Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2013:1790-1 Issue Date: 2013-12-05 CVE Numbers: CVE-2013-4355 -- * An information leak flaw was found in the way the Xen hypervisor handled error conditions when reading guest memory during certain guest-originated operations, such as port or memory mapped I/O writes. A privileged user in a fully-virtualized guest could use this flaw to leak hypervisor stack memory to a guest. (CVE-2013-4355, Moderate) This update also fixes the following bugs: * A previous fix to the kernel did not contain a memory barrier in the percpu_up_write() function. Consequently, under certain circumstances, a race condition could occur leading to memory corruption and a subsequent kernel panic. This update introduces a new memory barrier pair, light_mb() and heavy_mb(), for per-CPU basis read and write semaphores (percpu-rw- semaphores) ensuring that the race condition can no longer occur. In addition, the read path performance of "percpu-rw-semaphores" has been improved. * Due to a bug in the tg3 driver, systems that had the Wake-on-LAN (WOL) feature enabled on their NICs could not have been woken up from suspension or hibernation using WOL. A missing pci_wake_from_d3() function call has been added to the tg3 driver, which ensures that WOL functions properly by setting the PME_ENABLE bit. * Due to an incorrect test condition in the mpt2sas driver, the driver was unable to catch failures to map a SCSI scatter-gather list. The test condition has been corrected so that the mpt2sas driver now handles SCSI scatter-gather mapping failures as expected. * A previous patch to the kernel introduced the "VLAN tag re-insertion" workaround to resolve a problem with incorrectly handled VLAN-tagged packets with no assigned VLAN group while the be2net driver was in promiscuous mode. However, this solution led to packet corruption and a subsequent kernel oops if such a processed packed was a GRO packet. Therefore, a patch has been applied to restrict VLAN tag re-insertion only to non-GRO packets. The be2net driver now processes VLAN-tagged packets with no assigned VLAN group correctly in this situation. The system must be rebooted for this update to take effect. -- SL5 x86_64 kernel-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.3.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.x86_64.rpm kernel-devel-2.6.18-371.3.1.el5.x86_64.rpm kernel-headers-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.3.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.3.1.el5.x86_64.rpm i386 kernel-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.3.1.el5.i686.rpm kernel-debug-2.6.18-371.3.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.3.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.3.1.el5.i686.rpm kernel-devel-2.6.18-371.3.1.el5.i686.rpm kernel-headers-2.6.18-371.3.1.el5.i386.rpm kernel-xen-2.6.18-371.3.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.3.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.3.1.el5.i686.rpm noarch kernel-doc-2.6.18-371.3.1.el5.noarch.rpm - Scientific Linux Development Team