We will be scheduling an important kernel and bug fix update this weekend.
This would take place as far as possible during the off-peak hours. A reboot is required to complete the upgrade. The downtime should not exceed 30 minutes and it will be minimize as much as possible. We will track each server till it returns to service after the upgrade and reboot.
This upgrade is scheduled as follows:
Date: 10 March 2012 (Saturday) to 12 March 2012 (Monday)
Time: Between 2AM and 8AM EST#
Kernel and bug fix update
Details of Kernel Update
This schedule update fixes the following security issues:
* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled large, nested epoll structures. A local, unprivileged
user could use this flaw to cause a denial of service. (CVE-2011-1083,
Moderate)
Details of Bug Fix Update
This scheduled update will also fix the following bugs:
* The root user without the CAP_SYS_ADMIN capability was able to reset the
contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to 0.
Consequently, the unprivileged root user could bypass the protection of the
"dmesg_restrict" file and read the kernel ring buffer. This update ensures that
only the root user with the CAP_SYS_ADMIN capability is allowed to write to the
dmesg_restrict file. Any unauthorized attempt on writing to this file now fails
with an EPERM error. (BZ#749246)
* An Ethernet physical transceiver (a PHY chip) was always powered up when a
network interface card (NIC) using the igb driver was brought down. Recent
changes had modified the kernel so that the PHY chip was powered down in such a
scenario. With this PHY power saving feature, the PHY chip could unexpectedly
lose its settings on rare occasions. Consequently, the PHY chip did not recover
after the NIC had been re-attached and the NIC could not be brought up. The igb
driver has been modified so that the PHY chip is now reset when the NIC is
re-attached to the network. NICs using the igb driver are brought up as
expected. (BZ#786168)
* The way how the kernel processes dentries in the dcache when unmounting file
systems allowed the concurrent activity on the list of dentries. If the list was
large enough, the kernel could, under certain circumstances, panic due to NMI
watchdog timeout triggered by the waiting concurrent process. This update
modifies underlying functions to use a private dcache list for certain
operations on the dcache so that concurrent activities are no longer affected in
this scenario. (BZ#789369)
* The Abstract Control Model (ACM) driver uses spinlocks to protect the lists of
USB Request Blocks (URBs) and read buffers maintained by the driver. Previously,
when a USB device used the ACM interface, a race condition between scheduled ACM
tasklets could occur. Consequently, the system could enter a deadlock situation
because tasklets could take spinlocks without disabling interrupt requests
(IRQs). This situation resulted in various types of soft lockups ending up with
a kernel panic. This update fixes the problem so that IRQs are disabled when a
spinlock is taken. Deadlocks no longer occur and the kernel no longer crashes in
this scenario. (BZ#790778)
* A recent change in the QLogic qla2xxx driver introduced a bug which could,
under rare circumstances, cause the system to become unresponsive. This problem
occurred during I/O error recovery on systems using SAN configurations with
QLogic Fibre Channel Hot Bus Adapters (HBAs). This update corrects the qla2xxx
driver so the system no longer hangs in this scenario. (BZ#790907)
* Due to recent changes in the tg3 driver, the driver attempted to use an
already freed pointer to a socket buffer (SKB) when the NIC was recovering from
unsuccessful memory mapping. Consequently, the NIC went offline and the kernel
panicked. With this update, the SKB pointer is newly allocated in this scenario.
The NIC recovers as expected and a kernel panic does not occur. Also, the tg3
driver could, under certain circumstances, attempt to unmap a memory fragment
that had not been mapped. Consequently, the kernel panicked. This update fixes
the bug by correcting the "last" parameter supplied. (BZ#790910)
* When a network interface card (NIC) with a fan experiences a fan failure, the
PHY chip is usually powered down by its firmware. Previously, the bnx2x driver
did not handle fan failures correctly, which could trigger a non-maskable
interrupt (NMI). Consequently, the kernel could crash or panic. This update
modifies the bnx2x driver to handle fan failures properly, the NIC is now shut
down as expected and the kernel does not crash in this scenario. (BZ#790912)
Vineri, Martie 9, 2012
Powered by WHMCompleteSolution
