 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 9 Dec 2013 15:51:30 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: kernel security and bug fix update
Advisory ID: SLSA-2013:1790-1
Issue Date: 2013-12-05
CVE Numbers: CVE-2013-4355
--
* An information leak flaw was found in the way the Xen hypervisor handled
error conditions when reading guest memory during certain guest-originated
operations, such as port or memory mapped I/O writes. A privileged user in
a fully-virtualized guest could use this flaw to leak hypervisor stack
memory to a guest. (CVE-2013-4355, Moderate)
This update also fixes the following bugs:
* A previous fix to the kernel did not contain a memory barrier in the
percpu_up_write() function. Consequently, under certain circumstances, a
race condition could occur leading to memory corruption and a subsequent
kernel panic. This update introduces a new memory barrier pair, light_mb()
and heavy_mb(), for per-CPU basis read and write semaphores (percpu-rw-
semaphores) ensuring that the race condition can no longer occur. In
addition, the read path performance of "percpu-rw-semaphores" has been
improved.
* Due to a bug in the tg3 driver, systems that had the Wake-on-LAN (WOL)
feature enabled on their NICs could not have been woken up from suspension
or hibernation using WOL. A missing pci_wake_from_d3() function call has
been added to the tg3 driver, which ensures that WOL functions properly by
setting the PME_ENABLE bit.
* Due to an incorrect test condition in the mpt2sas driver, the driver was
unable to catch failures to map a SCSI scatter-gather list. The test
condition has been corrected so that the mpt2sas driver now handles SCSI
scatter-gather mapping failures as expected.
* A previous patch to the kernel introduced the "VLAN tag re-insertion"
workaround to resolve a problem with incorrectly handled VLAN-tagged
packets with no assigned VLAN group while the be2net driver was in
promiscuous mode. However, this solution led to packet corruption and a
subsequent kernel oops if such a processed packed was a GRO packet.
Therefore, a patch has been applied to restrict VLAN tag re-insertion only
to non-GRO packets. The be2net driver now processes VLAN-tagged packets
with no assigned VLAN group correctly in this situation.
The system must be rebooted for this update to take effect.
--
SL5
x86_64
kernel-2.6.18-371.3.1.el5.x86_64.rpm
kernel-debug-2.6.18-371.3.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-371.3.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-371.3.1.el5.x86_64.rpm
kernel-devel-2.6.18-371.3.1.el5.x86_64.rpm
kernel-headers-2.6.18-371.3.1.el5.x86_64.rpm
kernel-xen-2.6.18-371.3.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-371.3.1.el5.x86_64.rpm
i386
kernel-2.6.18-371.3.1.el5.i686.rpm
kernel-PAE-2.6.18-371.3.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-371.3.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-371.3.1.el5.i686.rpm
kernel-debug-2.6.18-371.3.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-371.3.1.el5.i686.rpm
kernel-debug-devel-2.6.18-371.3.1.el5.i686.rpm
kernel-debuginfo-2.6.18-371.3.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-371.3.1.el5.i686.rpm
kernel-devel-2.6.18-371.3.1.el5.i686.rpm
kernel-headers-2.6.18-371.3.1.el5.i386.rpm
kernel-xen-2.6.18-371.3.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-371.3.1.el5.i686.rpm
kernel-xen-devel-2.6.18-371.3.1.el5.i686.rpm
noarch
kernel-doc-2.6.18-371.3.1.el5.noarch.rpm
- Scientific Linux Development Team
|
|
|
