Oracle Linux Security Advisory ELSA-2011-2038

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-uek-firmware-2.6.32-300.4.1.el6uek.noarch.rpm
kernel-uek-doc-2.6.32-300.4.1.el6uek.noarch.rpm
kernel-uek-2.6.32-300.4.1.el6uek.i686.rpm
kernel-uek-headers-2.6.32-300.4.1.el6uek.i686.rpm
kernel-uek-devel-2.6.32-300.4.1.el6uek.i686.rpm
kernel-uek-debug-devel-2.6.32-300.4.1.el6uek.i686.rpm
kernel-uek-debug-2.6.32-300.4.1.el6uek.i686.rpm
ofa-2.6.32-300.4.1.el6uek-1.5.1-4.0.47.i686.rpm
ofa-2.6.32-300.4.1.el6uekdebug-1.5.1-4.0.47.i686.rpm
mlnx_en-2.6.32-300.4.1.el6uek-1.5.7-0.1.i686.rpm
mlnx_en-2.6.32-300.4.1.el6uekdebug-1.5.7-0.1.i686.rpm

x86_64:
kernel-uek-firmware-2.6.32-300.4.1.el6uek.noarch.rpm
kernel-uek-doc-2.6.32-300.4.1.el6uek.noarch.rpm
kernel-uek-2.6.32-300.4.1.el6uek.x86_64.rpm
kernel-uek-headers-2.6.32-300.4.1.el6uek.x86_64.rpm
kernel-uek-devel-2.6.32-300.4.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-2.6.32-300.4.1.el6uek.x86_64.rpm
kernel-uek-debug-2.6.32-300.4.1.el6uek.x86_64.rpm
ofa-2.6.32-300.4.1.el6uek-1.5.1-4.0.47.x86_64.rpm
ofa-2.6.32-300.4.1.el6uekdebug-1.5.1-4.0.47.x86_64.rpm
mlnx_en-2.6.32-300.4.1.el6uek-1.5.7-0.1.x86_64.rpm
mlnx_en-2.6.32-300.4.1.el6uekdebug-1.5.7-0.1.x86_64.rpm


SRPMS:
https://oss.oracle.com:443/ol6/SRPMS-updates/kernel-uek-2.6.32-300.4.1.el6uek.src.rpm
https://oss.oracle.com:443/ol6/SRPMS-updates/ofa-2.6.32-300.4.1.el6uek-1.5.1-4.0.47.src.rpm
https://oss.oracle.com:443/ol6/SRPMS-updates/mlnx_en-2.6.32-300.4.1.el6uek-1.5.7-0.1.src.rpm

Users with Oracle Linux Premier Support can now use Ksplice to patch
against this Security Advisory.

We recommend that all users of  Oracle Linux 6 install these updates.

Users of Ksplice Uptrack can install these updates by running :

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

Description of changes:

* CVE-2011-4127: KVM privilege escalation through insufficient 
validation in SG_IO ioctl.

Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM
volumes resulted in the requests being passed to the underlying block
device. If a privileged user only had access to a single partition or
LVM volume, they could use this flaw to bypass those restrictions and
gain read and write access (and be able to issue other SCSI commands)
to the entire block device.

In KVM (Kernel-based Virtual Machine) environments using raw format
virtio disks backed by a partition or LVM volume, a privileged guest
user could bypass intended restrictions and issue read and write
requests (and other SCSI commands) on the host, and possibly access
the data of other guests that reside on the same underlying block
device. (CVE-2011-4127, Important)

* CVE-2011-1493: Insufficient validation in X.25 Rose parsing.

Dan Rosenberg discovered that the X.25 Rose network stack did not
correctly handle certain fields. If a system was running with Rose
enabled, a remote attacker could send specially crafted traffic to
gain root privileges.


* Additional fix for CVE-2011-1576: Denial of service with VLAN packets 
and GRO.

Oracle's previous fix for CVE-2011-1576 did not completely address the
issue.


