kernel-default: The Standard Kernel ---------------------------------------------------------------------- File: kernel-default-2.6.16.54-0.2.5.i586.rpm Version: 2.6.16.54-0.2.5 Size: 17832 kB Date: Thu 24 Jan 2008 13:25:19 CET Source: kernel-default-2.6.16.54-0.2.5.nosrc.rpm Security: Yes ---------------------------------------------------------------------- Description: This kernel update fixes the following security problems: CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). Furthermore, this kernel catches up to the SLE 10 state of the kernel, with massive additional fixes. All platforms: - patches.suse/bootsplash: Bootsplash for current kernel (none). patch the patch for Bug number 345980. - patches.fixes/megaraid-fixup-driver-version: Megaraid driver version out of sync (299740). - OCFS2: Updated to version 1.2.8 - patches.fixes/ocfs2-1.2-svn-r3070.diff: [PATCH] ocfs2: Remove overzealous BUG_ON(). - patches.fixes/ocfs2-1.2-svn-r3072.diff: [PATCH] ocfs2: fix rename vs unlink race. - patches.fixes/ocfs2-1.2-svn-r3074.diff: [PATCH] ocfs2: Remove expensive local alloc bitmap scan code. - patches.fixes/ocfs2-1.2-svn-r3057.diff: [PATCH] ocfs2: Check for cluster locking in ocfs2_readpage. - patches.fixes/ocfs2-1.2-svn-r2975.diff: ocfs2_dlm: make functions static. - patches.fixes/ocfs2-1.2-svn-r2976.diff: [PATCH] ocfs2_dlm: make tot_backoff more descriptive. - patches.fixes/ocfs2-1.2-svn-r3002.diff: [PATCH] ocfs2: Remove the printing of harmless ERRORS like ECONNRESET, EPIPE.. - patches.fixes/ocfs2-1.2-svn-r3004.diff: [PATCH] ocfs2_dlm: Call cond_resched_lock() once per hash bucket scan. - patches.fixes/ocfs2-1.2-svn-r3006.diff: [PATCH] ocfs2_dlm: Silence compiler warnings. - patches.fixes/ocfs2-1.2-svn-r3062.diff: [PATCH] ocfs2_dlm: Fix double increment of migrated lockres' owner count. - patches.fixes/hugetlb-get_user_pages-corruption.patch: hugetlb: follow_hugetlb_page() for write access (345239). - enable patches.fixes/reiserfs-fault-in-pages.patch (333412) - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids. Get the module to build... - patches.drivers/usb-add-usb_device_and_interface_info.patch: USB: add USB_DEVICE_AND_INTERFACE_INFO(). This is needed to get the HUAWEI devices to work properly, and to get patches.drivers/usb-update-evdo-driver-ids.patch to build without errors. - patches.drivers/usb-update-evdo-driver-ids.patch: USB: update evdo driver ids on request from our IT department (345438). - patches.suse/kdump-dump_after_notifier.patch: Add dump_after_notifier sysctl (265764). - patches.drivers/libata-sata_nv-disable-ADMA: sata_nv: disable ADMA by default (346508). - patches.fixes/cpufreq-fix-ondemand-deadlock.patch: Cpufreq fix ondemand deadlock (337439). - patches.fixes/eliminate-cpufreq_userspace-scaling_setspeed-deadlock.patch: Eliminate cpufreq_userspace scaling_setspeed deadlock (337439). - patches.xen/15181-dma-tracking.patch: Fix issue preventing Xen KMPs from building. - patches.drivers/r8169-perform-a-PHY-reset-before.patch: r8169: perform a PHY reset before any other operation at boot time (345658). - patches.drivers/r8169-more-alignment-for-the-0x8168: refresh. - patches.fixes/lockd-grant-shutdown: Stop GRANT callback from crashing if NFS server has been stopped. (292478). There was a problem with this patch which would cause apparently random crashes when lockd was in use. The offending change has been removed. - patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850). - patches.fixes/cifs-incomplete-recv.patch: fix incorrect session reconnects (279783). - patches.fixes/megaraid_mbox-dell-cerc-support: Fix so that it applies properly. I extended the context to 6 lines to help patch find where to apply the patch (267134). - patches.fixes/md-idle-test: md: improve the is_mddev_idle test fix (326591). AMD64/Intel EM64T (x86_64) specific: - patches.arch/x86_64-mce-loop: x86_64: fix misplaced `continue' in mce.c (344239).