Difference between revisions of "News/updates"

Kernel RHEL6 testing 042stab113.21

• Missing bounds check in ipt_entry structure in netfilter. (PSBM-45193, CVE-2016-3134)
• IPv6 connect could cause DoS via NULL pointer dereference (PSBM-45219, CVE-2015-8543)
• Pipe buffer state corruption after unsuccessful atomic read from pipe (PSBM-45328, CVE-2016-0774)
• hostapd was broken in early RHEL6.7 kernels. (OVZ-6649)

[ Change log/downloads... ]

--SergeyB (talk) 05:47, 29 March 2016 (EDT)

Kernel RHEL6 testing 042stab113.18

• bonding: Prevent IPv6 link local address on enslaved devices (PSBM-42433)
• kswap activity restriction in case high-order requests (PSBM-44291)
• force charge swapin readahead pages if in ub0 (PSBM-44857)

[ Change log/downloads... ]

--SergeyB (talk) 10:22, 14 March 2016 (EDT)

Kernel RHEL6 stable 042stab113.17

• Crash in restore_one_vfsmount() on restoring shared non-master mounts. (PSBM-42471)
• Introduced FADV_DEACTIVATE flag in fadvise() to be able to move file pages from the active to the inactive list. (PSBM-42664)
• Race between keyctl_read() and keyctl_revoke() could crash the host. (PSBM-43799, CVE-2015-7550)
• Under certain circumstances, backup/restore via CBT interface could hang the host. (PSBM-43936)
• Second-level quota in simfs containers was broken in 042stab113.x kernels. (OVZ-6655)

[ Change log/downloads... ]

--SergeyB (talk) 06:37, 14 March 2016 (EDT)

Kernel RHEL6 testing 042stab113.17

• Crash in restore_one_vfsmount() on restoring shared non-master mounts. (PSBM-42471)
• Introduced FADV_DEACTIVATE flag in fadvise() to be able to move file pages from the active to the inactive list. (PSBM-42664)
• Race between keyctl_read() and keyctl_revoke() could crash the host. (PSBM-43799, CVE-2015-7550)
• Under certain circumstances, backup/restore via CBT interface could hang the host. (PSBM-43936)
• Second-level quota in simfs containers was broken in 042stab113.x kernels. (OVZ-6655)

[ Change log/downloads... ]

--SergeyB (talk) 06:37, 14 March 2016 (EDT)

Kernel RHEL5 stable 028stab120.1

• Rebase to RHEL5 kernel 2.6.32-408.el5
• A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality (CVE-2015-5364, CVE-2015-5366)

[ Change log/downloads... ]

--SergeyB (talk) 07:30, 2 February 2016 (EST)

Kernel RHEL5 testing 028stab120.1

• Rebase to RHEL5 kernel 2.6.32-408.el5
• A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality (CVE-2015-5364, CVE-2015-5366)

[ Change log/downloads... ]

--SergeyB (talk) 04:30, 25 January 2016 (EST)

Kernel RHEL5 stable 028stab119.6

• Improved accounting for network-related memory objects (PCLIN-32553)
• Introduced a per-container limit for the number of mounts (PCLIN-32554)
• Introduced a per-container limit for IPv4 network interface aliases (PCLIN-32555)

[ Change log/downloads... ]

--SergeyB (talk) 09:25, 3 January 2016 (EST)

Older updates

• 2015 (59)
• 2014 (74)
• 2013 (98)
• 2012 (93)
• 2011 (102)
• 2010 (64)
• 2009 (22)
• 2008 (24)
• 2005-2007 (119): available from the old site