernel panic in cm_enable processing (Hans-Joachim Picht ) [442032]\n- [fs] fix bad unlock_page in pip_to_file() error path (Larry Woodman ) [439917]\n- [s390] zfcp: Enhanced Trace Facility (Hans-Joachim Picht ) [439482]\n- [s390] dasd: add support for system information messages (Hans-Joachim Picht ) [439441]\n- [s390] zcrypt: add support for large random numbers (Hans-Joachim Picht ) [439440]\n- [s390] qeth: recovery problems with failing STARTLAN (Hans-Joachim Picht ) [440420]\n- [s390] qdio: change in timeout handling during establish (Hans-Joachim Picht ) [440421]\n- [s390] lcs: ccl-seq. numbers required for prot. 802.2 (Hans-Joachim Picht ) [440416]\n- [s390] dasd: diff z/VM minidisks need a unique UID (Hans-Joachim Picht ) [440402]\n- [s390] qeth: ccl-seq. numbers req for protocol 802.2 (Hans-Joachim Picht ) [440227]\n- [s390] sclp: prevent console lockup during SE warmstart (Hans-Joachim Picht ) [436967]\n- [s390] zcrypt: disable ap polling thread per default (Hans-Joachim Picht ) [435161]\n- [s390] zfcp: hold lock on port/unit handle for task cmd (Hans-Joachim Picht ) [434959]\n- [s390] zfcp: hold lock on port handle for ELS command (Hans-Joachim Picht ) [434955]\n- [s390] zfcp: hold lock on port/unit handle for FCP cmd (Hans-Joachim Picht ) [433537]\n- [s390] zfcp: hold lock when checking port/unit handle (Hans-Joachim Picht ) [434953]\n- [s390] zfcp: handling of boxed port after physical close (Hans-Joachim Picht ) [434801]\n- [s390] dasd: fix ifcc handling (Hans-Joachim Picht ) [431592]\n- [s390] cio: introduce timed recovery procedure (Hans-Joachim Picht ) [430593]\n- [s390] cio: sense id works with partial hw response (Hans-Joachim Picht ) [430787]\n- [s390] zfcp: fix use after free bug (Hans-Joachim Picht ) [412881]\n- [s390] cio: add missing reprobe loop end statement (Hans-Joachim Picht ) [412891]\n- [s390] zfcp: imbalance in erp_ready_sem usage (Hans-Joachim Picht ) [412831]\n- [s390] zfcp: zfcp_erp_action_dismiss will ignore actions (Hans-Joachim Picht ) [409091]\n- [s390] zfcp: Units are reported as BOXED (Hans-Joachim Picht ) [412851]\n- [s390] zfcp: Reduce flood on hba trace (Hans-Joachim Picht ) [415951]\n- [s390] zfcp: Deadlock when adding invalid LUN (Hans-Joachim Picht ) [412841]\n- [s390] pav alias disks not detected on lpar (Hans-Joachim Picht ) [416081]\n[2.6.18-96.el5]\n- [net] randomize udp port allocation (Eugene Teo ) [454572]\n- [tty] add NULL pointer checks (Aristeu Rozanski ) [453154]\n- [misc] ttyS1 lost interrupt, stops transmitting v2 (Brian Maly ) [451157]\n- [net] sctp: make sure sctp_addr does not overflow (David S. Miller ) [452483]\n- [sys] sys_setrlimit: prevent setting RLIMIT_CPU to 0 (Neil Horman ) [437122]\n- [net] sit: exploitable remote memory leak (Jiri Pirko ) [446039]\n- [x86_64] zero the output of string inst on exception (Jiri Pirko ) [451276] {CVE-2008-2729}\n- [net] dccp: sanity check feature length (Anton Arapov ) [447396] {CVE-2008-2358}\n- [misc] buffer overflow in ASN.1 parsing routines (Anton Arapov ) [444465] {CVE-2008-1673}\n- [x86_64] write system call vulnerability (Anton Arapov ) [433945] {CVE-2008-0598}\n[2.6.18-95.el5]\n- [net] Fixing bonding rtnl_lock screwups (Fabio Olive Leite ) [450219]\n- [x86_64]: extend MCE banks support for Dunnington, Nehalem (Prarit Bhargava ) [446673]\n- [nfs] address nfs rewrite performance regression in RHEL5 (Eric Sandeen ) [436004]\n- [mm] Make mmap() with PROT_WRITE on RHEL5 (Larry Woodman ) [448978]\n- [i386]: Add check for supported_cpus in powernow_k8 driver (Prarit Bhargava ) [443853]\n- [i386]: Add check for dmi_data in powernow_k8 driver (Prarit Bhargava ) [443853]\n- [sata] update sata_svw (John Feeney ) [441799]\n- [net] fix recv return zero (Thomas Graf ) [435657]\n- [misc] kernel crashes on futex (Anton Arapov ) [435178]\n[2.6.18-94.el5]\n- [misc] ttyS1 loses interrupt and stops transmitting (Simon McGrath ) [440121]\n[2.6.18-93.el5]\n- [x86] sanity checking for read_tsc on i386 (Brian Maly ) [443435]\n- [xen] netfront: send fake arp when link gets carrier (Herbert Xu ) [441716]\n- [net] fix xfrm reverse flow lookup for icmp6 (Neil Horman ) [446250]\n- [net] negotiate all algorithms when id bit mask zero (Neil Horman ) [442820]\n- [net] 32/64 bit compat MCAST_ sock options support (Neil Horman ) [444582]\n- [misc] add CPU hotplug support for relay functions (Kei Tokunaga ) [441523]", "published": "2009-01-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-0225.html", "cvelist": ["CVE-2008-4554", "CVE-2007-6417", "CVE-2008-3272", "CVE-2008-5029", "CVE-2008-0598", "CVE-2008-3496", "CVE-2008-3831", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3527", "CVE-2008-5182", "CVE-2008-5079", "CVE-2006-5755", "CVE-2008-2729", "CVE-2008-4576", "CVE-2008-5300", "CVE-2008-3276", "CVE-2008-2358", "CVE-2008-4210", "CVE-2008-3275", "CVE-2008-1673"], "lastseen": "2016-09-04T11:16:04"}, {"id": "ELSA-2008-0237", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.9-67.0.15.0.1.EL]\n- fix skb alignment that was causing sendto() to fail with EFAULT (Olaf Kirch) [orabug 6845794]\n- fix entropy flag in bnx2 driver to generate entropy pool (John Sobecki) [orabug 5931647]\n- fix enomem due to larger mtu size page alloc (Zach Brown) [orabug 5486128]\n- fix per_cpu() api bug_on with rds (Zach Brown) [orabug 5760648]\n- remove patch sysrq-b that queues upto keventd thread [orabug 6125546]\n- allow more than 4GB hugepage for single user (Herbert van den Bergh) [orabug 6002738]\n- netrx/netpoll race avoidance (Tina Yang) [orabug 6143381]\n[2.6.9-67.0.15]\n-fix kabi breakage in 67.0.14\n[2.6.9-67.0.14]\n-fs: serialize file access for dnotify (Alexander Viro) [443437] {CVE-2008-1669}\n-update: fix race condition in dnotify (Alexander Viro) [439756] {CVE-2008-1375}\n[2.6.9-67.0.13]\n-Revert: Add HP DL580 G5 to bfsort whitelist (Tony Camuso) [437976]\n[2.6.9-67.0.12]\n-fs: fix race condition in dnotify (Alexander Viro) [439756] {CVE-2008-1375}\n[2.6.9-67.0.11]\n-nfs: High vm pagecache reclaim latency on systems with large highmem to lowmem ratio fix (Larry Woodman) [438345]\n-nfs: Fix nfs read performance regression. Introduce a new tunable (Larry Woodman) [438477]\n-Retry: check to see if agp is valid before reporting aperture size warnings (Brian Maly) [392771 431897]\n-Ensure IV is in linear part of the skb to avoid BUG due to OOB access (Thomas Graf) [427245] {CVE-2007-6282}\n-fix unprivileged crash on x86_64 cs corruption (Jarod Wilson) [439786] {CVE-2008-1615}\n[2.6.9-67.0.10]\n-update: do not return zero in mmap (Vitaly Mayatskikh) [400811]\n-neofb: avoid overwriting fb_info fields (Vitaly Mayatskikh) [430251]\n-[NET] link_watch: always schedule urgent events (Don Dutile) [436102]\n-nlm: fix a client side race on blocking locks (Jeff Layton) [436129]\n-nlm: cleanup for blocked locks (Jeff Layton) [436129]\n-Add HP DL580 G5 to bfsort whitelist (Tony Camuso) [437976]\n-nfs: Discard pagecache data for dirs on denty_iput (Jeff Layton) [437788]\n[2.6.9-67.0.9]\n-[NET] link_watch: handle jiffies wraparound (Vince Worthington) [436749]\n-libata: un-blacklist hitachi drives to enable NCQ (David Milburn) [436499]\n-libata: sata_nv may send commands with duplicate tags (David Milburn) [436499]\n[2.6.9-67.0.8]\n-Insufficient range checks in fault handlers with mremap (Vitaly Mayatskikh) [428968] {CVE-2008-0007}\n-[MOXA] buffer overflow in moxa driver (Vitaly Mayatskikh) [423131] {CVE-2005-0504}\n-Fix unix stream socket recv race condition (Hideo AOKI) [435122]", "published": "2008-05-07T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0237.html", "cvelist": ["CVE-2007-6282", "CVE-2008-1669", "CVE-2005-0504", "CVE-2008-1375", "CVE-2008-1615", "CVE-2008-0007"], "lastseen": "2016-09-04T11:16:13"}, {"id": "ELSA-2008-0973", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.4.21-58.0.0.0.1.EL]\n- add directio support for qla drivers (herb) [ora 6346849]\n- support PT Quad card [ora 5751043]\n- io to nfs partition hangs [ora 5088963]\n- add entropy for bnx2 nic [ora 5931647]\n- avoid large allocation-fragmentation in MTU (zab)\n- fix clear highpage (wli)\n[2.4.21-58.EL]\n- copy_user doesn't zero tail bytes on page fault (Don Howard) [433941] {CVE-2008-2729}\n- Fix long symlink support (Fabio Olive Leite) [BZ 438758]\n- Fix possible buffer overflow in ASN.1 parsing routine (Don Howard) [444461] {CVE-2008-1673}\n- Fix exploitable remote memory leak in sit (Don Howard) [446034] {CVE-2008-2136}\n- Fix possible panic in mptctl_gettargetinfo (Don Howard) [451955]\n- Add add NULL pointer checks in tty drivers (Don Howard) [453158] {CVE-2008-2812}\n- Add a kernel parameter to disable lost tick accounting on x86_64 (Don Howard) [455921]\n- Fix possible isdn_net buffer overflows (Don Howard) [456361] {CVE-2007-6063}\n- Fix lookup on deleted directory (Eugene Teo) [457862] {CVE-2008-3275}\n- Add missing capability checks in sbni_ioctl (Eugene Teo) [460404] {CVE-2008-3525}\n- Remove suid/sgid bits on ftruncate (dhoward) [463684] {CVE-2008-4210}", "published": "2008-12-18T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0973.html", "cvelist": ["CVE-2008-2136", "CVE-2008-3525", "CVE-2008-2729", "CVE-2008-4210", "CVE-2008-3275", "CVE-2007-6063", "CVE-2008-2812", "CVE-2008-1673"], "lastseen": "2016-09-04T11:17:11"}, {"id": "ELSA-2008-0233", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.18-53.1.19.0.1.el5]\n- [NET] Add entropy support to e1000 and bnx2 (John Sobecki) [ORA 6045759]\n- [NET] Fix msi issue with kexec/kdump (Michael Chan) [ORA 6219364]\n- [MM] Fix alloc_pages_node() static nid' race made kernel crash (Joe Jin) [ORA 6187457]\n- [splice] Fix bad unlock_page() in error case (Jens Axboe) [ORA 6263574]\n- [dio] fix error-path crashes (Linux Torvalds) [ORA 6242289]\n[2.6.18-53.1.19.el5]\n- [xen] check num of segments in block backend driver (Bill Burns ) [378281]\n- [x86_64] update IO-APIC dest field to 8-bit for xAPIC (Dave Anderson ) [442922]\n- Update: [fs] fix race condition in dnotify (Alexander Viro ) [439758] {CVE-2008-1375}\n- Update: [xen] ia64: ftp stress test fixes between HVM/Dom0 (Tetsu Yamamoto ) [427400] {CVE-2008-1619}\n[2.6.18-53.1.18.el5]\n- Update: [fs] fix race condition in dnotify (Alexander Viro ) [439758] {CVE-2008-1375}\n[2.6.18-53.1.17.el5]\n- [fs] fix race condition in dnotify (Alexander Viro ) [439758] {CVE-2008-1375}\n- [pci] hotplug: PCI Express problems with bad DLLPs (Kei Tokunaga ) [440438]\n- [nfs] stop sillyrenames and unmounts from racing (Steve Dickson ) [440447]\n- [x86] clear df flag for signal handlers (Jason Baron ) [437316] {CVE-2008-1367}\n- [xen] ia64: ftp stress test fixes between HVM/Dom0 (Tetsu Yamamoto ) [427400] {CVE-2008-1619}\n- [xen] ia64: fix ssm_i emulation barrier and vdso pv (Tetsu Yamamoto ) [427400] {CVE-2008-1619}\n[2.6.18-53.1.16.el5]\n- [misc] fix range check in fault handlers with mremap (Vitaly Mayatskikh ) [428970]\n- [video] neofb: avoid overwriting fb_info fields (Anton Arapov ) [430253]\n[2.6.18-53.1.15.el5]\n- [libata] sata_nv: un-blacklist hitachi drives (David Milburn ) [433617]\n- [libata] sata_nv: may send cmds with duplicate tags (David Milburn ) [433617]\n- [s390] qdio: output queue stall on FCP and net devs (Hans-Joachim Picht ) [412071]\n- [xen] ia64: guest has bad network performance (Tetsu Yamamoto ) [433616]", "published": "2008-05-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0233.html", "cvelist": ["CVE-2008-1669", "CVE-2008-1375", "CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1619", "CVE-2008-1367"], "lastseen": "2016-09-04T11:16:01"}, {"id": "ELSA-2008-0211", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[kernel-2.4.21-57.0.0.0.1.EL]\n- add directio support for qla drivers (herb) [ora 6346849]\n- support PT Quad card [ora 5751043]\n- [ora 5088963]: io to nfs partition hangs\n- add entropy for bnx2 nic [ora 5931647]\n- avoid large allocation-fragmentation in MTU (zab)\n- fix clear highpage (wli)\n[kernel-2.4.21-57.EL]\n- Update: Fix race condition in dnotify() (Al Viro) [439755 443436] {CVE-2008-1375 CVE-2008-1669}\n[kernel-2.4.21-56.EL]\n- Fix race condition in dnotify() (Al Viro) [439755] {CVE-2008-1375}\n- Fix machine check error on Clovertown G0 (Geoff Gustafson) [430924]\n- Fix unaligned handler for FP instructions (Don Howard) [430919]\n[kernel-2.4.21-55.EL]\n- Fix race condition in sys_mincore() (Don Howard) [247595] {CVE-2006-4814}\n- Fix panic with AIO writes to pipes (Josef Bacik) [311621] {CVE-2007-5001}\n- Fix error with coredump ownership (Don Howard) [396961] {CVE-2007-6206}\n- Fix potential buffer overrun issue in isdn_ioctl (Don Howad) [425141] {CVE-2007-6151}\n- Fix potential DoS with mremap (Don Howard) [428967] {CVE-2008-0007}\n- Clear df flag for signal handlers (Don Howard) [437313] {CVE-2008-1367}\n[kernel-2.4.21-54.EL]\n- Fix hang at unmount with many unused dentries (Josef Bacik) [413731]", "published": "2008-05-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0211.html", "cvelist": ["CVE-2008-1669", "CVE-2006-4814", "CVE-2007-6151", "CVE-2008-1375", "CVE-2008-0007", "CVE-2007-5001", "CVE-2007-6206", "CVE-2008-1367"], "lastseen": "2016-09-04T11:16:21"}], "debian": [{"id": "DSA-1630", "type": "debian", "title": "linux-2.6 -- denial of service/information leak", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-6282](<https://security-tracker.debian.org/tracker/CVE-2007-6282>)\n\nDirk Nehring discovered a vulnerability in the IPsec code that allows remote users to cause a denial of service by sending a specially crafted ESP packet.\n\n * [CVE-2008-0598](<https://security-tracker.debian.org/tracker/CVE-2008-0598>)\n\nTavis Ormandy discovered a vulnerability that allows local users to access uninitialized kernel memory, possibly leaking sensitive data. This issue is specific to the amd64-flavour kernel images.\n\n * [CVE-2008-2729](<https://security-tracker.debian.org/tracker/CVE-2008-2729>)\n\nAndi Kleen discovered an issue where uninitialized kernel memory was being leaked to userspace during an exception. This issue may allow local users to gain access to sensitive data. Only the amd64-flavour Debian kernel images are affected.\n\n * [CVE-2008-2812](<https://security-tracker.debian.org/tracker/CVE-2008-2812>)\n\nAlan Cox discovered an issue in multiple tty drivers that allows local users to trigger a denial of service (NULL pointer dereference) and possibly obtain elevated privileges.\n\n * [CVE-2008-2826](<https://security-tracker.debian.org/tracker/CVE-2008-2826>)\n\nGabriel Campana discovered an integer overflow in the sctp code that can be exploited by local users to cause a denial of service.\n\n * [CVE-2008-2931](<https://security-tracker.debian.org/tracker/CVE-2008-2931>)\n\nMiklos Szeredi reported a missing privilege check in the do_change_type() function. This allows local, unprivileged users to change the properties of mount points.\n\n * [CVE-2008-3272](<https://security-tracker.debian.org/tracker/CVE-2008-3272>)\n\nTobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information.\n\n * [CVE-2008-3275](<https://security-tracker.debian.org/tracker/CVE-2008-3275>)\n\nZoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service.\n\nFor the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-22etch2.\n\nWe recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages.", "published": "2008-08-21T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1630", "cvelist": ["CVE-2008-3272", "CVE-2007-6282", "CVE-2008-2826", "CVE-2008-0598", "CVE-2008-2729", "CVE-2008-2931", "CVE-2008-3275", "CVE-2008-2812"], "lastseen": "2016-09-02T18:24:53"}, {"id": "DSA-1069", "type": "debian", "title": "kernel-source-2.4.18 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2004-0427](<https://security-tracker.debian.org/tracker/CVE-2004-0427>)\n\nA local denial of service vulnerability in do_fork() has been found.\n\n * [CVE-2005-0489](<https://security-tracker.debian.org/tracker/CVE-2005-0489>)\n\nA local denial of service vulnerability in proc memory handling has been found.\n\n * [CVE-2004-0394](<https://security-tracker.debian.org/tracker/CVE-2004-0394>)\n\nA buffer overflow in the panic handling code has been found.\n\n * [CVE-2004-0447](<https://security-tracker.debian.org/tracker/CVE-2004-0447>)\n\nA local denial of service vulnerability through a null pointer dereference in the IA64 process handling code has been found.\n\n * [CVE-2004-0554](<https://security-tracker.debian.org/tracker/CVE-2004-0554>)\n\nA local denial of service vulnerability through an infinite loop in the signal handler code has been found.\n\n * [CVE-2004-0565](<https://security-tracker.debian.org/tracker/CVE-2004-0565>)\n\nAn information leak in the context switch code has been found on the IA64 architecture.\n\n * [CVE-2004-0685](<https://security-tracker.debian.org/tracker/CVE-2004-0685>)\n\nUnsafe use of copy_to_user in USB drivers may disclose sensitive information.\n\n * [CVE-2005-0001](<https://security-tracker.debian.org/tracker/CVE-2005-0001>)\n\nA race condition in the i386 page fault handler may allow privilege escalation.\n\n * [CVE-2004-0883](<https://security-tracker.debian.org/tracker/CVE-2004-0883>)\n\nMultiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure.\n\n * [CVE-2004-0949](<https://security-tracker.debian.org/tracker/CVE-2004-0949>)\n\nAn information leak discovered in the SMB filesystem code.\n\n * [CVE-2004-1016](<https://security-tracker.debian.org/tracker/CVE-2004-1016>)\n\nA local denial of service vulnerability has been found in the SCM layer.\n\n * [CVE-2004-1333](<https://security-tracker.debian.org/tracker/CVE-2004-1333>)\n\nAn integer overflow in the terminal code may allow a local denial of service vulnerability.\n\n * [CVE-2004-0997](<https://security-tracker.debian.org/tracker/CVE-2004-0997>)\n\nA local privilege escalation in the MIPS assembly code has been found.\n\n * [CVE-2004-1335](<https://security-tracker.debian.org/tracker/CVE-2004-1335>)\n\nA memory leak in the ip_options_get() function may lead to denial of service.\n\n * [CVE-2004-1017](<https://security-tracker.debian.org/tracker/CVE-2004-1017>)\n\nMultiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector.\n\n * [CVE-2005-0124](<https://security-tracker.debian.org/tracker/CVE-2005-0124>)\n\nBryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack.\n\n * [CVE-2003-0984](<https://security-tracker.debian.org/tracker/CVE-2003-0984>)\n\nInproper initialization of the RTC may disclose information.\n\n * [CVE-2004-1070](<https://security-tracker.debian.org/tracker/CVE-2004-1070>)\n\nInsufficient input sanitising in the load_elf_binary() function may lead to privilege escalation.\n\n * [CVE-2004-1071](<https://security-tracker.debian.org/tracker/CVE-2004-1071>)\n\nIncorrect error handling in the binfmt_elf loader may lead to privilege escalation.\n\n * [CVE-2004-1072](<https://security-tracker.debian.org/tracker/CVE-2004-1072>)\n\nA buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service.\n\n * [CVE-2004-1073](<https://security-tracker.debian.org/tracker/CVE-2004-1073>)\n\nThe open_exec function may disclose information.\n\n * [CVE-2004-1074](<https://security-tracker.debian.org/tracker/CVE-2004-1074>)\n\nThe binfmt code is vulnerable to denial of service through malformed a.out binaries.\n\n * [CVE-2004-0138](<https://security-tracker.debian.org/tracker/CVE-2004-0138>)\n\nA denial of service vulnerability in the ELF loader has been found.\n\n * [CVE-2004-1068](<https://security-tracker.debian.org/tracker/CVE-2004-1068>)\n\nA programming error in the unix_dgram_recvmsg() function may lead to privilege escalation.\n\n * [CVE-2004-1234](<https://security-tracker.debian.org/tracker/CVE-2004-1234>)\n\nThe ELF loader is vulnerable to denial of service through malformed binaries.\n\n * [CVE-2005-0003](<https://security-tracker.debian.org/tracker/CVE-2005-0003>)\n\nCrafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions.\n\n * [CVE-2004-1235](<https://security-tracker.debian.org/tracker/CVE-2004-1235>)\n\nA race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation.\n\n * [CVE-2005-0504](<https://security-tracker.debian.org/tracker/CVE-2005-0504>)\n\nAn integer overflow in the Moxa driver may lead to privilege escalation.\n\n * [CVE-2005-0384](<https://security-tracker.debian.org/tracker/CVE-2005-0384>)\n\nA remote denial of service vulnerability has been found in the PPP driver.\n\n * [CVE-2005-0135](<https://security-tracker.debian.org/tracker/CVE-2005-0135>)\n\nAn IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function.\n\nThe following matrix explains which kernel version for which architecture fixes the problems mentioned above:\n\n| Debian 3.0 (woody) \n---|--- \nSource | 2.4.18-14.4 \nAlpha architecture | 2.4.18-15woody1 \nIntel IA-32 architecture | 2.4.18-13.2 \nHP Precision architecture | 62.4 \nPowerPC architecture | 2.4.18-1woody6 \nPowerPC architecture/XFS | 20020329woody1 \nPowerPC architecture/benh | 20020304woody1 \nSun Sparc architecture | 22woody1 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine.", "published": "2006-05-20T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1069", "cvelist": ["CVE-2004-1235", "CVE-2005-0003", "CVE-2005-0135", "CVE-2004-0138", "CVE-2004-1333", "CVE-2005-0489", "CVE-2005-0124", "CVE-2004-0685", "CVE-2004-1071", "CVE-2005-0504", "CVE-2004-1234", "CVE-2003-0984", "CVE-2004-1072", "CVE-2004-0447", "CVE-2004-1335", "CVE-2004-0394", "CVE-2004-0883", "CVE-2004-0565", "CVE-2005-0384", "CVE-2004-0997", "CVE-2004-0427", "CVE-2004-1070", "CVE-2004-0554", "CVE-2004-1017", "CVE-2004-0949", "CVE-2004-1068", "CVE-2004-1074", "CVE-2005-0001", "CVE-2004-1073", "CVE-2004-1016"], "lastseen": "2016-09-02T18:30:05"}, {"id": "DSA-1070", "type": "debian", "title": "kernel-source-2.4.19 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2004-0427](<https://security-tracker.debian.org/tracker/CVE-2004-0427>)\n\nA local denial of service vulnerability in do_fork() has been found.\n\n * [CVE-2005-0489](<https://security-tracker.debian.org/tracker/CVE-2005-0489>)\n\nA local denial of service vulnerability in proc memory handling has been found.\n\n * [CVE-2004-0394](<https://security-tracker.debian.org/tracker/CVE-2004-0394>)\n\nA buffer overflow in the panic handling code has been found.\n\n * [CVE-2004-0447](<https://security-tracker.debian.org/tracker/CVE-2004-0447>)\n\nA local denial of service vulnerability through a null pointer dereference in the IA64 process handling code has been found.\n\n * [CVE-2004-0554](<https://security-tracker.debian.org/tracker/CVE-2004-0554>)\n\nA local denial of service vulnerability through an infinite loop in the signal handler code has been found.\n\n * [CVE-2004-0565](<https://security-tracker.debian.org/tracker/CVE-2004-0565>)\n\nAn information leak in the context switch code has been found on the IA64 architecture.\n\n * [CVE-2004-0685](<https://security-tracker.debian.org/tracker/CVE-2004-0685>)\n\nUnsafe use of copy_to_user in USB drivers may disclose sensitive information.\n\n * [CVE-2005-0001](<https://security-tracker.debian.org/tracker/CVE-2005-0001>)\n\nA race condition in the i386 page fault handler may allow privilege escalation.\n\n * [CVE-2004-0883](<https://security-tracker.debian.org/tracker/CVE-2004-0883>)\n\nMultiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure.\n\n * [CVE-2004-0949](<https://security-tracker.debian.org/tracker/CVE-2004-0949>)\n\nAn information leak discovered in the SMB filesystem code.\n\n * [CVE-2004-1016](<https://security-tracker.debian.org/tracker/CVE-2004-1016>)\n\nA local denial of service vulnerability has been found in the SCM layer.\n\n * [CVE-2004-1333](<https://security-tracker.debian.org/tracker/CVE-2004-1333>)\n\nAn integer overflow in the terminal code may allow a local denial of service vulnerability.\n\n * [CVE-2004-0997](<https://security-tracker.debian.org/tracker/CVE-2004-0997>)\n\nA local privilege escalation in the MIPS assembly code has been found.\n\n * [CVE-2004-1335](<https://security-tracker.debian.org/tracker/CVE-2004-1335>)\n\nA memory leak in the ip_options_get() function may lead to denial of service.\n\n * [CVE-2004-1017](<https://security-tracker.debian.org/tracker/CVE-2004-1017>)\n\nMultiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector.\n\n * [CVE-2005-0124](<https://security-tracker.debian.org/tracker/CVE-2005-0124>)\n\nBryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack.\n\n * [CVE-2003-0984](<https://security-tracker.debian.org/tracker/CVE-2003-0984>)\n\nInproper initialization of the RTC may disclose information.