LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-8980 (kernel)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 8 Update: kernel-2.6.26.6-49.fc8


Date:
    	      Thu, 23 Oct 2008 16:38:12 +0000


Message-ID:
    	      <20081023163812.B7B94208D5F@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8980
2008-10-23 16:03:13
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 8
Version     : 2.6.26.6
Release     : 49.fc8
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

Update kernel from version 2.6.26.5 to 2.6.26.6:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6...    CVE-2008-3831
An IOCTL in the i915 driver was not properly restricted to users with the
proper capabilities to use it.    CVE-2008-4410  The vmi_write_ldt_entry
function in arch/x86/kernel/vmi_32.c in the Virtual  Machine Interface (VMI) in
the Linux kernel 2.6.26.5 invokes write_idt_entry  where write_ldt_entry was
intended, which allows local users to cause a  denial of service (persistent
application failure) via crafted function calls,  related to the Java Runtime
Environment (JRE) experiencing improper LDT  selector state, a different
vulnerability than CVE-2008-3247.    CVE-2008-3525  The sbni_ioctl function in
drivers/net/wan/sbni.c in the wan subsystem in  the Linux kernel 2.6.26.3 does
not check for the CAP_NET_ADMIN capability  before processing a (1)
SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3)  SIOCDEVENSLAVE, or (4)
SIOCDEVEMANSIPATE ioctl request, which allows local  users to bypass intended
capability restrictions.    CVE-2008-4554  The do_splice_from function in
fs/splice.c in the Linux kernel before 2.6.27  does not reject file descriptors
that have the O_APPEND flag set, which allows  local users to bypass append mode
and make arbitrary changes to other locations  in the file.    CVE-2008-4576
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial
of service (OOPS) via an INIT-ACK that states the peer does not support AUTH,
which causes the sctp_process_init function to clean up active transports and
triggers the OOPS when the T1-Init timer expires.      Also fixes these bugs
reported against Fedora 9:  465873 - kernel build-id note corruption  466303 -
IPSec kernel lockup.  464613 - 11143 unconditional linker option
arch/powerpc/lib/crtsavres.o causes external module buildfailure  463034 -
[sata_nv swncq] kernel 2.6.26.3-29 raid errors: "md: super_written gets
error=-5, uptodate=0"  460550 - Insert key does not work on console since 2.6.26
438606 - at76 stops working with port to mac80211  466511 - Kernel crash when
using openswan  462919 - kernel 2.6.26.3-19.fc9.x86_64 TT-budget C-1500 DVB card
is not longer working  462178 - PCMCIA CF adaptor causes kernel hang at
"Starting UDEV:"
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 17 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-49
- Two security patches from F9:
    Fix IOCTL permission checking in sbni WAN adapter (CVE-2008-3525).
    DRM: fix ioctl security issue (CVE-2008-3831).
* Thu Oct 16 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-48
- Fix RTC on systems that don't describe it in PnP (F9#451188)
* Wed Oct 15 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-47
- Copy utrace updates from F-9.
* Tue Oct 14 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-46
- Fix pci mmap range checking to work without the WARN() macro.
* Tue Oct 14 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-45
- Two x86 fixes from F9:
  x86, early_ioremap: fix fencepost error
  x86: SB450: skip IRQ0 override if it is not routed to INT2 of IOAPIC
* Tue Oct 14 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-44
- Three libata fixes from F9:
  libata: always do follow-up SRST if hardreset returned -EAGAIN
  libata: fix EH action overwriting in ata_eh_reset()
  libata: sata_nv: SWNCQ should be disabled by default (#463034)
* Mon Oct 13 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-43
- x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
* Mon Oct 13 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-42
- libata: pata_marvell: use the upstream patch for playing nice with ahci
* Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-41
- pci: check range on sysfs mmapped resources
* Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-40
- Don't allow splice to files opened with O_APPEND.
* Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-39
- Fix buffer overflow in uvcvideo driver.
* Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-38
- Fix possible oops in get_wchan()
* Thu Oct  9 2008 Kyle McMartin <kyle@redhat.com> 2.6.26.6-37
- add e1000e: write protect nvram to prevent corruption patch from upstream
* Thu Oct  9 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-36
- x86: switch to UP mode when only one CPU is present at boot time
* Thu Oct  9 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-35
- 2.6.26.6
  Dropped patches:
    linux-2.6-sched-fix-process-time-monotonicity.patch
    linux-2.6-x86-64-fix-overlap-of-modules-and-fixmap-areas.patch
    linux-2.6-x86-fdiv-bug-detection-fix.patch
    linux-2.6-x86-fix-oprofile-and-hibernation-issues.patch
    linux-2.6-x86-32-amd-c1e-force-timer-broadcast-late.patch
    linux-2.6-x86-pat-proper-tracking-of-set_memory_uc.patch
    linux-2.6-x86-hpet-01-fix-moronic-32-64-bit-thinko.patch
    linux-2.6-x86-hpet-02-read-back-compare-register.patch
    linux-2.6-x86-hpet-03-make-minimum-reprogramming-delta-useful.patch
    linux-2.6-x86-fix-memmap-exactmap-boot-argument.patch
    linux-2.6-usb-fix-hcd-interrupt-disabling.patch
    linux-2.6-acpi-processor-use-signed-int.patch
    linux-2.6-mm-dirty-page-tracking-race-fix.patch
    linux-2.6-mm-mark-correct-zone-full-when-scanning-zonelists.patch
    linux-2.6-block-submit_bh-discards-barrier-flag.patch
    linux-2.6-pcmcia-fix-broken-abuse-of-dev-driver_data.patch
  Reverted from upstream:
    rt2x00-use-ieee80211_hw-workqueue-again.patch
* Wed Oct  8 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-34
- Disable the snd-aw2 module: it conflicts with video drivers. (F9#462919)
* Wed Oct  8 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-33
- Copy dwmw2's build fixes from rawhide:
    Include arch/$ARCH/include/ directories in kernel-devel (F10#465486)
    Include arch/powerpc/lib/crtsavres.[So] too (F9#464613)
* Wed Oct  8 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-32
- Fix build ID fiddling magic. (F9#465873)
- Move build-nonintconfig patch so it gets included in -vanilla.
* Mon Oct  6 2008 John W. Linville <linville@redhat.com> 2.6.26.5-31
- Re-revert at76_usb to version from before attempted mac80211 port
* Mon Sep 22 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-30
- pcmcia: Fix broken abuse of dev->driver_data (F9#462178)
* Mon Sep 22 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-29
- Copy forgotten libata patch from F9.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #464502 - CVE-2008-3831 kernel: i915 kernel drm driver arbitrary ioremap
        https://bugzilla.redhat.com/show_bug.cgi?id=464502
  [ 2 ] Bug #460401 - CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()
        https://bugzilla.redhat.com/show_bug.cgi?id=460401
  [ 3 ] Bug #466707 - CVE-2008-4554 kernel: don't allow splice() to files opened with O_APPEND
        https://bugzilla.redhat.com/show_bug.cgi?id=466707
  [ 4 ] Bug #466079 - CVE-2008-4576 kernel: sctp: Fix oops when INIT-ACK indicates that peer
doesn't support AUTH
        https://bugzilla.redhat.com/show_bug.cgi?id=466079
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds