kernel-PAE-2.6.18-419.el5.i686
[19.9 MiB] |
Changelog
by Radomir Vrbovsky (2017-02-22):
- [net] dccp: Use AF-independent rebuild_header routine (Hannes Frederic Sowa) [1424751]
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424633] {CVE-2017-6074}
- [redhat] kernel.spec.template: disable autoloading for dccp proto (Hannes Frederic Sowa) [1425177]
|
kernel-PAE-2.6.18-417.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2016-11-19):
- [virt] hv: do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1391167]
- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390044] {CVE-2016-7117}
|
kernel-PAE-2.6.18-416.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2016-10-26):
- [mm] Fix Privilege escalation via MAP_PRIVATE (Larry Woodman) [1385112] {CVE-2016-5195}
|
kernel-PAE-2.6.18-409.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2016-02-12):
- [fs] ext4: limit group search loop for non-extent files (Lukas Czerner) [1301100]
- [fb] vm: convert fb_mmap to vm_iomap_memory() helper (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [s390] add dummy io_remap_pfn_range() to asm-s390/pgtable.h (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [mm] vm: add vm_iomap_memory() helper function (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [sched] prevent division by zero x->cpu_power (Denys Vlasenko) [1209728]
- [xen] x86: fully ignore segment override for register-only ops (Mateusz Guzik) [1200373] {CVE-2015-2151}
|
kernel-PAE-2.6.18-408.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2015-12-11):
- [net] udp: fix behavior of wrong checksums (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
- [net] ipv6/udp: Use correct var to determine non-blocking cond (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
- [net] SNMP: Restore Udp6InErrors incrementation (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
|
kernel-PAE-2.6.18-406.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2015-05-01):
- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Mateusz Guzik) [1203787] {CVE-2015-1805}
|
kernel-PAE-2.6.18-404.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2015-03-06):
- [infiniband] core: Prevent integer overflow in ib_umem_get (Doug Ledford) [1179353] {CVE-2014-8159}
|
kernel-PAE-2.6.18-402.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2015-01-08):
- [block] virtio: Reset device after blk_cleanup_queue() (Stefan Hajnoczi) [1006536]
- [block] virtio: Call del_gendisk() before disable guest kick (Stefan Hajnoczi) [1006536]
- [block] virtio: Drop unused request tracking list (Stefan Hajnoczi) [1006536]
- [fs] cifs: setfacl removes part of ACL when setting POSIX ACLs (Sachin Prabhu) [1105625]
- [fs] splice: perform generic write checks (Eric Sandeen) [1155908] {CVE-2014-7822}
- [fs] ext4: verify block bitmap (Lukas Czerner) [1034403]
- [fs] ext4: fix type declaration of ext4_validate_block_bitmap (Lukas Czerner) [1034403]
- [fs] ext4: error out if verifying the block bitmap fails (Lukas Czerner) [1034403]
- [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322}
|
kernel-PAE-2.6.18-400.1.1.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2014-12-14):
- [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322}
|
kernel-PAE-2.6.18-400.el5.i686
[19.9 MiB] |
Changelog
by Alexander Gordeev (2014-10-17):
- [net] bridge: disable snooping if there is no querier (Frantisek Hrbata) [902454]
- [s390] kernel: sysinfo: convert /proc/sysinfo to seqfile (Alexander Gordeev) [1131283]
- [net] netlink: verify permisions of socket creator (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: store effective caps at socket() time (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Rename netlink_capable netlink_allowed (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Fix permission check in netlink_connect() (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: fix possible spoofing from non-root processes (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Make NETLINK_USERSOCK work again (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: fix for too early rmmod (Jiri Benc) [1094266] {CVE-2014-0181}
|
kernel-PAE-2.6.18-371.12.1.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2014-08-07):
- [audit] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102702 1102703] {CVE-2014-3917}
- [mm] writeback: Fix hang when low on memory due to NFS traffic (Larry Woodman) [1125246 1080194]
- [net] tg3: Fix Read DMA workaround for 5719 A0 (Ivan Vecera) [1121017 924590]
- [fs] jbd: don't wake kjournald unnecessarily (Denys Vlasenko) [1116027 1081785]
- [fs] jbd: don't wait (forever) for stale tid caused by wraparound (Denys Vlasenko) [1116027 1081785]
- [fs] ext4: fix waiting and sending of barrier in ext4_sync_file() (Denys Vlasenko) [1116027 1081785]
- [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Denys Vlasenko) [1116027 1081785]
- [fs] jbd2: fix sending of data flush on journal commit (Denys Vlasenko) [1116027 1081785]
- [fs] ext4, jbd2: Add barriers for file systems with ext journals (Denys Vlasenko) [1116027 1081785]
- [fs] jbd: fix fsync() tid wraparound bug (Denys Vlasenko) [1116027 1081785]
- [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [1117665 1102768]
|
kernel-PAE-2.6.18-371.11.1.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2014-06-30):
- [fs] dcache: fix cleanup on warning in d_splice_alias (Denys Vlasenko) [1109720 1080606]
- [net] neigh: Make neigh_add_timer symmetrical to neigh_del_timer (Marcelo Ricardo Leitner) [1111195 1109888]
- [net] neigh: set NUD_INCOMPLETE when probing router reachability (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: router reachability probing (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: probe routes asynchronous in rt6_probe (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ndisc: Update neigh->updated with write lock (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: remove the unnecessary statement in find_match() (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: fix route selection if CONFIG_IPV6_ROUTER_PREF unset (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: Fix def route failover when CONFIG_IPV6_ROUTER_PREF=n (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: Prefer reachable nexthop only if the caller requests (Marcelo Ricardo Leitner) [1106354 1090806]
- [fs] ext4/jbd2: don't wait forever stale tid caused by wraparound (Eric Sandeen) [1097528 980268]
- [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [1097528 980268]
- [fs] jbd2: don't wake kjournald unnecessarily (Eric Sandeen) [1097528 980268]
- [fs] jbd2: fix fsync() tid wraparound bug (Eric Sandeen) [1097528 980268]
- [infiniband] rds: do not deref NULL dev in rds_iw_laddr_check() (Jacob Tanenbaum) [1093311 1093312] {CVE-2014-2678}
- [fs] nfs4: Add recovery for individual stateids - partial backport. (Dave Wysochanski) [1113468 867570]
- [fs] nfs4: Don't start state recovery in nfs4_close_done - clean backport. (Dave Wysochanski) [1113468 867570]
- [xen] page-alloc: scrub anonymous domain heap pages upon freeing (Vitaly Kuznetsov) [1103648 1103649] {CVE-2014-4021}
|
kernel-PAE-2.6.18-371.9.1.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2014-05-13):
- [nfs] sunrpc: don't use a credential with extra groups (Mateusz Guzik) [1095062 976201]
- [scsi] lpfc: Remove NDLP reference put in lpfc_cmpl_els_logo_acc (Rob Evers) [1096061 1075228]
- [infiniband] rds: dereference of a NULL device (Jacob Tanenbaum) [1079216 1079217] {CVE-2013-7339}
- [kernel] futex: check relative timeouts for overflow (Denys Vlasenko) [1091832 1084168]
- [virt] kvm: correctly detect KVM when hv emulation is enalbed (Jason Wang) [1094152 985767]
- [security] Fix spurious warnings in security_ops_task_setrlimit (Mateusz Guzik) [1092869 916235]
- [block] floppy: don't write kernel-only members to FDRAWCMD output (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}
- [block] floppy: ignore kernel-only members in FDRAWCMD input (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}
|
kernel-PAE-2.6.18-371.8.1.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2014-03-28):
- [virt] HID: memory corruption flaw drivers/usb/input/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}
- [virt] HID: memory corruption flaw in drivers/hv/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}
- [scsi] lpfc: Fix task management commands having a fixed timeout (Ewan Milne) [1073123 1061120]
- [net] tcp: drop SYN+FIN messages (Jiri Pirko) [1066057 1066058] {CVE-2012-6638}
- [fs] GFS2: Check if glock held in gfs2_readpage (Robert S Peterson) [1073953 1063434]
- [net] sunrpc: fix deadlock in task wakeup code (Jeff Layton) [1073731 998126]
|
kernel-PAE-2.6.18-371.6.1.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2014-02-18):
- [net] be2net: don't use skb_get_queue_mapping() (Ivan Vecera) [1066302 1063955]
- [ipc] change refcount to atomic_t (Phillip Lougher) [1024866 1024868] {CVE-2013-4483}
- [s390] qeth: buffer overflow in snmp ioctl (Jacob Tanenbaum) [1034402 1034404] {CVE-2013-6381}
- [scsi] AACRAID Driver compat IOCTL missing capability check (Jacob Tanenbaum) [1033531 1033532] {CVE-2013-6383}
- [xen] x86/AMD: work around erratum 793 (Radim Krcmar) [1035834 1035836] {CVE-2013-6885}
- [xen] do not expose hypercalls to rings 1 and 2 of HVM guests (Andrew Jones) [1029112 1029113] {CVE-2013-4554}
- [redhat] kabi: Adding symbol print_hex_dump (Jiri Olsa) [1054055 662558]
- [scsi] Add 'eh_deadline' to limit SCSI EH runtime (Ewan Milne) [1050097 956132]
- [scsi] remove check for 'resetting' (Ewan Milne) [1050097 956132]
- [scsi] dc395: Move 'last_reset' into internal host structure (Ewan Milne) [1050097 956132]
- [scsi] tmscsim: Move 'last_reset' into host structure (Ewan Milne) [1050097 956132]
- [scsi] advansys: Remove 'last_reset' references (Ewan Milne) [1050097 956132]
- [scsi] dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (Ewan Milne) [1050097 956132]
- [scsi] dpt_i2o: Remove DPTI_STATE_IOCTL (Ewan Milne) [1050097 956132]
- [net] ipv6: fix leaking uninit port number of offender sockaddr (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] fix addr_len/msg->msg_namelen assign in recv_error funcs (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] prevent leakage of uninitialized memory to user in recv (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] be2net: prevent Tx stall on SH-R when packet size < 32 (Ivan Vecera) [1051535 1007995]
- [net] be2net: Trim padded packets for Lancer (Ivan Vecera) [1051535 1007995]
- [net] be2net: Pad skb to meet min Tx pkt size in lancer (Ivan Vecera) [1051535 1007995]
- [net] be2net: refactor HW workarounds in be_xmit() (Ivan Vecera) [1051535 1007995]
- [fs] exec/ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039483 1039484] {CVE-2013-2929}
|
kernel-PAE-2.6.18-371.4.1.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2014-01-08):
- [char] ipmi: fix message handling during panics (Tony Camuso) [1049731 995293]
- [net] igb: Use 32bit mask calculating the flow control watermarks (Stefan Assmann) [1041694 1036115]
- [fs] NTLM auth and sign - Use appropriate server challenge (Sachin Prabhu) [1029865 1018286]
- [xen] gnttab: correct locking order reversal (Radim Krcmar) [1026245 1026246] {CVE-2013-4494}
|
kernel-PAE-2.6.18-371.3.1.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2013-11-11):
- [net] be2net: don't use GRO for packets w/ re-inserted VLAN tags (Ivan Vecera) [1023348 1008691]
- [net] tg3: call pci_enable_wake() to set power state (John Feeney) [1014973 996331]
- [misc] backport fixes for percpu-rw-semaphore (Mikulas Patocka) [1014715 867997]
- [xen] information leak via I/O instruction emulation (Igor Mammedov) [1009602 1009603] {CVE-2013-4355}
|
kernel-PAE-2.6.18-371.1.2.el5.i686
[19.8 MiB] |
Changelog
by Radomir Vrbovsky (2013-10-07):
- [xen] x86: check segment descriptor read result in 64-bit OUTS emulation (Radim Krcmar) [1012958 1012959] {CVE-2013-4368}
- [md] dm snapshot: fix data corruption (Mikulas Patocka) [1004734 975353] {CVE-2013-4299}
|
kernel-PAE-2.6.18-371.el5.i686
[19.8 MiB] |
Changelog
by Phillip Lougher (2013-09-05):
- [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [987539]
|
kernel-PAE-2.6.18-348.18.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2013-09-06):
- [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [1005239 987539]
- [kernel] signals: stop info leak via tkill and tgkill syscalls (Oleg Nesterov) [970874 970875] {CVE-2013-2141}
- [net] ipv6: do udp_push_pending_frames AF_INET sock pending data (Jiri Benc) [987647 987648] {CVE-2013-4162}
- [mm] use-after-free in madvise_remove() (Jacob Tanenbaum) [849735 849736] {CVE-2012-3511}
- [fs] autofs: remove autofs dentry mount check (Ian Kent) [1001488 928098]
|
kernel-PAE-2.6.18-348.16.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2013-07-26):
- [x86_64] Fix kdump failure due to 'x86_64: Early segment setup' (Paolo Bonzini) [988251 987244]
- [xen] skip tracing if it was disabled instead of dying (Igor Mammedov) [987976 967053]
- [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783]
- [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531]
- [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531]
- [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531]
|
kernel-PAE-2.6.18-348.12.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2013-07-01):
- Revert: [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: handle NULL p_ext in ext4_ext_next_allocated_block() (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: make FIEMAP and delayed allocation play well together (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: Fix possibly very long loop in fiemap (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: prevent race while walking extent tree for fiemap (Lukas Czerner) [960014 692071]
|
kernel-PAE-2.6.18-348.6.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2013-04-26):
- [char] ipmi: use a tasklet for handling received messages (Tony Camuso) [953435 947732]
- [char] ipmi: do run_to_completion properly in deliver_recv_msg (Tony Camuso) [953435 947732]
- [fs] nfs4: fix locking around cl_state_owners list (Dave Wysochanski) [954296 948317]
- [fs] nfs: Fix bugs on short read (Sachin Prabhu) [952098 924011]
- [xen] AMD IOMMU: spot missing IO-APIC entries in IVRS table (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] AMD, IOMMU: Make per-device interrupt remap table default (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] AMD, IOMMU: Disable IOMMU if SATA Combined mode is on (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] AMD, IOMMU: On creating entry clean up in remapping tables (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] ACPI: acpi_table_parse() should return handler's err code (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] introduce xzalloc() & Co (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531]
- [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531]
- [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531]
|
kernel-PAE-2.6.18-348.4.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2013-03-22):
- [virt] xen-netback: backports (Andrew Jones) [910884 910885] {CVE-2013-0216}
- [virt] xen-netback: netif_schedulable should take a netif (Andrew Jones) [910884 910885] {CVE-2013-0216}
- [virt] pciback: rate limit error mess from pciback_enable_msi() (Igor Mammedov) [910876 910877] {CVE-2013-0231}
- [net] be2net: remove BUG_ON() in be_mcc_compl_is_new() (Ivan Vecera) [923910 907524]
- [net] ipv4: Update MTU to all related cache entries (Amerigo Wang) [923353 905190]
- [net] annotate rt_hash_code() users (Amerigo Wang) [923353 905190]
- [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922426 922427] {CVE-2012-6537}
- [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922426 922427] {CVE-2012-6537}
- [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922426 922427] {CVE-2012-6537}
- [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922384 922385] {CVE-2012-6546}
- [net] atm: fix info leak via getsockname() (Thomas Graf) [922384 922385] {CVE-2012-6546}
- [net] tun: fix ioctl() based info leaks (Thomas Graf) [922348 922349] {CVE-2012-6547}
- [net] llc, zero sockaddr_llc struct (Thomas Graf) [922327 922329] {CVE-2012-6542}
- [net] llc: fix info leak via getsockname() (Thomas Graf) [922327 922329] {CVE-2012-6542}
- [net] xfrm_user: return error pointer instead of NULL (Thomas Graf) [919386 919387] {CVE-2013-1826}
- [net] ixgbevf: allocate room for mailbox MSI-X interrupt's name (Laszlo Ersek) [924134 862862]
- [fs] knfsd: allow nfsd READDIR to return 64bit cookies (Niels de Vos) [924087 918952]
|
kernel-PAE-2.6.18-348.3.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2013-03-05):
- [utrace] ensure arch_ptrace() can never race with SIGKILL (Oleg Nesterov) [912071 912072] {CVE-2013-0871}
- [x86] msr: Add capabilities check (Nikola Pajkovsky) [908696 908697] {CVE-2013-0268}
|
kernel-PAE-2.6.18-348.2.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2013-02-07):
- [misc] tainted flags, fix buffer size (Prarit Bhargava) [905829 901547]
- [net] be2net: fix unconditionally returning IRQ_HANDLED in INTx (Ivan Vecera) [884704 878316]
- [net] be2net: fix INTx ISR for interrupt behaviour on BE2 (Ivan Vecera) [884704 878316]
- [net] be2net: fix a possible events_get() race on BE2 (Ivan Vecera) [884704 878316]
- [firmware] Expand kernel boot-time storage for DMI table structs (Lenny Szubowicz) [902683 862865]
- [fs] udf: Fortify loading of sparing table (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400}
- [fs] udf: Improve table length check to avoid possible overflow (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400}
- [fs] udf: Avoid run away loop when partition table is corrupted (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400}
|
kernel-PAE-2.6.18-348.1.1.el5.i686
[19.8 MiB] |
Changelog
by Alexander Gordeev (2012-12-14):
- [pci] intel-iommu: reduce max num of domains supported (Don Dutile) [886876 885125]
- [fs] gfs2: Fix leak of cached directory hash table (Steven Whitehouse) [886124 831330]
- [x86] mm: randomize SHLIB_BASE (Petr Matousek) [804953 804954] {CVE-2012-1568}
- [net] be2net: create RSS rings even in multi-channel configs (Ivan Vecera) [884702 878209]
- [net] tg3: Avoid dma read error (John Feeney) [885692 877474]
- [misc] Fix unsupported hardware message (Prarit Bhargava) [885063 876587]
- [net] ipv6: discard overlapping fragment (Jiri Pirko) [874837 874838] {CVE-2012-4444}
- [usb] Fix serial port reference counting on hotplug remove (Don Zickus) [885700 845447]
- [net] bridge: export its presence and fix bonding igmp reporting (Veaceslav Falico) [884742 843473]
- [fs] nfs: move wait for server->active from put_super to kill_sb (Jeff Layton) [884708 839839]
- [scsi] libfc: fix indefinite rport restart (Neil Horman) [884740 595184]
- [scsi] libfc: Retry a rejected PRLI request (Neil Horman) [884740 595184]
- [scsi] libfc: Fix remote port restart problem (Neil Horman) [884740 595184]
- [xen] memop: limit guest specified extent order (Laszlo Ersek) [878449 878450] {CVE-2012-5515}
- [xen] get bottom of EBDA from the multiboot data structure (Paolo Bonzini) [885062 881885]
|
kernel-PAE-2.6.18-308.24.1.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-11-21):
- Revert: [scsi] sg: fix races during device removal (Ewan Milne) [868950 861004]
|
kernel-PAE-2.6.18-308.20.1.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-11-06):
- Revert: [x86] mm: randomize SHLIB_BASE (Dave Anderson) [804953 804954] {CVE-2012-1568}
|
kernel-PAE-2.6.18-308.16.1.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-09-18):
- Revert: [fs] nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir() (Eric Sandeen) [847943 784191]
- Revert: [fs] add new FMODE flags: FMODE_32bithash and FMODE_64bithash (Eric Sandeen) [847943 784191]
- Revert: [fs] nfsd: rename 'int access' to 'int may_flags' in nfsd_open() (Eric Sandeen) [847943 784191]
- Revert: [fs] nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (Eric Sandeen) [847943 784191]
- Revert: [fs] vfs: add generic_file_llseek_size (Eric Sandeen) [847943 784191]
- Revert: [s390/ppc64] add is_compat_task() for s390 and ppc64 (Eric Sandeen) [847943 784191]
- Revert: [fs] ext3: return 32/64-bit dir name hash according to usage type (Eric Sandeen) [847943 784191]
- Revert: [fs] ext4: improve llseek error handling for large seek offsets (Eric Sandeen) [847943 784191]
- Revert: [fs] ext4: return 32/64-bit dir name hash according to usage type (Eric Sandeen) [847943 784191]
- Revert: [fs] vfs: allow custom EOF in generic_file_llseek code (Eric Sandeen) [847943 784191]
- Revert: [fs] ext4: use core vfs llseek code for dir seeks (Eric Sandeen) [847943 784191]
- Revert: [fs] ext3: pass custom EOF to generic_file_llseek_size() (Eric Sandeen) [847943 784191]
|
kernel-PAE-2.6.18-308.13.1.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-07-26):
- [net] e1000e: Cleanup logic in e1000_check_for_serdes_link_82571 (Dean Nelson) [841370 771366]
- [net] e1000e: Correct link check logic for 82571 serdes (Dean Nelson) [841370 771366]
- [mm] NULL pointer dereference in __vm_enough_memory (Jerome Marchand) [840077 836244]
- [fs] dlm: fix slow rsb search in dir recovery (David Teigland) [838140 753244]
- [fs] autofs: propogate LOOKUP_DIRECTORY flag only for last comp (Ian Kent) [830264 814418]
- [fs] ext4: properly dirty split extent nodes (Eric Sandeen) [840946 839770]
- [scsi] don't offline devices with a reservation conflict (David Jeffery) [839196 835660]
- [fs] ext4: Fix overflow caused by missing cast in ext4_fallocate (Lukas Czerner) [837226 830351]
- [net] dl2k: Clean up rio_ioctl (Weiping Pan) [818822 818823] {CVE-2012-2313}
- [x86] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [835450 834562]
- [net] tg3: Fix TSO handling (John Feeney) [833182 795672]
- [input] evdev: use after free from open/disconnect race (David Jeffery) [832448 822166]
|
kernel-PAE-2.6.18-308.11.1.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-06-15):
- [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226]
- [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226]
- [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226]
|
kernel-PAE-2.6.18-308.8.2.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-05-29):
- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970]
|
kernel-PAE-2.6.18-308.8.1.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-05-04):
- [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [816290 816106] {CVE-2012-2136}
- [net] tg3: Fix VLAN tagging assignments (John Feeney) [817691 797011]
- [net] ixgbe: do not stop stripping VLAN tags in promiscuous mode (Andy Gospodarek) [809791 804800]
- [s390] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [810123 808489]
- [x86] unwind information fix for the vsyscall DSO (Prarit Bhargava) [807930 805799]
|
kernel-PAE-2.6.18-308.4.1.el5.i686
[19.4 MiB] |
Changelog
by Alexander Gordeev (2012-03-28):
- [net] ipv6: fix skb double free in xfrm6_tunnel (Jiri Benc) [752305 743375] {CVE-2012-1583}
|
kernel-PAE-2.6.18-274.18.1.el5.i686
[18.5 MiB] |
Changelog
by Phillip Lougher (2012-01-20):
- [misc] Move exit_robust_list to mm_release, null lists on cleanup (Laszlo Ersek) [771774 750283] {CVE-2012-0028}
- [block] disable SG_IO ioctls on virtio-blk devices (Paolo Bonzini) [773322 771592]
- [scsi] fix 32-on-64 block device ioctls (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [fs] ext4: fix BUG_ON() in ext4_ext_insert_extent() (Lukas Czerner) [747943 747946] {CVE-2011-3638}
- [scsi] don't fail scans when host is in recovery (Rob Evers) [772162 657345]
- [fs] jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) [783477 783284] {CVE-2011-4086}
- [net] igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Jiri Pirko) [772868 772869] {CVE-2012-0207}
|
kernel-PAE-2.6.18-274.17.1.el5.i686
[18.5 MiB] |
Changelog
by Phillip Lougher (2012-01-04):
- Revert: [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- Revert: [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- Revert: [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- Revert: [scsi] fix 32-on-64 block device ioctls (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
|
kernel-PAE-2.6.18-274.12.1.el5.i686
[18.5 MiB] |
Changelog
by Phillip Lougher (2011-11-08):
- Revert: [virt] kvm: fix lost tick accounting for 32 bit kvm-clock (Rik van Riel) [747875 731599]
|
kernel-PAE-2.6.18-274.7.1.el5.i686
[18.5 MiB] |
Changelog
by Phillip Lougher (2011-10-17):
- Revert: [xen] passthrough: block VT-d MSI trap injection (Paolo Bonzini) [716301 716302] {CVE-2011-1898}
|
kernel-PAE-2.6.18-274.3.1.el5.i686
[18.5 MiB] |
Changelog
by Don Howard (2011-08-26):
- [xen] fix off-by-one shift in x86_64 __addr_ok (Laszlo Ersek) [728043 719850] {CVE-2011-2901}
|
kernel-PAE-2.6.18-238.19.1.el5.i686
[17.3 MiB] |
Changelog
by Phillip Lougher (2011-07-10):
- Revert: [xen] hvm: svm support cleanups (Andrew Jones) [703715 702657] {CVE-2011-1780}
- Revert: [xen] hvm: secure svm_cr_access (Andrew Jones) [703715 702657] {CVE-2011-1780}
- Revert: [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [719066 717742]
- Revert: [xen] remove unused argument to __get_instruction_length (Phillip Lougher) [719066 717742]
- Revert: [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [719066 717742]
- Revert: [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [719066 717742]
|
kernel-PAE-2.6.18-238.12.1.el5.i686
[17.3 MiB] |
Changelog
by Phillip Lougher (2011-05-07):
- [x86_64] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [699610 692921]
- [i386] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [699610 692921]
- [xen] fix MAX_EVTCHNS definition (Laszlo Ersek) [701242 701240]
- [net] ixgbe: fix for link failure on SFP+ DA cables (Don Howard) [696181 653236]
- [net] netxen: limit skb frags for non tso packet (Phillip Lougher) [699609 672368]
- [block] cciss: fix lost command problem (Phillip Lougher) [696503 696153]
- [fs] gfs2: fix filesystem hang caused by incorrect lock order (Robert S Peterson) [688855 656032]
- [fs] gfs2: restructure reclaim of unlinked dinodes (Phillip Lougher) [688855 656032]
- [fs] gfs2: unlock on gfs2_trans_begin error (Robert S Peterson) [688855 656032]
- [scsi] mpt2sas: prevent heap overflows and unchecked access (Tomas Henzl) [694526 694527] {CVE-2011-1495 CVE-2011-1494}
- [net] bridge/netfilter: fix ebtables information leak (Don Howard) [681325 681326] {CVE-2011-1080}
- [net] bluetooth: fix sco information leak to userspace (Don Howard) [681310 681311] {CVE-2011-1078}
- [fs] fix corrupted GUID partition table kernel oops (Jerome Marchand) [695979 695980] {CVE-2011-1577}
- [xen] x86/domain: fix error checks in arch_set_info_guest (Laszlo Ersek) [688581 688582] {CVE-2011-1166}
- [net] bridge: fix initial packet flood if !STP (Jiri Pirko) [701222 695369]
- [fs] nfsd: fix auth_domain reference leak on nlm operations (J. Bruce Fields) [697448 589512]
- [scsi] qla2xxx: no reset/fw-dump on CT/ELS pt req timeout (Chad Dupuis) [689700 660386]
- [mm] set barrier and send tlb flush to all affected cpus (Prarit Bhargava) [696908 675793]
|
kernel-PAE-2.6.18-238.9.1.el5.i686
[17.3 MiB] |
Changelog
by Jiri Pirko (2011-03-18):
- [md] dm-mpath: fix NULL deref when path parameter missing (Mike Snitzer) [683443 673058]
- [md] dm-mpath: wait for pg_init completion on suspend (Mike Snitzer) [683443 673058]
- [md] dm-mpath: hold io until all pg_inits completed (Mike Snitzer) [683443 673058]
- [md] dm-mpath: skip activate_path for failed paths (Mike Snitzer) [683443 673058]
- [md] dm-mpath: pass struct pgpath to pg init done (Mike Snitzer) [683443 673058]
- [md] dm-mpath: prevent io from work queue while suspended (Mike Snitzer) [683443 673058]
- [md] dm-mpath: add mutex to sync adding and flushing work (Mike Snitzer) [683443 673058]
- [md] dm-mpath: flush workqueues before suspend completes (Mike Snitzer) [683443 673058]
|
kernel-PAE-2.6.18-238.5.1.el5.i686
[17.3 MiB] |
Changelog
by Jiri Pirko (2011-02-21):
- [x86_64] vdso: fix gtod via export of sysctl_vsyscall (Prarit Bhargava) [678613 673616]
|
kernel-PAE-2.6.18-238.1.1.el5.i686
[17.3 MiB] |
Changelog
by Jiri Pirko (2011-01-04):
- [scsi] megaraid: give FW more time to recover from reset (Tomas Henzl) [667141 665427]
- [fs] gfs2: fix statfs error after gfs2_grow (Robert S Peterson) [666792 660661]
- [mm] prevent file lock corruption using popen(3) (Larry Woodman) [667050 664931]
- [net] sctp: fix panic from bad socket lock on icmp error (Neil Horman) [665476 665477] {CVE-2010-4526}
|
kernel-PAE-2.6.18-194.32.1.el5.i686
[17.0 MiB] |
Changelog
by Jiri Pirko (2010-12-20):
- [fs] nfs: set lock_context field in nfs_readpage_sync (Jeff Layton) [664416 663853]
|
kernel-PAE-2.6.18-194.26.1.el5.i686
[16.9 MiB] |
Changelog
by Jiri Pirko (2010-10-29):
- [net] mlx4: bump max log_mtts_per_seg memory reservation (Jay Fenlason) [643806 636198]
|
kernel-PAE-2.6.18-194.17.4.el5.i686
[16.9 MiB] |
Changelog
by Jiri Pirko (2010-10-20):
- [net] rds: fix local privilege escalation (Eugene Teo) [642897 642898] {CVE-2010-3904}
|
kernel-PAE-2.6.18-194.17.1.el5.i686
[16.9 MiB] |
Changelog
by Jiri Pirko (2010-09-20):
- Syncing following patch from branched build:
- [misc] make compat_alloc_user_space() incorporate the access_ok() (Don Howard) [634463 634464] {CVE-2010-3081}
|
kernel-PAE-2.6.18-194.11.4.el5.i686
[16.9 MiB] |
Changelog
by Don Howard (2010-09-17):
- [misc] make compat_alloc_user_space() incorporate the access_ok() (Don Howard) [634463 634464] {CVE-2010-3081}
|
kernel-PAE-2.6.18-194.11.3.el5.i686
[16.9 MiB] |
Changelog
by Jiri Pirko (2010-08-23):
- [mm] accept an abutting stack segment (Jiri Pirko) [607857 607858] {CVE-2010-2240}
|
kernel-PAE-2.6.18-194.11.1.el5.i686
[16.9 MiB] |
Changelog
by Jiri Pirko (2010-07-27):
- [scsi] qla2xxx: update firmware to version 5.03.02 (Chad Dupuis) [613688 598946]
|
kernel-PAE-2.6.18-194.8.1.el5.i686
[16.9 MiB] |
Changelog
by Jiri Pirko (2010-06-23):
- [net] cnic: fix bnx2x panic w/multiple interfaces enabled (Stanislaw Gruszka) [607087 602402]
|
kernel-PAE-2.6.18-194.3.1.el5.i686
[16.9 MiB] |
Changelog
by Jiri Pirko (2010-05-02):
- [net] bnx2: fix lost MSI-X problem on 5709 NICs (John Feeney) [587799 511368]
|
kernel-PAE-2.6.18-164.15.1.el5.i686
[15.7 MiB] |
Changelog
by Jiri Pirko (2010-03-01):
- [net] sctp: backport cleanups for ootb handling V2 (Neil Horman) [555666 555667] {CVE-2010-0008}
- Reverting: [net] sctp: backport cleanups for ootb handling (Neil Horman) [555666 555667] {CVE-2010-0008}
|
kernel-PAE-2.6.18-164.11.1.el5.i686
[15.7 MiB] |
Changelog
by Jiri Pirko (2010-01-06):
- [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547241 547242] {CVE-2009-4138}
- [x86] sanity check for AMD northbridges (Andrew Jones) [549905 547518]
- [x86_64] disable vsyscall in kvm guests (Glauber Costa) [550968 542612]
- [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [549908 525100]
- [fs] respect flag in do_coredump (Danny Feng) [544188 544189] {CVE-2009-4036}
- [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [547521 544342]
- [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540740 540741] {CVE-2009-4020}
- [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538736 538737] {CVE-2009-4021}
- [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [548370 541956]
- [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [543448 538067]
- [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539420 539421] {CVE-2009-3080}
- [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [544978 539240]
- [net] call cond_resched in rt_run_flush (Amerigo Wang) [547530 517588]
- [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537312 537313] {CVE-2009-3889 CVE-2009-3939}
- [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [542582 515753]
- [x86] kvm: don't ask HV for tsc khz if not using kvmclock (Glauber Costa ) [537027 531268]
- [net] sched: fix panic in bnx2_poll_work (John Feeney ) [539686 526481]
- [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526797 526798]
- [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [537343 513649]
- [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [540896 531025]
- [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [549907 510067]
- [net] r8169: imporved rx length check errors (Neil Horman ) [552913 552438]
- [scsi] lpfc: fix FC ports offlined during target controller faults (Rob Evers ) [549906 516541]
- [net] emergency route cache flushing fixes (Thomas Graf ) [545662 545663] {CVE-2009-4272}
- [fs] fasync: split 'fasync_helper()' into separate add/remove functions (Danny Feng ) [548656 548657] {CVE-2009-4141}
- [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan ) [537317 537318] {CVE-2009-3556}
|
kernel-PAE-2.6.18-164.10.1.el5.i686
[15.7 MiB] |
Changelog
by Jiri Pirko (2009-12-30):
- [net] e1000, r9169: fix rx length check errors (Cong Wang ) [550914 550915]
- [net] e1000e: fix rx length check errors (Amerigo Wang ) [551222 551223]
- [net] ipv6: fix ipv6_hop_jumbo remote system crash (Amerigo Wang ) [548642 548643] {CVE-2007-4567}
|
kernel-PAE-2.6.18-164.9.1.el5.i686
[15.7 MiB] |
Changelog
by Jiri Pirko (2009-12-09):
- [x86] fix stale data in shared_cpu_map cpumasks (Prarit Bhargava) [545583 541953]
|
kernel-PAE-2.6.18-164.6.1.el5.i686
[15.7 MiB] |
Changelog
by Jiri Pirko (2009-10-27):
- [fs] fix pipe null pointer dereference (Jeff Moyer) [530938 530939] {CVE-2009-3547}
- [security] require root for mmap_min_addr (Eric Paris ) [518142 518143] {CVE-2009-2695}
- [net] lvs: adjust sync protocol handling for ipvsadm -2 (Neil Horman ) [528645 524129]
- [xen] allow booting with broken serial hardware (Chris Lalancette ) [524153 518338]
|
kernel-PAE-2.6.18-128.7.1.el5.i686
[15.0 MiB] |
Changelog
by Jiri Pirko (2009-08-19):
- [net] prevent null pointer dereference in udp_sendmsg (Vitaly Mayatskikh) [518047 518043] {CVE-2009-2698}
|
kernel-PAE-2.6.18-128.4.1.el5.i686
[15.0 MiB] |
Changelog
by Don Howard (2009-07-23):
- [fs] ecryptfs: check tag 11 packet literal data buffer size (Eric Sandeen ) [512862 512863] {CVE-2009-2406}
- [fs] ecryptfs: check tag 3 packet encrypted key size (Eric Sandeen ) [512886 512887] {CVE-2009-2407}
- [misc] personality handling: fix PER_CLEAR_ON_SETID (Vitaly Mayatskikh ) [511173 508842] {CVE-2009-1895}
- [xen] HV: remove high latency spin_lock (Chris Lalancette ) [512311 459410]
|
kernel-PAE-2.6.18-128.1.14.el5.i686
[15.0 MiB] |
Changelog
by Jiri Pirko (2009-06-01):
- [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach ) [500301 500302] {CVE-2009-1630}
- [fs] proc: avoid info leaks to non-privileged processes (Amerigo Wang ) [499546 499541]
- [net] tg3: Fix firmware event timeouts (Jiri Pirko ) [502837 481715]
- [scsi] libiscsi: fix nop response/reply and session cleanup race (Jiri Pirko ) [502916 497411]
- [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton ) [496576 496577] {CVE-2009-1633}
- [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton ) [496576 496577] {CVE-2009-1633}
- [fs] cifs: buffer overruns when converting strings (Jeff Layton ) [496576 496577] {CVE-2009-1633}
- [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton ) [494279 494280] {CVE-2009-1439}
- [x86] xen: fix local denial of service (Chris Lalancette ) [500950 500951] {CVE-2009-1758}
- [misc] compile: add -fwrapv to gcc CFLAGS (Don Zickus ) [501751 491266]
- [misc] random: make get_random_int more random (Amerigo Wang ) [499783 499776]
- [gfs2] fix uninterruptible quotad sleeping (Steven Whitehouse ) [501742 492943]
- [mm] cow vs gup race fix (Andrea Arcangeli ) [486921 471613]
- [mm] fork vs gup race fix (Andrea Arcangeli ) [486921 471613]
- [nfs] fix hangs during heavy write workloads (Peter Staubach ) [486926 469848]
|
kernel-PAE-2.6.18-128.1.10.el5.i686
[15.0 MiB] |
Changelog
by Jiri Pirko (2009-04-29):
- [fs] fix softlockup in posix_locks_deadlock (Josef Bacik ) [496842 476659]
|
kernel-PAE-2.6.18-128.1.6.el5.i686
[15.0 MiB] |
Changelog
by Jiri Pirko (2009-03-24):
- [x86] add nonstop_tsc flag in /proc/cpuinfo (Luming Yu ) [489310 474091]
|