Back to search

Sun Patch: SunOS 5.10_x86: kernel patch

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:N/I:N/A:C) November 18, 2010 November 18, 2010 October 22, 2013

Description

From Sun Patch 144489-17

Sun has released a security patch addressing the following issues:

7047558 backout 7016532 - fix requires more work
 
(from 144489-16)
 
6969657 taking DINFOFORCE devinfo snapshot in libtopo may cause a long delay for fmtopo and fmd
6973321 S10U8 (+later S10/S11 vers) on Nehalem systems has erratic scheduling behavior not present on S10U7
7000989 problem with kernel TCP/IP
7014840 fmd_dr_event() should filter out EC_DEVFS events that don't imply a topology change
7043423 Solaris 10 fix for 6888468 contains mistake
 
(from 144489-15)
 
4461538 TCP connect does not pick local port well
6263346 fast path accept(3SOCKET) does not return ECONNABORTED on a reset endpoint
6486764 tcp_eager_kill() does an extra CONN_DEC_REF()
6546584 LSO kstat entries miss from tcp_kstat2_init()
6818574 IPv6 fragment reassembly time needs to be 60 seconds
6821270 NFSv4 open state id table exhausted
6854700 NFSv4 reaper_thread only runs at 5 minute intervals
6954033 problem with network/socket
6966123 segvn_softunlock: addr fec00000, ap 0, vp fffffe9b46eb7840, off 0 panic
6969110 OBP USB is still using memory which Solaris will later reclaim
7016083 bug in hat_get_mapped_size() causes invalid RSS values to be shown in prstat
7020673 system panicking due to deadman timer
7023443 failure paths of ire_create and ire_init could leave error uninitialized
7030766 kssl_cache_count manipulation is not atomic
7031081 tcp_time_wait_collector() leaks KSSL memory under pressure
 
(from 144489-14)
 
6773806 ddi_intr_set_pri always fail due to the bug in ddi_intr_alloc()
6894195 race condition between ident_alloc() and ident_release()
6904790 more races in ldi: bug 6894195 does not give the full picture
6940069 kssl should advertise secure renegotiation awareness
6947183 kssl generates invalid SSL records in response to SSLv2-only Client Hello messages
6957773 tcp_get_next_priv_port() for TCP_ANONPRIVBIND can assign non-privileged port number
6961070 kssl should send close_notify on socket shutdown
6970328 thread blocked via holdwatch() but all other threads for the proc are in stop()
6971725 kssl should send close_notify when client socket is closed
6971743 client_notify_srvr flag should be handled better
6983313 T5220 w/ e1000g patch 142257-05 still panicked in PCIe fabric (0x0)(0x41)
7016127 shmat fails with EINVAL on Westmere systems
7016371 nscd under very heavy load sometimes returns NSS_NOTFOUND for local entries that do exist
7023736 mblk linkage could get broken with leading cooked mblks followed by referenced mblks
7024556 kssl_lock should be always held when entering kssl_build_single_record()
7028991 problem with kernel_ssl/other
 
(from 144489-13)
 
6888468 libc nss lock vs fork battle causes spurious SMF method timeouts
6987984 strncat dumps core on Solaris SPARC
7008672 panic occurred due to accessing already freed memory in pollhead_delete()
(removed) 7016532 panic at tcp_xmit_early_reset
7016592 fix to 6888468 incomplete
7020099 deadlock in routine ire_cache_lookup() on IRE bucket's irb_lock rwlock
 
(from 144489-12)
 
6246564 if_mpadm -r <ifname> doesn't bring up IPv6 link-local data address
6672480 NFSv2 and NFSv3 client panic in nfs_async_inactive() when mounted with rsize=0
6738234 problem with TCP/IP
7007880 IPv6 link local address of a shared zone is not pingable after an IPMP failover
7019630 rcm script SUNW,rdsv3u.sh: scripting protocol error
7023209 Solaris 10 KU 144488-10 rdsv3 module modload fails during patchadd
 
(from 144489-11)
 
6322069 unscalability of AH_LOCK_SIZE causes anonhash_lock contention on larger systems
6861973 Libra G5: panic: hment_remove() mapping not found in hash table
6875273 Intel IOMMU needs a rewrite
6877258 Virgo will kernel panic with VT-d enabled under heavy network traffic
6885148 huge network performance drop with multiple NICs on x86 platforms with IOMMU
6889212 interrupt remapping and Queued Invalidation need not be clubbed with IOMMU (DMA remapping)
6889221 Intel IOMMU must support force physical functionality
6890819 slow reboot got much slower on my Tecra M10
6910946 Westmere Class System panics: Freeing a free IOMMU page: paddr=0x8379c000 under I/O load
6922954 potential null dereference in get_gfx_devinfo()
6923494 IOMMU on G5 can make USB devices unusable
6925263 fiber channel initiator I/O very slow running with IOMMU enabled
6926010 map_bios_rsvd_mem(): Variable "mrng" tracked as NULL was dereferenced
6928761 provide a way to disable/enable IMMU (Intel IOMMU) via rootnex.conf
6946750 pcf mutex contention in page_create_putback
6949020 iommulib should not get used when disabled from rootnex.conf
6950042 enabling interrupt remapping causes a panic during boot on x4170
6953610 Intel IOMMU code needs a more flexible way to specify per-driver DVMA use
6955192 Intel IOMMU code performs unnecessary write buffer flushes
6955196 Intel IOMMU code should use higher-level abstraction interface
6955206 iommulib code looks up nexops too often
6955973 Intel IOMMU code has too many checks in the DMA bind handle path
6956536 Intel IOMMU code does too much work during cookie manipulation
6964515 interrupt remapping panics on big machines
6964516 Intel IOMMU code should use passthrough for unity mappings
6968209 fss_tick() should not spin while holding a thread_lock
6968824 Intel IOMMU ACPI DMAR table code can call kmem_free with the wrong size
6975766 Intel IOMMU interrupt remapping should be on by default for x2APIC
6977187 PSMs must switch to x2APIC ops early in PSM init if firmware enables x2APICs
6977555 process_madt fails to process x2APIC entries, leads to lgroup exhaustion
6979892 machine with mpt fails to boot with Intel IOMMU switched on
6980237 i86pc rootnex will report the wrong length in ddi_dma_getwin
6982417 allow x2APIC IDs whose values are below 256
6982493 x4600 system panics due to rootnex driver load failure on XVM
6989510 problem with kernel lofs
6996383 x86 systems hang after updating with onu including 6861973 fix
7000721 Solaris 10 backport of IOMMU, x2APIC, and Interrupt Remapping
7001342 Coverity uncovers memory leak in cpucaps_zone_set()
7003425 SCTP stack improperly returns ECONNABORT after accept() with outstanding data
7012308 apic_intrmap_init() has a bug in using the apic_mode variable
 
(from 144489-10)
 
5105708 socket creation retains hold on accessvp
6467111 sockfs should provide a dynamic way to load and unload different socket modules
6785041 assertion failed: so_verify_oobstate(so), file: ../../common/fs/sockfs/sockcommon.c, line: 620
6786163 read 0 length message should return success instead of EWOULDBLOCK
6787347 dgram_peek sotest fails with unexpected result
6787350 udp_send_zero sotest fails with unexpected result
6787381 SO_POLLEV_ALWAYS flag not inherited from listener
6788242 SO_{SND,RCV}TIMEO {set,get}sockopt fail with 32-bit binaries on a 64-bit kernel
6789917 SO_SNDTIMEO/SO_RCVTIMEO should return EAGAIN when timeout occurs and no data was received or sent
6801736 sockets should handle POLLWRBAND
6837188 MSG_WAITALL skips over urgent mark
6850013 RDS driver upgrade to version 3
6865109 defaultrouter disappears after IPMP failback for zones configured with defrouter
6902396 su_recv does not call pollwakeup() for zero-len datagrams when protocol uses uio recv
6916965 Hermon FMA should print error code when fatal internal error occurs
6928074 need to improve interrupt to tasklet handover mechanism in Solaris RDSv3
6931933 backport Volo socket module interface for RDSv3
6940747 rdsv3_wake_sk_sleep is called without checking if any threads are waiting to be awakened
6942740 poll on RDSv3 socket may not wakeup on send completion
6943440 race in solookup() can cause smod_refcnt to be bumped multiple times for single sockparams
6947318 improve RDSv3 performance by pre-allocated receive buffers
6947377 need to bind receive tasklet thread to multiple CPUs
6947384 multiple taskq threads required for RDSv3 worker
6947648 missing conn->c_cm_lock exit on errors in rdsv3_ib_cm_handle_connect()/ib_cm.c
6948085 socket close should not return until all references to the socket are closed
6948206 resync with Linux RDS 1.5.1-4 stable
6948603 change all L0 and L1 debug messages to L2
6949013 need FMR pooling to improve the performance of rdsv3_ib_free_mr
6949297 rdsv3_ib_get_mr: remove setting DDI_UMEMLOCK_LONGTERM when calling umem_lockmemory()
6949459 rdma_bind() for IF_ADDR_ANY called just after client driver attach fails
6950897 need to optimize rdsv3_poll_cq() for performance
6952827 upgrade to Linux RDS 1.5.1-dev
6953258 on error ret from umem_lockmemory rdsv3_ib_get_mr() needs to negate that errno before its return
6953781 error return values are sometimes ignored in sol_ofs
6954116 IB drivers declare invalid ELF dependencies, confuse pkgdepend, cause build noise
6954762 convert event processing worker threads from taskq's to kthread's
6955311 support of rds-info
6955657 RDS port space should be IP-address specific
6956094 RDS tools do not compile with sys/rds.h header file
6958745 few issues during RDBMS bring-up with RDSv3
6959079 need to improve how statistics are gathered in RDSv3
6961816 unexpected recvmsg of cmsg type RDS_CMSG_RDMA_DEST
6961877 small WR array limits message sizes causing panic
6964889 reduce the number of calls to kmem_alloc and kmem_free from rdsv3_cmsg_rdma_map
6965606 high lock contention rdsv3_bind_lock in rdsv3_recv_incoming()
6965740 rdsv3_ib_tasklet_fn does not drain the CQ
6969584 caught signals ignored when process is blocked in RDSv3 socket
6973305 scalability of worker threads that handle delayed tasks
6973605 RDSv3 does not work with RDS_CMSG_RDMA_DEST flag
6973698 workaround is needed against 6973697
6974271 IB statistics are not displayed
6974536 rdsv3_exit hangs during cfgadm unconfigure if rdma_listen fails to create listeners
6976456 high lock contention between rdsv3_ib_inc_free and rdsv3_ib_drain_inclist
6976554 stale OpenOwner entries are not reaped for active clients
6977358 rds-stress doesn't work if there are more than one P_KEY on the underlying link
6978505 FMR statistics are removed
6978515 no free FMR resource
6978884 panic at rdsv3_ib_send_ack+0xb7
6980308 sequence number on receiver doesn't match expected one
6980347 ib_addr_get_{s,d}gid does not copy gid information
6981075 need to reduce contention on global rdsv3_conn_lock
6981420 run out of memory with an rds-stress run with 4 HCAs and 11 storage cell
6982145 panic occured in ip:tcp_fuse_rcv_drain()
6982158 hermon driver violates the DDI
6986151 deadlock on delayed work mutex
6986509 rdsv3_af_thr_destroy must wait for the thread to exit before returning
6988506 addresses that failover cannot be pinged from localhost when using if_mpadm to test IPMP
6989079 rds-stress with 1M bcopy message size reports 0s
6989171 RDSv3 recovery after reboot of one node fails
6991378 recursive mutex panic in rdsv3_conn_shutdown()
6992257 kernel panic seen on Westmere-based x4170M2 running ORION
6992508 calling listen(3socket) on an RDSv3 socket panics the system
6992691 mckey coredump on x86 systems
6995292 some RDSv3 connections go into confused state with Orion test
6996185 remove lingering 3.0 protocol version code
6996199 rdsv3_queue_delayed_work() and rdsv3_ib_queue_delayed_msg() should take ticks instead of secs
6998647 memory corruption on low-memory systems
6998775 Oracle DB hangs due to missing messages
7000915 RDS delivered duplicate message on IB loopback connection
7001365 rds-info counters are not accurate
7007491 disable non-blocking in sendmsg
7014371 connection stalls due to RDSV3_LL_SEND_FULL races in the transmit ring
7017395 rds.h file should be installed in /usr/include/sys directory
 
(from 144489-09)
 
4849539 leak in sysevent event channels
6678463 ever-increasing number of BOUND sockets not tied to process FDs
6910483 ip_wput_ire can pass NULL q pointer to putq if icmp dest unreachable happens
6979638 panics occurring on systems with greater than 1TB memory even after installation of patch 142901-05
6994017 ioctl sometimes returns errno EBADF on a valid open file descriptor for /dev/poll
7000036 problem with TCP/IP
7014204 copyright year needs updating to 2011 for S10U10
 
(from 144489-08)
 
6834183 problem with network SCTP
6961334 race during zone destroy
6967561 race between zone shutdown and unmount in NFSv2 & NFSv3
6996729 nfs4_end_open_seqid_sync() should use cv_signal() instead of cv_broadcast()
6998078 race condition between cap_disable and cap_kstat_update
 
(from 144489-07)
 
6478684 isainfo/cpuid reports pause instruction not supported on amd64
6737947 "file" command dumps core on certain files
6927545 NFSv4 reaper thread can exit without clearing up DB entries
6974219 ddi-mp: fail-up to 4 node config after initial install on 2 nodes does not preserve instances
6977958 need interface to affect NUMA memory allocation policy for ISM before it is created
6988352 ddi-mp: 10x Aura cards run into instance collisions on first boot
6998596 Solaris 10 prior to Update 10 sees ACLs where there are none
 
(from 144489-06)
 
6598652 potential SCTP receive deadlock with zero window
6759500 [CVE-2008-4609] FICORA #193744 TCP vulnerabilities
6910378 WARNING: Memory pressure: TCP defensive mode on
6910716 unable to map shares from Windows 2008 R2 or Vista Ultimate
6919534 panic Page fault occurred in module "ip" due to a NULL pointer dereference
6930900 TCP fails to send final data segment when FIN flag is set and it's prepared for using LSO
6972966 SYN-ACK-ACK is not handled properly when accepting connection from Linux client using HTTP benchmark
6991235 SCTP connection stalls with certain 'rcvbuf' values
6998762 backport of CR 6928798 missed tcp_conn_reclaim
6999137 tcp_eager_unlink ASSERTs out of order, can deref NULL pointer
6999168 TCP can send RST when rate limited when lbolt rolls over
 
(from 144489-05)
 
6638604 tunable for configurable buffer space for packets with unresolved ARP entries
6942436 ARP can drop valid outbound packets whilst awaiting L2 address resolution
6945825 Solaris can transmit TCP segments out of order when destination IRE expires
6951155 can't access Millbrook regs on Neh EX systems with step 6 CPU
6957273 packets to off-link hosts occasionally lost
6974916 RPC RDMA can leak SEND buffers
6974921 readv() with NFS and RDMA needs more work
6975422 NFS/RDMA can register unneeded buffers (or NFS/RDMA readv needs even more work)
6978473 ip_newroute() misleading comments
6981651 svc_rdma_krecv can free a clist twice in an error path
6981666 data read into wrong buffer
6982729 typos in ip_ndp.h
6983156 kmem_alloc(..., KM_NOSLEEP) should never panic
6989219 "alignment error" panic on SPARC when a process dumps core
6990328 "alignment error" panic on SPARC when trying to execute an ELF file
6990768 panic when executing or dumping a core through references to unmapped memory
 
(from 144489-04)
 
6583458 zoneadm halt won't halt a DEAD zone with residual NFS rnode4
6638967 UDP recv (think DNS) suffers from thundering herd problem
6909553 e1000g stall reset leaves GLDv3 link state as "unknown"
6916212 NFSv4 client recovery thread deadlocks after failover
6920403 NFS/RDMA NFSv3 client directio READs fail for read size between 869 - 1023 bytes
6930914 need enhancement of the cmi handle table for Intel EX chip family
6932109 optimizations to vm_getusage() interface to make it faster
6935135 NFS/RDMA ipv6 mount incorrectly if client's hostname in access_list
6937215 sort returns after 2bt 2.5 sec delay in memory capped ngz
6946100 add machine check and performance counter support for new member of Nehalem family
6972525 NFS RDMA doesn't always handle iovec structures correctly
 
(from 144489-03)
 
6757037 zone-spawned LWP needs to be able to run on a processor set
6814017 mr_sas driver should support timeout
6856797 kstat unix:0:system_misc:nproc not zone-aware
6859073 kmem leak in kmem_alloc_64 in case of fork failures in branded zones
6942564 BAD TRAP occurs when halting a zone stuck in 'down' state
6944465 SCTP should be more robust when the peer does not conform to the standard
6952813 mr_sas driver is racy, gets kernel page fault panic on Sun x86 and Dell platforms
6956116 deadlock between squeue_worker() and cpu_add_unit() during boot due to preemption and cpu_lock
6962689 application DCMD timeout count is truncated by OCR
6962691 OCR timeout daemon thread should be one and only
6976138 4964150 fix broke "cfgadm -c unconfigure xxx"
6976222 process counter for a zone
 
(from 144489-02)
 
6525509 MOD2() and TIMEOUT() macros are missing parens
6836258 exportinfo 16-way hash is too small
6923763 break followed by sync results in panic dump timeout 'dump aborted'
6930814 share/unshare issues
6931194 exportfs() uses exportinfo_t after dropping exported_lock and without doing exi_count++
6953045 put implementation of the Pearson's hashing algorithm into a separate file
6954736 stop -f /SYS on one Otoro head causes the other head to panic
6967825 panic "sync initiated" can hang attempting a crash dump
6970064 missing VN_RELE in exportfs
 
(from 144489-01)
 
6490542 panic with swapslot_free: null anon
6598517 kmdb can't look at device tree if first activated early in boot
6861114 system panics with FMA ereport.io.fire.epkt
6876953 memory leaks found in e1000g_alloc_rx_sw_packet
6885819 ip_squeue_soft_ring_affinity calls dls:soft_ring_bind with NULL pointer
6903932 failure creating SCTP association to multi-homed remote host
6923628 system panic with genunix:timeout_generic while booting up
6929733 cascaded squeue_drain can still induce stack overflow
6943798 HP x64 system panics with: lpl_topo_verify failed: -3
6945160 netlbtest fails with "Can't set loopback mode on device e1000g6"
6951733 RTO for retransmitting INIT is not capped by sinit_max_init_timeo
6959155 4964150 fix broke event processing
6960959 panic in e1000g_receive
6964207 FireEngine project seems to have backed out the fix for 4840464
6965127 in.mpathd all interfaces failed message and network failure after SCTP interface link downed
6965600 mdb subcommand ::prtconf doesn't work on S10U9
6965855 e1000g (Intel 82571 adapter) needs to support MTU size of 9000
6967873 e1000g needs to clear the link-down status when being unplumbed
6977457 KU rejuvenation post Solaris 10 Update Release 9
6977715 6903292 fix incomplete - RUNNING flag not set on IPMP underlying e1000g interfaces
 
(from 144533-01)
 
4799074 NFS authentication cache needs some sort of TTL
6906432 file system space on globalfilesystem shared by NFS not returned after rm(1) of files on NFS clients
 
(from 120045-01)
 
6248421 unable to bind LWP to a processor set if the process owner is not root
 
(from 144303-01)
 
6819008 i_Pobject_iter() needs to update mappings more often to avoid bogus prmap_t usage
 
(from 144537-02)
 
6959312 pthread rwlock race condition issue on multi-CPU configuration
 
(from 144537-01)
 
5105920 fconvert fails when ndigits is too large
 
(from 144551-01)
 
6869670 NFS server is responding from wrong IP-address (NFSv3, UDP)
 
(from 145795-01)
 
6966638 shutdown() sometimes appears to shutdown the wrong channel in a full-duplex socket
 
(from 144460-01)
 
        This revision accumulates generic Sustaining patch 144491-01
        into Solaris S10U9 update.
 
(from 144491-01)
 
6682524 fix for 4415038 incomplete: still fails to produce core
 
(from 144509-01)
 
6748160 problem with -zrescan
 
(from 141535-01)
 
	This revision accumulates generic Sustaining patch 126656-02
	into Solaris S10U8 update.
 
(from 126656-02)
 
6724237 polling on /dev/poll can hang even though UDP data is available
 
(from 126656-01)
 
        This revision accumulates generic Sustaining patch 126318-01
        into Solaris S10U4 update.
 
(from 126318-01)
 
6422458 /dev/poll dp_nfds checking off-by-one; application failures ensue	
 
(from 144562-02)
 
5081180 adjust rl_roll_log() comment to reflect reality
6965375 fsck can fail to umount after log roll
 
(from 144562-01)
 
6823148 "fsck -y" dumps core and exit with error 139 when fixing "ROTATIONAL POSITIONS BLOCK COUNT WRONG"
 
(from 143652-04)
 
7008199 acpica: need to harden ACPI CA interpreter against buggy BIOS mutex/OpRegion
 
(from 143652-03)
 
6960906 acpica: Dell R805 takes a few hours to install
 
(from 143652-02)
 
        This revision accumulates generic Sustaining patch 144750-01
        into Solaris S10U9 update.
 
(from 143652-01)
 
6870434 installation hangs on HP DL380 G4 after displaying copyright message
6907022 acpica: system (Fujitsu ESPRIMO) hard hangs during boot after Live Upgrade
6907377 acpica: DEBUG kernels trip over an over-enthusiastic ASSERT if ACPI is disabled
 
(from 144750-01)
 
6927692 G5: 4socket P1.L hotplug in slots 3.0 and 3.1 don't appear to function
 
(from 145787-01)
 
6943052 unable to configure IB PEM for Jumilla blade
 
(from 145793-01)
 
6942874 loop in autofs/lofs mount causes stack overflow, leading to crash
 
(from 146025-03)
 
7004009 G5 requires 64 interrupts at IPL6
 
(from 146025-02)
 
6987446 JumpStart panics on HP machine
 
(from 146025-01)
 
6528768 apic_navail_vector() fails when IPL equals 8 or 9
6991909 extend available interrupt vectors for HBAs and NICs
 
(from 144555-01)
 
6964278 per-user nscd: main nscd daemon keeps FD open for a door to a per-user nscd, after that has ended
 
(from 146278-01)
 
6390155 file descriptor leak in libnsl using NIS during setgrent/getgrent/endgrent loop
6942764 file descriptor leak in libnsl using NIS+ during setpwent/getpwent/endpwent loop
6970617 getipnodebyname() sets error_num to HOST_NOT_FOUND even for temporary errors
 
(from 144385-02)
 
        This S10U9 feature patch revision accumulated generic Sustaining
        patch 144368-02 into Solaris S10U9 update.
 
(from 144385-01)
 
        This S10U9 feature patch revision accumulated generic Sustaining
        patch 144368-01 into Solaris S10U9 update.
 
(from 144368-02)
 
6932563 kssl implicitly allows cipher suites with NULL encryption
6935267 kssl should terminate connection if cipher suite cannot be found and there is no fallback point
 
(from 144368-01)
 
6860305 OpenSSL 0.9.8k fails to establish ssl3/tls1 connections with a kssl server
 
(from 145962-02)
 
6896885 fmd fabric-xlate doesn't create temporary files securely
6981448 fabric-xlate tries to parse partial XML file, resulting in unexpected telemetry seen
 
(from 145962-01)
 
6929405 sysevent flood can cause fmd to accumulate topo snapshots leading to memory exhaustion
6938816 zfs-retire: zfs_vdev_repair leaks nvlist
6981178 fmadm faulty on sun4v PI platforms must report specific model

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

Apply patch 144489

Download and apply the patch from: https://sspatch.oracle.com/publicPatch.do?target=144489-17&method=h

Related Vulnerabilities