Headline
CVE-2010-0003: [SECURITY] Fedora 11 Update: kernel-2.6.30.10-105.2.4.fc11
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
updates at fedoraproject.org updates at fedoraproject.org
Fri Jan 22 22:36:26 UTC 2010
- Previous message: Fedora 11 Update: cclive-0.5.8-1.fc11
- Next message: Fedora 12 Update: mono-2.4.3.1-1.fc12
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-0919 2010-01-22 22:11:51
Name : kernel Product : Fedora 11 Version : 2.6.30.10 Release : 105.2.4.fc11 URL : http://www.kernel.org/ Summary : The Linux kernel Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Update Information:
Security update: CVE-2010-0003 CVE-2010-0006 CVE-2010-0007
ChangeLog:
* Tue Jan 19 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-105.2.4
- CVE-2010-0003: kernel: infoleak if print-fatal-signals=1 * Tue Jan 19 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-105.2.3
- CVE-2010-0007: kernel: normal users can modify ebtables rules (#555238) * Tue Jan 19 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-105.2.2
- Backport fix for CVE-2010-0006: kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() (rhbz#555217) * Fri Dec 25 2009 Dan Williams <dcbw at redhat.com> 2.6.30.10-105.2.1
- libertas: fix crash on 64-bit platforms with >= 4GB RAM * Thu Dec 24 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.10-105
- fuse: fix kunmap in fuse_ioctl_copy_user, #549400 * Tue Dec 8 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-104
- Copy fix for #540580 from F-12. * Fri Dec 4 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.10-103
- 2.6.30.10
- nuke ipv4-fix-null-ptr-deref-in-ip_fragment.patch, it’s in the latest stable release. * Thu Dec 3 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.9-102
- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref bug fix. * Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse when low on memory. rhbz#538734. * Thu Nov 19 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.30.9-100
- Re-enable CONFIG_DMAR_GFX_WA on x86_64. * Tue Nov 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-99
- Silence pointless DRM warning message (#537196) * Tue Nov 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-98
- More sata_nv fixes (#524756). * Mon Nov 16 2009 Eric Sandeen <sandeen at redhat.com> 2.6.30.9-97
- Fix ext4 preallocation-related corruption (#513221) * Tue Nov 3 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.9-96
- fs/pipe.c: fix null pointer dereference (CVE-2009-3547) * Sun Oct 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-95
- Disable the stack protector on functions that don’t have onstack arrays. * Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-94
- Fix overflow in KVM cpuid code. (CVE-2009-3638) * Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-93
- Fix exploitable oops in keyring code (CVE-2009-3624) * Wed Oct 21 2009 Kyle McMartin <kyle at redhat.com>
- shut-up-LOCK_TEST_WITH_RETURN.patch: sort out #445331… or paper bag over it for now until the lock warnings can be killed. * Mon Oct 19 2009 Kyle McMartin <kyle at redhat.com>
- af_unix-fix-deadlock-connecting-to-shutdown-socket.patch: fix for rhbz#529626 local DoS. (CVE-2009-3621) * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-90
- Fix null deref in r128 (F10#487546) (CVE-2009-3620) * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-89
- Keyboard and mouse fixes from 2.6.32 (#522126) * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-88
- Scheduler wakeup patch, fixes high latency on wakeup (sched-update-the-clock-of-runqueue-select-task-rq-selected.patch) * Fri Oct 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-87
- Fix uninitialized data leak in netlink (CVE-2009-3612) * Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-86
- AX.25 security fix (CVE-2009-2909) * Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-85
- Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it causes failure to boot from USB disks using Cypress bridges (#524998) * Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-84
- Copy libata drive detection fix from 2.6.31.4 (#524756) * Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-83
- Networking fixes taken from 2.6.31-stable * Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-82
- Fix boot hang with ACPI on some systems. * Mon Oct 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-81
- Critical ftrace fixes: ftrace-use-module-notifier-for-function-tracer.patch ftrace-check-for-failure-for-all-conversions.patch tracing-correct-module-boundaries-for-ftrace_release.patch * Thu Oct 8 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.30.9-80
- ppc: compile nvidiafb as a module only, nvidiafb+nouveau = bang! (rh#491308) * Wed Oct 7 2009 Dave Jones <davej at redhat.com> 2.6.30.9-78
- Disable IRQSOFF tracer. (Adds unnecessary overhead when unused) * Wed Oct 7 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-77
- eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908) * Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-76
- fix race in forcedeth network driver (#526546) * Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-75
- x86: Don’t leak 64-bit reg contents to 32-bit tasks. * Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-74
- ACPI EC bug fixes taken from kernel 2.6.32 (#492699, #525681) * Mon Oct 5 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-73
- Linux 2.6.30.9 * Sun Oct 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-72.rc3
- Copy stack randomization fix from 2.6.31.2 (F10#526882) * Sun Oct 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-71.rc3
- Linux 2.6.30.9-rc3
- Drop merged upstream patches: linux-2.6-cifs-reenable-lanman-security.patch kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch kvm-vmx-check-cpl-before-emulating-debug-register-access.patch kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch * Fri Oct 2 2009 Justin M. Forbes <jforbes at redhat.com> 2.6.30.8-70
- Add linux-2.6-virtio-net-refill-on-out-of-memory.patch, from 2.6.31 to prevent page allocation failures in guests. (#520119) * Mon Sep 28 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-69
