RHSA-2011:0017 - Security Advisory

Topic

Updated kernel packages that fix multiple security issues, address several
hundred bugs, and add numerous enhancements are now available as part of
the ongoing support and maintenance of Red Hat Enterprise Linux version 5.
This is the sixth regular update.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• A NULL pointer dereference flaw was found in the igb driver in the Linux

kernel. If both the Single Root I/O Virtualization (SR-IOV) feature and
promiscuous mode were enabled on an interface using igb, it could result in
a denial of service when a tagged VLAN packet is received on that
interface. (CVE-2010-4263, Important)

• A missing sanity check was found in vbd_create() in the Xen hypervisor

implementation. As CD-ROM drives are not supported by the blkback back-end
driver, attempting to use a virtual CD-ROM drive with blkback could trigger
a denial of service (crash) on the host system running the Xen hypervisor.
(CVE-2010-4238, Moderate)

• A flaw was found in the Linux kernel execve() system call implementation.

A local, unprivileged user could cause large amounts of memory to be
allocated but not visible to the OOM (Out of Memory) killer, triggering a
denial of service. (CVE-2010-4243, Moderate)

• A flaw was found in fixup_page_fault() in the Xen hypervisor

implementation. If a 64-bit para-virtualized guest accessed a certain area
of memory, it could cause a denial of service on the host system running
the Xen hypervisor. (CVE-2010-4255, Moderate)

• A missing initialization flaw was found in the bfa driver used by Brocade

Fibre Channel Host Bus Adapters. A local, unprivileged user could use this
flaw to cause a denial of service by reading a file in the
"/sys/class/fc_host/host#/statistics/" directory. (CVE-2010-4343, Moderate)

• Missing initialization flaws in the Linux kernel could lead to

information leaks. (CVE-2010-3296, CVE-2010-3877, CVE-2010-4072,
CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4158,
Low)

Red Hat would like to thank Kosuke Tatsukawa for reporting CVE-2010-4263;
Vladymyr Denysov for reporting CVE-2010-4238; Brad Spengler for reporting
CVE-2010-4243; Dan Rosenberg for reporting CVE-2010-3296, CVE-2010-4073,
CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, and CVE-2010-4158; Vasiliy
Kulikov for reporting CVE-2010-3877; and Kees Cook for reporting
CVE-2010-4072.

These updated packages also include several hundred bug fixes for and
enhancements to the Linux kernel. Space precludes documenting each of these
changes in this advisory and users are directed to the Red Hat Enterprise
Linux 5.6 Release Notes for information on the most significant of these
changes:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Release_Notes/index.html

Refer to the kernel chapter in the Red Hat Enterprise Linux 5.6 Technical
Notes for further information:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html

All Red Hat Enterprise Linux 5 users are advised to install these updated
packages, which address these vulnerabilities as well as fixing the bugs
and adding the enhancements noted in the Red Hat Enterprise Linux 5.6
Release Notes and Technical Notes. The system must be rebooted for this
update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 237372 - Marvell PATA not supported
• BZ - 429102 - Allocations on resume path can cause deadlock due to attempting to swap
• BZ - 441243 - kernel keyring quotas exceeded
• BZ - 455323 - No support for upstream /proc/sys/kernel/nmi_watchdog.
• BZ - 456765 - kabitool blocks custom kernel builds when kernel version > 2.6.18-53.1.21.el5
• BZ - 459901 - race condition between AIO and setresuid()
• BZ - 466088 - dm-snapshot: very slow write to snapshot origin when copy-on-write occurs
• BZ - 466157 - kernel doesn't supply memory fields in getrusage, /usr/bin/time anything shows "... (0avgtext+0avgdata 0maxresident)k ..."
• BZ - 470801 - Read from /proc/xen/xenbus does not honor O_NONBLOCK
• BZ - 479418 - second cifs mount to samba server fails when samba using security=ADS
• BZ - 485903 - [RHEL5] Netfilter modules unloading hangs
• BZ - 488882 - cxgb3 driver very slow under Xen with HW acceleration enabled
• BZ - 493047 - Oprofile - Add Dunnington processors to the list of ppro cores
• BZ - 494400 - TCP: Treason uncloaked! during Network Stress Testing
• BZ - 496127 - [RHEL5.5] e1000e devices fail to initialize interrupts properly
• BZ - 499553 - Cannot generate proper stacktrace on xen-ia64
• BZ - 503864 - The USB storage cannot use >2TB.
• BZ - 504188 - GFS1 vs GFS2 performance issue
• BZ - 506694 - kdump hangs up if INIT is received while kdump is starting
• BZ - 507846 - Balloon driver gives up too easily when ballooning up under memory pressure
• BZ - 513934 - Keyboard LEDs constantly lit
• BZ - 516289 - bonding: backport code to allow user-controlled output slave detection.
• BZ - 516851 - [Stratus 5.6 bug] System crashes at uhci_scan_schedule().
• BZ - 516985 - When bonding is used and IPV6 is enabled the message of 'kernel: bond0: duplicate address detected!' is output
• BZ - 521878 - Fix instances of #!/usr/bin/env python in kernel-devel-packages
• BZ - 523341 - PCI SR-IOV BAR resources can't be reliably mapped
• BZ - 523920 - [Adaptec/HCL 5.6 bug] Problems with aacraid - File system going into read-only.
• BZ - 529914 - GFS2 fatal: filesystem consistency error on rename
• BZ - 530123 - [Dell 5.5 FEAT] autoload tpm_tis driver
• BZ - 533093 - Certain newer WDC SATA drives identified as SEMB
• BZ - 533391 - Kernel panic: EDAC MC0: INTERNAL ERROR: channel-b out of range
• BZ - 538022 - java.util.concurrent: long delay and intervals drift since kernel update to 164
• BZ - 539560 - tcp_disconnect should clear all of tp->rx_opt ....
• BZ - 539626 - default txqueuelen of vif device is too small
• BZ - 540786 - support supplementary groups of tun/tap devices
• BZ - 541224 - net: possible leak of dst_entry (ipv4)
• BZ - 546060 - soft lockup while unmounting a read-only filesystem with errors (As per Redhat Bug #429054)
• BZ - 546455 - kernel bug: quota file size not a multiple of struct gfs2_quota
• BZ - 546554 - kernel: no clue to find what is happening when hitting a lockdep limit
• BZ - 546700 - Deadlock in aio
• BZ - 551028 - nfsv4 hangs -- kernel: decode_op_hdr: reply buffer overflowed in line 2121
• BZ - 552574 - Guest could not join the multicast group with virtio NIC
• BZ - 552886 - [RHEL5] ip_mc_sf_allow() has a lock problem
• BZ - 553407 - nanosleep() is unstable on xen kernel and ntpd with -x option
• BZ - 554706 - Kernel: network: bonding: scheduling while atomic: ifdown-eth/0x00000100/21775
• BZ - 554872 - Periodic ata exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen messages
• BZ - 555197 - dm-raid1: fix data lost at mirror log failure
• BZ - 555708 - kABI whitelist request for Fujitsu modules
• BZ - 555910 - xen migration fails when a full virt guest uses the xen-vnif driver
• BZ - 556476 - Update sfc driver (add SFC9000 support)
• BZ - 557423 - nfs: sys_read sometimes returns -EIO
• BZ - 558999 - [Broadcom 5.6 bug] kABI whitelist request for bnx2i
• BZ - 559815 - ACPI _SDD failed (AE 0x5) messages on boot
• BZ - 560540 - Reserve PNP enumerated system board iomem resources
• BZ - 560870 - Update Neighbor Cache when IPv6 RA is received on a router
• BZ - 562220 - IP PACKET DOES NOT TRANSMIT USING RAW SOCKETS
• BZ - 563271 - ITE it887x chipset serial ports don't work
• BZ - 564249 - [LSI 5.6 feat] update megaraid_sas to version 4.31
• BZ - 565560 - [5.6 FEAT] KVM network performance: Defer skb allocation in virtio-net
• BZ - 565973 - [EMC 5.6 bug] security and PSF update patch for EMC CKD ioctl
• BZ - 565974 - [5.6 FEAT] NFSv4 remove does not wait for close. Silly rename
• BZ - 566104 - route: BUG at include/linux/timer.h:82 (call from rt_secret_rebuild_oneshot)
• BZ - 566144 - Loading NAT module with/without rules affects ping behaviour
• BZ - 566767 - [Emulex 5.6 bug] kABI whitelist request for lpfc
• BZ - 567092 - possible recursive locking of inode by nfsd
• BZ - 567428 - [QLogic 5.6 FEAT] Update qla2xxx driver to version 8.03.01.05.05.06-k
• BZ - 567444 - RHEL5.6: cxgb3i driver update
• BZ - 567462 - [Broadcom 5.6 feat] Update tg3 to version 3.108+ and add 5718 B0, 5719 support
• BZ - 567479 - fasync_helper patch causing problems with GPFS
• BZ - 567604 - [Regression] bonding: 802.3ad problems with link detection
• BZ - 568111 - [Cisco 5.6 FEAT] Update enic driver to version 1.4.1.2
• BZ - 568601 - [Broadcom 5.6 FEAT] Update bnx2 to 2.0.8+
• BZ - 568606 - [Broadcom 5.6 FEAT] Update bnx2i driver and add 57712 support
• BZ - 569106 - netconsole fails with tg3
• BZ - 569342 - [5.4] nfsd dereferences uninitialized list head on error exit in nfsd4_list_rec_dir()
• BZ - 569643 - [Emulex 5.6 feat] Add be2iscsi driver for BE3 asic
• BZ - 569654 - boot hangs if scsi read capacity fails on faulty non system drive
• BZ - 570044 - kernel panic when rmmod and insmod rpcsec_gss_krb5 module
• BZ - 570091 - cpu flags missing from /proc/cpuinfo
• BZ - 570491 - vmalloc ENOMEM caused by iptables
• BZ - 570604 - X can't get signals with DRI
• BZ - 570610 - [RHEL5]: Add thread_siblings_list to /sys
• BZ - 570645 - [RHEL5] bonding mode 0 doesn't resend IGMP after a failure
• BZ - 570681 - REGRESSION: Fix iscsi failover time
• BZ - 570824 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour
• BZ - 571518 - revalidate dentries provided by LAST_BIND symlinks
• BZ - 571735 - backports of virtio_blk barrier support
• BZ - 571862 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.73.1p and include BE3 asic
• BZ - 571864 - RHEL5: coretemp: fix cpu model output
• BZ - 572004 - [LSI 5.6 FEAT] Update 3w-9xxx driver to v2.26.08.007-2.6.18RH
• BZ - 572011 - [LSI 5.6 FEAT] Add 3w-sas driver and update to v3.26.00.028-2.6.18RH
• BZ - 572285 - Add /sys/devices/system/node/nodeX/cpulist files
• BZ - 572930 - Bad ext4 sync performance on 16 TB GPT partition
• BZ - 573106 - [Stratus 5.6 bug] task md0_resync:18061 blocked for more than 120 seconds
• BZ - 573185 - large storage data corruption on 32 bit
• BZ - 573652 - Regression: AUTH_SYS cannot be requested using the 'sec=sys' export option.
• BZ - 573771 - should set ISVM bit (ECX:31) for CPUID leaf 0x00000001
• BZ - 574285 - 25% performance regression of concurrent O_DIRECT writes.
• BZ - 574557 - [Cisco 5.6 bug] kABI request for fcoe
• BZ - 574913 - memory leak when ipv6 interface disabled in sysctl.conf
• BZ - 575309 - Kernel panic - not syncing: IO-APIC + timer doesn't work!
• BZ - 575817 - nfsv4 hangs -- client/server deadlock between commit and delegation return
• BZ - 576246 - missing power_meter release() function
• BZ - 576709 - [Cisco 5.6 bug] fnic: flush Tx queue bug fix
• BZ - 577182 - vxge: not enough MMIO resources for SR-IOV error
• BZ - 578005 - [Broadcom 5.6 bug] Cannot login to iSCSI target when bnx2i is loaded last
• BZ - 578259 - Network throughput drops seriously on DomU to DomU node traffic on RHEL5.3 Xen when NIC performs RSC.
• BZ - 578261 - [5.5] SCTP: Check if the file structure is valid before checking the non-blocking flag
• BZ - 578492 - e1000_clean_tx_irq: Detected Tx Unit Hang
• BZ - 578531 - [RHEL5.5] soft lockup on vlan with bonding in balance-alb mode
• BZ - 578905 - RHEL 5.3 on DL585 G6: testing NMI watchdog fails on bootup
• BZ - 580699 - hwmon: (coretemp) Get TjMax value from MSR for i series CPUs
• BZ - 581396 - [PATCH][RHEL5.5] Fix Time drift on KVM x86_64 RHEL5.5 Guest using PV clock
• BZ - 581654 - RTL-8169 Gigatit Ethernet network devices mac address changes after soft reboot.
• BZ - 581933 - pci_mmcfg_init() making some of main memory uncacheable
• BZ - 582003 - Enable LED support in iwlagn and iwl3945 drivers (IWLWIFI_LEDS)
• BZ - 582237 - "hung_task" feature port is incomplete
• BZ - 582321 - VFS: Busy inodes after unmount issue.
• BZ - 582367 - implement dev_disable_lro for RHEL5
• BZ - 582435 - [Stratus 5.6 bug] Circular lock dep warning on cfq_exit_lock
• BZ - 582722 - TCP socket premature timeout with FRTO and TSO
• BZ - 582886 - The assigned VF cannot be found in PV guest.
• BZ - 583673 - set-cpu_llc_id-on-amd-cpus patch: undefined variable 'cpu' in in amd_detect_cmp()
• BZ - 583767 - dev_set_name() undefined in net/wireless/cfg80211.ko in some cases
• BZ - 584412 - transmission stops when tap does not consume
• BZ - 584679 - The kvm clock couldn't go back after stop/continue
• BZ - 585431 - Add log message for unhandled sense error REPORTED_LUNS_DATA_CHANGED
• BZ - 586482 - ATIIXP IDE driver reuses ide_lock unsafely
• BZ - 588015 - x86_64 host on Nehalem-EX machines will panic when installing a 4.8 GA kvm guest
• BZ - 588599 - Kernel BUG at fs/ext3/super.c:425
• BZ - 590760 - compiling a xen config produces lots of pud_present warnings
• BZ - 590763 - PG_error bit is never cleared, even when a fresh I/O to the page succeeds
• BZ - 590864 - Unkillable processes
• BZ - 591548 - netback does not properly get to the Connected state after it's been Closed
• BZ - 591674 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.76.1p
• BZ - 592322 - [RHEL 5] Errors when Accessing iSCSI luns via iSER - timing out command
• BZ - 592908 - Memory leak when nfs shares are mounted with option "nolock"
• BZ - 592961 - ext3: fsync() does not flush disk caches
• BZ - 593040 - TCP: avoid to send keepalive probes if receiving data
• BZ - 593801 - [RHEL5.5] TCP bandwidth problems with TPA and bnx2x cards
• BZ - 593862 - [RHEL5.5] Self-test using 'ethtool -t ethX' fails with "Cannot test: Operation not supported"
• BZ - 594404 - [RHEL 5.5] vxge: unable to create VLAN
• BZ - 594546 - [Intel 5.6 Bug] CPU synchronization required when doing MTRR register update
• BZ - 594635 - kernel: security: testing the wrong variable in create_by_name() [rhel-5.6]
• BZ - 595397 - GFS2: stuck in inode wait, no glocks stuck
• BZ - 595548 - [Broadcom 5.6 bug] bnx2i: MTU change does not work
• BZ - 595862 - [Broadcom 5.6 bug] cnic: Panic in cnic_iscsi_nl_msg_recv()
• BZ - 596548 - dcache unused accounting problem
• BZ - 596626 - Create reliable implementation of cancel_(delayed)_work_sync() in RHEL5
• BZ - 597143 - [LSI 5.6 bug] kABI request for mptsas, mpt2sas
• BZ - 597334 - reg_regdb_search_lock calls kmalloc while holding spinlock
• BZ - 598946 - [NetApp 5.6 bug] QLogic FC firmware errors seen on RHEL 5.5
• BZ - 599295 - Significant MSI performance issue due to redundant interrupt masking
• BZ - 600387 - gfs2 kernel - Better error reporting when mounting a gfs fs without enough journals
• BZ - 601692 - RFE virtio balloon driver does not include extended memory statistics
• BZ - 601800 - NFS-over-GFS out-of-order GETATTR Reply causes corruption
• BZ - 602402 - bnx2x panic dumps with multiple interfaces enabled
• BZ - 603706 - cifs: busy file renames across directories should fail with error
• BZ - 603806 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.77
• BZ - 604044 - NFS4 breaks when server returns NFS4ERR_FILE_OPEN
• BZ - 604779 - Page out activity when there is no current VM load
• BZ - 605259 - tcp: sending reset to the already closed socket
• BZ - 605265 - kernel bug in cfq merge logic
• BZ - 605305 - need to backport 2e3219b5c8a2e44e0b83ae6e04f52f20a82ac0f2
• BZ - 605697 - [RHEL 5.5] 32-bit pvhvm guest on 64-bit host crash w/xm mem-set
• BZ - 605720 - [RHEL 5.5] nfs: fix compatibility with hpux clients
• BZ - 605816 - [RHEL 5.6] move Tausworthe net_random generator to lib/random32
• BZ - 606851 - Wrong /proc/cpuinfo for Pentium D reported on RHEL 4.8 (only x86_64) and RHEL 5.5 (both i386 and x86_64)
• BZ - 607443 - soft lockup inside rhel5 guest
• BZ - 608641 - vegas and veno possible division by zero bug
• BZ - 608801 - [Emulex 5.6 bug] be2iscsi: IO stalls if any SGE size=65536
• BZ - 609668 - kswapd hung in D state with fragmented memory and large order allocations
• BZ - 610234 - [5u6] Bonding in ALB mode sends ARP in loop
• BZ - 611938 - [RHEL5u3] System panic at sunrpc xprt_autoclose()
• BZ - 612212 - igb: typo in igb aer code
• BZ - 613134 - [QLogic 5.6 FEAT] Add P3+ AER support to qla2xxx
• BZ - 613187 - xen Windows 2008 guest crashes on RHEL 5.4
• BZ - 613667 - always print the number of triggered NMI during test at boot
• BZ - 613780 - [RHEL 5.5] igb driver re-order UDP packets when multi-queue is enabled
• BZ - 614281 - [QLogic 5.6 FEAT] Feature Updates and Bug Fixes for qlcnic
• BZ - 614957 - ext4: mount error path corrupts slab memory
• BZ - 615227 - fix oops in clusterip_seq_stop when memory allocation fails.
• BZ - 615229 - fix oops in dl_seq_stop when memory allocation fails.
• BZ - 616512 - [Emulex 5.6 feat] Update be2net to version 2.102.404r
• BZ - 617024 - [Broadcom 5.6 FEAT] bnx2: add AER support.
• BZ - 617268 - kernel crash in br_nf_pre_routing_finish
• BZ - 617690 - ext4 and xfs wrong data returned on read after write if file size was changed with ftruncate
• BZ - 618075 - RHEL5.5 boot fail with IDE controller enabled on Cobia
• BZ - 618114 - Kernel panic on reading from /proc/bus/pci/XX/YY while hot-removing the device.
• BZ - 618512 - [QLogic 5.6] kABI whitelist request for qla4xxx
• BZ - 619070 - 802.3ad link aggregation won't work with newer (2.6.194-8.1.el5) kernel and ixgbe driver
• BZ - 619112 - CIFS mount to samba3x share shows differing ownership on sequential stat() calls to same file
• BZ - 619361 - [NetApp 5.6 bug] SCSI ALUA handler fails to handle ALUA transitioning properly
• BZ - 619767 - Update cnic to 2.1.3
• BZ - 619814 - [Qlogic 5.6 bug] qla2xxx: Back port of upstream fixes
• BZ - 619917 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.80
• BZ - 620037 - virtio-serial - need to back port guest driver to RHEL 5
• BZ - 620502 - [NetApp 5.6 bug] RHEL NFS clients disconnected from NetApp NFSv4 shares with: v4 server returned a bad sequence-id error!
• BZ - 620508 - system crashes due to corrupt net_device_wrapper structure
• BZ - 621105 - backport wireless upstream 2.6.32.18 fixes
• BZ - 621280 - [5u5] bonding: fix a race condition in calls to slave MII ioctls
• BZ - 622024 - 64-bit kernel unable to oprofile 32-bit processes
• BZ - 622559 - libata: fix suspend/resume for ATA SEMB devices
• BZ - 623519 - ENOPERM when reading /proc/sys/vm/mmap_min_addr
• BZ - 623595 - move iscsi/iser to passthrough mode, fix functioning and failover time under DM multipath
• BZ - 623675 - [QLogic 5.6 feat] qla4xxx: Update driver to 5.02.03.00.05.06-d1
• BZ - 624598 - Win7 and Windows 2008 R2 xen guests with multiple vcpus can't restart
• BZ - 624710 - [QLogic 5.6 FEAT] qla4xxx: Add PCIe AER support
• BZ - 624862 - [rhel5.6] XFS incorrectly validates inodes
• BZ - 625061 - igb doesn't see link status changes on 82580 NIC
• BZ - 625079 - [QLogic 5.6 bug] netxen: Fix enabling VLAN TSO/LSO
• BZ - 625084 - [QLogic 5.6 bug] qlcnic: Fix netdev features and other fixes
• BZ - 625688 - CVE-2010-4243 kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads
• BZ - 625841 - lpfc ioctl crash in lpfc_nlp_put()
• BZ - 625902 - [Xen] backport NMI injection for HVM guests
• BZ - 625903 - [Xen] backport hardware task switching for HVM guests
• BZ - 626018 - Allow using crc32c hardware accelerated engine on Intel Nehalem processor
• BZ - 626566 - IPR driver needs fixes to support the new Cubic-R adapter
• BZ - 626963 - AIO uses igrab in the submission path, which causes undue lock contention
• BZ - 627612 - [QLogic 5.6 BUG] qla2xxx: Correctly displaying the link state for disconnected port.
• BZ - 627836 - retry rather than fastfail DID_REQUEUE scsi errors with dm-multipath
• BZ - 627974 - Scheduling while atomic when removing slave tg3 interface from bonding
• BZ - 628828 - Fix hot-unplug handling of virtio-console ports
• BZ - 628831 - Enable NAPI for forcedeth driver
• BZ - 629081 - Bug 466441 reintroduced in kernel 2.6.18-194.el5
• BZ - 629176 - kernel: Problem with execve(2) reintroduced [rhel-5.6]
• BZ - 629457 - vlan: control vlan device TSO status with ethtool
• BZ - 629626 - groups_search() cannot handle large gid correctly
• BZ - 629634 - add pr_*(), netdev_*(), netif_*() printk helper macros
• BZ - 629638 - kernel panic in devinet_sysctl_forward when changing the /proc/sys/net/ipv4/conf/eth*/forwarding
• BZ - 629761 - [RHEL 5.5] e100/e1000*/igb*/ixgb*: Add missing read memory barrier
• BZ - 629773 - HVM guest w/ UP and PV driver hangs after live migration or suspend/resume
• BZ - 630124 - Detect and recover from cxgb3 adapter parity errors
• BZ - 630129 - [RHEL5 IA64 XEN] netfront driver: alloc_dev: Private data too big.
• BZ - 630563 - kernel: additional stack guard patches [rhel-5.6]
• BZ - 630680 - [Emulex 5.6 feat] Update be2net to version 2.102.453r
• BZ - 631963 - [Broadcom 5.6 bug] tg3: 5717 / 57765 / 5719 devices leak memory
• BZ - 632057 - [Broadcom 5.6 bug] bnx2: Remove some unnecessary smp_mb() in tx fast path
• BZ - 633149 - CVE-2010-3296 kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory
• BZ - 633388 - sfc: creates too many queues
• BZ - 634320 - [Broadcom 5.6 feat] tg3: Re-enable 5717 B0 support
• BZ - 634325 - [Broadcom 5.6 bug] tg3: Incorrect FW version displayed and FW handshake update
• BZ - 635027 - [RHEL5.6] Verify that driver version strings for updated network drivers
• BZ - 635782 - Add dirty_background_bytes and dirty_bytes sysctls to RHEL 5
• BZ - 636020 - PATCH: virtio_console: Fix poll blocking even though there is data to read
• BZ - 636046 - Disallow 0-sized writes to virtio ports to go through to host (leading to VM crash)
• BZ - 636053 - read from virtio-serial returns if the host side is not connect to pipe
• BZ - 636100 - TPM driver is not enabled in kernel-xen
• BZ - 636760 - TPM driver complains about IRQ mismatches
• BZ - 637194 - [Qlogic 5.6 bug] qlcnic: fix kernel NULL pointer dereference __qlcnic_shutdown+0xe/0x8a
• BZ - 637764 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover
• BZ - 637826 - belkin usb nic card fails - module catc.ko
• BZ - 638082 - Backport HVMOP_get_time hypercall
• BZ - 639028 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.85
• BZ - 640026 - bnx2 adapter periodically dropping received packets
• BZ - 640586 - sata_sil24 - add support for Adaptec 1225SA RAID eSATA controller
• BZ - 641086 - mpt2sas driver update causes boot failure with Dell PERC H200 SAS HBA
• BZ - 641193 - [NetApp 5.6 bug] regression: allow offlined devs to be set to running
• BZ - 643080 - tasks blocked after putting Nehalem CPU offline
• BZ - 643165 - GFS2: BUG_ON kernel panic in gfs2_glock_hold on 2.6.18-226
• BZ - 643254 - [QLogic 5.6 bug] kdump: netxen_nic doesn't work in network dumping
• BZ - 643426 - Stack size mapping is decreased through mlock/munlock call
• BZ - 643707 - [kdump] soft lockup occurs when nmi watchdog lockup is being triggered
• BZ - 644129 - Kernel build from source leaves kabideps file droppings in _tmppath
• BZ - 644136 - [QLogic 5.6 bug] qla2xxx: Fix incorrect test for zero
• BZ - 644438 - bnx2: Out of order arrival of UDP packets in application
• BZ - 644726 - panic in find_ge_pid() due to race between lseek() and readdir() on /proc
• BZ - 644735 - writing to a virtio serial port while no one is listening on the host side hangs the guest
• BZ - 644863 - [NetApp 5.6 bug] qla2xxx: Kernel panic on qla24xx_queuecommand
• BZ - 644879 - RHEL5.6 Include DL580 G7 in bfsort whitelist
• BZ - 645284 - modprobe igb max_vfs>7(Max support is 7) leads to host reboot in loop
• BZ - 645881 - [Emulex 5.6 feat] Update lpfc driver to version 8.2.0.86
• BZ - 646708 - regression: bnx2i driver returns garbage in host param callout and could oops
• BZ - 647259 - [Emulex 5.6 bug] Update be2net to version 2.102.512r
• BZ - 647297 - Direct IO write to a file on an nfs mount does not work
• BZ - 648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory
• BZ - 648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory
• BZ - 648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
• BZ - 648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
• BZ - 648670 - CVE-2010-4081 kernel: drivers/sound/pci/rme9652/hdspm.c: reading uninitialized stack memory
• BZ - 649489 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.87
• BZ - 649717 - CVE-2010-3877 kernel: net/tipc/socket.c: reading uninitialized stack memory
• BZ - 651287 - [Broadcom 5.6 bug] cnic: Panic in uio_release()
• BZ - 651698 - CVE-2010-4158 kernel: socket filters infoleak
• BZ - 651869 - probe-remove loop of i7core_edac module causes oops
• BZ - 652165 - ALSA: fix sysfs related issues (modules cannot be reloaded) and mutex problem in OSS mixer emulation
• BZ - 652279 - [5.6 FEAT] POWER7 added to Aux Vextor
• BZ - 653250 - kernel: restrict unprivileged access to kernel syslog [rhel-5.6]
• BZ - 653262 - [5.6 Regression] network is lost after balloon-up fails
• BZ - 653501 - netback tries to balloon up even if front-end doesn't do flipping
• BZ - 653991 - [Broadcom 5.6 bug] bnx2i: add upstream bug fixes to 2.6.2.2
• BZ - 654420 - [QLogic 5.6 bug] qlge: Update driver to 1.0.0.27
• BZ - 654948 - RHEL5.6 : 10Gb network card (AD144 &AD385)will be missing in installation and can not be drived in system
• BZ - 655119 - [Emulex 5.6 bug] Update lpfc driver to version 8.2.0.87.1p
• BZ - 655623 - CVE-2010-4238 kernel: Xen Dom0 crash with Windows 2008 R2 64bit DomU + GPLPV
• BZ - 656008 - [Qlogic 5.6 bug] qlcnic: Fix kdump issues
• BZ - 657097 - [Broadcom 5.6 bug] tg3: Fix 5719 bugs
• BZ - 658155 - CVE-2010-4255 xen: 64-bit PV xen guest can crash host by accessing hypervisor per-domain memory area
• BZ - 658434 - forcedeth driver panics while booting debug kernel
• BZ - 658801 - [REG][5.6] igb never counts up the number of tx packets
• BZ - 659571 - CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-5.6]
• BZ - 660188 - CVE-2010-4263 kernel: igb panics when receiving tag vlan packet
• BZ - 660506 - [Broadcom 5.6 bug] tg3: Increase tx jumbo bd flag threshold
• BZ - 660580 - [REG][5.6] kernel panic occurs by writing a file on optional mount "sync/noac" of NFSv4.
• BZ - 661182 - CVE-2010-4343 kernel: bfa driver sysfs crash
• BZ - 661393 - [IPv6] a specific route is ignored if the default gateway is reachable
• BZ - 663509 - [Broadcom 5.6 bug] bnx2: calling pci_map_page() twice in tx path
• BZ - 663853 - [REG][5.6] kernel panic occurs by reading an empty file on optional mount "sync/noac" of NFSv4.

CVEs

• CVE-2010-4080
• CVE-2010-4073
• CVE-2010-4075
• CVE-2010-4072
• CVE-2010-4158
• CVE-2010-4081
• CVE-2010-4263
• CVE-2010-4343
• CVE-2010-4255
• CVE-2010-4238
• CVE-2010-3877
• CVE-2010-3296
• CVE-2010-4243

References

• https://access.redhat.com/security/updates/classification/#important
• http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Release_Notes/index.html
• http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html