\n\n * [CVE-2004-1070](<https://security-tracker.debian.org/tracker/CVE-2004-1070>)\n\nInsufficient input sanitising in the load_elf_binary() function may lead to privilege escalation.\n\n * [CVE-2004-1071](<https://security-tracker.debian.org/tracker/CVE-2004-1071>)\n\nIncorrect error handling in the binfmt_elf loader may lead to privilege escalation.\n\n * [CVE-2004-1072](<https://security-tracker.debian.org/tracker/CVE-2004-1072>)\n\nA buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service.\n\n * [CVE-2004-1073](<https://security-tracker.debian.org/tracker/CVE-2004-1073>)\n\nThe open_exec function may disclose information.\n\n * [CVE-2004-1074](<https://security-tracker.debian.org/tracker/CVE-2004-1074>)\n\nThe binfmt code is vulnerable to denial of service through malformed a.out binaries.\n\n * [CVE-2004-0138](<https://security-tracker.debian.org/tracker/CVE-2004-0138>)\n\nA denial of service vulnerability in the ELF loader has been found.\n\n * [CVE-2004-1068](<https://security-tracker.debian.org/tracker/CVE-2004-1068>)\n\nA programming error in the unix_dgram_recvmsg() function may lead to privilege escalation.\n\n * [CVE-2004-1234](<https://security-tracker.debian.org/tracker/CVE-2004-1234>)\n\nThe ELF loader is vulnerable to denial of service through malformed binaries.\n\n * [CVE-2005-0003](<https://security-tracker.debian.org/tracker/CVE-2005-0003>)\n\nCrafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions.\n\n * [CVE-2004-1235](<https://security-tracker.debian.org/tracker/CVE-2004-1235>)\n\nA race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation.\n\n * [CVE-2005-0504](<https://security-tracker.debian.org/tracker/CVE-2005-0504>)\n\nAn integer overflow in the Moxa driver may lead to privilege escalation.\n\n * [CVE-2005-0384](<https://security-tracker.debian.org/tracker/CVE-2005-0384>)\n\nA remote denial of service vulnerability has been found in the PPP driver.\n\n * [CVE-2005-0135](<https://security-tracker.debian.org/tracker/CVE-2005-0135>)\n\nAn IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function.\n\nThe following matrix explains which kernel version for which architecture fixes the problems mentioned above:\n\n| Debian 3.0 (woody) \n---|--- \nSource | 2.4.19-4 \nSun Sparc architecture | 26woody1 \nLittle endian MIPS architecture| 0.020911.1.woody5 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine.", "published": "2006-05-21T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1070", "cvelist": ["CVE-2004-1235", "CVE-2005-0003", "CVE-2005-0135", "CVE-2004-0138", "CVE-2004-1333", "CVE-2005-0489", "CVE-2005-0124", "CVE-2004-0685", "CVE-2004-1071", "CVE-2005-0504", "CVE-2004-1234", "CVE-2003-0984", "CVE-2004-1072", "CVE-2004-0447", "CVE-2004-1335", "CVE-2004-0394", "CVE-2004-0883", "CVE-2004-0565", "CVE-2005-0384", "CVE-2004-0997", "CVE-2004-0427", "CVE-2004-1070", "CVE-2004-0554", "CVE-2004-1017", "CVE-2004-0949", "CVE-2004-1068", "CVE-2004-1074", "CVE-2005-0001", "CVE-2004-1073", "CVE-2004-1016"], "lastseen": "2016-09-02T18:25:15"}, {"id": "DSA-1082", "type": "debian", "title": "kernel-source-2.4.17 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2004-0427](<https://security-tracker.debian.org/tracker/CVE-2004-0427>)\n\nA local denial of service vulnerability in do_fork() has been found.\n\n * [CVE-2005-0489](<https://security-tracker.debian.org/tracker/CVE-2005-0489>)\n\nA local denial of service vulnerability in proc memory handling has been found.\n\n * [CVE-2004-0394](<https://security-tracker.debian.org/tracker/CVE-2004-0394>)\n\nA buffer overflow in the panic handling code has been found.\n\n * [CVE-2004-0447](<https://security-tracker.debian.org/tracker/CVE-2004-0447>)\n\nA local denial of service vulnerability through a null pointer dereference in the IA64 process handling code has been found.\n\n * [CVE-2004-0554](<https://security-tracker.debian.org/tracker/CVE-2004-0554>)\n\nA local denial of service vulnerability through an infinite loop in the signal handler code has been found.\n\n * [CVE-2004-0565](<https://security-tracker.debian.org/tracker/CVE-2004-0565>)\n\nAn information leak in the context switch code has been found on the IA64 architecture.\n\n * [CVE-2004-0685](<https://security-tracker.debian.org/tracker/CVE-2004-0685>)\n\nUnsafe use of copy_to_user in USB drivers may disclose sensitive information.\n\n * [CVE-2005-0001](<https://security-tracker.debian.org/tracker/CVE-2005-0001>)\n\nA race condition in the i386 page fault handler may allow privilege escalation.\n\n * [CVE-2004-0883](<https://security-tracker.debian.org/tracker/CVE-2004-0883>)\n\nMultiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure.\n\n * [CVE-2004-0949](<https://security-tracker.debian.org/tracker/CVE-2004-0949>)\n\nAn information leak discovered in the SMB filesystem code.\n\n * [CVE-2004-1016](<https://security-tracker.debian.org/tracker/CVE-2004-1016>)\n\nA local denial of service vulnerability has been found in the SCM layer.\n\n * [CVE-2004-1333](<https://security-tracker.debian.org/tracker/CVE-2004-1333>)\n\nAn integer overflow in the terminal code may allow a local denial of service vulnerability.\n\n * [CVE-2004-0997](<https://security-tracker.debian.org/tracker/CVE-2004-0997>)\n\nA local privilege escalation in the MIPS assembly code has been found.\n\n * [CVE-2004-1335](<https://security-tracker.debian.org/tracker/CVE-2004-1335>)\n\nA memory leak in the ip_options_get() function may lead to denial of service.\n\n * [CVE-2004-1017](<https://security-tracker.debian.org/tracker/CVE-2004-1017>)\n\nMultiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector.\n\n * [CVE-2005-0124](<https://security-tracker.debian.org/tracker/CVE-2005-0124>)\n\nBryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack.\n\n * [CVE-2003-0984](<https://security-tracker.debian.org/tracker/CVE-2003-0984>)\n\nInproper initialization of the RTC may disclose information.\n\n * [CVE-2004-1070](<https://security-tracker.debian.org/tracker/CVE-2004-1070>)\n\nInsufficient input sanitising in the load_elf_binary() function may lead to privilege escalation.\n\n * [CVE-2004-1071](<https://security-tracker.debian.org/tracker/CVE-2004-1071>)\n\nIncorrect error handling in the binfmt_elf loader may lead to privilege escalation.\n\n * [CVE-2004-1072](<https://security-tracker.debian.org/tracker/CVE-2004-1072>)\n\nA buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service.\n\n * [CVE-2004-1073](<https://security-tracker.debian.org/tracker/CVE-2004-1073>)\n\nThe open_exec function may disclose information.\n\n * [CVE-2004-1074](<https://security-tracker.debian.org/tracker/CVE-2004-1074>)\n\nThe binfmt code is vulnerable to denial of service through malformed a.out binaries.\n\n * [CVE-2004-0138](<https://security-tracker.debian.org/tracker/CVE-2004-0138>)\n\nA denial of service vulnerability in the ELF loader has been found.\n\n * [CVE-2004-1068](<https://security-tracker.debian.org/tracker/CVE-2004-1068>)\n\nA programming error in the unix_dgram_recvmsg() function may lead to privilege escalation.\n\n * [CVE-2004-1234](<https://security-tracker.debian.org/tracker/CVE-2004-1234>)\n\nThe ELF loader is vulnerable to denial of service through malformed binaries.\n\n * [CVE-2005-0003](<https://security-tracker.debian.org/tracker/CVE-2005-0003>)\n\nCrafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions.\n\n * [CVE-2004-1235](<https://security-tracker.debian.org/tracker/CVE-2004-1235>)\n\nA race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation.\n\n * [CVE-2005-0504](<https://security-tracker.debian.org/tracker/CVE-2005-0504>)\n\nAn integer overflow in the Moxa driver may lead to privilege escalation.\n\n * [CVE-2005-0384](<https://security-tracker.debian.org/tracker/CVE-2005-0384>)\n\nA remote denial of service vulnerability has been found in the PPP driver.\n\n * [CVE-2005-0135](<https://security-tracker.debian.org/tracker/CVE-2005-0135>)\n\nAn IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function.\n\nThe following matrix explains which kernel version for which architecture fixes the problems mentioned above:\n\n| Debian 3.1 (sarge) \n---|--- \nSource | 2.4.17-1woody4 \nHP Precision architecture | 32.5 \nIntel IA-64 architecture | 011226.18 \nIBM S/390 architecture/image| 2.4.17-2.woody.5 \nIBM S/390 architecture/patch| 0.0.20020816-0.woody.4 \nPowerPC architecture (apus) | 2.4.17-6 \nMIPS architecture | 2.4.17-0.020226.2.woody7 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine.", "published": "2006-05-29T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1082", "cvelist": ["CVE-2004-1235", "CVE-2005-0003", "CVE-2005-0135", "CVE-2004-0138", "CVE-2004-1333", "CVE-2005-0489", "CVE-2005-0124", "CVE-2004-0685", "CVE-2004-1071", "CVE-2005-0504", "CVE-2004-1234", "CVE-2003-0984", "CVE-2004-1072", "CVE-2004-0447", "CVE-2004-1335", "CVE-2004-0394", "CVE-2004-0883", "CVE-2004-0565", "CVE-2005-0384", "CVE-2004-0997", "CVE-2004-0427", "CVE-2004-1070", "CVE-2004-0554", "CVE-2004-1017", "CVE-2004-0949", "CVE-2004-1068", "CVE-2004-1074", "CVE-2005-0001", "CVE-2004-1073", "CVE-2004-1016"], "lastseen": "2016-09-02T18:24:32"}, {"id": "DSA-1067", "type": "debian", "title": "kernel-source-2.4.16 -- several vulnerabilities", "description": "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2004-0427](<https://security-tracker.debian.org/tracker/CVE-2004-0427>)\n\nA local denial of service vulnerability in do_fork() has been found.\n\n * [CVE-2005-0489](<https://security-tracker.debian.org/tracker/CVE-2005-0489>)\n\nA local denial of service vulnerability in proc memory handling has been found.\n\n * [CVE-2004-0394](<https://security-tracker.debian.org/tracker/CVE-2004-0394>)\n\nA buffer overflow in the panic handling code has been found.\n\n * [CVE-2004-0447](<https://security-tracker.debian.org/tracker/CVE-2004-0447>)\n\nA local denial of service vulnerability through a null pointer dereference in the IA64 process handling code has been found.\n\n * [CVE-2004-0554](<https://security-tracker.debian.org/tracker/CVE-2004-0554>)\n\nA local denial of service vulnerability through an infinite loop in the signal handler code has been found.\n\n * [CVE-2004-0565](<https://security-tracker.debian.org/tracker/CVE-2004-0565>)\n\nAn information leak in the context switch code has been found on the IA64 architecture.\n\n * [CVE-2004-0685](<https://security-tracker.debian.org/tracker/CVE-2004-0685>)\n\nUnsafe use of copy_to_user in USB drivers may disclose sensitive information.\n\n * [CVE-2005-0001](<https://security-tracker.debian.org/tracker/CVE-2005-0001>)\n\nA race condition in the i386 page fault handler may allow privilege escalation.\n\n * [CVE-2004-0883](<https://security-tracker.debian.org/tracker/CVE-2004-0883>)\n\nMultiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure.\n\n * [CVE-2004-0949](<https://security-tracker.debian.org/tracker/CVE-2004-0949>)\n\nAn information leak discovered in the SMB filesystem code.\n\n * [CVE-2004-1016](<https://security-tracker.debian.org/tracker/CVE-2004-1016>)\n\nA local denial of service vulnerability has been found in the SCM layer.\n\n * [CVE-2004-1333](<https://security-tracker.debian.org/tracker/CVE-2004-1333>)\n\nAn integer overflow in the terminal code may allow a local denial of service vulnerability.\n\n * [CVE-2004-0997](<https://security-tracker.debian.org/tracker/CVE-2004-0997>)\n\nA local privilege escalation in the MIPS assembly code has been found.\n\n * [CVE-2004-1335](<https://security-tracker.debian.org/tracker/CVE-2004-1335>)\n\nA memory leak in the ip_options_get() function may lead to denial of service.\n\n * [CVE-2004-1017](<https://security-tracker.debian.org/tracker/CVE-2004-1017>)\n\nMultiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector.\n\n * [CVE-2005-0124](<https://security-tracker.debian.org/tracker/CVE-2005-0124>)\n\nBryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack.\n\n * [CVE-2003-0984](<https://security-tracker.debian.org/tracker/CVE-2003-0984>)\n\nInproper initialization of the RTC may disclose information.\n\n * [CVE-2004-1070](<https://security-tracker.debian.org/tracker/CVE-2004-1070>)\n\nInsufficient input sanitising in the load_elf_binary() function may lead to privilege escalation.\n\n * [CVE-2004-1071](<https://security-tracker.debian.org/tracker/CVE-2004-1071>)\n\nIncorrect error handling in the binfmt_elf loader may lead to privilege escalation.\n\n * [CVE-2004-1072](<https://security-tracker.debian.org/tracker/CVE-2004-1072>)\n\nA buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service.\n\n * [CVE-2004-1073](<https://security-tracker.debian.org/tracker/CVE-2004-1073>)\n\nThe open_exec function may disclose information.\n\n * [CVE-2004-1074](<https://security-tracker.debian.org/tracker/CVE-2004-1074>)\n\nThe binfmt code is vulnerable to denial of service through malformed a.out binaries.\n\n * [CVE-2004-0138](<https://security-tracker.debian.org/tracker/CVE-2004-0138>)\n\nA denial of service vulnerability in the ELF loader has been found.\n\n * [CVE-2004-1068](<https://security-tracker.debian.org/tracker/CVE-2004-1068>)\n\nA programming error in the unix_dgram_recvmsg() function may lead to privilege escalation.\n\n * [CVE-2004-1234](<https://security-tracker.debian.org/tracker/CVE-2004-1234>)\n\nThe ELF loader is vulnerable to denial of service through malformed binaries.\n\n * [CVE-2005-0003](<https://security-tracker.debian.org/tracker/CVE-2005-0003>)\n\nCrafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions.\n\n * [CVE-2004-1235](<https://security-tracker.debian.org/tracker/CVE-2004-1235>)\n\nA race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation.\n\n * [CVE-2005-0504](<https://security-tracker.debian.org/tracker/CVE-2005-0504>)\n\nAn integer overflow in the Moxa driver may lead to privilege escalation.\n\n * [CVE-2005-0384](<https://security-tracker.debian.org/tracker/CVE-2005-0384>)\n\nA remote denial of service vulnerability has been found in the PPP driver.\n\n * [CVE-2005-0135](<https://security-tracker.debian.org/tracker/CVE-2005-0135>)\n\nAn IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function.\n\nThe following matrix explains which kernel version for which architecture fixes the problems mentioned above:\n\n| Debian 3.0 (woody) \n---|--- \nSource | 2.4.16-1woody2 \narm/lart | 20040419woody1 \narm/netwinder | 20040419woody1 \narm/riscpc | 20040419woody1 \n \nWe recommend that you upgrade your kernel package immediately and reboot the machine.", "published": "2006-05-20T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1067", "cvelist": ["CVE-2004-1235", "CVE-2005-0003", "CVE-2005-0135", "CVE-2004-0138", "CVE-2004-1333", "CVE-2005-0489", "CVE-2005-0124", "CVE-2004-0685", "CVE-2004-1071", "CVE-2005-0504", "CVE-2004-1234", "CVE-2003-0984", "CVE-2004-1072", "CVE-2004-0447", "CVE-2004-1335", "CVE-2004-0394", "CVE-2004-0883", "CVE-2004-0565", "CVE-2005-0384", "CVE-2004-0997", "CVE-2004-0427", "CVE-2004-1070", "CVE-2004-0554", "CVE-2004-1017", "CVE-2004-0949", "CVE-2004-1068", "CVE-2004-1074", "CVE-2005-0001", "CVE-2004-1073", "CVE-2004-1016"], "lastseen": "2016-09-02T18:35:42"}, {"id": "DSA-1592", "type": "debian", "title": "linux-2.6 -- heap overflow", "description": "Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2008-1673](<https://security-tracker.debian.org/tracker/CVE-2008-1673>)\n\nWei Wang from McAfee reported a potential heap overflow in the ASN.1 decode code that is used by the SNMP NAT and CIFS subsystem. Exploitation of this issue may lead to arbitrary code execution. This issue is not believed to be exploitable with the pre-built kernel images provided by Debian, but it might be an issue for custom images built from the Debian-provided source package.\n\n * [CVE-2008-2358](<https://security-tracker.debian.org/tracker/CVE-2008-2358>)\n\nBrandon Edwards of McAfee Avert labs discovered an issue in the DCCP subsystem. Due to missing feature length checks it is possible to cause an overflow that may result in remote arbitrary code execution.\n\nFor the stable distribution (etch) these problems have been fixed in version 2.6.18.dfsg.1-18etch6.\n\nWe recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages.", "published": "2008-06-09T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1592", "cvelist": ["CVE-2008-2358", "CVE-2008-1673"], "lastseen": "2016-09-02T18:25:01"}], "vmware": [{"id": "VMSA-2009-0014", "type": "vmware", "title": "VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues", "description": "a. Service Console update for DHCP and third party library update for DHCP client. \n \nDHCP is an Internet-standard protocol by which a computer can be \nconnected to a local network, ask to be given configuration \ninformation, and receive from a server enough information to \nconfigure itself as a member of that network.\n\n \nA stack-based buffer overflow in the script_write_params method in \nISC DHCP dhclient allows remote DHCP servers to execute arbitrary \ncode via a crafted subnet-mask option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-0692 to this issue.\n\n \nAn insecure temporary file use flaw was discovered in the DHCP \ndaemon's init script (\"/etc/init.d/dhcpd\"). A local attacker could \nuse this flaw to overwrite an arbitrary file with the output of the \n\"dhcpd -t\" command via a symbolic link attack, if a system \nadministrator executed the DHCP init script with the \"configtest\", \n\"restart\", or \"reload\" option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-1893 to this issue.\n\n \nThe following table lists what action remediates the vulnerability \nin the Service Console (column 4) if a solution is available. \n\n", "published": "2009-10-16T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2009-0014.html", "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2008-2136", "CVE-2009-1096", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-1097", "CVE-2008-5341", "CVE-2008-0598", "CVE-2008-5340", "CVE-2009-1893", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-3525", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2009-1100", "CVE-2008-5342", "CVE-2008-5353", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-0692", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-1103", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-1101", "CVE-2008-4210", "CVE-2008-3275", "CVE-2009-1107", "CVE-2007-6063", "CVE-2009-1102", "CVE-2008-5351", "CVE-2008-2812", "CVE-2009-1105"], "lastseen": "2016-09-04T11:19:34"}, {"id": "VMSA-2008-0011", "type": "vmware", "title": "Updated ESX service console packages for Samba and vmnix", "description": "I Service Console rpm updates \n \na. Security Update to Service Console Kernel \nThis fix upgrades service console kernel version to 2.4.21-57.EL. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, \nCVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and \nCVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL. \n\n", "published": "2008-07-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2008-0011.html", "cvelist": ["CVE-2008-1669", "CVE-2006-4814", "CVE-2007-6151", "CVE-2008-1375", "CVE-2008-0007", "CVE-2007-5001", "CVE-2007-6206", "CVE-2008-1105", "CVE-2008-1367"], "lastseen": "2016-09-04T11:19:31"}], "osvdb": [{"id": "OSVDB:12837", "type": "osvdb", "title": "Linux Kernel MOXA Serial Driver Overflow", "description": "## Vulnerability Description\nA local overflow exists in the Linux kernel. The MoxaDriverIoctl() function fails to validate user-supplied data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA local overflow exists in the Linux kernel. The MoxaDriverIoctl() function fails to validate user-supplied data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.kernel.org/\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1067)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1069)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1070)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1082)\nSecurity Tracker: 1013273\n[Secunia Advisory ID:13784](https://secuniaresearch.flexerasoftware.com/advisories/13784/)\n[Secunia Advisory ID:17002](https://secuniaresearch.flexerasoftware.com/advisories/17002/)\n[Secunia Advisory ID:16570](https://secuniaresearch.flexerasoftware.com/advisories/16570/)\n[Secunia Advisory ID:20162](https://secuniaresearch.flexerasoftware.com/advisories/20162/)\n[Secunia Advisory ID:16571](https://secuniaresearch.flexerasoftware.com/advisories/16571/)\n[Secunia Advisory ID:20163](https://secuniaresearch.flexerasoftware.com/advisories/20163/)\n[Secunia Advisory ID:26651](https://secuniaresearch.flexerasoftware.com/advisories/26651/)\n[Secunia Advisory ID:14710](https://secuniaresearch.flexerasoftware.com/advisories/14710/)\n[Secunia Advisory ID:20202](https://secuniaresearch.flexerasoftware.com/advisories/20202/)\n[Secunia Advisory ID:20338](https://secuniaresearch.flexerasoftware.com/advisories/20338/)\n[Related OSVDB ID: 12836](https://vulners.com/osvdb/OSVDB:12836)\n[Related OSVDB ID: 12838](https://vulners.com/osvdb/OSVDB:12838)\n[Related OSVDB ID: 12835](https://vulners.com/osvdb/OSVDB:12835)\nRedHat RHSA: RHSA-2005:663\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-551.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-508-1\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_18_kernel.html\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-529.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0225.html\nISS X-Force ID: 18821\n[CVE-2005-0504](https://vulners.com/cve/CVE-2005-0504)\nBugtraq ID: 12195\n", "published": "2005-01-07T07:33:09", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:12837", "cvelist": ["CVE-2005-0504"], "lastseen": "2017-04-28T13:20:08"}], "exploitdb": [{"id": "EDB-ID:31966", "type": "exploitdb", "title": "Linux Kernel - utrace and ptrace Local Denial of Service Vulnerability 2", "description": "Linux Kernel utrace and ptrace Local Denial of Service Vulnerability (2). CVE-2008-2365. Dos exploit for linux platform", "published": "2008-06-25T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/31966/", "cvelist": ["CVE-2008-2365"], "lastseen": "2016-02-03T15:53:13"}, {"id": "EDB-ID:31965", "type": "exploitdb", "title": "Linux Kernel - utrace and ptrace Local Denial of Service Vulnerability 1", "description": "Linux Kernel utrace and ptrace Local Denial of Service Vulnerability (1). CVE-2008-2365. Dos exploit for linux platform", "published": "2008-06-25T00:00:00", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/31965/", "cvelist": ["CVE-2008-2365"], "lastseen": "2016-02-03T15:53:05"}], "seebug": [{"id": "SSV-85279", "type": "seebug", "title": "Linux Kernel utrace and ptrace Local Denial of Service Vulnerability (2)", "description": "Summary: \nLinux kernel 2.6.9 to 2. 6. 25 the ptrace and utrace support in the conditions of competition, when in the Red Hat Enterprise Linux (RHEL) 4 running, will allow the local user through a long PTRACE_ATTACH ptrace calls to other users of the program, has caused a denial of service(online the object of the temporary wiring system). The program will trigger utrace_detach and report_quiescent between the conflict. The vulnerability with the \"late ptrace_may_attach() check\" and \"race around &dead;_engine_ops setting,\" concerned, different from CVE-2007-0771 and CVE-2008-1514\u3002 Note: the vulnerability may only affect the 2. 6. 16. x before the kernel version.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-85279", "cvelist": ["CVE-2008-1514", "CVE-2008-2365", "CVE-2007-0771"], "lastseen": "2016-07-27T00:54:57"}, {"id": "SSV-85278", "type": "seebug", "title": "Linux Kernel utrace and ptrace Local Denial of Service Vulnerability (1)", "description": "Summary: \nLinux kernel 2.6.9 to 2. 6. 25 the ptrace and utrace support in the conditions of competition, when in the Red Hat Enterprise Linux (RHEL) 4 running, will allow the local user through a long PTRACE_ATTACH ptrace calls to other users of the program, has caused a denial of service(online the object of the temporary wiring system). The program will trigger utrace_detach and report_quiescent between the conflict. The vulnerability with the \"late ptrace_may_attach() check\" and \"race around &dead;_engine_ops setting,\" concerned, different from CVE-2007-0771 and CVE-2008-1514\u3002 Note: the vulnerability may only affect the 2. 6. 16. x before the kernel version.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-85278", "cvelist": ["CVE-2008-1514", "CVE-2008-2365", "CVE-2007-0771"], "lastseen": "2016-07-27T00:28:54"}]}}