Otkrivena je i ispravljena ranjivost jezgre (eng. kernel) operacijskog sustava Fedora 15 koja je udaljenim napadačima omogućavala izvršavanje proizvoljni naredbi.
| Paket: | Linux kernel 2.6.x |
| Operacijski sustavi: | Fedora 15 |
| Kritičnost: | 2.6 |
| Problem: | neodgovarajuće rukovanje datotekama, pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | proizvoljno izvršavanje programskog koda |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-2905 |
| Izvorni ID preporuke: | FEDORA-2011-11019 |
| Izvor: | Fedora |
| Problem: | |
| Sigurnosni propust vezan je uz modul perf i njegovo učitavanje konfiguracijske datoteke "/.config" iz direktorija "/etc/perfconfig". |
|
| Posljedica: | |
| Udaljeni napadač opisani propust može iskoristiti za izvršavanje proizvoljnih naredbi putem posebno oblikovane datoteke "/.config". |
|
| Rješenje: | |
| Svim korisnicima savjetuje se primjena odgovarajuće nadogradnje. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11019
2011-08-17 00:12:16
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 15
Version : 2.6.40.3
Release : 0.fc15
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2011-2905
Additionally, includes other fixes from 3.0.1, 3.0.2 and 3.0.3rc1.
Also numerous fixes for bugs reported via bugzilla.
Rebase to 3.0. Version reports as 2.6.40 for compatibility with older
userspace.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 15 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40.3-0
- Apply patches from 3.0.3-rc1
* Mon Aug 15 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Apply patches from 3.0.2
* Mon Aug 15 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- CVE-2011-2905 perf tools may parse user-controlled config file. (rhbz
729809)
* Sat Aug 13 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Apply patches from 3.0.2rc1
* Thu Aug 11 2011 Dennis Gilmore <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- add config for arm tegra devices
- setup kernel to build omap image (patch from David Marlin)
- setup kernel to build tegra image based on omap work
- add arm device tree patches
* Thu Aug 11 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add munged together patch for rhbz 729269
* Thu Aug 11 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix Xen blk device naming (rhbz 729340)
* Tue Aug 9 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add Makefile.config and ARM config changes from David Marlin
* Tue Aug 9 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- ptrace_report_syscall: check if TIF_SYSCALL_EMU is defined
* Tue Aug 9 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Enable CONFIG_SAMSUNG_LAPTOP (rhbz 729363)
* Tue Aug 9 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40.1-2
- Fix stray block put after queue teardown (rhbz 728872)
* Sun Aug 7 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Utrace fixes. (rhbz 728379)
* Fri Aug 5 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40.1-1
- Revert f16-only change that made IPV6 built-in.
* Fri Aug 5 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Final 3.0.1 diff.
* Thu Aug 4 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Drop neuter_intel_microcode_load.patch (rhbz 690930)
* Wed Aug 3 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- iwlagn: check for !priv->txq in iwlagn_wait_tx_queue_empty (rhbz 728044)
* Wed Aug 3 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Apply patches from patch-3.0.1-rc1
* Wed Aug 3 2011 John W. Linville <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Disable CONFIG_BCMA since no driver currently uses it (rhbz 727796)
* Wed Aug 3 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- rt2x00: Add device ID for RT539F device. (rhbz 720594)
- Add patch to fix backtrace in cdc_ncm driver (rhbz 720128)
- Add patch to fix backtrace in usm-realtek driver (rhbz 720054)
* Tue Aug 2 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix epoll recursive lockdep warnings (rhbz 722472)
* Tue Aug 2 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add patch to fix HFSPlus filesystem mounting (rhbz 720771)
* Tue Aug 2 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Change USB_SERIAL_OPTION back to modular. (rhbz 727680)
* Tue Aug 2 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40-5
- Add change from Yanko Kaneti to get the rt2x00 drivers in modules.networking
(rhbz 708314)
* Fri Jul 29 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40-4
- Re-add utrace, which got accidentally dropped during the rebase.
* Thu Jul 28 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40-3
- Fix module-init-tools conflict:
* Thu Jul 28 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40-2
- fix crash in scsi_dispatch_cmd()
* Thu Jul 28 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40-1
- Turn off debugging options. (make release)
* Tue Jul 26 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40-0
- Rebase to final 3.0 (munge to 2.6.40-0)
* Thu Jun 30 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.40-0.rc5.git0.1
- More than meets the eye, it's Linux 3.0-rc5 in disguise.
* Mon Jun 27 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Disable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, as this also disables FIPS (rhbz
716942)
* Thu Jun 23 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc4.git3.1
- Linux 3.0-rc4-git3
- Drop linux-3.0-fix-uts-release.patch, and instead just perl the Makefile
- linux-2.6-silence-noise.patch: fix context
- iwlagn-fix-dma-direction.patch: fix DMAR errors (for me at least)
* Wed Jun 22 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc4.git0.2
- Re-enable debuginfo generation. Thanks to Richard Jones for noticing... no
wonder builds had been so quick lately.
* Tue Jun 21 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc4.git0.1
- Linux 3.0-rc4 (getting closer...)
* Fri Jun 17 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc3.git6.1
- Update to 3.0-rc3-git6
* Fri Jun 17 2011 Dave Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- drop qcserial 'compile fix' that was just duplicating an include.
- drop struct sizeof debug patch. (no real value. not upstreamable)
- drop linux-2.6-debug-always-inline-kzalloc.patch.
Can't recall why this was added. Can easily re-add if deemed necessary.
* Fri Jun 17 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- linux-2.6-defaults-pci_no_msi.patch: drop, haven't toggled the default
in many moons.
- linux-2.6-defaults-pci_use_crs.patch: ditto.
- linux-2.6-selinux-mprotect-checks.patch: upstream a while ago.
- drm-i915-gen4-has-non-power-of-two-strides.patch: drop buggy bugfix
- drop some more unapplied crud.
- We haven't applied firewire patches in a dogs age.
* Fri Jun 17 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc3.git5.1
- Try updating to a git snapshot for the first time in 3.0-rc,
update to 3.0-rc3-git5
- Fix a subtle bug I introduced in 3.0-rc1, "patch-3." is 9 letters, not 10.
* Thu Jun 16 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Disable mm patches which had been submitted against 2.6.39, as Rik reports
they seem to aggravate a VM_BUG_ON. More investigation is necessary.
* Wed Jun 15 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Conflict with pre-3.2.1-5 versions of mdadm. (#710646)
* Wed Jun 15 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Build in aesni-intel on i686 for symmetry with 64-bit.
* Tue Jun 14 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc3.git0.3
- Fix libdm conflict (whose bright idea was it to give subpackages differing
version numbers?)
* Tue Jun 14 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Update to 3.0-rc3, add another conflicts to deal with 2 digit
versions (libdm.)
- Simplify linux-3.0-fix-uts-release.patch now that SUBLEVEL is optional.
- revert-ftrace-remove-unnecessary-disabling-of-irqs.patch: drop upstreamed
patch.
- drm-intel-eeebox-eb1007-quirk.patch: ditto.
- ath5k-disable-fast-channel-switching-by-default.patch: ditto.
* Thu Jun 9 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- ath5k-disable-fast-channel-switching-by-default.patch (rhbz#709122)
(korgbz#34992) [a99168ee in wireless-next]
* Thu Jun 9 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc2.git0.2
- rhbz#710921: revert-ftrace-remove-unnecessary-disabling-of-irqs.patch
* Wed Jun 8 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc2.git0.1
- Update to 3.0-rc2, rebase utsname fix.
- Build IPv6 into the kernel for a variety of reasons
(http://lists.fedoraproject.org/pipermail/kernel/2011-June/003105.html)
* Mon Jun 6 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc1.git0.3
- Conflict with module-init-tools older than 3.13 to ensure the
3.0 transition is handled correctly.
* Wed Jun 1 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc1.git0.2
- Fix utsname for 3.0-rc1
* Mon May 30 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.0-0.rc1.git0.1
- Linux 3.0-rc1 (won't build until module-init-tools gets an update.)
* Mon May 30 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Trimmed changelog, see fedpkg git for earlier history.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #729269 - Some Logitech webcams audio device not initialized
properly
https://bugzilla.redhat.com/show_bug.cgi?id=729269
[ 2 ] Bug #729340 - kernel 2.6.40-4 running on EC2 makes devices ordering
wrong
https://bugzilla.redhat.com/show_bug.cgi?id=729340
[ 3 ] Bug #729363 - build CONFIG_SAMSUNG_LAPTOP as module
https://bugzilla.redhat.com/show_bug.cgi?id=729363
[ 4 ] Bug #728872 - panic: <IRQ> [<ffffffff914ae2cd>] panic+0x91/0x19c
https://bugzilla.redhat.com/show_bug.cgi?id=728872
[ 5 ] Bug #728379 - Kernel 2.6.40 breaks UserModeLinux
https://bugzilla.redhat.com/show_bug.cgi?id=728379
[ 6 ] Bug #690930 - microcode_ctl loops, impossible to boot
https://bugzilla.redhat.com/show_bug.cgi?id=690930
[ 7 ] Bug #728044 - Kernel hangs on suspend on ThinkPad T510 (probably
related to iwlagn)
https://bugzilla.redhat.com/show_bug.cgi?id=728044
[ 8 ] Bug #727796 - bcma to block wl, b43 and maybe bcrm43xx in kernel
2.6.40
https://bugzilla.redhat.com/show_bug.cgi?id=727796
[ 9 ] Bug #720594 - rt2800pci: Add device ID for RT539F device
https://bugzilla.redhat.com/show_bug.cgi?id=720594
[ 10 ] Bug #720128 - [abrt] kernel: WARNING: at lib/dma-debug.c:875
check_for_stack+0x95/0xd3(): TAINTED ---------W
https://bugzilla.redhat.com/show_bug.cgi?id=720128
[ 11 ] Bug #720054 - dmesg shows usb disconnect and traceback on a Toshiba
NB555D
https://bugzilla.redhat.com/show_bug.cgi?id=720054
[ 12 ] Bug #722472 - [ INFO: possible recursive locking detected ]
3.0-0.rc7.git0.1.fc16.i686
https://bugzilla.redhat.com/show_bug.cgi?id=722472
[ 13 ] Bug #720771 - HFSPlus DVD will not mount post install
https://bugzilla.redhat.com/show_bug.cgi?id=720771
[ 14 ] Bug #727680 - Missing drivers/usb/serial/option.ko in kernel
2.6.40-4.fc15.i686
https://bugzilla.redhat.com/show_bug.cgi?id=727680
[ 15 ] Bug #708314 - Missing realtek usb drivers in modules.networking
https://bugzilla.redhat.com/show_bug.cgi?id=708314
[ 16 ] Bug #708868 - [abrt] kernel: BUG: unable to handle kernel NULL pointer
dereference at 0000036c: TAINTED Warning Issued
https://bugzilla.redhat.com/show_bug.cgi?id=708868
[ 17 ] Bug #712534 - [abrt] kernel: BUG: unable to handle kernel NULL pointer
dereference at 00000022: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=712534
[ 18 ] Bug #712823 - [abrt] kernel: BUG: sleeping function called from
invalid context at arch/x86/mm/fault.c:1087: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=712823
[ 19 ] Bug #712532 - [abrt] kernel: BUG: sleeping function called from
invalid context at arch/x86/mm/fault.c:1087: TAINTED Warning Issued
https://bugzilla.redhat.com/show_bug.cgi?id=712532
[ 20 ] Bug #712527 - [abrt] kernel: BUG: sleeping function called from
invalid context at kernel/rwsem.c:21: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=712527
[ 21 ] Bug #714333 - [abrt] kernel: BUG: sleeping function called from
invalid context at arch/x86/mm/fault.c:1087: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=714333
[ 22 ] Bug #714847 - [abrt] kernel: BUG: sleeping function called from
invalid context at kernel/rwsem.c:21: TAINTED Warning Issued
https://bugzilla.redhat.com/show_bug.cgi?id=714847
[ 23 ] Bug #717501 - [abrt] kernel: kernel BUG at fs/bio.c:159!: TAINTED
-------D
https://bugzilla.redhat.com/show_bug.cgi?id=717501
[ 24 ] Bug #714165 - yet another cdrom_release oops
https://bugzilla.redhat.com/show_bug.cgi?id=714165
[ 25 ] Bug #712528 - [abrt] kernel: BUG: unable to handle kernel paging
request at ecf5469c: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=712528
[ 26 ] Bug #717621 - [abrt] kernel: BUG: unable to handle kernel NULL pointer
dereference at 0000000000000070: TAINTED -------D
https://bugzilla.redhat.com/show_bug.cgi?id=717621
[ 27 ] Bug #714850 - [abrt] kernel: BUG: unable to handle kernel paging
request at ffff8800a99c9d80: TAINTED Warning Issued
https://bugzilla.redhat.com/show_bug.cgi?id=714850
[ 28 ] Bug #712531 - [abrt] kernel: BUG: sleeping function called from
invalid context at kernel/rwsem.c:21: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=712531
[ 29 ] Bug #714332 - [abrt] kernel: BUG: unable to handle kernel NULL pointer
dereference at 0000000000000070: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=714332
[ 30 ] Bug #710551 - [abrt] kernel: BUG: unable to handle kernel NULL pointer
dereference at 0000001e: TAINTED Die
https://bugzilla.redhat.com/show_bug.cgi?id=710551
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke