kernel security and bug fix update

[2.6.32-220.23.1.el6]

• [net] bond: Make LRO flag follow slave settings (Neil Horman) [831176 794647]
  [2.6.32-220.22.1.el6]
• [net] ipv4/netfilter: TCP and raw fix for ip_route_me_harder (Jiri Benc) [824429 812108]
  [2.6.32-220.21.1.el6]
• [security] fix compile error in commoncap.c (Eric Paris) [806725 806726] {CVE-2012-2123}
• [security] fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [806725 806726] {CVE-2012-2123}
• [net] rds: fix rds-ping inducing kernel panic (Jay Fenlason) [822757 803936] {CVE-2012-2372}
• [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [816292 814504] {CVE-2012-2136}
• [virt] kvm: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [816154 816155] {CVE-2012-2137}
• [drm] integer overflow in drm_mode_dirtyfb_ioctl() (Dave Airlie) [773249 773250] {CVE-2012-0044}
• [net] netfilter: Fix ip_route_me_harder triggering ip_rt_bug (Jiri Benc) [824429 812108]
• [net] netfilter/tproxy: do not assign timewait sockets to skb->sk (Jiri Benc) [824429 812108]
• [virt] xenpv: avoid paravirt __pmd in read_pmd_atomic (Andrew Jones) [823903 822697]
• [infiniband] mlx4: fix RoCE oops (Doug Ledford) [799946 749059]
• [mm] read_pmd_atomic: fix pmd_populate SMP race condition (Andrea Arcangeli) [822824 820762] {CVE-2012-2373}
• [infiniband] mlx4: check return code and bail on error (Doug Ledford) [799946 749059]
• [infiniband] mlx4: use locking when walking netdev list (Doug Ledford) [799946 749059]
• [mm] thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) [803808 800328] {CVE-2012-1179}
  [2.6.32-220.20.1.el6]
• [vhost] net: fix possible NULL pointer dereference of vq->bufs (Jason Wang) [814286 814288] {CVE-2012-2119}
• [net] macvtap: validate zerocopy vectors before building skb (Jason Wang) [814286 814288] {CVE-2012-2119}
• [net] macvtap: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (Jason Wang) [814286 814288] {CVE-2012-2119}
• [net] macvtap: put zerocopy page when fail to get all requested user pages (Jason Wang) [814286 814288] {CVE-2012-2119}
• [net] macvtap: fix zerocopy offset calculation when building skb (Jason Wang) [814286 814288] {CVE-2012-2119}
• [net] bonding: remove entries for master_ip and vlan_ip and query devices instead (Andy Gospodarek) [816197 810299]
• [virt] KVM: lock slots_lock around device assignment (Alex Williamson) [814154 811653] {CVE-2012-2121}
• [virt] kvm: unmap pages from the iommu when slots are removed (Alex Williamson) [814154 811653] {CVE-2012-2121}
• [virt] xenfv: fix hangs when kdumping (Andrew Jones) [812953 811815]
• [s390x] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [810125 808487]
• [drm] i915: suspend fbdev device around suspend/hibernate (Dave Airlie) [818503 746169]
• [fs] tmpfs: fix off-by-one in max_blocks checks (Eric Sandeen) [809399 783497]
• [net] bonding: Allow Bonding driver to disable/enable LRO on slaves (Neil Horman) [818504 772317]
• [virt] xen-blkfront: conditionally drop name and minor adjustments for emulated scsi devs (Laszlo Ersek) [818505 729586]
• [virt] xen-blk: plug device number leak on error path in xlblk_init (Laszlo Ersek) [818505 729586]
  [2.6.32-220.19.1.el6]
• [pci] Fix unbootable HP DL385G6 on 2.6.32-220 by properly disabling pcie aspm (Dave Wysochanski) [819614 769626]
  [2.6.32-220.18.1.el6]
• [netdrv] iwlwifi: add option to disable 5Ghz band (Stanislaw Gruszka) [816226 812259]
• [netdrv] iwlwifi: cancel scan before nulify ctx->vif (Stanislaw Gruszka) [816225 801730]
• [netdrv] iwlwifi: do not nulify ctx->vif on reset (Stanislaw Gruszka) [816225 801730]
• [net] mac80211: workaround crash at ieee80211_mgd_probe_ap_send (Stanislaw Gruszka) [814657 808095]
• [net] bonding: 802.3ad - fix agg_device_up (Veaceslav Falico) [817466 806081]
• [scsi] st: fix memory leak with 1MB tape I/O (David Milburn) [816271 811703]