[Oraclevm-errata] OVMSA-2012-0042 M: Oracle VM 3.1 kernel-uek security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon Oct 22 09:31:00 PDT 2012 

Oracle VM Security Advisory OVMSA-2012-0042

The following updated rpms for Oracle VM 3.1 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-2.6.39-200.1.9.el5uek.x86_64.rpm
kernel-uek-firmware-2.6.39-200.1.9.el5uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.1/SRPMS-updates/kernel-uek-2.6.39-200.1.9.el5uek.src.rpm


Description of changes:

[2.6.39-200.1.9.el5uek]
- Fix bug number for commit "cciss: Update HPSA_BOUNDARY" (Joe Jin)
   [Orabug: 14681166]

[2.6.39-200.1.8.el5uek]
- cciss: Update HPSA_BOUNDARY. (Joe Jin) [Orabug: 14319765]

[2.6.39-200.1.7.el5uek]
- KVM: introduce kvm_for_each_memslot macro (Maxim Uvarov) [Bugdb: 13966]
- dl2k: Clean up rio_ioctl (Jeff Mahoney) [Orabug: 14126896] {CVE-2012-2313}
- NFSv4: include bitmap in nfsv4 get acl data (Andy Adamson)  
{CVE-2011-4131}
- KVM: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [Bugdb: 13966]
   {CVE-2012-2137}
- net: sock: validate data_len before allocating skb in 
sock_alloc_send_pskb()
   (Jason Wang) [Bugdb: 13966] {CVE-2012-2136}
- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race
   condition (Andrea Arcangeli) [Bugdb: 13966] {CVE-2012-2373}
- KVM: lock slots_lock around device assignment (Alex Williamson) [Bugdb:
   13966] {CVE-2012-2121}
- KVM: unmap pages from the iommu when slots are removed (Maxim Uvarov) 
[Bugdb:
   13966] {CVE-2012-2121}
- fcaps: clear the same personality flags as suid when fcaps are used (Eric
   Paris) [Bugdb: 13966] {CVE-2012-2123}
- tilegx: enable SYSCALL_WRAPPERS support (Chris Metcalf)  {CVE-2009-0029}
- drm/i915: fix integer overflow in i915_gem_do_execbuffer() (Xi Wang) 
[Orabug:
   14107456] {CVE-2012-2384}
- drm/i915: fix integer overflow in i915_gem_execbuffer2() (Xi Wang) 
[Orabug:
   14107445] {CVE-2012-2383}
- [dm] do not forward ioctls from logical volumes to the underlying 
device (Joe
   Jin)  {CVE-2011-4127}
- [block] fail SCSI passthrough ioctls on partition devices (Joe Jin)
   {CVE-2011-4127}
- [block] add and use scsi_blk_cmd_ioctl (Joe Jin) [Orabug: 14056755]
   {CVE-2011-4127}
- KVM: Ensure all vcpus are consistent with in-kernel irqchip settings (Avi
   Kivity) [Bugdb: 13871] {CVE-2012-1601}
- regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter 
Anvin)
   {CVE-2012-1097}
- regset: Prevent null pointer reference on readonly regsets (H. Peter 
Anvin)
   {CVE-2012-1097}
- cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton)
   {CVE-2012-1090}
- mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode
   (Andrea Arcangeli)  {CVE-2012-1179}
- ext4: fix undefined behavior in ext4_fill_flex_info() (Xi Wang)
   {CVE-2009-4307}

[2.6.39-200.1.6.el5uek]
- ocfs2: clear unaligned io flag when dio fails (Junxiao Bi) [Orabug: 
14063941]
- aio: make kiocb->private NUll in init_sync_kiocb() (Junxiao Bi) [Orabug:
   14063941]
- igb: Fix for Alt MAC Address feature on 82580 and later devices (Carolyn
   Wyborny) [Orabug: 14258706]
- igb: Alternate MAC Address Updates for Func2&3 (Akeem G. Abodunrin) 
[Orabug:
   14258706]
- igb: Alternate MAC Address EEPROM Updates (Akeem G. Abodunrin) [Orabug:
   14258706]
- cciss: only enable cciss_allow_hpsa when for ol5 (Joe Jin) [Orabug: 
14106006]
- Revert "cciss: remove controllers supported by hpsa" (Joe Jin) [Orabug:
   14106006]
- [scsi] hpsa: add all support devices for ol5 (Joe Jin) [Orabug: 14106006]
- Disable VLAN 0 tagging for none VLAN traffic (Adnan Misherfi) [Orabug:
   14406424]
- x86: Add Xen kexec control code size check to linker script (Daniel Kiper)
- drivers/xen: Export vmcoreinfo through sysfs (Daniel Kiper)
- x86/xen/enlighten: Add init and crash kexec/kdump hooks (Maxim Uvarov)
- x86/xen: Add kexec/kdump makefile rules (Daniel Kiper)
- x86/xen: Add x86_64 kexec/kdump implementation (Daniel Kiper)
- x86/xen: Add placeholder for i386 kexec/kdump implementation (Daniel 
Kiper)
- x86/xen: Register resources required by kexec-tools (Daniel Kiper)
- x86/xen: Introduce architecture dependent data for kexec/kdump (Daniel 
Kiper)
- xen: Introduce architecture independent data for kexec/kdump (Daniel 
Kiper)
- x86/kexec: Add extra pointers to transition page table PGD, PUD, PMD 
and PTE
   (Daniel Kiper)
- kexec: introduce kexec_ops struct (Daniel Kiper)

[2.6.39-200.1.5.el5uek]
- SPEC: replace DEFAULTKERNEL from kernel-ovs to kernel-uek

More information about the Oraclevm-errata mailing list