News/updates
< NewsRevision as of 09:47, 29 March 2016 by Sergey Bronnikov (talk | contribs) (042stab113.21 to -testing)
Contents
Kernel RHEL6 testing 042stab113.21
- Missing bounds check in ipt_entry structure in netfilter. (PSBM-45193, CVE-2016-3134)
- IPv6 connect could cause DoS via NULL pointer dereference (PSBM-45219, CVE-2015-8543)
- Pipe buffer state corruption after unsuccessful atomic read from pipe (PSBM-45328, CVE-2016-0774)
- hostapd was broken in early RHEL6.7 kernels. (OVZ-6649)
Kernel RHEL6 testing 042stab113.18
- bonding: Prevent IPv6 link local address on enslaved devices (PSBM-42433)
- kswap activity restriction in case high-order requests (PSBM-44291)
- force charge swapin readahead pages if in ub0 (PSBM-44857)
Kernel RHEL6 stable 042stab113.17
- Crash in restore_one_vfsmount() on restoring shared non-master mounts. (PSBM-42471)
- Introduced FADV_DEACTIVATE flag in fadvise() to be able to move file pages from the active to the inactive list. (PSBM-42664)
- Race between keyctl_read() and keyctl_revoke() could crash the host. (PSBM-43799, CVE-2015-7550)
- Under certain circumstances, backup/restore via CBT interface could hang the host. (PSBM-43936)
- Second-level quota in simfs containers was broken in 042stab113.x kernels. (OVZ-6655)
Kernel RHEL6 testing 042stab113.17
- Crash in restore_one_vfsmount() on restoring shared non-master mounts. (PSBM-42471)
- Introduced FADV_DEACTIVATE flag in fadvise() to be able to move file pages from the active to the inactive list. (PSBM-42664)
- Race between keyctl_read() and keyctl_revoke() could crash the host. (PSBM-43799, CVE-2015-7550)
- Under certain circumstances, backup/restore via CBT interface could hang the host. (PSBM-43936)
- Second-level quota in simfs containers was broken in 042stab113.x kernels. (OVZ-6655)
Kernel RHEL5 stable 028stab120.1
- Rebase to RHEL5 kernel 2.6.32-408.el5
- A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality (CVE-2015-5364, CVE-2015-5366)
Kernel RHEL5 testing 028stab120.1
- Rebase to RHEL5 kernel 2.6.32-408.el5
- A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality (CVE-2015-5364, CVE-2015-5366)
Kernel RHEL5 stable 028stab119.6
- Improved accounting for network-related memory objects (PCLIN-32553)
- Introduced a per-container limit for the number of mounts (PCLIN-32554)
- Introduced a per-container limit for IPv4 network interface aliases (PCLIN-32555)
--SergeyB (talk) 09:25, 3 January 2016 (EST)