Sicherheit: Mehrere Probleme im Kernel - Pro-Linux

Name        : kernel
Product     : Fedora 20
Version     : 3.12.5
Release     : 302.fc20
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

-------------------------------------------------------------------------------
-
Update Information:

The 3.12.5 kernel contains support for new devices, and a number of bug fixes
 across the tree.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Dec 17 2013 Josh Boyer <jwboyer@fedoraproject.org> - 3.12.5-302
- Add patch to avoid using queued trim on M500 SSD (rhbz 1024002)
* Mon Dec 16 2013 Josh Boyer <jwboyer@fedoraproject.org>
- Fix host lockup in bridge code when starting from virt guest (rhbz 1025770)
* Fri Dec 13 2013 Josh Boyer <jwboyer@fedoraproject.org> 3.12.5-301
- More keys fixes from upstream to fix keyctl_get_persisent crash (rhbz
 1043033)
* Fri Dec 13 2013 Justin M. Forbes <jforbes@fedoraproject.org - 3.12.5-300
- Linux v3.12.5 rebase
* Thu Dec 12 2013 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2013-4587 kvm: out-of-bounds access (rhbz 1030986 1042071)
- CVE-2013-6376 kvm: BUG_ON in apic_cluster_id (rhbz 1033106 1042099)
- CVE-2013-6368 kvm: cross page vapic_addr access (rhbz 1032210 1042090)
- CVE-2013-6367 kvm: division by 0 in apic_get_tmcct (rhbz 1032207 1042081)
* Wed Dec 11 2013 Josh Boyer <jwboyer@fedoraproject.org>
- Add patches to support ETPS/2 Elantech touchpads (rhbz 1030802)
* Tue Dec 10 2013 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2013-XXXX net: memory leak in recvmsg (rhbz 1039845 1039874)
* Fri Dec  6 2013 Peter Robinson <pbrobinson@fedoraproject.org>
- Fix up ARM usb gadget config to make it useful
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1030986 - CVE-2013-4587 kernel: kvm: rtc_status.dest_map
 out-of-bounds access
        https://bugzilla.redhat.com/show_bug.cgi?id=1030986
  [ 2 ] Bug #1033106 - CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id()
        https://bugzilla.redhat.com/show_bug.cgi?id=1033106
  [ 3 ] Bug #1032210 - CVE-2013-6368 kvm: cross page vapic_addr access
        https://bugzilla.redhat.com/show_bug.cgi?id=1032210
  [ 4 ] Bug #1032207 - CVE-2013-6367 kvm: division by zero in apic_get_tmcct()
        https://bugzilla.redhat.com/show_bug.cgi?id=1032207
  [ 5 ] Bug #1039845 - Kernel: net: information leak in recvmsg handler
 msg_name & msg_namelen logic
        https://bugzilla.redhat.com/show_bug.cgi?id=1039845
  [ 6 ] Bug #1035875 - CVE-2013-6405 Kernel: net: leakage of uninitialized
 memory to user-space via recv syscalls
        https://bugzilla.redhat.com/show_bug.cgi?id=1035875
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce