Security fixes:
A flaw in the SCTP and DCCP implementations could allow a remote attacker
to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important)
Flaws in the Management Module Support for Message Passing Technology
(MPT) based controllers could allow a local, unprivileged user to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)
Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could
allow a local user to cause a denial of service or escalate their
privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important)
A flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-2491, Important)
A flaw in the Bluetooth implementation could allow a remote attacker to
cause a denial of service or escalate their privileges. (CVE-2011-2497,
Important)
Flaws in the netlink-based wireless configuration interface could allow a
local user, who has the CAP_NET_ADMIN capability, to cause a denial of
service or escalate their privileges on systems that have an active
wireless interface. (CVE-2011-2517, Important)
The maximum file offset handling for ext4 file systems could allow a
local, unprivileged user to cause a denial of service. (CVE-2011-2695,
Important)
A local, unprivileged user could allocate large amounts of memory not
visible to the OOM killer, causing a denial of service. (CVE-2010-4243,
Moderate)
The proc file system could allow a local, unprivileged user to obtain
sensitive information or possibly cause integrity issues. (CVE-2011-1020,
Moderate)
A local, privileged user could possibly write arbitrary kernel memory via
/sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate)
Inconsistency in the methods for allocating and freeing NFSv4 ACL data;
CVE-2010-4250 fix caused a regression; a flaw in next_pidmap() and
inet_diag_bc_audit(); flaws in the CAN implementation; a race condition in
the memory merging support; a flaw in the taskstats subsystem; and the way
mapping expansions were handled could allow a local, unprivileged user to
cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593,
CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484,
CVE-2011-2496, Moderate)
A flaw in GRO could result in a denial of service when a malformed VLAN
frame is received. (CVE-2011-1478, Moderate)
napi_reuse_skb() could be called on VLAN packets allowing an attacker on
the local network to possibly trigger a denial of service. (CVE-2011-1576,
Moderate)
A denial of service could occur if packets were received while the ipip
or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate)
Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low)
Flaws in the EFI GUID Partition Table implementation could allow a local
attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low)
While a user has a CIFS share mounted that required successful
authentication, a local, unprivileged user could mount that share without
knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585,
Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770,
CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213; Vasiliy
Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022,
CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily Averin for
reporting CVE-2011-2491; Brad Spengler for reporting CVE-2010-4243; Kees
Cook for reporting CVE-2011-1020; Robert Swiecki for reporting
CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for reporting
CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183; Ryan Sweat for
reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe for reporting
CVE-2011-1160; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492;
and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776.