U radu jezgre operacijskog sustava Fedora 16 uočena su dva nova sigurnosna propusta. Napadač je spomenute propuste mogao iskoristiti za utjecaj na pouzdanost rada jezgre.
Paket:
Linux kernel 2.6.x
Operacijski sustavi:
Fedora 16
Kritičnost:
5
Problem:
pogreška u programskoj funkciji, pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4131, CVE-2011-4132
Izvorni ID preporuke:
FEDORA-2011-15959
Izvor:
Fedora
Problem:
Problemi sigurnosti se javljaju zbog pogrešaka u programskoj funkciji "nfs4_getfacl" i komponenti "jbd/jbd2".
Posljedica:
Zloćudni korisnik navedene ranjivosti može iskoristiti za utjecaj na pouzdanost rada jezgre operacijskog sustava.
Rješenje:
Rješenje problema sigurnosti je korištenje dostupnih programskih zakrpa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15959
2011-11-15 23:44:45
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 16
Version : 3.1.1
Release : 2.fc16
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
--------------------------------------------------------------------------------
Update Information:
Security update to fix CVE-2011-4131 and CVE-2011-4132
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 14 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.1.1-2
- CVE-2011-4131: nfs4_getfacl decoding kernel oops (rhbz 753236)
- CVE-2011-4132: jbd/jbd2: invalid value of first log block leads to oops (rhbz
753346)
* Fri Nov 11 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Use the same naming scheme as rawhide for -stable RC kernels
(e.g. 3.1.1-0.rc1.1 instead of 3.1.1-1.rc1)
* Fri Nov 11 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.1.1-1
- Linux 3.1.1
* Fri Nov 11 2011 John W. Linville <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Remove overlap between bcma/b43 and brcmsmac and reenable bcm4331
* Thu Nov 10 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Sync samsung-laptop driver with what's in 3.2 (rhbz 747560)
* Wed Nov 9 2011 Chuck Ebbert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 3.1.1-1.rc1
- Linux 3.1.1-rc1
- Comment out merged patches, will drop when release is final:
ums-realtek-driver-uses-stack-memory-for-DMA.patch
epoll-fix-spurious-lockdep-warnings.patch
crypto-register-cryptd-first.patch
add-macbookair41-keyboard.patch
powerpc-Fix-deadlock-in-icswx-code.patch
iwlagn-fix-ht_params-NULL-pointer-dereference.patch
mmc-Always-check-for-lower-base-frequency-quirk-for-.patch
media-DiBcom-protect-the-I2C-bufer-access.patch
media-dib0700-protect-the-dib0700-buffer-access.patch
WMI-properly-cleanup-devices-to-avoid-crashes.patch
mac80211-fix-remain_off_channel-regression.patch
mac80211-config-hw-when-going-back-on-channel.patch
* Wed Nov 9 2011 John W. Linville <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Backport brcm80211 from 3.2-rc1
* Tue Nov 8 2011 Neil Horman <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add msi irq ennumeration per device in sysfs (rhbz 752176)
* Mon Nov 7 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add two patches to fix mac80211 issues (rhbz 731365)
* Thu Nov 3 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add commits queued for 3.2 for elantech driver (rhbz 728607)
- Fix crash when setting brightness via Fn keys on ideapads (rhbz 748210)
* Wed Nov 2 2011 Josh Boyer <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- Add patch to fix oops when removing wmi module (rhbz 706574)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #753236 - CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=753236
[ 2 ] Bug #753346 - CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log
block leads to oops [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=753346
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke