drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in acpica-tools
Name: |
Mehrere Probleme in acpica-tools |
|
ID: |
FEDORA-2018-8d90571cdf |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 28 |
|
Datum: |
Fr, 30. März 2018, 21:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13694 |
|
Applikationen: |
acpica-tools |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-8d90571cdf 2018-03-30 12:38:03.464450 ------------------------------------------------------------------------------- -
Name : acpica-tools Product : Fedora 28 Version : 20180209 Release : 1.fc28 URL : https://www.acpica.org/ Summary : ACPICA tools for the development and debug of ACPI tables Description : The ACPI Component Architecture (ACPICA) project provides an OS-independent reference implementation of the Advanced Configuration and Power Interface Specification (ACPI). ACPICA code contains those portions of ACPI meant to be directly integrated into the host OS as a kernel-resident subsystem, and a small set of tools to assist in developing and debugging ACPI tables.
This package contains only the user-space tools needed for ACPI table development, not the kernel implementation of ACPI. The following commands are installed: -- iasl: compiles ASL (ACPI Source Language) into AML (ACPI Machine Language), suitable for inclusion as a DSDT in system firmware. It also can disassemble AML, for debugging purposes. -- acpibin: performs basic operations on binary AML files (e.g., comparison, data extraction) -- acpidump: write out the current contents of ACPI tables -- acpiexec: simulate AML execution in order to debug method definitions -- acpihelp: display help messages describing ASL keywords and op-codes -- acpinames: display complete ACPI name space from input AML -- acpisrc: manipulate the ACPICA source tree and format source files for specific environments -- acpixtract: extract binary ACPI tables from acpidump output (see also the pmtools package)
This version of the tools is being released under GPLv2 license.
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2017-13693, CVE-2017-13694, CVE-2017-13695. This provides fixes for the user space ACPICA tools only. Any kernel updates are handled separately. This update also includes the upgrade to the 20190209 version of the upstream source. ---------------------------------------- 09 February 2018. Summary of changes for version 20180209: 1) ACPICA kernel-resident subsystem: Completed the final integration of the recent changes to Package Object handling and the module-level AML code support. This allows forward references from individual package elements when the package object is declared from within module-level code blocks. Provides compatibility with other ACPI implementations. The new architecture for the AML module-level code has been completed and is now the default for the ACPICA code. This new architecture executes the module-level code in-line as the ACPI table is loaded/parsed instead of the previous architecture which deferred this code until after the table was fully loaded. This solves some ASL code ordering issues and provides compatibility with other ACPI implementations. At this time, there is an option to fallback to the earlier architecture, but this support is deprecated and is planned to be completely removed later this year. Added a compile-time option to ignore AE_NOT_FOUND exceptions during resolution of named reference elements within Package objects. Although this is potentially a serious problem, it can generate a lot of noise/errors on platforms whose firmware carries around a bunch of unused Package objects. To disable these errors, define ACPI_IGNORE_PACKAGE_RESOLUTION_ERRORS in the OS-specific header. All errors are always reported for ACPICA applications such as AcpiExec. Fixed a regression related to the explicit type-conversion AML operators (ToXXXX). The regression was introduced early in 2017 but was not seen until recently because these operators are not fully supported by other ACPI implementations and are thus rarely used by firmware developers. The operators are defined by the ACPI specification to not implement the "implicit result object conversion". The regression incorrectly introduced this object conversion for the following explicit conversion operators: * ToInteger * ToString * ToBuffer * ToDecimalString * ToHexString * ToBCD * FromBCD 2) iASL Compiler/Disassembler and Tools: iASL: Fixed a problem with the compiler constant folding feature as related to the ToXXXX explicit conversion operators. These operators do not support the "implicit result object conversion" by definition. Thus, ASL expressions that use these operators cannot be folded to a simple Store operator because Store implements the implicit conversion. This change uses the CopyObject operator for the ToXXXX operator folding instead. CopyObject is defined to not implement implicit result conversions and is thus appropriate for folding the ToXXXX operators. iASL: Changed the severity of an error condition to a simple warning for the case where a symbol is declared both locally and as an external symbol. This accommodates existing ASL code. AcpiExec: The -ep option to enable the new architecture for module-level code has been removed. It is replaced by the -dp option which instead has the opposite effect: it disables the new architecture (the default) and enables the legacy architecture. When the legacy code is removed in the future, the -dp option will be removed also. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1485355 - CVE-2017-13693 CVE-2017-13694 CVE-2017-13695 acpica-tools: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1485355 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade acpica-tools' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|