Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme im Kernel
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme im Kernel
ID: FEDORA-2011-16346
Distribution: Fedora
Plattformen: Fedora 14
Datum: Di, 29. November 2011, 08:07
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4326
Applikationen: Linux

Originalnachricht

Name        : kernel
Product : Fedora 14
Version : 2.6.35.14
Release : 106.fc14
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

-------------------------------------------------------------------------------
-
Update Information:

and CVE-2011-4110
Fix CVE-2011-4326 and CVE-2011-4132
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Nov 22 2011 Josh Boyer <jwboyer@redhat.com> 2.6.35.14-106
- CVE-2011-4110 keys: NULL pointer deref in the user-defined key type
* Mon Nov 21 2011 Josh Boyer <jwboyer@redhat.com> 2.6.35.14-105
- CVE-2011-4326: wrong headroom check in udp6_ufo_fragment() (rhbz 755590)
* Mon Nov 14 2011 Josh Boyer <jwboyer@redhat.com>
- CVE-2011-4132: jbd/jbd2: invalid value of first log block leads to oops (rhbz
753346)
* Tue Nov 1 2011 Dave Jones <davej@redhat.com>
- Add another Sony laptop to the nonvs blacklist. (rhbz 641789)
* Thu Oct 27 2011 Josh Boyer <jwboyer@redhat.com> 2.6.35.14-103
- Fix backport of xfs patch
- CVE-2011-4081 crypto: ghash: null pointer deref if no key is set (rhbz
749484)
* Wed Oct 26 2011 Josh Boyer <jwboyer@redhat.com>
- CVE-2011-4077: Add patch to fix XFS memory corruption (rhbz 749166)
* Tue Oct 25 2011 Josh Boyer <jwboyer@redhat.com>
- CVE-2011-1083: excessive in kernel CPU consumption when creating large nested
epoll structures (rhbz 748668)
* Tue Oct 25 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix NULL dereference in udp6_ufo_fragment(), caused by
fix for CVE-2011-2699.
* Fri Oct 21 2011 Dave Jones <davej@redhat.com> 2.6.35.14-100
- Lower severity of Radeon lockup messages.
* Thu Oct 20 2011 Josh Boyer <jwboyer@redhat.com>
- Add fix for ext4 BUG_ON backtrace (rhbz 747948)
* Wed Oct 19 2011 Dave Jones <davej@redhat.com>
- Add Sony VGN-FW21E to nonvs blacklist. (rhbz 641789)
* Fri Oct 14 2011 Josh Boyer <jwboyer@redhat.com>
- Add patches to fix RHBZ #663186
* Tue Oct 11 2011 Dave Jones <davej@redhat.com>
- acer-wmi: Fix capitalisation of GUID in module alias (rhbz 661322)
* Tue Oct 11 2011 Dave Jones <davej@redhat.com>
- usb-wwan: implement TIOCGSERIAL and TIOCSSERIAL to avoid blocking close(2)
(rhbz 725724)
* Fri Sep 23 2011 Josh Boyer <jwboyer@redhat.com> 2.6.35.14-98
- CVE-2011-1161 CVE-2011-1161: tpm: infoleaks
* Tue Sep 20 2011 Josh Boyer <jwboyer@redhat.com>
- CVE-2011-3353: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
* Fri Sep 16 2011 Josh Boyer <jwboyer@redhat.com> 2.6.35.14-97
- CVE-2011-2918: perf: Fix software event overflow
- CVE-2011-3188: net: improve sequence number generation
* Thu Sep 15 2011 Josh Boyer <jwboyer@redhat.com>
- CVE-2011-2723: gro: Only reset frag0 when skb can be pulled
- CVE-2011-2928: befs: Validate length of long symbolic links
- CVE-2011-3191: cifs: fix possible memory corruption in CIFSFindNext
- CVE-2011-1833: ecryptfs: mount source TOCTOU race
* Mon Sep 12 2011 Josh Boyer <jwboyer@redhat.com>
- Backport 5336377d to fix RHBZ #648571
* Wed Aug 31 2011 Josh Boyer <jwboyer@redhat.com> 2.6.35.14-96
- Add patch to fix RHBZ #665109
* Mon Aug 29 2011 Josh Boyer <jwboyer@redhat.com>
- Add fix from Oleg Nesterov for RHBZ #573210
- Add patch for RHBZ #672056
* Wed Aug 24 2011 Chuck Ebbert <cebbert@redhat.com>
- Add fix for RHBZ #699684: System freeze with 2.6.35.12-*.fc14.i686.PAE
* Mon Aug 22 2011 Dave Jones <davej@redhat.com>
- Avoid false quiescent states in rcutree with CONFIG_RCU_FAST_NO_HZ. (rhbz
577968)
* Mon Aug 15 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.35.14-95
- CVE-2011-2905: perf tools: may parse user-controlled configuration file
- CVE-2011-2695: ext4: kernel panic when writing data to the last block of
sparse file
- CVE-2011-2497: bluetooth: buffer overflow in l2cap config request
- CVE-2011-2517: nl80211: missing check for valid SSID size in scan operations
- CVE-2011-2699: ipv6: make fragment identifications less predictable
* Wed Aug 3 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.35.14-94
- Linux 2.6.35.14
- Drop merged patches:
flexcop-fix-xlate_proc_name-warning.patch
btusb-macbookpro-6-2.patch
btusb-macbookpro-7-1.patch
fix-i8k-inline-asm.patch
virtio_net-add-schedule-check-to-napi_enable-call.patch
agp-fix-arbitrary-kernel-memory-writes.patch
agp-fix-oom-and-buffer-overflow.patch
scsi-mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch
x86-amd-arat-bug-on-sempron-workaround.patch
x86-amd-fix-arat-feature-setting-again.patch
cifs-add-fallback-in-is_path_accessible-for-old-servers.patch
dccp-handle-invalid-feature-options-length.patch
* Mon Jun 20 2011 Kyle McMartin <kmcmartin@redhat.com> 2.6.35.13-93
- [sgruszka@] iwlwifi: fix general 11n instability (#648732,#666646)
* Fri May 20 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.35.13-92
- Add the rest of the fix for bug #704059
- dccp: handle invalid feature options length (CVE-2011-1770)
- Fix address wrapping in stack expansion code.
* Wed May 18 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix cifs bug in 2.6.35.13 with old Windows servers (#704125)
- Revert broken fixes for #704059, add proper partial fix.
* Fri May 13 2011 Kyle McMartin <kmcmartin@redhat.com>
- [fabbione@] Fix a deadlock when using hp_sw with an HP san.
(7a1e9d82 upstream)
* Thu May 12 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix stalls on AMD machines with C1E caused by 2.6.35.13 (#704059)
* Tue May 3 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.35.13-91
- [SCSI] mpt2sas: prevent heap overflows and unchecked reads
(CVE-2011-1494, CVE-2011-1495)
- agp: fix arbitrary kernel memory writes (CVE-2011-1745)
- agp: fix OOM and buffer overflow (CVE-2011-1746)
- Fix credentials leakage regression (#700637)
* Fri Apr 29 2011 Chuck Ebbert <cebbert@redhat.com>
- Linux 2.6.35.13
* Fri Apr 22 2011 Kyle McMartin <kmcmartin@redhat.com> 2.6.35.12-90
- iwlagn-support-new-5000-microcode.patch: stable submission patch from
sgruszka to support newer microcode versions with the iwl5000 hardware.
* Wed Apr 20 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.35.12-89
- Revert TPM patches from -stable (c4ff4b829, 9b29050f8) that caused
timeouts and suspend failures (#695953)
- Revert extra fix for credentials leak (#683568)
* Thu Mar 31 2011 Kyle McMartin <kmcmartin@redhat.com> 2.6.35.12-88
- Update to longterm 2.6.35.12, drop upstream patches.
* Wed Mar 23 2011 Kyle McMartin <kmcmartin@redhat.com>
- Backport 3e9d08e: "virtio_net: Add schedule check to napi_enable
call"
* Wed Mar 23 2011 Ben Skeggs <bskeggs@redhat.com> 2.6.35.11-87
- nouveau: fix s/r on some boards (f14 port of #688569)
* Wed Mar 16 2011 Kyle McMartin <kmcmartin@redhat.com> 2.6.35.11-86
- Fix a regression in cfg80211 ht40 support from 2.6.35, patch from
Mark Mentovai and Stanislaw Gruszka. Thanks!
* Tue Mar 1 2011 Jarod Wilson <jarod@redhat.com> 2.6.35.11-85
- Fix IR wakeup on nuvoton-cir-driven hardware
- Make mceusb only bind to the IR interface on Realtek multifuction thingy
- Kill the crappy old lirc_it* drivers, add new ite_cir driver
- Fix HVR-1950 (and possibly other) device bring-up (#680450)
* Mon Feb 28 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix stuck bits in md bitmaps (#680791)
* Thu Feb 24 2011 Chuck Ebbert <cebbert@redhat.com>
- iwl3945-remove-plcp-check.patch: fix slow speed on some iwl3945
(#654599)
- Copy fix for bonding error message from F13 (#604630)
* Wed Feb 16 2011 Chuck Ebbert <cebbert@redhat.com>
- Add support for additional Logitech Rumblepad model (#676577)
* Sat Feb 12 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix 32-bit guest hang on 32-bit PAE host (#677167)
* Sat Feb 12 2011 Chuck Ebbert <cebbert@redhat.com>
- bridge: Fix mglist corruption that leads to memory corruption (F13#650151)
* Fri Feb 11 2011 Matthew Garrett <mjg@redhat.com> 2.6.35.11-84
- linux-2.6-acpi-fix-alias.patch: Fix ACPI object aliasing (#608648)
* Sun Feb 6 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.35.11-83
- Linux 2.6.35.11
* Tue Feb 1 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.35.11-82.rc1
- Linux 2.6.35.11-rc1
- Revert patches we already have in the big v4l update:
gspca-sonixj-add-a-flag-in-the-driver_info-table.patch
gspca-sonixj-set-the-flag-for-some-devices.patch
- Comment out patches merged upstream:
sched-cure-more-NO_HZ-load-average-woes.patch
posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
* Sun Jan 30 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix oops in sunrpc code (#673207)
* Tue Jan 25 2011 Jarod Wilson <jarod@redhat.com> 2.6.35.10-81
- Further improvements to ir-kbd-i2c when used with zilog chips
- Finally hopefully fix annoying mceusb keybounce issue
* Wed Jan 19 2011 Jarod Wilson <jarod@redhat.com> 2.6.35.10-80
- Make lirc_zilog behave correctly with hdpvr again, and for the first
time ever, with pvrusb2-driven HVR-1950 (#635045)
- Call dib0700 rc bug whacked (#667157)
- Call saa7134-based i2c IR registration bug whacked (#665870)
* Tue Jan 18 2011 Jarod Wilson <jarod@redhat.com> 2.6.35.10-79
- Generally, its a good idea to actually apply the patches you were
intending to include in the build, and enable their Kconfig options
* Tue Jan 18 2011 Kyle McMartin <kmcmartin@redhat.com>
- sgruszka: hostap_cs: fix sleeping function called in invalid
context (#643758)
* Tue Jan 18 2011 Jarod Wilson <jarod@redhat.com> 2.6.35.10-78
- Rebase v4l/dvb/rc bits to 2.6.38-rc1 code
- Fix lirc_serial transmit (#658600)
* Sun Jan 16 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix wrong file allocation size in btrfs (#669511)
* Mon Jan 10 2011 Jarod Wilson <jarod@redhat.com> 2.6.35.10-77
- Add support for local rebuild config option overrides
- Add missing --with/--without pae build flag support
- Restore imon mce default proto modparam, since ir-keytable currently
won't work with the 2.6.35.x input layer ioctls
- mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka,
#667459)
* Mon Jan 10 2011 Chuck Ebbert <cebbert@redhat.com>
- CVE-2010-4668: kernel panic with 0-length IOV
* Thu Jan 6 2011 Chuck Ebbert <cebbert@redhat.com>
- Fix failure to get link with e1000e model 82576DC (#652744)
* Wed Jan 5 2011 Jarod Wilson <jarod@redhat.com> 2.6.35.10-76
- Restore functional audio on PVR-150 video capture cards (#666456)
- Fix another mceusb regression cropping up mostly with rc5 signals (#662071)
- Add back some ir-lirc-codec debug spew
* Thu Dec 30 2010 Jarod Wilson <jarod@redhat.com> 2.6.35.10-75
- Fix imon 0xffdc device detection and oops on probe
* Thu Dec 23 2010 Matthew Garrett <mjg@redhat.com> 2.6.35.10-74
- Backport the ACPI battery notification patch (#656738)
* Wed Dec 22 2010 Kyle McMartin <kyle@redhat.com> 2.6.35.10-73
- Fix ene_ir bugs (jumping off a null dev->rdev pointer) (#664145)
* Mon Dec 20 2010 Kyle McMartin <kyle@redhat.com> 2.6.35.10-72
- Backport some of the radeon r600_cs.c fixes between .35 and master. (#664206)
* Mon Dec 20 2010 Jarod Wilson <jarod@redhat.com> 2.6.35.10-71
- Restore v4l/dvb/rc rebase, now with prospective fixes for the bttv and
ene_ir issues that showed up in -67 and -68
* Sun Dec 19 2010 Kyle McMartin <kyle@redhat.com> 2.6.35.10-70
- Revert Jarod's v4l-dvb-ir rebase, due to several issues reported against
the 2.6.35.10-68 update.
https://admin.fedoraproject.org/updates/kernel-2.6.35.10-68.fc14
* Sat Dec 18 2010 Kyle McMartin <kyle@redhat.com>
- Patch from nhorman against f13:
Enhance AF_PACKET to allow non-contiguous buffer alloc (#637619)
* Sat Dec 18 2010 Kyle McMartin <kyle@redhat.com>
- Fix SELinux issues with NFS/btrfs and/or xfsdump. (#662344)
* Thu Dec 16 2010 Jarod Wilson <jarod@redhat.com> 2.6.35.10-68
- Additional mceusb updates just sent upstream, hopefully to fix
keybounce/excessive buffering issues
* Wed Dec 15 2010 Jarod Wilson <jarod@redhat.com> 2.6.35.10-67
- Rebase v4l/dvb/rc code to latest upstream, should fix a fair
number of ir/rc-related issues, including bugzilla #662071
* Wed Dec 15 2010 Chuck Ebbert <cebbert@redhat.com>
- Linux 2.6.35.10
- Remove merged patches and fix up conflicts:
drm-polling-fixes.patch
linux-2.6-v4l-dvb-hdpvr-updates.patch
kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch
- Drop merged patches:
linux-2.6-rcu-sched-warning.patch
pnpacpi-cope-with-invalid-device-ids.patch
ipc-zero-struct-memory-for-compat-fns.patch
ipc-shm-fix-information-leak-to-user.patch
r8169-01-fix-rx-checksum-offload.patch
r8169-02-_re_init-phy-on-resume.patch
r8169-03-fix-broken-checksum-for-invalid-sctp_igmp-packets.patch
hda_realtek-handle-unset-external-amp-bits.patch
* Fri Dec 10 2010 Kyle McMartin <kyle@redhat.com>
- pci-disable-aspm-if-bios-asks-us-to.patch: Patch from mjg59 to disable
ASPM if the BIOS has disabled it, but enabled it already on some devices.
* Fri Dec 10 2010 Kyle McMartin <kyle@redhat.com>
- Fix some issues mounting btrfs devices with subvolumes (#656465)
* Fri Dec 10 2010 Kyle McMartin <kyle@redhat.com>
- Fix jbd2 warnings when using quotas. (#578674)
* Thu Dec 9 2010 Kyle McMartin <kyle@redhat.com>
- Snarf patch from wireless-next to fix mdomsch's orinico wifi.
(orinoco: initialise priv->hw before assigning the interrupt)
[229bd792]
* Thu Dec 9 2010 Kyle McMartin <kyle@redhat.com>
- Copy tpm-fix-stall-on-boot.patch from rawhide tree. (#530393)
* Thu Dec 9 2010 Chuck Ebbert <cebbert@redhat.com> 2.6.35.9-65
- Require newt-devel for building perf, to enable the perf TUI (#661180)
* Wed Dec 8 2010 Kyle McMartin <kyle@redhat.com>
- sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints
in 2.6.35+ about load average with dynticks. (rhbz#650934)
* Sat Dec 4 2010 Kyle McMartin <kyle@redhat.com>
- Enable C++ symbol demangling with perf by linking against libiberty.a,
which is LGPL2.
* Fri Dec 3 2010 Kyle McMartin <kyle@redhat.com> 2.6.35.9-64
- Enable hpilo.ko on x86_64 (#571329)
* Thu Dec 2 2010 Kyle McMartin <kyle@redhat.com>
- Grab some of Mel's fixes from -mmotm to hopefully sort out #649694.
* Mon Nov 29 2010 Kyle McMartin <kyle@redhat.com>
- PNP: log PNP resources, as we do for PCI [c1f3f281]
should help us debug resource conflicts (requested by bjorn.)
* Mon Nov 29 2010 Kyle McMartin <kyle@redhat.com>
- drm/ttm: Fix two race conditions + fix busy codepaths [1df6a2eb] (#615505)
* Fri Nov 26 2010 Kyle McMartin <kyle@redhat.com>
- Quiet a build warning the previous INET_DIAG fix caused.
* Fri Nov 26 2010 Kyle McMartin <kyle@redhat.com>
- Plug stack leaks in tty/serial drivers. (#648663, #648660)
* Fri Nov 26 2010 Kyle McMartin <kyle@redhat.com>
- r8169 fixes from sgruszka@redhat.com (#502974)
- hda/realtek: handle unset external amp bits (#657388)
* Wed Nov 24 2010 John W. Linville <linville@redhat.com>
- rtl8180: improve signal reporting for rtl8185 hardware
- rtl8180: improve signal reporting for actual rtl8180 hardware
* Tue Nov 23 2010 Kyle McMartin <kyle@redhat.com>
- zero struct memory in ipc compat (CVE-2010-4073) (#648658)
- zero struct memory in ipc shm (CVE-2010-4072) (#648656)
- fix logic error in INET_DIAG bytecode auditing (CVE-2010-3880) (#651264)
- posix-cpu-timers: workaround to suppress the problems with mt exec
(rhbz#656264)
* Tue Nov 23 2010 Kyle McMartin <kyle@redhat.com>
- fix-i8k-inline-asm.patch: backport gcc miscompilation fix from git
[22d3243d, 6b4e81db] (rhbz#647677)
* Mon Nov 22 2010 Jarod Wilson <jarod@redhat.com> 2.6.35.9-62
- Linux 2.6.35.9
- IR driver fixes from upstream
* fix keybounce/buffer parsing oddness w/mceusb
* properly wire up sysfs entries for mceusb and streamzap
* fix repeat w/streamzap
* misc lirc_dev fixes
* Sat Nov 20 2010 Chuck Ebbert <cebbert@redhat.com> 2.6.35.9-61.rc1
- Linux 2.6.35.9-rc1
- Comment out upstreamed patches:
kvm-fix-regression-with-cmpxchg8b-on-i386-hosts.patch
* Fri Nov 19 2010 Ben Skeggs <bskeggs@redhat.com> 2.6.35.8-60
- nouveau: add quirk for iMac G4 (rhbz#505161)
- nouveau: add workaround for display hang on GF8+ (rhbz#537065)
- nouveau: don't reject 3D object creation on NVAF (MBA3)
* Mon Nov 15 2010 Kyle McMartin <kyle@redhat.com>
- rhbz#651019: pull in support for MBA3.
* Thu Nov 11 2010 airlied@redhat.com - 2.6.35.8-55
- drm: fix EDID issues
* Wed Nov 10 2010 Justin M. Forbes <jforbes@redhat.com> 2.6.35.8-54
- fix regression with cmpxchg8b on i386 hosts (rhbz#650215)
* Wed Nov 10 2010 Jarod Wilson <jarod@redhat.com> 2.6.35.8-53
- Linux 2.6.35.8
- Drop patches upstreamed in 2.6.35.8
- More ir-core and lirc updates
- HD-PVR driver updates
* Tue Nov 9 2010 Dave Airlie <airlied@redhat.com> - 2.6.35.6-52
- add i915 polling s/r patch
* Mon Nov 8 2010 Dave Airlie <airlied@redhat.com> - 2.6.35.6-51
- Backport polling fixes + radeon hang fixes from upstream
* Tue Nov 2 2010 Ben Skeggs <bskeggs@redhat.com> 2.6.35.6-50
- nouveau: add potential workaround for NV86 hardware quirk
- fix issue that occurs in certain dual-head configurations (rhbz#641524)
* Sat Oct 23 2010 Jarod Wilson <jarod@redhat.com> 2.6.35.6-49
- Fix brown paper bag bug in imon driver
* Fri Oct 22 2010 Chuck Ebbert <cebbert@redhat.com> 2.6.35.6-48
- drm-i915-sanity-check-pread-pwrite.patch;
fix CVE-2010-2962, arbitrary kernel memory write via i915 GEM ioctl
- kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch;
fix CVE-2010-3698, kvm: invalid selector in fs/gs causes kernel panic
- v4l1-fix-32-bit-compat-microcode-loading-translation.patch;
fixes CVE-2010-2963, v4l: VIDIOCSMICROCODE arbitrary write
* Fri Oct 22 2010 Kyle McMartin <kyle@redhat.com> 2.6.35.6-47
- tpm-autodetect-itpm-devices.patch: Auto-fix TPM issues on various
laptops which prevented suspend/resume.
- depessimize-rds_copy_page_user.patch: Fix CVE-2010-3904, local
privilege escalation via RDS protocol.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #755584 - CVE-2011-4326 kernel: wrong headroom check in
udp6_ufo_fragment()
https://bugzilla.redhat.com/show_bug.cgi?id=755584
[ 2 ] Bug #753341 - CVE-2011-4132 kernel: jbd/jbd2: invalid value of first
log block leads to oops
https://bugzilla.redhat.com/show_bug.cgi?id=753341
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung