Recent Features
| ||||||||||||||||
Fedora alert FEDORA-2008-8929 (kernel)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-8929 2008-10-23 16:03:31 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 9 Version : 2.6.26.6 Release : 79.fc9 URL : http://www.kernel.org/ Summary : The Linux kernel Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. -------------------------------------------------------------------------------- Update Information: Update kernel from version 2.6.26.5 to 2.6.26.6: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6... CVE-2008-3831 An IOCTL in the i915 driver was not properly restricted to users with the proper capabilities to use it. CVE-2008-4410 The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247. CVE-2008-3525 The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. CVE-2008-4554 The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. CVE-2008-4576 sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 17 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-79 - Fix IOCTL permission checking in sbni WAN adapter (CVE-2008-3525). * Fri Oct 17 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-78 - DRM: fix ioctl security issue (CVE-2008-3831). * Thu Oct 16 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-77 - Fix RTC on systems that don't describe it in PnP (#451188) * Wed Oct 15 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-76 - Actually apply the syscall_get_arguments() fix. * Wed Oct 15 2008 Roland McGrath <roland@redhat.com> 2.6.26.6-75 - fix x86 syscall_get_arguments() order * Tue Oct 14 2008 Roland McGrath <roland@redhat.com> 2.6.26.6-74 - utrace update * Mon Oct 13 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-71 - Fix namespace clash in ATI timer patch. * Mon Oct 13 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-70 - x86, early_ioremap: fix fencepost error - x86: SB450: skip IRQ0 override if it is not routed to INT2 of IOAPIC * Mon Oct 13 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-69 - libata: always do follow-up SRST if hardreset returned -EAGAIN - libata: fix EH action overwriting in ata_eh_reset() - libata: sata_nv: SWNCQ should be disabled by default (#463034) * Sat Oct 11 2008 Dennis Gilmore <dennis@ausil.us> 2.6.26.6-68 - disable atl1e on sparc64 - backport syscall tracing to use the new tracehook.h entry points on sparc64 - syscall tracing patch is already upstream in 2.6.27 * Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-67 - libata: pata_marvell: use the upstream patch for playing nice with ahci * Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-66 - x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap. * Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-65 - pci: check range on sysfs mmapped resources * Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-64 - Don't allow splice to files opened with O_APPEND. * Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-63 - Fix buffer overflow in uvcvideo driver. * Fri Oct 10 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-62 - Fix possible oops in get_wchan() * Thu Oct 9 2008 Kyle McMartin <kyle@redhat.com> 2.6.26.6-61 - add e1000e: write protect nvram to prevent corruption patch from upstream * Thu Oct 9 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-60 - x86: switch to UP mode when only one CPU is present at boot time * Thu Oct 9 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-59 - 2.6.26.6 * Wed Oct 8 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-58.rc1 - Copy dwmw2's build fixes from rawhide: Include arch/$ARCH/include/ directories in kernel-devel (F10#465486) Include arch/powerpc/lib/crtsavres.[So] too (#464613) * Tue Oct 7 2008 Roland McGrath <roland@redhat.com> 2.6.26.6-57.rc1 - Fix build ID fiddling magic. (#465873) * Tue Oct 7 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.6-56.rc1 - 2.6.26.6-rc1 Dropped patches: linux-2.6-sched-fix-process-time-monotonicity.patch linux-2.6-x86-64-fix-overlap-of-modules-and-fixmap-areas.patch linux-2.6-x86-fdiv-bug-detection-fix.patch linux-2.6-x86-io-delay-add-hp-f700-quirk.patch linux-2.6-x86-fix-oprofile-and-hibernation-issues.patch linux-2.6-x86-32-amd-c1e-force-timer-broadcast-late.patch linux-2.6-x86-pat-proper-tracking-of-set_memory_uc.patch linux-2.6-x86-hpet-01-fix-moronic-32-64-bit-thinko.patch linux-2.6-x86-hpet-02-read-back-compare-register.patch linux-2.6-x86-hpet-03-make-minimum-reprogramming-delta-useful.patch linux-2.6-x86-fix-memmap-exactmap-boot-argument.patch linux-2.6-usb-fix-hcd-interrupt-disabling.patch linux-2.6-acpi-processor-use-signed-int.patch linux-2.6-mm-dirty-page-tracking-race-fix.patch linux-2.6-mm-mark-correct-zone-full-when-scanning-zonelists.patch linux-2.6-block-submit_bh-discards-barrier-flag.patch linux-2.6-pcmcia-fix-broken-abuse-of-dev-driver_data.patch * Mon Oct 6 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-55 - Fix more fallout from the WARN() macro. * Mon Oct 6 2008 John W. Linville <linville@redhat.com> 2.6.26.5-54 - Re-revert at76_usb to version from before attempted mac80211 port * Mon Oct 6 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-53 - Add missing WARN() macro. * Fri Oct 3 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-52 - Disable the snd-aw2 module: it conflicts with video drivers. (#462919) * Fri Oct 3 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-51 - Support building -stable RC kernels. Kernel versioning example: 2.6.26.6-52.rc1.fc9 * Wed Oct 1 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-50 - Add config option to disallow adding CPUs after booting. * Mon Sep 29 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-49 - Don't oops if no IRQ stack is available (#461846) * Mon Sep 29 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-48 - Two patches to help make kerneloops bug reports more useful. (requested by Arjan) * Tue Sep 23 2008 Kyle McMartin <kyle@redhat.com> 2.6.26.5-47 - two more wireless fixes from John p54: Fix regression due to "net: Delete NETDEVICES_MULTIQUEUE kconfig option Revert "b43/b43legacy: add RFKILL_STATE_HARD_BLOCKED support" * Mon Sep 22 2008 Chuck Ebbert <cebbert@redhat.com> 2.6.26.5-46 - pcmcia: Fix broken abuse of dev->driver_data (#462178) -------------------------------------------------------------------------------- References: [ 1 ] Bug #465873 - kernel build-id note corruption https://bugzilla.redhat.com/show_bug.cgi?id=465873 [ 2 ] Bug #466303 - IPSec kernel lockup. https://bugzilla.redhat.com/show_bug.cgi?id=466303 [ 3 ] Bug #462156 - Kernel 2.6.26.3-14 hangs fairly early in boot https://bugzilla.redhat.com/show_bug.cgi?id=462156 [ 4 ] Bug #464613 - 11143 unconditional linker option arch/powerpc/lib/crtsavres.o causes external module buildfailure https://bugzilla.redhat.com/show_bug.cgi?id=464613 [ 5 ] Bug #463034 - [sata_nv swncq] kernel 2.6.26.3-29 raid errors: "md: super_written gets error=-5, uptodate=0" https://bugzilla.redhat.com/show_bug.cgi?id=463034 [ 6 ] Bug #460550 - Insert key does not work on console since 2.6.26 https://bugzilla.redhat.com/show_bug.cgi?id=460550 [ 7 ] Bug #438606 - at76 stops working with port to mac80211 https://bugzilla.redhat.com/show_bug.cgi?id=438606 [ 8 ] Bug #466511 - Kernel crash when using openswan https://bugzilla.redhat.com/show_bug.cgi?id=466511 [ 9 ] Bug #462919 - kernel 2.6.26.3-19.fc9.x86_64 TT-budget C-1500 DVB card is not longer working https://bugzilla.redhat.com/show_bug.cgi?id=462919 [ 10 ] Bug #462178 - PCMCIA CF adaptor causes kernel hang at "Starting UDEV:" https://bugzilla.redhat.com/show_bug.cgi?id=462178 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kernel' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
||||||||||||||||