Skip to content

"SLC5X: Virtualization: kernel-xen

kernel-xen - The Linux kernel compiled for Xen VM operations

Website: http://www.kernel.org/
License: GPLv2
Vendor: Scientific Linux CERN, https://cern.ch/linux
Description:
This package includes a Xen hypervisor and a version of the Linux kernel which
can run Xen VMs for privileged hosts and unprivileged paravirtualized hosts.

Packages

kernel-xen-2.6.18-436.el5.x86_64 [23.0 MiB] Changelog by Radomir Vrbovsky (2018-11-22):
- [x86] call wrmsr_safe_on_cpu instead of wrmsr_on_cpu from spec_ctrl_reinit_all_cpus (Chris von Recklinghausen) [1651481]
kernel-xen-2.6.18-434.el5.x86_64 [23.0 MiB] Changelog by Radomir Vrbovsky (2018-08-23):
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] cpufeatures: Add detection of L1D cache flush support. (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86]  intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
- [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620 CVE-2018-3646}
kernel-xen-2.6.18-433.el5.x86_64 [23.0 MiB] Changelog by Radomir Vrbovsky (2018-06-28):
- [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict (Radomir Vrbovsky) [1570474]
kernel-xen-2.6.18-431.el5.x86_64 [23.0 MiB] Changelog by Radomir Vrbovsky (2018-05-02):
- [x86] entry/64: do not use DEBUG IST stack for INT3 #BP exceptions (Prarit Bhargava) [1570954] {CVE-2018-8897}
kernel-xen-2.6.18-430.el5.x86_64 [23.0 MiB] Changelog by Radomir Vrbovsky (2018-04-11):
- [mm] vmalloc: optimization, cleanup, bugfixes (Rafael Aquini) [1562529]
kernel-xen-2.6.18-426.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2018-02-07):
- [x86] x86/mm/kaiser: avoid spurious faults while modifying the idt (Rafael Aquini) [1539925]
- [x86] x86/mm/kaiser: map idt_table in shadow pgd individually (Rafael Aquini) [1539925]
- [x86] x86/mm: check PMD in spurious_fault handler (Rafael Aquini) [1539925]
- [x86] x86/mm: make spurious fault handler aware of large mappings (Rafael Aquini) [1539925]
- [x86] x86/mm: ignore spurious faults (Rafael Aquini) [1539925]
- [x86] x86/kexec: clear page before initializing kexec PGD (Rafael Aquini) [1540050]
- [x86] x86/kernel: fix VSYSCALL_HPET shadow mapping placement (Rafael Aquini) [1540043 1540889]
kernel-xen-2.6.18-423.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2017-09-22):
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr  Matousek) [1492987] {CVE-2017-1000253}
kernel-xen-2.6.18-422.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2017-07-19):
- [mm] Backport upstream 1MB stack guard patch to RHEL5 (Larry Woodman) [1467938]
- Revert [mm] enlarge stack guard gap (Larry Woodman) [1467938]
kernel-xen-2.6.18-420.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2017-06-08):
- [mm] enlarge stack guard gap (Larry Woodman) [1452722] {CVE-2017-1000364 CVE-2017-1000366}
kernel-xen-2.6.18-419.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2017-02-22):
- [net] dccp: Use AF-independent rebuild_header routine (Hannes Frederic Sowa) [1424751]
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424633] {CVE-2017-6074}
- [redhat] kernel.spec.template: disable autoloading for dccp proto (Hannes Frederic Sowa) [1425177]
kernel-xen-2.6.18-418.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2017-01-13):
- [sched] prevent NULL deref in find_busiest_group (Denys Vlasenko) [1376523]
kernel-xen-2.6.18-417.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2016-11-19):
- [virt] hv: do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1391167]
- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390044] {CVE-2016-7117}
kernel-xen-2.6.18-416.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2016-10-26):
- [mm] Fix Privilege escalation via MAP_PRIVATE (Larry Woodman) [1385112] {CVE-2016-5195}
kernel-xen-2.6.18-412.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2016-08-01):
- [s390] kernel: Fix tlb flushing with idte. (Hendrik Brueckner) [1350541]
- [fs] Do not double unlock the dcache_lock in d_materialise_unique (Miklos Szeredi) [1198315]
kernel-xen-2.6.18-411.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2016-06-02):
- [fs] fuse: Fixes default ACL inheritance (Rodrigo Freire) [1326905]
kernel-xen-2.6.18-410.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2016-04-08):
- [fs] gfs2: Only refresh newer in-memory timestamps (Abhijith Das) [1304847]
kernel-xen-2.6.18-409.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2016-02-12):
- [fs] ext4: limit group search loop for non-extent files (Lukas Czerner) [1301100]
- [fb] vm: convert fb_mmap to vm_iomap_memory() helper (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [s390] add dummy io_remap_pfn_range() to asm-s390/pgtable.h (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [mm] vm: add vm_iomap_memory() helper function (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [sched] prevent division by zero x->cpu_power (Denys Vlasenko) [1209728]
- [xen] x86: fully ignore segment override for register-only ops (Mateusz Guzik) [1200373] {CVE-2015-2151}
kernel-xen-2.6.18-408.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2015-12-11):
- [net] udp: fix behavior of wrong checksums (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
- [net] ipv6/udp: Use correct var to determine non-blocking cond (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
- [net] SNMP: Restore Udp6InErrors incrementation (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
kernel-xen-2.6.18-407.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2015-10-16):
- [utrace] check ->utrace != NULL in utrace_unsafe_exec() (Oleg Nesterov) [1226967]
- [s390] zcrypt: Fixed reset and interrupt handling of AP queues (Hendrik Brueckner) [1238991]
kernel-xen-2.6.18-406.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2015-05-01):
- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Mateusz Guzik) [1203787] {CVE-2015-1805}
kernel-xen-2.6.18-404.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2015-03-06):
- [infiniband] core: Prevent integer overflow in ib_umem_get (Doug Ledford) [1179353] {CVE-2014-8159}
kernel-xen-2.6.18-402.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2015-01-08):
- [block] virtio: Reset device after blk_cleanup_queue() (Stefan Hajnoczi) [1006536]
- [block] virtio: Call del_gendisk() before disable guest kick (Stefan Hajnoczi) [1006536]
- [block] virtio: Drop unused request tracking list (Stefan Hajnoczi) [1006536]
- [fs] cifs: setfacl removes part of ACL when setting POSIX ACLs (Sachin Prabhu) [1105625]
- [fs] splice: perform generic write checks (Eric Sandeen) [1155908] {CVE-2014-7822}
- [fs] ext4: verify block bitmap (Lukas Czerner) [1034403]
- [fs] ext4: fix type declaration of ext4_validate_block_bitmap (Lukas Czerner) [1034403]
- [fs] ext4: error out if verifying the block bitmap fails (Lukas Czerner) [1034403]
- [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322}
kernel-xen-2.6.18-400.1.1.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2014-12-14):
- [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322}
kernel-xen-2.6.18-400.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2014-10-17):
- [net] bridge: disable snooping if there is no querier (Frantisek Hrbata) [902454]
- [s390] kernel: sysinfo: convert /proc/sysinfo to seqfile (Alexander Gordeev) [1131283]
- [net] netlink: verify permisions of socket creator (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: store effective caps at socket() time (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Rename netlink_capable netlink_allowed (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Fix permission check in netlink_connect() (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: fix possible spoofing from non-root processes (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Make NETLINK_USERSOCK work again (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: fix for too early rmmod (Jiri Benc) [1094266] {CVE-2014-0181}
kernel-xen-2.6.18-398.el5.x86_64 [22.8 MiB] Changelog by Alexander Gordeev (2014-08-12):
- [net] security_socket_post_accept before fd_install in sys_accept (Denys Vlasenko) [1059078]
kernel-xen-2.6.18-371.12.1.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2014-08-07):
- [audit] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102702 1102703] {CVE-2014-3917}
- [mm] writeback: Fix hang when low on memory due to NFS traffic (Larry Woodman) [1125246 1080194]
- [net] tg3: Fix Read DMA workaround for 5719 A0 (Ivan Vecera) [1121017 924590]
- [fs] jbd: don't wake kjournald unnecessarily (Denys Vlasenko) [1116027 1081785]
- [fs] jbd: don't wait (forever) for stale tid caused by wraparound (Denys Vlasenko) [1116027 1081785]
- [fs] ext4: fix waiting and sending of barrier in ext4_sync_file() (Denys Vlasenko) [1116027 1081785]
- [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Denys Vlasenko) [1116027 1081785]
- [fs] jbd2: fix sending of data flush on journal commit (Denys Vlasenko) [1116027 1081785]
- [fs] ext4, jbd2: Add barriers for file systems with ext journals (Denys Vlasenko) [1116027 1081785]
- [fs] jbd: fix fsync() tid wraparound bug (Denys Vlasenko) [1116027 1081785]
- [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [1117665 1102768]
kernel-xen-2.6.18-371.11.1.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2014-06-30):
- [fs] dcache: fix cleanup on warning in d_splice_alias (Denys Vlasenko) [1109720 1080606]
- [net] neigh: Make neigh_add_timer symmetrical to neigh_del_timer (Marcelo Ricardo Leitner) [1111195 1109888]
- [net] neigh: set NUD_INCOMPLETE when probing router reachability (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: router reachability probing (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: probe routes asynchronous in rt6_probe (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ndisc: Update neigh->updated with write lock (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: remove the unnecessary statement in find_match() (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: fix route selection if CONFIG_IPV6_ROUTER_PREF unset (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: Fix def route failover when CONFIG_IPV6_ROUTER_PREF=n (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: Prefer reachable nexthop only if the caller requests (Marcelo Ricardo Leitner) [1106354 1090806]
- [fs] ext4/jbd2: don't wait forever stale tid caused by wraparound (Eric Sandeen) [1097528 980268]
- [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [1097528 980268]
- [fs] jbd2: don't wake kjournald unnecessarily (Eric Sandeen) [1097528 980268]
- [fs] jbd2: fix fsync() tid wraparound bug (Eric Sandeen) [1097528 980268]
- [infiniband] rds: do not deref NULL dev in rds_iw_laddr_check() (Jacob Tanenbaum) [1093311 1093312] {CVE-2014-2678}
- [fs] nfs4: Add recovery for individual stateids - partial backport. (Dave Wysochanski) [1113468 867570]
- [fs] nfs4: Don't start state recovery in nfs4_close_done - clean backport. (Dave Wysochanski) [1113468 867570]
- [xen] page-alloc: scrub anonymous domain heap pages upon freeing (Vitaly Kuznetsov) [1103648 1103649] {CVE-2014-4021}
kernel-xen-2.6.18-371.9.1.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2014-05-13):
- [nfs] sunrpc: don't use a credential with extra groups (Mateusz Guzik) [1095062 976201]
- [scsi] lpfc: Remove NDLP reference put in lpfc_cmpl_els_logo_acc (Rob Evers) [1096061 1075228]
- [infiniband] rds: dereference of a NULL device (Jacob Tanenbaum) [1079216 1079217] {CVE-2013-7339}
- [kernel] futex: check relative timeouts for overflow (Denys Vlasenko) [1091832 1084168]
- [virt] kvm: correctly detect KVM when hv emulation is enalbed (Jason Wang) [1094152 985767]
- [security] Fix spurious warnings in security_ops_task_setrlimit (Mateusz Guzik) [1092869 916235]
- [block] floppy: don't write kernel-only members to FDRAWCMD output (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}
- [block] floppy: ignore kernel-only members in FDRAWCMD input (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}
kernel-xen-2.6.18-371.8.1.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2014-03-28):
- [virt] HID: memory corruption flaw drivers/usb/input/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}
- [virt] HID: memory corruption flaw in drivers/hv/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}
- [scsi] lpfc: Fix task management commands having a fixed timeout (Ewan Milne) [1073123 1061120]
- [net] tcp: drop SYN+FIN messages (Jiri Pirko) [1066057 1066058] {CVE-2012-6638}
- [fs] GFS2: Check if glock held in gfs2_readpage (Robert S Peterson) [1073953 1063434]
- [net] sunrpc: fix deadlock in task wakeup code (Jeff Layton) [1073731 998126]
kernel-xen-2.6.18-371.6.1.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2014-02-18):
- [net] be2net: don't use skb_get_queue_mapping() (Ivan Vecera) [1066302 1063955]
- [ipc] change refcount to atomic_t (Phillip Lougher) [1024866 1024868] {CVE-2013-4483}
- [s390] qeth: buffer overflow in snmp ioctl (Jacob Tanenbaum) [1034402 1034404] {CVE-2013-6381}
- [scsi] AACRAID Driver compat IOCTL missing capability check (Jacob Tanenbaum) [1033531 1033532] {CVE-2013-6383}
- [xen] x86/AMD: work around erratum 793 (Radim Krcmar) [1035834 1035836] {CVE-2013-6885}
- [xen] do not expose hypercalls to rings 1 and 2 of HVM guests (Andrew Jones) [1029112 1029113] {CVE-2013-4554}
- [redhat] kabi: Adding symbol print_hex_dump (Jiri Olsa) [1054055 662558]
- [scsi] Add 'eh_deadline' to limit SCSI EH runtime (Ewan Milne) [1050097 956132]
- [scsi] remove check for 'resetting' (Ewan Milne) [1050097 956132]
- [scsi] dc395: Move 'last_reset' into internal host structure (Ewan Milne) [1050097 956132]
- [scsi] tmscsim: Move 'last_reset' into host structure (Ewan Milne) [1050097 956132]
- [scsi] advansys: Remove 'last_reset' references (Ewan Milne) [1050097 956132]
- [scsi] dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (Ewan Milne) [1050097 956132]
- [scsi] dpt_i2o: Remove DPTI_STATE_IOCTL (Ewan Milne) [1050097 956132]
- [net] ipv6: fix leaking uninit port number of offender sockaddr (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] fix addr_len/msg->msg_namelen assign in recv_error funcs (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] prevent leakage of uninitialized memory to user in recv (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] be2net: prevent Tx stall on SH-R when packet size < 32 (Ivan Vecera) [1051535 1007995]
- [net] be2net: Trim padded packets for Lancer (Ivan Vecera) [1051535 1007995]
- [net] be2net: Pad skb to meet min Tx pkt size in lancer (Ivan Vecera) [1051535 1007995]
- [net] be2net: refactor HW workarounds in be_xmit() (Ivan Vecera) [1051535 1007995]
- [fs] exec/ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039483 1039484] {CVE-2013-2929}
kernel-xen-2.6.18-371.4.1.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2014-01-08):
- [char] ipmi: fix message handling during panics (Tony Camuso) [1049731 995293]
- [net] igb: Use 32bit mask calculating the flow control watermarks (Stefan Assmann) [1041694 1036115]
- [fs] NTLM auth and sign - Use appropriate server challenge (Sachin Prabhu) [1029865 1018286]
- [xen] gnttab: correct locking order reversal (Radim Krcmar) [1026245 1026246] {CVE-2013-4494}
kernel-xen-2.6.18-371.3.1.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2013-11-11):
- [net] be2net: don't use GRO for packets w/ re-inserted VLAN tags (Ivan Vecera) [1023348 1008691]
- [net] tg3: call pci_enable_wake() to set power state (John Feeney) [1014973 996331]
- [misc] backport fixes for percpu-rw-semaphore (Mikulas Patocka) [1014715 867997]
- [xen] information leak via I/O instruction emulation (Igor Mammedov) [1009602 1009603] {CVE-2013-4355}
kernel-xen-2.6.18-371.1.2.el5.x86_64 [22.8 MiB] Changelog by Radomir Vrbovsky (2013-10-07):
- [xen] x86: check segment descriptor read result in 64-bit OUTS emulation (Radim Krcmar) [1012958 1012959] {CVE-2013-4368}
- [md] dm snapshot: fix data corruption (Mikulas Patocka) [1004734 975353] {CVE-2013-4299}
kernel-xen-2.6.18-371.el5.x86_64 [22.8 MiB] Changelog by Phillip Lougher (2013-09-05):
- [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [987539]
kernel-xen-2.6.18-348.21.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-11-20):
- [md] dm snapshot: fix data corruption (Mikulas Patocka) [1019678 975353] {CVE-2013-4299}
- [misc] backport fixes for percpu-rw-semaphore (Mikulas Patocka) [884735 867997]
- [net] be2net: Activate new FW after FW download for Lancer (Ivan Vecera) [1019892 982590]
- [net] be2net: Fix initialization sequence for Lancer (Ivan Vecera) [1019892 982590]
- [net] be2net: Fix FW download in Lancer (Ivan Vecera) [1019892 982590]
kernel-xen-2.6.18-348.19.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-10-14):
- [fs] gfs2: yield() in shrinker to allow glock_workqueues to run (Abhijith Das) [1006164 928518]
kernel-xen-2.6.18-348.18.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-09-06):
- [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [1005239 987539]
- [kernel] signals: stop info leak via tkill and tgkill syscalls (Oleg Nesterov) [970874 970875] {CVE-2013-2141}
- [net] ipv6: do udp_push_pending_frames AF_INET sock pending data (Jiri Benc) [987647 987648] {CVE-2013-4162}
- [mm] use-after-free in madvise_remove() (Jacob Tanenbaum) [849735 849736] {CVE-2012-3511}
- [fs] autofs: remove autofs dentry mount check (Ian Kent) [1001488 928098]
kernel-xen-2.6.18-348.16.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-07-26):
- [x86_64] Fix kdump failure due to 'x86_64: Early segment setup' (Paolo Bonzini) [988251 987244]
- [xen] skip tracing if it was disabled instead of dying (Igor Mammedov) [987976 967053]
- [ia64] fix KABI breakage on ia64 (Prarit Bhargava) [966878 960783]
- [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531]
- [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531]
- [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531]
kernel-xen-2.6.18-348.12.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-07-01):
