OracleELSA-2011-0263Oracle Linux 4.9 kernel security and bug fix update
0.017 Low
EPSS
Percentile
86.4%
[2.6.9-100]
-cxgb3: prevent reading uninitialized stack memory to fix xgb_extension_ioctl infoleak (Eugene Teo) [633153] {CVE-2010-3296}
-mlx4: disable MSI-X by default (Andy Gospodarek) [530596]
-ext3: call fs invalidatepage instead of block_invalidatepage (Josef Bacik) [488611]
-av7110: check for negative array offset (Mauro Carvalho Chehab) [672400] {CVE-2011-0521}
-ext3: don not dirty unmapped data buffers (Josef Bacik) [488611]
-net: clear heap allocations for privileged ethtool actions (Jiri Pirko) [672431] {CVE-2010-4655}
[2.6.9-99]
-bonding: fix active backup failover due to jiffie wrap (Andy Gospodarek) [641112]
[2.6.9-98]
-sound: fix a buffer overflow in the oss mixer (David Howells) [667619] {CVE-2010-4527}
[2.6.9-97]
-fs: fix filesystem corruption on ext2 (Alexander Viro) [662839]
-sky2: fix oops in sky2_xmit_frame after tx timeout (Don Howard) [614559]
-netdump: fix netdump failures on large memory systems (Neil Horman) [488557]
[2.6.9-96]
-usb: ehci amd periodic frame list table quirk (Don Zickus) [651334]
-fs: truncate blocks outside i_size after O_DIRECT write error (Eric Sandeen) [665067]
[2.6.9-95]
-jbd: skip buffers that have a different jh (Josef Bacik) [488611]
-unix: fix local socket dos (Neil Horman) [656758] {CVE-2010-4249}
-s390x: qdio: fix zfcp stall with more than 63 active qdio devices (Hendrik Brueckner) [662130]
-ehci-hcd: fix fatal error during bootup (Don Zickus) [656447]
[2.6.9-94]
-modules: sysctl to block module loading (Jerome Marchand) [645220]
-redhat: added config_security_dmesg_restrict option (Frantisek Hrbata) [653252]
-kernel: restrict unprivileged access to kernel syslog (Frantisek Hrbata) [653252]
-sysctl: introduce ctl_unnumbered definition in sysctl.h (Frantisek Hrbata) [653252]
-usb: allow usbstorage to have luns greater than 2TB (Don Zickus) [658824]
-serial: clean data before filling it (Mauro Carvalho Chehab) [648809] {CVE-2010-4075}
-sched: fix task starvation on Hyperthreaded cpus (Vitaly Mayatskikh) [488089]
-s390: sclp: handle zero length event buffers (Hans-Joachim Picht) [487692]
[2.6.9-93]
-kernel: failure to revert address limit override in oops error path (Dave Anderson) [659569] {CVE-2010-4258}
-nfsv4: fix oops in nfs4_kill_super (Jeff Layton) [660448]
-net: filter: make sure filters dont read uninitialized memory (Jiri Pirko) [651701] {CVE-2010-4158}
-net: limit sendto()/recvfrom()/iovec total length to INT_MAX (Jiri Pirko) [651924] {CVE-2010-3859}
-bluetooth: fix missing null check (Jarod Wilson) [655663] {CVE-2010-4242}
-ipc: initialize structure memory to zero for compat functions (Xiaotian Feng) [648811] {CVE-2010-4073}
-ipc: shm: fix information leak to userland (Xiaotian Feng) [648817] {CVE-2010-4072}
-netfront: default to copying instead of flipping (Laszlo Ersek) [653505]
-net: packet: fix information leak to userland (Jiri Pirko) [649896] {CVE-2010-3876}
-scsi: gdth: integer overflow in ioc_general (Frantisek Hrbata) [651174] {CVE-2010-4157}
-sys_semctl: semctl fix kernel stack leakage (Xiaotian Feng) [648794] {CVE-2010-4083}
-alsa: rme9652: prevent reading uninitialized stack memory (Stanislaw Gruszka) [648807] {CVE-2010-4080}
-fs: only return EIO once on msync/fsync after IO failure (Rik van Riel) [645633]
-xen: virtio_net: add get_drvinfo() to virtio_net (Laszlo Ersek) [647196]
-xen: netfront: add get_drvinfo() to netfront (Laszlo Ersek) [647187]
-kernel: fix possible integer overflow in mm/fremap.c (Larry Woodman) [637045]
[2.6.9-92]
-mm: revert patch to reduce large file latency during writebacks (Larry Woodman) [488070]
[2.6.9-91]
-mm: prevent panic when setting /proc/sys/vm/nr_hugepages (Larry Woodman) [647567]
-net: sctp: do not reset the packet during sctp_packet_config() (Jiri Pirko) [637865] {CVE-2010-3432}
-scsi: fix panic in sysfs_hash_and_remove() when scsi device is removed (Mark Goodwin) [533299]
[2.6.9-90]
-kernel: prevent heap corruption in snd_ctl_new() (Jerome Marchand) [638482] {CVE-2010-3442}
-forcedeth: latest bugfixes from upstream (Ivan Vecera) [552953]
-forcedeth: remove CONFIG_FORCEDETH_NAPI=y from config-generic (Ivan Vecera) [552953]
[2.6.9-89.45]
-scsi: scsi_do_req submitted commands (tape) never complete when device goes (Rob Evers) [636289]
-scsi: log msg when getting unit attention (Mike Christie) [585430]
-jbd: fix panic in jbd when running bashmemory (Josef Bacik) [488611]
-qla2xxx: work around hypertransport sync flood error on sun x4200 with qla2xxx (Chad Dupuis) [621621]
-aio: implement request batching for better merging and throughput (Jeff Moyer) [508377]
-fs: a bunch of patches to fix various nfsd/iget() races (Alexander Viro) [189918]
-net: bonding: add debug module option (Jiri Pirko) [247116]
-fix fd leaks if pipe() is called with an invalid address (Amerigo Wang) [509627]
[2.6.9-89.44]
-ide-scsi: fix deadlock in ide-scsi error handler (Doug Ledford) [526966]
-mlx4_core: allocate sufficient memory for interrupt table (Doug Ledford) [530596]
-mptbase: panic with domain validation while rebuilding after the disk is replaced (Rob Evers) [476874]
-fs: buffer: __block_write_full_page simplification by removing last_bh logic (Jeff Moyer) [472752]
-fs: buffer: __block_write_full_page speedup by removing get_bh() and put_bh() (Jeff Moyer) [472752]
-fs: buffer: __block_write_full_page race fix (Jeff Moyer) [472752]
-kernel: fix integer overflow in groups_search (Jerome Marchand) [457519]
-cifs: remove bogus check in ntlm session setup code (Jeff Layton) [604786]
-cifs: when renaming don not try to unlink negative dentry (Jeff Layton) [500904]
-autofs4: fix lookup deadlock when user space uses a signal (Ian Kent) [477017]
-fs: make sure data stored into inode is properly seen before unlocking new inode (Eric Sandeen) [563920]
-ipc: hard_msgmax should be higher not lower on 64bit (Amerigo Wang) [525815]
-fs: fix file truncations when both suid and write permissions set (Amerigo Wang) [525398]
-block: fix rcu accesses in partition statistics (Jerome Marchand) [517523]
-kernel headers: fix missing defintion that causes build break (Neil Horman) [504593]
[2.6.9-89.43]
-aacraid: fix file system going into read only mode (Rob Evers) [624713]
-blkfront: xen domu, raid1, lvm, iscsi target export with blockio bug (Paolo Bonzini) [490148]
-cciss: change version from 2.6.20.RH2 to 2.6.20.RH3 (Tomas Henzl) [594086]
-cciss: added printk in do_cciss_request before BUG() (Tomas Henzl) [594086]
-cciss: fix a nulll pointer dereference in complete_command() (Tomas Henzl) [594086]
-cciss: fix an issue when sending command with no data (Tomas Henzl) [594086]
-mm: honor __GFP_NOFAIL flag in __alloc_pages() (Lachlan McIlroy) [605455]
-xen: fix crashing of x86 hvm guest on x86_64 (Radim Krcmar) [637658]
-xen: hide xenbus warnings on hvm guest shutdown (Radim Krcmar) [505081]
-powernow-k8: fix errant print statement during voltage transitions (Bhavna Sarathy) [217829]
-fusion: add sleep before subsequent tur in scan function (Tomas Henzl) [495236]
-bonding: fix a race condition in calls to slave mii ioctls (Flavio Leitner) [621209]
-s390x: cio: vary off on chpid 00 causes unexpected recovery actions (Hendrik Brueckner) [619855]
-netfilter: arp_tables: fix unaligned accesses caused by casting strings to long (Jiri Pirko) [591638]
-net: neigh: fix state transition incomplete->failed via netlink request (Jiri Pirko) [485904]
-x86_64: floating point state corruption after handling the signal (Oleg Nesterov) [564381]
-pidhashing: enforce pid_max_limit in sysctls and lower pid_max_limit on 32bit systems (Jiri Pirko) [525941]
-s390: cio: linux does not boot through xautolog with conmode 3270 (Hans-Joachim Picht) [526282]
-net: fix proc net ip_conntrack seq_file operations (Danny Feng) [524884]
-ia64: swiotlb: fix swiotlb pci_map_sg error handling (Tomas Henzl) [525427]
-xen: try harder to balloon up under memory pressure (Andrew Jones) [507847]
-mm: fix bogus memory node assumption in huge page allocation (AMEET M. PARANJAPE) [506827]
-kernel: binfmt_misc c: avoid potential kernel stack overflow (Vitaly Mayatskikh) [459466]
-net: fix ipvs wrr scheduler bug of updating current weight (Vitaly Mayatskikh) [462717]
[2.6.9-89.42]
-net: actually copy input_dev to new sk_buff in skb_clone (Andy Gospodarek) [616710]
-net: fix reception of completely page backed sk_buffs (Andy Gospodarek) [500921]
-net: fix various snmp counter issues (Thomas Graf) [500889]
-xen: can enter tickless mode with rcu pending and hang (Paolo Bonzini) [427998]
-xen: fix occasional deadlocks in xen netfront (Paolo Bonzini) [480937]
-xen: xenbus suspend_mutex remains locked on trans fail (Paolo Bonzini) [456649]
-ext2: put explicit checks to not divide by zero (Josef Bacik) [500181]
-usb: ehci split iso fixes, full speed audio etc (Don Zickus) [624117]
-xenbus: implement O_NONBLOCK for /proc/xen/xenbus (Paolo Bonzini) [607261]
-nfs: initialize nfs_open_context list member at allocation time (Jeff Layton) [634632]
-cifs: fix dentry hash calculation for case insensitive mounts (Jeff Layton) [562949]
-cifs: fix length calculation for converted unicode readdir names (Jeff Layton) [562949]
[2.6.9-89.41]
-bonding: fix ALB mode to balance traffic on vlans (Flavio Leitner) [640803]
[2.6.9-89.40]
-bonding: interface doesn t issue igmp report on slave interface during failover (Flavio Leitner) [637556]
[2.6.9-89.39]
-net: fix info leak in police code (Neil Horman) [636390] {CVE-2010-3477}
-aio: check for multiplication overflow in io_submit (Jeff Moyer) [629447] {CVE-2010-3067}
-fs: buffer.c: fix race in __block_prepare_write (Jeff Moyer) [480404]
-3c59x: fix deadlock in irq handler tx path when netconsole in use (Neil Horman) [557380]
-udp: use memory barrier in datagram_poll (Flavio Leitner) [546251]
[2.6.9-89.38]
-compat: make compat_alloc_user_space incorporate the access_ok (Xiaotian Feng) [634462] {CVE-2010-3081}
-ext3: ensure inode is deleted from orphan list in ext3_direct_io() (Lachlan McIlroy) [629143]
-sb800: add quirk for iso on amd sb800 (Pete Zaitcev) [537447]
[2.6.9-89.37]
-virtio_net: Fix MAX_PACKET_LEN to support 802.1Q VLANs (Michael S. Tsirkin) [607533]
-do_generic_mapping_read: clear page errors when issuing a fresh read of the page (Rik van Riel) [481371]
-ide: backport VIA PCI chipset ids to via82cxxx driver (Mauro Carvalho Chehab) [504778]
-nfsd4: relax new lock seqid check (Jeff Layton) [577369]
-igb: fix transmission of jumbo frames with mtu>=2100 (Stefan Assmann) [494597]
-net: fix tcp conntrack to handle the half opened connection correctly (Jiri Pirko) [531914]
-net: fix promisc refcounting for interfaces listening for multicast traffic (Neil Horman) [481292]
-sctp: assign tsns earlier to avoid reordering (Neil Horman) [532045]
-cciss: switch to using hlist to fix panic (Tomas Henzl) [479090]
-nfs: statfs error handling and error message fix (Jeff Layton) [520018]
-kthreads: fix kthread_create vs kthread_stop race (Oleg Nesterov) [519006]
[2.6.9-89.36]
-nfsd4: fix share conflict tests in nfs_check_open() (Jeff Layton) [510184]
-nfsd4: move open owner checks from nfsd4_process_open2 into new function (Jeff Layton) [510184]
-nfsd4: renew lease on seqid modifying operations (Jeff Layton) [508752]
-ahci: add SATA GEN3 related messages (David Milburn) [512715]
-igmp: fix ip_mc_sf_allow() race due to a lock problem (Flavio Leitner) [562904]
-xen: don not recreate xenfb thread on every restore (Chris Lalancette) [543823]
-bcm5709: update firmware for bcm5709 from version 4.4.23 to 4.6.15 (John Feeney) [532858]
-net: apply broken_stats workaround to 5706 and 5708 (Flavio Leitner) [515274]
-nfsd: fix races when cleaning up after last nfsd thread exits (Jeff Layton) [501500]
-nfs: nfsd returns nfs4_ok when the owner opens a file with permission set to 000 (Peter Staubach) [507527]
-nfsv4: send the delegation stateid for setattr calls (Jeff Layton) [502884]
-nfsv4: fix up races in nfs4_proc_setattr (Jeff Layton) [502884]
-nfsv4: don t reuse expired nfs4_state_owner structs (Jeff Layton) [502884]
-nfsv4: fix a credential reference leak in nfs4_get_state_owner (Jeff Layton) [502884]
-nfsv4: poll more aggressively when handling nfs4err_delay (Jeff Layton) [502884]
-nfsv4: flush nfsv4 work workqueue before killing superblock (Jeff Layton) [501335]
-nfsv4: only queue nfs4_close_state job when called by rpciod (Jeff Layton) [501335]
-nfsv4: switch nfs4 workqueue to a per client queue (Jeff Layton) [501335]
-nfs: mounted nfsv4/krb5 export inaccessible following an nfs server reboot (Harshula) [514684]
Related
