[Oraclevm-errata] OVMSA-2009-0006 Important: Oracle VM 2.1 udev security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon Apr 27 16:49:03 PDT 2009


Oracle VM Security Advisory OVMSA-2009-0006

The following updated rpms for Oracle VM 2.1 have been uploaded to the 
Unbreakable Linux Network:

i386:
libvolume_id-095-14.20.el5_3.i386.rpm
udev-095-14.20.el5_3.i386.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/udev-095-14.20.el5_3.src.rpm


Description of changes:

Following security fix is released in this errata:

CVE-2009-1185 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185>
udev before 1.4.1 does not verify whether a NETLINK message originates 
from kernel space, which allows local users to gain privileges by 
sending a NETLINK message from user space.

[095-14.20]
- fix for CVE-2009-1185 (bug #495051)
- Resolves: rhbz#495055

[095-14.19]
- removed zaptel rules (rhbz #294061)
- fixed segfault for empty lines in passwd (rhbz#413831)
- added patch for iscsi ids (Daniel Berrange) (rhbz#427640)
- added /etc/sysconfig/udev-stw, which makes MODULES
  configurable (Jeff Bastian) (rhbz#437979)
- added ext4 support to vol_id (rhbz#444528)
- updated dasd_id from dasdinfo of s390-tools-1.6.2 (rhbz#430532)
- Resolves: rhbz#294061, rhbz#413831, rhbz#427640
- Resolves: rhbz#437979, rhbz#444528, rhbz#430532

[095-14.17]
- scsi_id, retry open() on EBUSY (rhbz#450279)
- Resolves: rhbz#450279

[095-14.16]
- set selinux context for .udev dirs and symlinks (rhbz#442886)
- fixed rule for hp iLO2 virtual mouse device (rhbz#429215)
- Resolves: rhbz#429215, rhbz#442886
[095-14.15]
- fixed selinux context setting for symlinks (rhbz#441054)
- Resolves: rhbz#441054

[095-14.14]
- fixed regression bug rhbz#430667 introduced by fix for rhbz#275441
- Resolves: rhbz#275441

[095-14.13]
- added rule for hp iLO2 virtual mouse device (rhbz#429215)
- Resolves: rhbz#429215

[095-14.12]
- fix for looping vol_id, because of a malformed passwd (rhbz#425941)
- revised fix for tape devices (rhbz#231990)
- Resolves: rhbz#425941, rhbz#231990

[095-14.11]
- moved "ignore_device" for dm devices to 90-dm.rules (rhbz#275441)
- added cciss support (rhbz#250484)
- support more than 10 nst devices in the persistent rules (rhbz#231990)
- extra double check for symlinks improved (rhbz#217917)
- Resolves: rhbz#217917, rhbz#231990, rhbz#250484, rhbz#275441

[095-14.10]
- do not fail, if EEXIST on symlink() (#217917)
- Resolves: rhbz#217917

[095-14.9]
- corrected rules for tape devices (#231990)
- Resolves: rhbz#231990

[095-14.8]
- removed pie link flag from static build flags
- Resolves: rhbz#233956, rhbz#233307, rhbz#226997, rhbz#236242
- Resolves: rhbz#217917, rhbz#231990

[095-14.7]
- added RPM_OPT_FLAGS and pie to static build flags
- Resolves: rhbz#233956, rhbz#233307, rhbz#226997, rhbz#236242
- Resolves: rhbz#217917, rhbz#231990

[095-14.6]
- do not fail, if EEXIST on mkdir() (#217917)
- configure process numbers dynamically according to CPU and MEM (#226997)
- link statically (#236242, #233307)
- fixed rule for raw1394 (#233956)
- added persistent device names for tape devices (#231990)
- Resolves: rhbz#233956, rhbz#233307, rhbz#226997, rhbz#236242
- Resolves: rhbz#217917, rhbz#231990

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090427/d9d42482/attachment.html 


More information about the Oraclevm-errata mailing list