[LU-1754] Kernel update [RHEL 6.3 2.6.32-279.5.1.el6] Created: 15/Aug/12  Updated: 22/Feb/13  Resolved: 30/Sep/12

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.3.0, Lustre 1.8.9

Type: Improvement Priority: Minor
Reporter: Yang Sheng Assignee: Yang Sheng
Resolution: Fixed Votes: 0
Labels: None

Rank (Obsolete): 4484

 Description   

This update fixes the following security issues:

  • An integer overflow flaw was found in the i915_gem_execbuffer2() function
    in the Intel i915 driver in the Linux kernel. A local, unprivileged user
    could use this flaw to cause a denial of service. This issue only affected
    32-bit systems. (CVE-2012-2383, Moderate)
  • A missing initialization flaw was found in the sco_sock_getsockopt_old()
    function in the Linux kernel's Bluetooth implementation. A local,
    unprivileged user could use this flaw to cause an information leak.
    (CVE-2011-1078, Low)

Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting the
CVE-2011-1078 issue.

Bugs fixed (http://bugzilla.redhat.com/):

681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak
824176 - CVE-2012-2383 kernel: drm/i915: integer overflow in i915_gem_execbuffer2()
842429 - VLAN configured on top of a bonded interface (active-backup) does not failover [rhel-6.3.z]



 Comments   
Comment by Yang Sheng [ 15/Aug/12 ]

Patch upload to: http://review.whamcloud.com/3683

Comment by Joshua Kugler (Inactive) [ 16/Aug/12 ]

FYI, this kernel is in the update repos and ready to go.

Comment by James A Simmons [ 18/Sep/12 ]

Only patch left is for b2_1 at http://review.whamcloud.com/#change,3811

Comment by Yang Sheng [ 30/Sep/12 ]

New update move to LU-2035.

Generated at Sat Feb 10 01:19:24 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.