U radu jezgre operacijskog sustava Fedora 14 uočeno je više sigurnosnih propusta. Lokalni ih napadač može iskoristiti za izvođenje DoS napada i zaobilaženje pojedinih ograničenja.
| Paket: | Linux kernel 2.6.x |
| Operacijski sustavi: | Fedora 14 |
| Kritičnost: | 3.6 |
| Problem: | pogreška u programskoj funkciji, pogreška u programskoj komponenti |
| Iskorištavanje: | lokalno |
| Posljedica: | uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-2905, CVE-2011-2695, CVE-2011-2497, CVE-2011-2517, CVE-2011-2699, CVE-2011-2183, CVE-2011-2484, CVE-2011-2213, CVE-2011-1598, CVE-2011-1748 |
| Izvorni ID preporuke: | FEDORA-2011-11103 |
| Izvor: | Fedora |
| Problem: | |
| Bitniji su propusti posljedica pogrešaka u ext4 podsustavu te nepravilnosti u funkcijama "add_del_listener", "bcm_release" i "raw_release". |
|
| Posljedica: | |
| Napadaču omogućuju izvođenje napada uskraćivanja usluge te zaobilaženje pojedinih ograničenja. |
|
| Rješenje: | |
| Korisnicima se savjetuje instalacija odgovarajuće nadogradnje. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11103
2011-08-18 01:39:57
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 14
Version : 2.6.35.14
Release : 95.fc14
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
--------------------------------------------------------------------------------
Update Information:
Update to kernel 2.6.35.14:
http://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog-2.6.35.14
NOTE: These upstream commits from 2.6.35.14 were already in the previous Fedora
14 kernel 2.6.35.13-92:
b934c20de1398d4a82d2ecfeb588a214a910f13f
3cd01976e702ccaffb907727caff4f8789353599
9c047157a20521cd525527947b13b950d168d2e6
6b4e81db2552bad04100e7d5ddeed7e848f53b48
3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f
b522f02184b413955f3bc952e3776ce41edc6355
194b3da873fd334ef183806db751473512af29ce
a1f74ae82d133ebb2aabb19d181944b4e83e9960
e9cdd343a5e42c43bcda01e609fa23089e026470
14fb57dccb6e1defe9f89a66f548fcb24c374c1d
221d1d797202984cb874e3ed9f1388593d34ee22
a294865978b701e4d0d90135672749531b9a900d
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 15 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.14-95
- CVE-2011-2905: perf tools: may parse user-controlled configuration file
- CVE-2011-2695: ext4: kernel panic when writing data to the last block of
sparse file
- CVE-2011-2497: bluetooth: buffer overflow in l2cap config request
- CVE-2011-2517: nl80211: missing check for valid SSID size in scan operations
- CVE-2011-2699: ipv6: make fragment identifications less predictable
* Wed Aug 3 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.14-94
- Linux 2.6.35.14
- Drop merged patches:
flexcop-fix-xlate_proc_name-warning.patch
btusb-macbookpro-6-2.patch
btusb-macbookpro-7-1.patch
fix-i8k-inline-asm.patch
virtio_net-add-schedule-check-to-napi_enable-call.patch
agp-fix-arbitrary-kernel-memory-writes.patch
agp-fix-oom-and-buffer-overflow.patch
scsi-mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch
x86-amd-arat-bug-on-sempron-workaround.patch
x86-amd-fix-arat-feature-setting-again.patch
cifs-add-fallback-in-is_path_accessible-for-old-servers.patch
dccp-handle-invalid-feature-options-length.patch
* Mon Jun 20 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.13-93
- [sgruszka@] iwlwifi: fix general 11n instability (#648732,#666646)
* Fri May 20 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.13-92
- Add the rest of the fix for bug #704059
- dccp: handle invalid feature options length (CVE-2011-1770)
- Fix address wrapping in stack expansion code.
* Wed May 18 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix cifs bug in 2.6.35.13 with old Windows servers (#704125)
- Revert broken fixes for #704059, add proper partial fix.
* Fri May 13 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- [fabbione@] Fix a deadlock when using hp_sw with an HP san.
(7a1e9d82 upstream)
* Thu May 12 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix stalls on AMD machines with C1E caused by 2.6.35.13 (#704059)
* Tue May 3 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.13-91
- [SCSI] mpt2sas: prevent heap overflows and unchecked reads
(CVE-2011-1494, CVE-2011-1495)
- agp: fix arbitrary kernel memory writes (CVE-2011-1745)
- agp: fix OOM and buffer overflow (CVE-2011-1746)
- Fix credentials leakage regression (#700637)
* Fri Apr 29 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Linux 2.6.35.13
* Fri Apr 22 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.12-90
- iwlagn-support-new-5000-microcode.patch: stable submission patch from
sgruszka to support newer microcode versions with the iwl5000 hardware.
* Wed Apr 20 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.12-89
- Revert TPM patches from -stable (c4ff4b829, 9b29050f8) that caused
timeouts and suspend failures (#695953)
- Revert extra fix for credentials leak (#683568)
* Thu Mar 31 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.12-88
- Update to longterm 2.6.35.12, drop upstream patches.
* Wed Mar 23 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Backport 3e9d08e: "virtio_net: Add schedule check to napi_enable call"
* Wed Mar 23 2011 Ben Skeggs <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.11-87
- nouveau: fix s/r on some boards (f14 port of #688569)
* Wed Mar 16 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.11-86
- Fix a regression in cfg80211 ht40 support from 2.6.35, patch from
Mark Mentovai and Stanislaw Gruszka. Thanks!
* Tue Mar 1 2011 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.11-85
- Fix IR wakeup on nuvoton-cir-driven hardware
- Make mceusb only bind to the IR interface on Realtek multifuction thingy
- Kill the crappy old lirc_it* drivers, add new ite_cir driver
- Fix HVR-1950 (and possibly other) device bring-up (#680450)
* Mon Feb 28 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix stuck bits in md bitmaps (#680791)
* Thu Feb 24 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- iwl3945-remove-plcp-check.patch: fix slow speed on some iwl3945
(#654599)
- Copy fix for bonding error message from F13 (#604630)
* Wed Feb 16 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add support for additional Logitech Rumblepad model (#676577)
* Sat Feb 12 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix 32-bit guest hang on 32-bit PAE host (#677167)
* Sat Feb 12 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- bridge: Fix mglist corruption that leads to memory corruption (F13#650151)
* Fri Feb 11 2011 Matthew Garrett <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.11-84
- linux-2.6-acpi-fix-alias.patch: Fix ACPI object aliasing (#608648)
* Sun Feb 6 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.11-83
- Linux 2.6.35.11
* Tue Feb 1 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.11-82.rc1
- Linux 2.6.35.11-rc1
- Revert patches we already have in the big v4l update:
gspca-sonixj-add-a-flag-in-the-driver_info-table.patch
gspca-sonixj-set-the-flag-for-some-devices.patch
- Comment out patches merged upstream:
sched-cure-more-NO_HZ-load-average-woes.patch
posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
* Sun Jan 30 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix oops in sunrpc code (#673207)
* Tue Jan 25 2011 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-81
- Further improvements to ir-kbd-i2c when used with zilog chips
- Finally hopefully fix annoying mceusb keybounce issue
* Wed Jan 19 2011 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-80
- Make lirc_zilog behave correctly with hdpvr again, and for the first
time ever, with pvrusb2-driven HVR-1950 (#635045)
- Call dib0700 rc bug whacked (#667157)
- Call saa7134-based i2c IR registration bug whacked (#665870)
* Tue Jan 18 2011 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-79
- Generally, its a good idea to actually apply the patches you were
intending to include in the build, and enable their Kconfig options
* Tue Jan 18 2011 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- sgruszka: hostap_cs: fix sleeping function called in invalid
context (#643758)
* Tue Jan 18 2011 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-78
- Rebase v4l/dvb/rc bits to 2.6.38-rc1 code
- Fix lirc_serial transmit (#658600)
* Sun Jan 16 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix wrong file allocation size in btrfs (#669511)
* Mon Jan 10 2011 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-77
- Add support for local rebuild config option overrides
- Add missing --with/--without pae build flag support
- Restore imon mce default proto modparam, since ir-keytable currently
won't work with the 2.6.35.x input layer ioctls
- mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka,
#667459)
* Mon Jan 10 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- CVE-2010-4668: kernel panic with 0-length IOV
* Thu Jan 6 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix failure to get link with e1000e model 82576DC (#652744)
* Wed Jan 5 2011 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-76
- Restore functional audio on PVR-150 video capture cards (#666456)
- Fix another mceusb regression cropping up mostly with rc5 signals (#662071)
- Add back some ir-lirc-codec debug spew
* Thu Dec 30 2010 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-75
- Fix imon 0xffdc device detection and oops on probe
* Thu Dec 23 2010 Matthew Garrett <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-74
- Backport the ACPI battery notification patch (#656738)
* Wed Dec 22 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-73
- Fix ene_ir bugs (jumping off a null dev->rdev pointer) (#664145)
* Mon Dec 20 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-72
- Backport some of the radeon r600_cs.c fixes between .35 and master.