- Revert: [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: handle NULL p_ext in ext4_ext_next_allocated_block() (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: make FIEMAP and delayed allocation play well together (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: Fix possibly very long loop in fiemap (Lukas Czerner) [960014 692071]
- Revert: [fs] ext4: prevent race while walking extent tree for fiemap (Lukas Czerner) [960014 692071]
kernel-xen-2.6.18-348.6.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-04-26):
- [char] ipmi: use a tasklet for handling received messages (Tony Camuso) [953435 947732]
- [char] ipmi: do run_to_completion properly in deliver_recv_msg (Tony Camuso) [953435 947732]
- [fs] nfs4: fix locking around cl_state_owners list (Dave Wysochanski) [954296 948317]
- [fs] nfs: Fix bugs on short read (Sachin Prabhu) [952098 924011]
- [xen] AMD IOMMU: spot missing IO-APIC entries in IVRS table (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] AMD, IOMMU: Make per-device interrupt remap table default (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] AMD, IOMMU: Disable IOMMU if SATA Combined mode is on (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] AMD, IOMMU: On creating entry clean up in remapping tables (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] ACPI: acpi_table_parse() should return handler's err code (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [xen] introduce xzalloc() & Co (Igor Mammedov) [910912 910913] {CVE-2013-0153}
- [x86] fpu: fix CONFIG_PREEMPT=y corruption of FPU stack (Prarit Bhargava) [948187 731531]
- [i386] add sleazy FPU optimization (Prarit Bhargava) [948187 731531]
- [x86-64] non lazy 'sleazy' fpu implementation (Prarit Bhargava) [948187 731531]
kernel-xen-2.6.18-348.4.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-03-22):
- [virt] xen-netback: backports (Andrew Jones) [910884 910885] {CVE-2013-0216}
- [virt] xen-netback: netif_schedulable should take a netif (Andrew Jones) [910884 910885] {CVE-2013-0216}
- [virt] pciback: rate limit error mess from pciback_enable_msi() (Igor Mammedov) [910876 910877] {CVE-2013-0231}
- [net] be2net: remove BUG_ON() in be_mcc_compl_is_new() (Ivan Vecera) [923910 907524]
- [net] ipv4: Update MTU to all related cache entries (Amerigo Wang) [923353 905190]
- [net] annotate rt_hash_code() users (Amerigo Wang) [923353 905190]
- [net] xfrm_user: fix info leak in copy_to_user_state() (Thomas Graf) [922426 922427] {CVE-2012-6537}
- [net] xfrm_user: fix info leak in copy_to_user_policy() (Thomas Graf) [922426 922427] {CVE-2012-6537}
- [net] xfrm_user: fix info leak in copy_to_user_tmpl() (Thomas Graf) [922426 922427] {CVE-2012-6537}
- [net] atm: fix info leak in getsockopt(SO_ATMPVC) (Thomas Graf) [922384 922385] {CVE-2012-6546}
- [net] atm: fix info leak via getsockname() (Thomas Graf) [922384 922385] {CVE-2012-6546}
- [net] tun: fix ioctl() based info leaks (Thomas Graf) [922348 922349] {CVE-2012-6547}
- [net] llc, zero sockaddr_llc struct (Thomas Graf) [922327 922329] {CVE-2012-6542}
- [net] llc: fix info leak via getsockname() (Thomas Graf) [922327 922329] {CVE-2012-6542}
- [net] xfrm_user: return error pointer instead of NULL (Thomas Graf) [919386 919387] {CVE-2013-1826}
- [net] ixgbevf: allocate room for mailbox MSI-X interrupt's name (Laszlo Ersek) [924134 862862]
- [fs] knfsd: allow nfsd READDIR to return 64bit cookies (Niels de Vos) [924087 918952]
kernel-xen-2.6.18-348.3.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-03-05):
- [utrace] ensure arch_ptrace() can never race with SIGKILL (Oleg Nesterov) [912071 912072] {CVE-2013-0871}
- [x86] msr: Add capabilities check (Nikola Pajkovsky) [908696 908697] {CVE-2013-0268}
kernel-xen-2.6.18-348.2.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2013-02-07):
- [misc] tainted flags, fix buffer size (Prarit Bhargava) [905829 901547]
- [net] be2net: fix unconditionally returning IRQ_HANDLED in INTx (Ivan Vecera) [884704 878316]
- [net] be2net: fix INTx ISR for interrupt behaviour on BE2 (Ivan Vecera) [884704 878316]
- [net] be2net: fix a possible events_get() race on BE2 (Ivan Vecera) [884704 878316]
- [firmware] Expand kernel boot-time storage for DMI table structs (Lenny Szubowicz) [902683 862865]
- [fs] udf: Fortify loading of sparing table (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400}
- [fs] udf: Improve table length check to avoid possible overflow (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400}
- [fs] udf: Avoid run away loop when partition table is corrupted (Nikola Pajkovsky) [843140 843141] {CVE-2012-3400}
kernel-xen-2.6.18-348.1.1.el5.x86_64 [23.0 MiB] Changelog by Alexander Gordeev (2012-12-14):
- [pci] intel-iommu: reduce max num of domains supported (Don Dutile) [886876 885125]
- [fs] gfs2: Fix leak of cached directory hash table (Steven Whitehouse) [886124 831330]
- [x86] mm: randomize SHLIB_BASE (Petr Matousek) [804953 804954] {CVE-2012-1568}
- [net] be2net: create RSS rings even in multi-channel configs (Ivan Vecera) [884702 878209]
- [net] tg3: Avoid dma read error (John Feeney) [885692 877474]
- [misc] Fix unsupported hardware message (Prarit Bhargava) [885063 876587]
- [net] ipv6: discard overlapping fragment (Jiri Pirko) [874837 874838] {CVE-2012-4444}
- [usb] Fix serial port reference counting on hotplug remove (Don Zickus) [885700 845447]
- [net] bridge: export its presence and fix bonding igmp reporting (Veaceslav Falico) [884742 843473]
- [fs] nfs: move wait for server->active from put_super to kill_sb (Jeff Layton) [884708 839839]
- [scsi] libfc: fix indefinite rport restart (Neil Horman) [884740 595184]
- [scsi] libfc: Retry a rejected PRLI request (Neil Horman) [884740 595184]
- [scsi] libfc: Fix remote port restart problem (Neil Horman) [884740 595184]
- [xen] memop: limit guest specified extent order (Laszlo Ersek) [878449 878450] {CVE-2012-5515}
- [xen] get bottom of EBDA from the multiboot data structure (Paolo Bonzini) [885062 881885]
kernel-xen-2.6.18-348.el5.x86_64 [23.0 MiB] Changelog by Phillip Lougher (2012-11-28):
- Revert: [x86] exclude iomem resource over 4G for i686 non PAE ... (Phillip Lougher) [880068]
kernel-xen-2.6.18-308.24.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-11-21):
- Revert: [scsi] sg: fix races during device removal (Ewan Milne) [868950 861004]
kernel-xen-2.6.18-308.20.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-11-06):
- Revert: [x86] mm: randomize SHLIB_BASE (Dave Anderson) [804953 804954] {CVE-2012-1568}
kernel-xen-2.6.18-308.16.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-09-18):
- Revert: [fs] nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir() (Eric Sandeen) [847943 784191]
- Revert: [fs] add new FMODE flags: FMODE_32bithash and FMODE_64bithash (Eric Sandeen) [847943 784191]
- Revert: [fs] nfsd: rename 'int access' to 'int may_flags' in nfsd_open() (Eric Sandeen) [847943 784191]
- Revert: [fs] nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (Eric Sandeen) [847943 784191]
- Revert: [fs] vfs: add generic_file_llseek_size (Eric Sandeen) [847943 784191]
- Revert: [s390/ppc64] add is_compat_task() for s390 and ppc64 (Eric Sandeen) [847943 784191]
- Revert: [fs] ext3: return 32/64-bit dir name hash according to usage type (Eric Sandeen) [847943 784191]
- Revert: [fs] ext4: improve llseek error handling for large seek offsets (Eric Sandeen) [847943 784191]
- Revert: [fs] ext4: return 32/64-bit dir name hash according to usage type (Eric Sandeen) [847943 784191]
- Revert: [fs] vfs: allow custom EOF in generic_file_llseek code (Eric Sandeen) [847943 784191]
- Revert: [fs] ext4: use core vfs llseek code for dir seeks (Eric Sandeen) [847943 784191]
- Revert: [fs] ext3: pass custom EOF to generic_file_llseek_size() (Eric Sandeen) [847943 784191]
kernel-xen-2.6.18-308.13.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-07-26):
- [net] e1000e: Cleanup logic in e1000_check_for_serdes_link_82571 (Dean Nelson) [841370 771366]
- [net] e1000e: Correct link check logic for 82571 serdes (Dean Nelson) [841370 771366]
- [mm] NULL pointer dereference in __vm_enough_memory (Jerome Marchand) [840077 836244]
- [fs] dlm: fix slow rsb search in dir recovery (David Teigland) [838140 753244]
- [fs] autofs: propogate LOOKUP_DIRECTORY flag only for last comp (Ian Kent) [830264 814418]
- [fs] ext4: properly dirty split extent nodes (Eric Sandeen) [840946 839770]
- [scsi] don't offline devices with a reservation conflict (David Jeffery) [839196 835660]
- [fs] ext4: Fix overflow caused by missing cast in ext4_fallocate (Lukas Czerner) [837226 830351]
- [net] dl2k: Clean up rio_ioctl (Weiping Pan) [818822 818823] {CVE-2012-2313}
- [x86] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [835450 834562]
- [net] tg3: Fix TSO handling (John Feeney) [833182 795672]
- [input] evdev: use after free from open/disconnect race (David Jeffery) [832448 822166]
kernel-xen-2.6.18-308.11.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-06-15):
- [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226]
- [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226]
- [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226]
kernel-xen-2.6.18-308.8.2.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-05-29):
- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970]
kernel-xen-2.6.18-308.8.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-05-04):
- [net] sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [816290 816106] {CVE-2012-2136}
- [net] tg3: Fix VLAN tagging assignments (John Feeney) [817691 797011]
- [net] ixgbe: do not stop stripping VLAN tags in promiscuous mode (Andy Gospodarek) [809791 804800]
- [s390] zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl (Hendrik Brueckner) [810123 808489]
- [x86] unwind information fix for the vsyscall DSO (Prarit Bhargava) [807930 805799]
kernel-xen-2.6.18-308.4.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-03-28):
- [net] ipv6: fix skb double free in xfrm6_tunnel (Jiri Benc) [752305 743375] {CVE-2012-1583}
kernel-xen-2.6.18-308.1.1.el5.x86_64 [22.4 MiB] Changelog by Alexander Gordeev (2012-02-17):
- Revert: [scsi] qla2xxx: avoid SCSI host_lock dep in queuecommand (Chad Dupuis) [790907 782790]
- Revert: [scsi] qla2xxx: fix IO failure during chip reset (Chad Dupuis) [790907 782790]
- [net] tg3: Fix 4k tx and recovery code (John Feeney) [790910 782677]
- [net] bnx2x: make bnx2x_close static again (Michal Schmidt) [790912 782124]
- [net] bnx2x: add fan failure event handling (Michal Schmidt) [790912 782124]
- [usb] cdc-acm: make lock use interrupt safe (Bryn M. Reeves) [790778 789067]
- [kernel] sysctl: restrict write access to dmesg_restrict (Phillip Lougher) [749246 749247]
- [net] igb: reset PHY after recovering from PHY power down (Stefan Assmann) [786168 783043]
- [fs] prevent lock contention in shrink_dcache_sb via private list (Lachlan McIlroy) [789369 746122]
kernel-xen-2.6.18-308.el5.x86_64 [22.4 MiB] Changelog by Jarod Wilson (2012-01-27):
- [scsi] lpfc: Update lpfc version for 8.2.0.108.4p driver release (Rob Evers) [784073]
- [scsi] lpfc: Fix FCP EQ memory check init w/single int vector (Rob Evers) [784073]
kernel-xen-2.6.18-274.18.1.el5.x86_64 [21.5 MiB] Changelog by Phillip Lougher (2012-01-20):
- [misc] Move exit_robust_list to mm_release, null lists on cleanup (Laszlo Ersek) [771774 750283] {CVE-2012-0028}
- [block] disable SG_IO ioctls on virtio-blk devices (Paolo Bonzini) [773322 771592]
- [scsi] fix 32-on-64 block device ioctls (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- [fs] ext4: fix BUG_ON() in ext4_ext_insert_extent() (Lukas Czerner) [747943 747946] {CVE-2011-3638}
- [scsi] don't fail scans when host is in recovery (Rob Evers) [772162 657345]
- [fs] jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (Eric Sandeen) [783477 783284] {CVE-2011-4086}
- [net] igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Jiri Pirko) [772868 772869] {CVE-2012-0207}
kernel-xen-2.6.18-274.17.1.el5.x86_64 [21.5 MiB] Changelog by Phillip Lougher (2012-01-04):
- Revert:  [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- Revert:  [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- Revert:  [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
- Revert:  [scsi] fix 32-on-64 block device ioctls (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
kernel-xen-2.6.18-274.12.1.el5.x86_64 [21.5 MiB] Changelog by Phillip Lougher (2011-11-08):
- Revert: [virt] kvm: fix lost tick accounting for 32 bit kvm-clock (Rik van Riel) [747875 731599]
kernel-xen-2.6.18-274.7.1.el5.x86_64 [21.5 MiB] Changelog by Phillip Lougher (2011-10-17):
- Revert: [xen] passthrough: block VT-d MSI trap injection (Paolo Bonzini) [716301 716302] {CVE-2011-1898}
kernel-xen-2.6.18-274.3.1.el5.x86_64 [21.5 MiB] Changelog by Don Howard (2011-08-26):
- [xen] fix off-by-one shift in x86_64 __addr_ok (Laszlo Ersek) [728043 719850] {CVE-2011-2901}
kernel-xen-2.6.18-274.el5.x86_64 [21.5 MiB] Changelog by Jarod Wilson (2011-07-08):
- [xen] svm: fix invlpg emulator regression (Paolo Bonzini) [719894]
kernel-xen-2.6.18-238.19.1.el5.x86_64 [20.3 MiB] Changelog by Phillip Lougher (2011-07-10):
- Revert: [xen] hvm: svm support cleanups (Andrew Jones) [703715 702657] {CVE-2011-1780}
- Revert: [xen] hvm: secure svm_cr_access (Andrew Jones) [703715 702657] {CVE-2011-1780}
- Revert: [xen] let __get_instruction_length always read into own buffer (Paolo Bonzini) [719066 717742]
- Revert: [xen] remove unused argument to __get_instruction_length (Phillip Lougher) [719066 717742]
- Revert: [xen] prep __get_instruction_length_from_list for partial buffers (Paolo Bonzini) [719066 717742]
- Revert: [xen] disregard trailing bytes in an invalid page (Paolo Bonzini) [719066 717742]
kernel-xen-2.6.18-238.12.1.el5.x86_64 [20.3 MiB] Changelog by Phillip Lougher (2011-05-08):
- [x86_64] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [699610 692921]
- [i386] Ignore spurious IPIs left over from crash kernel (Myron Stowe) [699610 692921]
- [xen] fix MAX_EVTCHNS definition (Laszlo Ersek) [701242 701240]
- [net] ixgbe: fix for link failure on SFP+ DA cables (Don Howard) [696181 653236]
- [net] netxen: limit skb frags for non tso packet (Phillip Lougher) [699609 672368]
- [block] cciss: fix lost command problem (Phillip Lougher) [696503 696153]
- [fs] gfs2: fix filesystem hang caused by incorrect lock order (Robert S Peterson) [688855 656032]
- [fs] gfs2: restructure reclaim of unlinked dinodes (Phillip Lougher) [688855 656032]
- [fs] gfs2: unlock on gfs2_trans_begin error (Robert S Peterson) [688855 656032]
- [scsi] mpt2sas: prevent heap overflows and unchecked access (Tomas Henzl) [694526 694527] {CVE-2011-1495 CVE-2011-1494}
- [net] bridge/netfilter: fix ebtables information leak (Don Howard) [681325 681326] {CVE-2011-1080}
- [net] bluetooth: fix sco information leak to userspace (Don Howard) [681310 681311] {CVE-2011-1078}
- [fs] fix corrupted GUID partition table kernel oops (Jerome Marchand) [695979 695980] {CVE-2011-1577}
- [xen] x86/domain: fix error checks in arch_set_info_guest (Laszlo Ersek) [688581 688582] {CVE-2011-1166}
- [net] bridge: fix initial packet flood if !STP (Jiri Pirko) [701222 695369]
- [fs] nfsd: fix auth_domain reference leak on nlm operations (J. Bruce Fields) [697448 589512]
- [scsi] qla2xxx: no reset/fw-dump on CT/ELS pt req timeout (Chad Dupuis) [689700 660386]
- [mm] set barrier and send tlb flush to all affected cpus (Prarit Bhargava) [696908 675793]
kernel-xen-2.6.18-238.9.1.el5.x86_64 [20.3 MiB] Changelog by Jiri Pirko (2011-03-18):
- [md] dm-mpath: fix NULL deref when path parameter missing (Mike Snitzer) [683443 673058]
- [md] dm-mpath: wait for pg_init completion on suspend (Mike Snitzer) [683443 673058]
- [md] dm-mpath: hold io until all pg_inits completed (Mike Snitzer) [683443 673058]
- [md] dm-mpath: skip activate_path for failed paths (Mike Snitzer) [683443 673058]
- [md] dm-mpath: pass struct pgpath to pg init done (Mike Snitzer) [683443 673058]
- [md] dm-mpath: prevent io from work queue while suspended (Mike Snitzer) [683443 673058]
- [md] dm-mpath: add mutex to sync adding and flushing work (Mike Snitzer) [683443 673058]
- [md] dm-mpath: flush workqueues before suspend completes (Mike Snitzer) [683443 673058]
kernel-xen-2.6.18-238.5.1.el5.x86_64 [20.3 MiB] Changelog by Jiri Pirko (2011-02-21):
- [x86_64] vdso: fix gtod via export of sysctl_vsyscall (Prarit Bhargava) [678613 673616]
kernel-xen-2.6.18-238.1.1.el5.x86_64 [20.3 MiB] Changelog by Jiri Pirko (2011-01-04):
- [scsi] megaraid: give FW more time to recover from reset (Tomas Henzl) [667141 665427]
- [fs] gfs2: fix statfs error after gfs2_grow (Robert S Peterson) [666792 660661]
- [mm] prevent file lock corruption using popen(3) (Larry Woodman) [667050 664931]
- [net] sctp: fix panic from bad socket lock on icmp error (Neil Horman) [665476 665477] {CVE-2010-4526}
kernel-xen-2.6.18-238.el5.x86_64 [20.3 MiB] Changelog by Jarod Wilson (2010-12-19):
- [net] bnx2: remove extra call to pci_map_page (John Feeney) [663509]
- [fs] nfs: set lock_context field in nfs_readpage_sync (Jeff Layton) [663853]
kernel-xen-2.6.18-194.32.1.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-12-20):
- [fs] nfs: set lock_context field in nfs_readpage_sync (Jeff Layton) [664416 663853]
kernel-xen-2.6.18-194.26.1.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-10-29):
- [net] mlx4: bump max log_mtts_per_seg memory reservation (Jay Fenlason) [643806 636198]
kernel-xen-2.6.18-194.17.4.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-10-20):
- [net] rds: fix local privilege escalation (Eugene Teo) [642897 642898] {CVE-2010-3904}
kernel-xen-2.6.18-194.17.1.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-09-20):
- Syncing following patch from branched build:
- [misc] make compat_alloc_user_space() incorporate the access_ok() (Don Howard) [634463 634464] {CVE-2010-3081}
kernel-xen-2.6.18-194.11.4.el5.x86_64 [19.8 MiB] Changelog by Don Howard (2010-09-17):
- [misc] make compat_alloc_user_space() incorporate the access_ok() (Don Howard) [634463 634464] {CVE-2010-3081}
kernel-xen-2.6.18-194.11.3.el5.cve20103081.x86_64 [19.9 MiB] Changelog by Jaroslaw Polok (2010-09-16):
- temporary patch against: CVE-2010-3081
- not really tested, may break things ...
- supposedly the cciss driver will break ...
kernel-xen-2.6.18-194.11.3.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-08-23):
- [mm] accept an abutting stack segment (Jiri Pirko) [607857 607858] {CVE-2010-2240}
kernel-xen-2.6.18-194.11.1.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-07-27):
- [scsi] qla2xxx: update firmware to version 5.03.02 (Chad Dupuis) [613688 598946]
kernel-xen-2.6.18-194.8.1.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-06-23):
- [net] cnic: fix bnx2x panic w/multiple interfaces enabled (Stanislaw Gruszka) [607087 602402]
kernel-xen-2.6.18-194.3.1.el5.x86_64 [19.8 MiB] Changelog by Jiri Pirko (2010-05-02):
- [net] bnx2: fix lost MSI-X problem on 5709 NICs (John Feeney) [587799 511368]
kernel-xen-2.6.18-194.el5.x86_64 [19.8 MiB] Changelog by Jarod Wilson (2010-03-16):
- [net] mlx4: pass attributes down to vlan interfaces (Doug Ledford) [573098]
- [block] cfq-iosched: fix sequential read perf regression (Jeff Moyer) [571818]
kernel-xen-2.6.18-164.15.1.el5.x86_64 [18.5 MiB] Changelog by Jiri Pirko (2010-03-01):
- [net] sctp: backport cleanups for ootb handling V2 (Neil Horman) [555666 555667] {CVE-2010-0008}
- Reverting: [net] sctp: backport cleanups for ootb handling (Neil Horman) [555666 555667] {CVE-2010-0008}
kernel-xen-2.6.18-164.11.1.el5.x86_64 [18.5 MiB] Changelog by Jiri Pirko (2010-01-06):
- [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547241 547242] {CVE-2009-4138}
- [x86] sanity check for AMD northbridges (Andrew Jones) [549905 547518]
- [x86_64] disable vsyscall in kvm guests (Glauber Costa) [550968 542612]
- [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [549908 525100]
- [fs] respect flag in do_coredump (Danny Feng) [544188 544189] {CVE-2009-4036}
- [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [547521 544342]
- [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540740 540741] {CVE-2009-4020}
- [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538736 538737] {CVE-2009-4021}
- [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [548370 541956]
- [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [543448 538067]
- [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539420 539421] {CVE-2009-3080}
- [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [544978 539240]
- [net] call cond_resched in rt_run_flush (Amerigo Wang) [547530 517588]
- [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537312 537313] {CVE-2009-3889 CVE-2009-3939}
- [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [542582 515753]
- [x86] kvm: don't ask HV for tsc khz if not using kvmclock (Glauber Costa ) [537027 531268]
- [net] sched: fix panic in bnx2_poll_work (John Feeney ) [539686 526481]
- [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526797 526798]
- [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [537343 513649]
- [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [540896 531025]
- [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [549907 510067]
- [net] r8169: imporved rx length check errors (Neil Horman ) [552913 552438]
- [scsi] lpfc: fix FC ports offlined during target controller faults (Rob Evers ) [549906 516541]
- [net] emergency route cache flushing fixes (Thomas Graf ) [545662 545663] {CVE-2009-4272}
- [fs] fasync: split 'fasync_helper()' into separate add/remove functions (Danny Feng ) [548656 548657] {CVE-2009-4141}
- [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan ) [537317 537318] {CVE-2009-3556}
kernel-xen-2.6.18-164.10.1.el5.x86_64 [18.5 MiB] Changelog by Jiri Pirko (2009-12-30):
- [net] e1000, r9169: fix rx length check errors (Cong Wang ) [550914 550915]
- [net] e1000e: fix rx length check errors (Amerigo Wang ) [551222 551223]
- [net] ipv6: fix ipv6_hop_jumbo remote system crash (Amerigo Wang ) [548642 548643] {CVE-2007-4567}
kernel-xen-2.6.18-164.9.1.el5.x86_64 [18.5 MiB] Changelog by Jiri Pirko (2009-12-09):
- [x86] fix stale data in shared_cpu_map cpumasks (Prarit Bhargava) [545583 541953]
kernel-xen-2.6.18-164.6.1.el5.x86_64 [18.4 MiB] Changelog by Jiri Pirko (2009-10-27):
- [fs] fix pipe null pointer dereference (Jeff Moyer) [530938 530939] {CVE-2009-3547}
- [security] require root for mmap_min_addr (Eric Paris ) [518142 518143] {CVE-2009-2695}
- [net] lvs: adjust sync protocol handling for ipvsadm -2 (Neil Horman ) [528645 524129]
- [xen] allow booting with broken serial hardware (Chris Lalancette ) [524153 518338]
kernel-xen-2.6.18-164.2.1.el5.x86_64 [18.4 MiB] Changelog by Jiri Pirko (2009-09-21):
- [x86_64] kvm: bound last_kvm to prevent backwards time (Glauber Costa ) [524527 524076]
- [x86] kvm: fix vsyscall going backwards (Glauber Costa ) [524527 524076]
- [misc] fix RNG to not use first generated random block (Neil Horman ) [523289 522860]
- [x86] kvm: mark kvmclock_init as cpuinit (Glauber Costa ) [524151 523450]
- [x86_64] kvm: allow kvmclock to be overwritten (Glauber Costa ) [524150 523447]
- [x86] kvmclock: fix bogus wallclock value (Glauber Costa ) [524152 519771]
- [scsi] scsi_dh_rdace: add more sun hardware (mchristi@redhat.com ) [523237 518496]
- [misc] cprng: fix cont test to be fips compliant (Neil Horman ) [523290 523259]
- [net] bridge: fix LRO crash with tun (Andy Gospodarek ) [522636 483646]
- Revert: [x86_64] fix gettimeoday TSC overflow issue - 1 (Don Zickus ) [489847 467942]
- Revert: [net] atalk/irda: memory leak to user in getname (Danny Feng ) [519309 519310] {CVE-2009-3001 CVE-2009-3002}
kernel-xen-2.6.18-164.el5.x86_64 [18.4 MiB] Changelog by Don Zickus (2009-08-18):
- [misc] information leak in sigaltstack (Vitaly Mayatskikh ) [515396]
- [misc] execve: must clear current->clear_child_tid (Oleg Nesterov ) [515429]
- [net] igb: set lan id prior to configuring phy (Stefan Assmann ) [508870]
- [net] udp: socket NULL ptr dereference (Vitaly Mayatskikh ) [518043] {CVE-2009-2698}
kernel-xen-2.6.18-128.7.1.el5.x86_64 [17.2 MiB] Changelog by Jiri Pirko (2009-08-19):
- [net] prevent null pointer dereference in udp_sendmsg (Vitaly Mayatskikh) [518047 518043] {CVE-2009-2698}
kernel-xen-2.6.18-128.4.1.el5.x86_64 [17.2 MiB] Changelog by Don Howard (2009-07-23):
- [fs] ecryptfs: check tag 11 packet literal data buffer size (Eric Sandeen ) [512862 512863] {CVE-2009-2406}
- [fs] ecryptfs: check tag 3 packet encrypted key size (Eric Sandeen ) [512886 512887] {CVE-2009-2407}
- [misc] personality handling: fix PER_CLEAR_ON_SETID (Vitaly Mayatskikh ) [511173 508842] {CVE-2009-1895}
- [xen] HV: remove high latency spin_lock (Chris Lalancette ) [512311 459410]
kernel-xen-2.6.18-128.2.1.el5.x86_64 [17.2 MiB] Changelog by Jiri Pirko (2009-07-09):
- Revert: [mm] cow vs gup race fix (Andrea Arcangeli ) [486921 471613]
- Revert: [mm] fork vs gup race fix (Andrea Arcangeli ) [486921 471613]
- Revert: [mm] fix swap race condition in fork-gup-race patch (Andrea Arcangeli ) [507297 506684]
- Revert: [mm] prevent panic in copy_hugetlb_page_range (Larry Woodman ) [508030 507860]
kernel-xen-2.6.18-128.1.16.el5.x86_64 [17.2 MiB] Changelog by Jiri Pirko (2009-06-27):
- [mm] prevent panic in copy_hugetlb_page_range (Larry Woodman ) [508030 507860]
kernel-xen-2.6.18-128.1.14.el5.x86_64 [17.2 MiB] Changelog by Jiri Pirko (2009-06-01):
- [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach ) [500301 500302] {CVE-2009-1630}
- [fs] proc: avoid info leaks to non-privileged processes (Amerigo Wang ) [499546 499541]
- [net] tg3: Fix firmware event timeouts (Jiri Pirko ) [502837 481715]
- [scsi] libiscsi: fix nop response/reply and session cleanup race (Jiri Pirko ) [502916 497411]
- [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton ) [496576 496577] {CVE-2009-1633}
- [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton ) [496576 496577] {CVE-2009-1633}
- [fs] cifs: buffer overruns when converting strings (Jeff Layton ) [496576 496577] {CVE-2009-1633}
- [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton ) [494279 494280] {CVE-2009-1439}
- [x86] xen: fix local denial of service (Chris Lalancette ) [500950 500951] {CVE-2009-1758}
- [misc] compile: add -fwrapv to gcc CFLAGS (Don Zickus ) [501751 491266]
- [misc] random: make get_random_int more random (Amerigo Wang ) [499783 499776]
- [gfs2] fix uninterruptible quotad sleeping (Steven Whitehouse ) [501742 492943]
- [mm] cow vs gup race fix (Andrea Arcangeli ) [486921 471613]
- [mm] fork vs gup race fix (Andrea Arcangeli ) [486921 471613]
- [nfs] fix hangs during heavy write workloads (Peter Staubach ) [486926 469848]
kernel-xen-2.6.18-128.1.10.el5.x86_64 [17.2 MiB] Changelog by Jiri Pirko (2009-04-29):
- [fs] fix softlockup in posix_locks_deadlock (Josef Bacik ) [496842 476659]
kernel-xen-2.6.18-128.1.6.el5.x86_64 [17.2 MiB] Changelog by Jiri Pirko (2009-03-24):
- [x86] add nonstop_tsc flag in /proc/cpuinfo (Luming Yu ) [489310 474091]
kernel-xen-2.6.18-128.1.1.el5.x86_64 [17.2 MiB] Changelog by Jiri Pirko (2009-01-26):
- [security] introduce missing kfree (Jiri Pirko ) [480597 480598] {CVE-2009-0031}
- [sched] fix clock_gettime monotonicity (Peter Zijlstra ) [481122 477763]
- [nfs] create rpc clients with proper auth flavor (Jeff Layton ) [481119 465456]
- [net] sctp: overflow with bad stream ID in FWD-TSN chunk (Eugene Teo ) [478804 478805] {CVE-2009-0065}
- [md] fix oops with device-mapper mirror target (Heinz Mauelshagen ) [481120 472558]
- [openib] restore traffic in connected mode on HCA (AMEET M. PARANJAPE ) [479812 477000]
- [net] add preemption point in qdisc_run (Jiri Pirko ) [477746 471398] {CVE-2008-5713}
- [x86_64] copy_user_c assembler can leave garbage in rsi (Larry Woodman ) [481117 456682]
- [misc] setpgid returns ESRCH in some situations (Oleg Nesterov ) [480576 472433]
- [s390] zfcp: fix hexdump data in s390dbf traces (Hans-Joachim Picht ) [480996 470618]
- [fs] hfsplus: fix buffer overflow with a corrupted image (Anton Arapov ) [469637 469638] {CVE-2008-4933}
- [fs] hfsplus: check read_mapping_page return value (Anton Arapov ) [469644 469645] {CVE-2008-4934}
- [fs] hfs: fix namelength memory corruption (Anton Arapov ) [470772 470773] {CVE-2008-5025}
kernel-xen-2.6.18-128.el5.x86_64 [18.1 MiB] Changelog by Don Zickus (2008-12-17):
- [cifs] cifs_writepages may skip unwritten pages (Jeff Layton ) [470267]
kernel-xen-2.6.18-92.1.24.el5.x86_64 [16.1 MiB] Changelog by Jiri Pirko (2009-01-08):
- [net] fix unix sockets kernel panic (Neil Horman ) [470435 470436] {CVE-2008-5029}
kernel-xen-2.6.18-92.1.18.el5.x86_64 [16.9 MiB] Changelog by Jiri Pirko (2008-11-05):
- [xen] x86: allow the kernel to boot on pre-64 bit hw (Chris Lalancette ) [470040 468083]
kernel-xen-2.6.18-92.1.17.el5.x86_64 [17.0 MiB] Changelog by Jiri Pirko (2008-10-22):
- Revert: [nfs] pages of a memory mapped file get corrupted (Peter Staubach ) [450335 435291]
kernel-xen-2.6.18-92.1.13.el5.x86_64 [17.0 MiB] Changelog by Jiri Pirko (2008-09-04):
- [md] fix crashes in iterate_rdev (Doug Ledford ) [460128 455471]
- [sound] snd_seq_oss_synth_make_info info leak (Eugene Teo ) [458000 458001] {CVE-2008-3272}
- [ipmi] control BMC device ordering (peterm@redhat.com ) [459071 430157]
- [ia64] fix to check module_free parameter (Masami Hiramatsu ) [460639 457961]
-  [misc] NULL pointer dereference in kobject_get_path (Jiri Pirko ) [459776 455460]
- [xen] ia64: SMP-unsafe with XENMEM_add_to_physmap on HVM (Tetsu Yamamoto ) [459780 457137]
- [net] bridge: eliminate delay on carrier up (Herbert Xu ) [458783 453526]
- [fs] dio: lock refcount operations (Jeff Moyer ) [459082 455750]
- [misc]  serial: fix break handling for i82571 over LAN (Aristeu Rozanski ) [460509 440018]
- [fs] dio: use kzalloc to zero out struct dio (Jeff Moyer ) [461091 439918]
- [fs] lockd: nlmsvc_lookup_host called with f_sema held (Jeff Layton ) [459083 453094]
- [net] bnx2x: chip reset and port type fixes (Andy Gospodarek ) [441259 442026]
kernel-xen-2.6.18-92.1.10.el5.x86_64 [16.9 MiB] Changelog by Jiri Pirko (2008-07-24):
- [ia64] softlock: prevent endless warnings in kdump (Neil Horman ) [456117 453200]

Listing created by repoview