[2.6.32-300.4.1.el6uek]
- [pci] intel-iommu: Default to non-coherent for domains unattached to 
iommus (Joe Jin)
- [dm] do not forward ioctls from logical volumes to the underlying 
device (Joe Jin) {CVE-2011-4127}
- [block] fail SCSI passthrough ioctls on partition devices (Joe Jin) 
{CVE-2011-4127}
- [block] add and use scsi_blk_cmd_ioctl (Joe Jin) {CVE-2011-4127}
- [net] gro: reset vlan_tci on reuse (Dan Carpenter) {CVE-2011-1576}
- [net] rose: Add length checks to CALL_REQUEST parsing (Ben Hutchings) 
{CVE-2011-1493}
- [net] rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC 
(Bernard Pidoux F6BVP) {CVE-2011-1493}

Oracle Linux Security Update ELSA-2011-2038 Overview

The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network:

Summary

* CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device. (CVE-2011-4127, Important) * CVE-2011-1493: Insufficient validation in X.25 Rose parsing. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fi...

Read the Full Advisory

SRPMs

https://oss.oracle.com:443/ol6/SRPMS-updates/kernel-uek-2.6.32-300.4.1.el6uek.src.rpm https://oss.oracle.com:443/ol6/SRPMS-updates/ofa-2.6.32-300.4.1.el6uek-1.5.1-4.0.47.src.rpm https://oss.oracle.com:443/ol6/SRPMS-updates/mlnx_en-2.6.32-300.4.1.el6uek-1.5.7-0.1.src.rpm Users with Oracle Linux Premier Support can now use Ksplice to patch against this Security Advisory. We recommend that all users of Oracle Linux 6 install these updates. Users of Ksplice Uptrack can install these updates by running : # /usr/sbin/uptrack-upgrade -y On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any additional action.

x86_64

kernel-uek-firmware-2.6.32-300.4.1.el6uek.noarch.rpm kernel-uek-doc-2.6.32-300.4.1.el6uek.noarch.rpm kernel-uek-2.6.32-300.4.1.el6uek.x86_64.rpm kernel-uek-headers-2.6.32-300.4.1.el6uek.x86_64.rpm kernel-uek-devel-2.6.32-300.4.1.el6uek.x86_64.rpm kernel-uek-debug-devel-2.6.32-300.4.1.el6uek.x86_64.rpm kernel-uek-debug-2.6.32-300.4.1.el6uek.x86_64.rpm ofa-2.6.32-300.4.1.el6uek-1.5.1-4.0.47.x86_64.rpm ofa-2.6.32-300.4.1.el6uekdebug-1.5.1-4.0.47.x86_64.rpm mlnx_en-2.6.32-300.4.1.el6uek-1.5.7-0.1.x86_64.rpm mlnx_en-2.6.32-300.4.1.el6uekdebug-1.5.7-0.1.x86_64.rpm

aarch64

i386

kernel-uek-firmware-2.6.32-300.4.1.el6uek.noarch.rpm kernel-uek-doc-2.6.32-300.4.1.el6uek.noarch.rpm kernel-uek-2.6.32-300.4.1.el6uek.i686.rpm kernel-uek-headers-2.6.32-300.4.1.el6uek.i686.rpm kernel-uek-devel-2.6.32-300.4.1.el6uek.i686.rpm kernel-uek-debug-devel-2.6.32-300.4.1.el6uek.i686.rpm kernel-uek-debug-2.6.32-300.4.1.el6uek.i686.rpm ofa-2.6.32-300.4.1.el6uek-1.5.1-4.0.47.i686.rpm ofa-2.6.32-300.4.1.el6uekdebug-1.5.1-4.0.47.i686.rpm mlnx_en-2.6.32-300.4.1.el6uek-1.5.7-0.1.i686.rpm mlnx_en-2.6.32-300.4.1.el6uekdebug-1.5.7-0.1.i686.rpm

Severity

Related News