(#664206)
* Mon Dec 20 2010 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-71
- Restore v4l/dvb/rc rebase, now with prospective fixes for the bttv and
ene_ir issues that showed up in -67 and -68
* Sun Dec 19 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-70
- Revert Jarod's v4l-dvb-ir rebase, due to several issues reported against
the 2.6.35.10-68 update.
https://admin.fedoraproject.org/updates/kernel-2.6.35.10-68.fc14
* Sat Dec 18 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Patch from nhorman against f13:
Enhance AF_PACKET to allow non-contiguous buffer alloc (#637619)
* Sat Dec 18 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix SELinux issues with NFS/btrfs and/or xfsdump. (#662344)
* Thu Dec 16 2010 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-68
- Additional mceusb updates just sent upstream, hopefully to fix
keybounce/excessive buffering issues
* Wed Dec 15 2010 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.10-67
- Rebase v4l/dvb/rc code to latest upstream, should fix a fair
number of ir/rc-related issues, including bugzilla #662071
* Wed Dec 15 2010 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Linux 2.6.35.10
- Remove merged patches and fix up conflicts:
drm-polling-fixes.patch
linux-2.6-v4l-dvb-hdpvr-updates.patch
kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch
- Drop merged patches:
linux-2.6-rcu-sched-warning.patch
pnpacpi-cope-with-invalid-device-ids.patch
ipc-zero-struct-memory-for-compat-fns.patch
ipc-shm-fix-information-leak-to-user.patch
r8169-01-fix-rx-checksum-offload.patch
r8169-02-_re_init-phy-on-resume.patch
r8169-03-fix-broken-checksum-for-invalid-sctp_igmp-packets.patch
hda_realtek-handle-unset-external-amp-bits.patch
* Fri Dec 10 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- pci-disable-aspm-if-bios-asks-us-to.patch: Patch from mjg59 to disable
ASPM if the BIOS has disabled it, but enabled it already on some devices.
* Fri Dec 10 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix some issues mounting btrfs devices with subvolumes (#656465)
* Fri Dec 10 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Fix jbd2 warnings when using quotas. (#578674)
* Thu Dec 9 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Snarf patch from wireless-next to fix mdomsch's orinico wifi.
(orinoco: initialise priv->hw before assigning the interrupt)
[229bd792]
* Thu Dec 9 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Copy tpm-fix-stall-on-boot.patch from rawhide tree. (#530393)
* Thu Dec 9 2010 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.9-65
- Require newt-devel for building perf, to enable the perf TUI (#661180)
* Wed Dec 8 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints
in 2.6.35+ about load average with dynticks. (rhbz#650934)
* Sat Dec 4 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Enable C++ symbol demangling with perf by linking against libiberty.a,
which is LGPL2.
* Fri Dec 3 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.9-64
- Enable hpilo.ko on x86_64 (#571329)
* Thu Dec 2 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Grab some of Mel's fixes from -mmotm to hopefully sort out #649694.
* Mon Nov 29 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- PNP: log PNP resources, as we do for PCI [c1f3f281]
should help us debug resource conflicts (requested by bjorn.)
* Mon Nov 29 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- drm/ttm: Fix two race conditions + fix busy codepaths [1df6a2eb] (#615505)
* Fri Nov 26 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Quiet a build warning the previous INET_DIAG fix caused.
* Fri Nov 26 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Plug stack leaks in tty/serial drivers. (#648663, #648660)
* Fri Nov 26 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- r8169 fixes from Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite. (#502974)
- hda/realtek: handle unset external amp bits (#657388)
* Wed Nov 24 2010 John W. Linville <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- rtl8180: improve signal reporting for rtl8185 hardware
- rtl8180: improve signal reporting for actual rtl8180 hardware
* Tue Nov 23 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- zero struct memory in ipc compat (CVE-2010-4073) (#648658)
- zero struct memory in ipc shm (CVE-2010-4072) (#648656)
- fix logic error in INET_DIAG bytecode auditing (CVE-2010-3880) (#651264)
- posix-cpu-timers: workaround to suppress the problems with mt exec
(rhbz#656264)
* Tue Nov 23 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- fix-i8k-inline-asm.patch: backport gcc miscompilation fix from git
[22d3243d, 6b4e81db] (rhbz#647677)
* Mon Nov 22 2010 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.9-62
- Linux 2.6.35.9
- IR driver fixes from upstream
* fix keybounce/buffer parsing oddness w/mceusb
* properly wire up sysfs entries for mceusb and streamzap
* fix repeat w/streamzap
* misc lirc_dev fixes
* Sat Nov 20 2010 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.9-61.rc1
- Linux 2.6.35.9-rc1
- Comment out upstreamed patches:
kvm-fix-regression-with-cmpxchg8b-on-i386-hosts.patch
* Fri Nov 19 2010 Ben Skeggs <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.8-60
- nouveau: add quirk for iMac G4 (rhbz#505161)
- nouveau: add workaround for display hang on GF8+ (rhbz#537065)
- nouveau: don't reject 3D object creation on NVAF (MBA3)
* Mon Nov 15 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- rhbz#651019: pull in support for MBA3.
* Thu Nov 11 2010 Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite. - 2.6.35.8-55
- drm: fix EDID issues
* Wed Nov 10 2010 Justin M. Forbes <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.8-54
- fix regression with cmpxchg8b on i386 hosts (rhbz#650215)
* Wed Nov 10 2010 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.8-53
- Linux 2.6.35.8
- Drop patches upstreamed in 2.6.35.8
- More ir-core and lirc updates
- HD-PVR driver updates
* Tue Nov 9 2010 Dave Airlie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.6.35.6-52
- add i915 polling s/r patch
* Mon Nov 8 2010 Dave Airlie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.6.35.6-51
- Backport polling fixes + radeon hang fixes from upstream
* Tue Nov 2 2010 Ben Skeggs <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.6-50
- nouveau: add potential workaround for NV86 hardware quirk
- fix issue that occurs in certain dual-head configurations (rhbz#641524)
* Sat Oct 23 2010 Jarod Wilson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.6-49
- Fix brown paper bag bug in imon driver
* Fri Oct 22 2010 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.6-48
- drm-i915-sanity-check-pread-pwrite.patch;
fix CVE-2010-2962, arbitrary kernel memory write via i915 GEM ioctl
- kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch;
fix CVE-2010-3698, kvm: invalid selector in fs/gs causes kernel panic
- v4l1-fix-32-bit-compat-microcode-loading-translation.patch;
fixes CVE-2010-2963, v4l: VIDIOCSMICROCODE arbitrary write
* Fri Oct 22 2010 Kyle McMartin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.6.35.6-47
- tpm-autodetect-itpm-devices.patch: Auto-fix TPM issues on various
laptops which prevented suspend/resume.
- depessimize-rds_copy_page_user.patch: Fix CVE-2010-3904, local
privilege escalation via RDS protocol.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #729808 - CVE-2011-2905 kernel: perf tools: may parse
user-controlled configuration file
https://bugzilla.redhat.com/show_bug.cgi?id=729808
[ 2 ] Bug #722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing
data to the last block of sparse file
https://bugzilla.redhat.com/show_bug.cgi?id=722557
[ 3 ] Bug #716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in l2cap
config request
https://bugzilla.redhat.com/show_bug.cgi?id=716805
[ 4 ] Bug #718152 - CVE-2011-2517 kernel: nl80211: missing check for valid
SSID size in scan operations
https://bugzilla.redhat.com/show_bug.cgi?id=718152
[ 5 ] Bug #723429 - CVE-2011-2699 kernel: ipv6: make fragment identifications
less predictable
https://bugzilla.redhat.com/show_bug.cgi?id=723429
[ 6 ] Bug #698057 - CVE-2011-1598 CVE-2011-1748 kernel: missing check in
can/bcm and can/raw socket releases
https://bugzilla.redhat.com/show_bug.cgi?id=698057
[ 7 ] Bug #714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation
https://bugzilla.redhat.com/show_bug.cgi?id=714536
[ 8 ] Bug #715436 - CVE-2011-2484 kernel: taskstats: duplicate entries in
listener mode can lead to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=715436
[ 9 ] Bug #710338 - CVE-2011-2183 kernel: ksm: race between ksmd and exiting
task
https://bugzilla.redhat.com/show_bug.cgi?id=710338
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke