drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos im Kernel
Name: |
Ausführen beliebiger Kommandos im Kernel |
|
ID: |
FEDORA-2011-11019 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
Do, 18. August 2011, 11:42 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2905 |
|
Applikationen: |
Linux |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-11019 2011-08-17 00:12:16 ------------------------------------------------------------------------------- -
Name : kernel Product : Fedora 15 Version : 2.6.40.3 Release : 0.fc15 URL : http://www.kernel.org/ Summary : The Linux kernel Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
------------------------------------------------------------------------------- - Update Information:
Security update for CVE-2011-2905 Additionally, includes other fixes from 3.0.1, 3.0.2 and 3.0.3rc1. Also numerous fixes for bugs reported via bugzilla.
Rebase to 3.0. Version reports as 2.6.40 for compatibility with older userspace. ------------------------------------------------------------------------------- - ChangeLog:
* Mon Aug 15 2011 Dave Jones <davej@redhat.com> 2.6.40.3-0 - Apply patches from 3.0.3-rc1 * Mon Aug 15 2011 Dave Jones <davej@redhat.com> - Apply patches from 3.0.2 * Mon Aug 15 2011 Dave Jones <davej@redhat.com> - CVE-2011-2905 perf tools may parse user-controlled config file. (rhbz 729809) * Sat Aug 13 2011 Dave Jones <davej@redhat.com> - Apply patches from 3.0.2rc1 * Thu Aug 11 2011 Dennis Gilmore <dennis@ausil.us> - add config for arm tegra devices - setup kernel to build omap image (patch from David Marlin) - setup kernel to build tegra image based on omap work - add arm device tree patches * Thu Aug 11 2011 Josh Boyer <jwboyer@redhat.com> - Add munged together patch for rhbz 729269 * Thu Aug 11 2011 Dave Jones <davej@redhat.com> - Fix Xen blk device naming (rhbz 729340) * Tue Aug 9 2011 Josh Boyer <jwboyer@redhat.com> - Add Makefile.config and ARM config changes from David Marlin * Tue Aug 9 2011 Dave Jones <davej@redhat.com> - ptrace_report_syscall: check if TIF_SYSCALL_EMU is defined * Tue Aug 9 2011 Dave Jones <davej@redhat.com> - Enable CONFIG_SAMSUNG_LAPTOP (rhbz 729363) * Tue Aug 9 2011 Dave Jones <davej@redhat.com> 2.6.40.1-2 - Fix stray block put after queue teardown (rhbz 728872) * Sun Aug 7 2011 Dave Jones <davej@redhat.com> - Utrace fixes. (rhbz 728379) * Fri Aug 5 2011 Dave Jones <davej@redhat.com> 2.6.40.1-1 - Revert f16-only change that made IPV6 built-in. * Fri Aug 5 2011 Dave Jones <davej@redhat.com> - Final 3.0.1 diff. * Thu Aug 4 2011 Dave Jones <davej@redhat.com> - Drop neuter_intel_microcode_load.patch (rhbz 690930) * Wed Aug 3 2011 Dave Jones <davej@redhat.com> - iwlagn: check for !priv->txq in iwlagn_wait_tx_queue_empty (rhbz 728044) * Wed Aug 3 2011 Dave Jones <davej@redhat.com> - Apply patches from patch-3.0.1-rc1 * Wed Aug 3 2011 John W. Linville <linville@redhat.com> - Disable CONFIG_BCMA since no driver currently uses it (rhbz 727796) * Wed Aug 3 2011 Josh Boyer <jwboyer@redhat.com> - rt2x00: Add device ID for RT539F device. (rhbz 720594) - Add patch to fix backtrace in cdc_ncm driver (rhbz 720128) - Add patch to fix backtrace in usm-realtek driver (rhbz 720054) * Tue Aug 2 2011 Josh Boyer <jwboyer@redhat.com> - Fix epoll recursive lockdep warnings (rhbz 722472) * Tue Aug 2 2011 Josh Boyer <jwboyer@redhat.com> - Add patch to fix HFSPlus filesystem mounting (rhbz 720771) * Tue Aug 2 2011 Dave Jones <davej@redhat.com> - Change USB_SERIAL_OPTION back to modular. (rhbz 727680) * Tue Aug 2 2011 Josh Boyer <jwboyer@redhat.com> 2.6.40-5 - Add change from Yanko Kaneti to get the rt2x00 drivers in modules.networking (rhbz 708314) * Fri Jul 29 2011 Dave Jones <davej@redhat.com> 2.6.40-4 - Re-add utrace, which got accidentally dropped during the rebase. * Thu Jul 28 2011 Dave Jones <davej@redhat.com> 2.6.40-3 - Fix module-init-tools conflict: * Thu Jul 28 2011 Dave Jones <davej@redhat.com> 2.6.40-2 - fix crash in scsi_dispatch_cmd() * Thu Jul 28 2011 Dave Jones <davej@redhat.com> 2.6.40-1 - Turn off debugging options. (make release) * Tue Jul 26 2011 Dave Jones <davej@redhat.com> 2.6.40-0 - Rebase to final 3.0 (munge to 2.6.40-0) * Thu Jun 30 2011 Kyle McMartin <kmcmartin@redhat.com> 2.6.40-0.rc5.git0.1 - More than meets the eye, it's Linux 3.0-rc5 in disguise. * Mon Jun 27 2011 Dave Jones <davej@redhat.com> - Disable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, as this also disables FIPS (rhbz 716942) * Thu Jun 23 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc4.git3.1 - Linux 3.0-rc4-git3 - Drop linux-3.0-fix-uts-release.patch, and instead just perl the Makefile - linux-2.6-silence-noise.patch: fix context - iwlagn-fix-dma-direction.patch: fix DMAR errors (for me at least) * Wed Jun 22 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc4.git0.2 - Re-enable debuginfo generation. Thanks to Richard Jones for noticing... no wonder builds had been so quick lately. * Tue Jun 21 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc4.git0.1 - Linux 3.0-rc4 (getting closer...) * Fri Jun 17 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc3.git6.1 - Update to 3.0-rc3-git6 * Fri Jun 17 2011 Dave Jones <davej@redhat.com> - drop qcserial 'compile fix' that was just duplicating an include. - drop struct sizeof debug patch. (no real value. not upstreamable) - drop linux-2.6-debug-always-inline-kzalloc.patch. Can't recall why this was added. Can easily re-add if deemed necessary. * Fri Jun 17 2011 Kyle McMartin <kmcmartin@redhat.com> - linux-2.6-defaults-pci_no_msi.patch: drop, haven't toggled the default in many moons. - linux-2.6-defaults-pci_use_crs.patch: ditto. - linux-2.6-selinux-mprotect-checks.patch: upstream a while ago. - drm-i915-gen4-has-non-power-of-two-strides.patch: drop buggy bugfix - drop some more unapplied crud. - We haven't applied firewire patches in a dogs age. * Fri Jun 17 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc3.git5.1 - Try updating to a git snapshot for the first time in 3.0-rc, update to 3.0-rc3-git5 - Fix a subtle bug I introduced in 3.0-rc1, "patch-3." is 9 letters, not 10. * Thu Jun 16 2011 Kyle McMartin <kmcmartin@redhat.com> - Disable mm patches which had been submitted against 2.6.39, as Rik reports they seem to aggravate a VM_BUG_ON. More investigation is necessary. * Wed Jun 15 2011 Kyle McMartin <kmcmartin@redhat.com> - Conflict with pre-3.2.1-5 versions of mdadm. (#710646) * Wed Jun 15 2011 Kyle McMartin <kmcmartin@redhat.com> - Build in aesni-intel on i686 for symmetry with 64-bit. * Tue Jun 14 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc3.git0.3 - Fix libdm conflict (whose bright idea was it to give subpackages differing version numbers?) * Tue Jun 14 2011 Kyle McMartin <kmcmartin@redhat.com> - Update to 3.0-rc3, add another conflicts to deal with 2 digit versions (libdm.) - Simplify linux-3.0-fix-uts-release.patch now that SUBLEVEL is optional. - revert-ftrace-remove-unnecessary-disabling-of-irqs.patch: drop upstreamed patch. - drm-intel-eeebox-eb1007-quirk.patch: ditto. - ath5k-disable-fast-channel-switching-by-default.patch: ditto. * Thu Jun 9 2011 Kyle McMartin <kmcmartin@redhat.com> - ath5k-disable-fast-channel-switching-by-default.patch (rhbz#709122) (korgbz#34992) [a99168ee in wireless-next] * Thu Jun 9 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc2.git0.2 - rhbz#710921: revert-ftrace-remove-unnecessary-disabling-of-irqs.patch * Wed Jun 8 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc2.git0.1 - Update to 3.0-rc2, rebase utsname fix. - Build IPv6 into the kernel for a variety of reasons (http://lists.fedoraproject.org/pipermail/kernel/2011-June/003105.html) * Mon Jun 6 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc1.git0.3 - Conflict with module-init-tools older than 3.13 to ensure the 3.0 transition is handled correctly. * Wed Jun 1 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc1.git0.2 - Fix utsname for 3.0-rc1 * Mon May 30 2011 Kyle McMartin <kmcmartin@redhat.com> 3.0-0.rc1.git0.1 - Linux 3.0-rc1 (won't build until module-init-tools gets an update.) * Mon May 30 2011 Kyle McMartin <kyle@redhat.com> - Trimmed changelog, see fedpkg git for earlier history. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #729269 - Some Logitech webcams audio device not initialized properly https://bugzilla.redhat.com/show_bug.cgi?id=729269 [ 2 ] Bug #729340 - kernel 2.6.40-4 running on EC2 makes devices ordering wrong https://bugzilla.redhat.com/show_bug.cgi?id=729340 [ 3 ] Bug #729363 - build CONFIG_SAMSUNG_LAPTOP as module https://bugzilla.redhat.com/show_bug.cgi?id=729363 [ 4 ] Bug #728872 - panic: <IRQ> [<ffffffff914ae2cd>] panic+0x91/0x19c https://bugzilla.redhat.com/show_bug.cgi?id=728872 [ 5 ] Bug #728379 - Kernel 2.6.40 breaks UserModeLinux https://bugzilla.redhat.com/show_bug.cgi?id=728379 [ 6 ] Bug #690930 - microcode_ctl loops, impossible to boot https://bugzilla.redhat.com/show_bug.cgi?id=690930 [ 7 ] Bug #728044 - Kernel hangs on suspend on ThinkPad T510 (probably related to iwlagn) https://bugzilla.redhat.com/show_bug.cgi?id=728044 [ 8 ] Bug #727796 - bcma to block wl, b43 and maybe bcrm43xx in kernel 2.6.40 https://bugzilla.redhat.com/show_bug.cgi?id=727796 [ 9 ] Bug #720594 - rt2800pci: Add device ID for RT539F device https://bugzilla.redhat.com/show_bug.cgi?id=720594 [ 10 ] Bug #720128 - [abrt] kernel: WARNING: at lib/dma-debug.c:875 check_for_stack+0x95/0xd3(): TAINTED ---------W https://bugzilla.redhat.com/show_bug.cgi?id=720128 [ 11 ] Bug #720054 - dmesg shows usb disconnect and traceback on a Toshiba NB555D https://bugzilla.redhat.com/show_bug.cgi?id=720054 [ 12 ] Bug #722472 - [ INFO: possible recursive locking detected ] 3.0-0.rc7.git0.1.fc16.i686 https://bugzilla.redhat.com/show_bug.cgi?id=722472 [ 13 ] Bug #720771 - HFSPlus DVD will not mount post install https://bugzilla.redhat.com/show_bug.cgi?id=720771 [ 14 ] Bug #727680 - Missing drivers/usb/serial/option.ko in kernel 2.6.40-4.fc15.i686 https://bugzilla.redhat.com/show_bug.cgi?id=727680 [ 15 ] Bug #708314 - Missing realtek usb drivers in modules.networking https://bugzilla.redhat.com/show_bug.cgi?id=708314 [ 16 ] Bug #708868 - [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000036c: TAINTED Warning Issued https://bugzilla.redhat.com/show_bug.cgi?id=708868 [ 17 ] Bug #712534 - [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 00000022: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=712534 [ 18 ] Bug #712823 - [abrt] kernel: BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1087: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=712823 [ 19 ] Bug #712532 - [abrt] kernel: BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1087: TAINTED Warning Issued https://bugzilla.redhat.com/show_bug.cgi?id=712532 [ 20 ] Bug #712527 - [abrt] kernel: BUG: sleeping function called from invalid context at kernel/rwsem.c:21: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=712527 [ 21 ] Bug #714333 - [abrt] kernel: BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1087: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=714333 [ 22 ] Bug #714847 - [abrt] kernel: BUG: sleeping function called from invalid context at kernel/rwsem.c:21: TAINTED Warning Issued https://bugzilla.redhat.com/show_bug.cgi?id=714847 [ 23 ] Bug #717501 - [abrt] kernel: kernel BUG at fs/bio.c:159!: TAINTED -------D https://bugzilla.redhat.com/show_bug.cgi?id=717501 [ 24 ] Bug #714165 - yet another cdrom_release oops https://bugzilla.redhat.com/show_bug.cgi?id=714165 [ 25 ] Bug #712528 - [abrt] kernel: BUG: unable to handle kernel paging request at ecf5469c: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=712528 [ 26 ] Bug #717621 - [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000070: TAINTED -------D https://bugzilla.redhat.com/show_bug.cgi?id=717621 [ 27 ] Bug #714850 - [abrt] kernel: BUG: unable to handle kernel paging request at ffff8800a99c9d80: TAINTED Warning Issued https://bugzilla.redhat.com/show_bug.cgi?id=714850 [ 28 ] Bug #712531 - [abrt] kernel: BUG: sleeping function called from invalid context at kernel/rwsem.c:21: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=712531 [ 29 ] Bug #714332 - [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000070: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=714332 [ 30 ] Bug #710551 - [abrt] kernel: BUG: unable to handle kernel NULL pointer dereference at 0000001e: TAINTED Die https://bugzilla.redhat.com/show_bug.cgi?id=710551 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update kernel' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|