https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-9148 Lustre <p>Security Fix(es):</p> <ul> <li>When creating audit records for parameters to executed children processes, an<br/> attacker can convince the Linux kernel audit subsystem can create corrupt<br/> records which may allow an attacker to misrepresent or evade logging of<br/> executing commands. (CVE-2016-6136, Moderate)</li> </ul> <ul> <li>A flaw was found in the Linux kernel's implementation of the SCTP protocol. A<br/> remote attacker could trigger an out-of-bounds read with an offset of up to 64kB<br/> potentially causing the system to crash. (CVE-2016-9555, Moderate)</li> </ul> <p>Bug Fix(es):</p> <ul> <li>The qlnic driver previously attempted to fetch pending transmission<br/> descriptors before all writes were complete, which lead to firmware hangs. With<br/> this update, the qlcnic driver has been fixed to complete all writes before the<br/> hardware fetches any pending transmission descriptors. As a result, the firmware<br/> no longer hangs with the qlcnic driver. (BZ#1403143)</li> </ul> <ul> <li>Previously, when a NFS share was mounted, the file-system (FS) cache was<br/> incorrectly enabled even when the "-o fsc" option was not used in the mount<br/> command. Consequently, the cachefilesd service stored files in the NFS share<br/> even when not instructed to by the user. With this update, NFS does not use the<br/> FS cache if not instructed by the "-o fsc" option. As a result, NFS no longer<br/> enables caching if the "-o fsc" option is not used. (BZ#1399172)</li> </ul> <ul> <li>Previously, an NFS client and NFS server got into a NFS4 protocol loop<br/> involving a WRITE action and a NFS4ERR_EXPIRED response when the current_fileid<br/> counter got to the wraparound point by overflowing the value of 32 bits. This<br/> update fixes the NFS server to handle the current_fileid wraparound. As a<br/> result, the described NFS4 protocol loop no longer occurs. (BZ#1399174)</li> </ul> <ul> <li>Previously, certain configurations of the Hewlett Packard Smart Array (HPSA)<br/> devices caused hardware to be set offline incorrectly when the HPSA driver was<br/> expected to wait for existing I/O operations to complete. Consequently, a kernel<br/> panic occurred. This update prevents the described problem. As a result, the<br/> kernel panic no longer occurs. (BZ#1399175)</li> </ul> <ul> <li>Previously, memory corruption by copying data into the wrong memory locations<br/> sometimes occurred, because the __copy_tofrom_user() function was returning<br/> incorrect values. This update fixes the __copy_tofrom_user() function so that it<br/> no longer returns larger values than the number of bytes it was asked to copy.<br/> As a result, memory corruption no longer occurs in he described scenario.<br/> (BZ#1398185)</li> </ul> <ul> <li>Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in<br/> some cases rebooted during the graceful node failover test, because the host<br/> kept sending heartbeat packets independently of guests responding to them. This<br/> update fixes the bug by properly responding to all the heartbeat messages in the<br/> queue, even if they are pending. As a result, guest VMs no longer get rebooted<br/> under the described circumstances. (BZ#1397739)</li> </ul> <ul> <li>When the "punching hole" feature of the fallocate utility was used on an ext4<br/> file system inode with extent depth of 1, the extent tree of the inode sometimes<br/> became corrupted. With this update, the underlying source code has been fixed,<br/> and extent tree corruption no longer occurs in the described situation.<br/> (BZ#1397808)</li> </ul> <p>Bugs fixed (<a href="https://bugzilla.redhat.com/):" class="external-link" target="_blank" rel="nofollow noopener">https://bugzilla.redhat.com/):</a></p> <p>1353533 - CVE-2016-6136 kernel: Race condition vulnerability in execve argv arguments<br/> 1397930 - CVE-2016-9555 kernel: Slab out-of-bounds access in sctp_sf_ootb()</p> LU-9148

kernel update [RHEL6.8 2.6.32-642.15.1.el6]

Bug Minor Resolved Fixed Bob Glossman Bob Glossman Thu, 23 Feb 2017 18:33:30 +0000 Sat, 16 Sep 2017 08:26:34 +0000 Wed, 26 Apr 2017 11:11:35 +0000 Lustre 2.10.0 0 3 <p>Bob Glossman (bob.glossman@intel.com) uploaded a new patch: <a href="https://review.whamcloud.com/25633" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/25633</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9148" title="kernel update [RHEL6.8 2.6.32-642.15.1.el6]" class="issue-link" data-issue-key="LU-9148"><del>LU-9148</del></a> kernel: kernel update RHEL6.8 <span class="error">&#91;2.6.32-642.15.1.el6&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: a913a5dc09aac4854146d0553e275db7f901592a</p> <p>this one does not look like it fies anything critical security-wise.</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="https://review.whamcloud.com/25633/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/25633/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9148" title="kernel update [RHEL6.8 2.6.32-642.15.1.el6]" class="issue-link" data-issue-key="LU-9148"><del>LU-9148</del></a> kernel: kernel update RHEL6.8 <span class="error">&#91;2.6.32-642.15.1.el6&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: a168a6c1d5a7ba6322a8f7ecc3fbb3ffb855c80a</p> <p>Landed for 2.10</p> Duplicate LU-2586 Related LU-9144 Development Rank 1|hzz4rj: Rank (Obsolete) 9223372036854775807 Severity