- Add linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch, from 2.6.32-rc, fixes bug #525743 * Mon Sep 28 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-68
- Drop sched-disable-NEW-FAIR-SLEEPERS-for-now.patch, reported to cause problems on 2.6.30. * Sat Sep 26 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-67
- Scheduler fixes cherry-picked from 2.6.32 * Sat Sep 26 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-66
- Backport “appletalk: Fix skb leak when ipddp interface is not loaded” (fixes CVE-2009-2903) * Sat Sep 26 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-65
- KVM fixes from 2.6.31.1, including fix for CVE-2009-3290 * Fri Sep 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-64
- Fix serious CFQ performance regression. * Fri Sep 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-63
- Disable the GEM graphics manager on i686 PAE kernels (fixes modesetting on Intel graphics.) * Fri Sep 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-62
- Fix breakage in hostap driver (#522269) * Thu Sep 24 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-61
- Backport the cpuidle-faster-io fix from Fedora 12 to fix I/O performance problems when reading/writing multiple disks. * Thu Sep 24 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-60
- Linux 2.6.30.8 * Thu Sep 24 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-59
- Disable sound powersave by default; it still pops when playing sounds. (#523836) * Wed Sep 16 2009 Justin M. Forbes <jforbes at redhat.com> 2.6.30.7-58
- Revert virtio_blk to rotational mode. (#509383) * Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-57
- Linux 2.6.30.7 * Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-56.rc1
- Fix CIFS security flags mask broken in 2.6.30 (#523173) * Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-55.rc1
- Fix cpufreq lockdep warnings (#522685) * Sat Sep 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-54.rc1
- 2.6.30.7-rc1
- Drop patches merged in -stable: linux-2.6-slub-fix-destroy-by-rcu.patch * Thu Sep 10 2009 Dennis Gilmore <dennis at ausil.us> 2.6.30.6-53
- kgdb only works on sparc64 smp kernels so disable on the up one and enable on the smp one
- update to 256 cpus supported on sparc64 smp * Wed Sep 9 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.6-52
- Add linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.30.4) * Wed Sep 9 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.6-51
- 2.6.30.6
- Drop patches merged in -stable: do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch linux-2.6-x86-dont-send-ipi-to-empty-set-cpus.patch linux-2.6-bitmap-make-ops-return-result.patch linux-2.6-x86-dont-call-send-ipi-mask-with-empty-mask.patch linux-2.6-clone-fix-race-between-copy-process-and-de-thread.patch linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch linux-2.6-xen-x86-dont-probe-if-apics-are-disabled.patch * Tue Sep 8 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-50
- Disable Amiga One support to fix powerpc coherency bug (#521703) * Fri Sep 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-49
- Fix build system getting confused during firmware install. * Fri Sep 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-48
- Added additional fixes needed for #514787: linux-2.6-ppc64-vs-broadcom-lmb-no-init-*.patch
- Fix up lirc patch context so it applies. * Wed Sep 2 2009 Jarod Wilson <jarod at redhat.com>
- Make it possible to rmmod lirc_zilog w/o it hanging indefinitely
- Add transmit support (via port 2 only) on 1st-gen mceusb transceiver * Tue Sep 1 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-46
- Fix yet another Xen boot crash (#520517) * Tue Sep 1 2009 Jarod Wilson <jarod at redhat.com> 2.6.30.5-45
- Refresh lirc patches, add new lirc_ene0100 driver
- Fix up hdpvr driver for use with modular i2c so that lirc_zilog can actually bind to it
- Make lirc_zilog IR transmit and receive work on the hdpvr
- Fix audio on PVR-500 when used in same system as HVR-1800 (#480728) * Fri Aug 28 2009 David Woodhouse <David.Woodhouse at intel.com>
- Enable Solos DSL driver * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-43
- Don’t load the floppy driver automatically: linux-2.6-defaults-die-floppy-die.patch * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-42
- Fix stackprotector problems with Xen on x86_64.
- Disable stackprotector on i386 until 32-bit Xen gets fixed. * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-41
- linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch: fix race in kthreads. * Thu Aug 27 2009 Justin M. Forbes <jforbes at redhat.com> 2.6.30.5-40
- xen: Fix guest crash when trying to debug. (#458385) * Thu Aug 27 2009 John W. Linville <linville at redhat.com> 2.6.30.5-39
- zd1211rw: adding 083a:e503 as a ZD1211B device (#518538) * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-38
- Fix string overflows found by stackprotector: hda-check-strcpy-length.patch linux-2.6-v4l-dvb-af9015-fix-stack-corruption.patch * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-37
- Fix race in clone() syscall. * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-36
- Fix hangs on older x86 systems with 440*X chipsets. * Fri Aug 21 2009 David Woodhouse <David.Woodhouse at intel.com>
- Fix b43 on iMac G5 (#514787) * Tue Aug 18 2009 Kyle McMartin <kyle at redhat.com>
- Backport several upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd to improve mmap_min_addr.
- CVE-2009-2847: do_sigaltstack: avoid copying ‘stack_t’ as a structure to user space * Mon Aug 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-32
- Change config options: CONFIG_SCSI_DEBUG=m CONFIG_PCI_MSI_DEFAULT_ON=y * Mon Aug 17 2009 Jarod Wilson <jarod at redhat.com> 2.6.30.5-31
- Fix flub in prior lirc patch update that resulted in no lirc drivers getting built * Sun Aug 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-29
- Linux 2.6.30.5 * Fri Aug 14 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-28.rc2
- Linux 2.6.30.5-rc2
- Dropped drm-intel-tv-fix.patch, merged in -stable now. * Wed Aug 12 2009 Kyle McMartin <kyle at redhat.com>
- drm-no-gem-on-i8xx.patch: fix misspelled IS_8XX & IS_I845G, sigh. * Wed Aug 12 2009 Kyle McMartin <kyle at redhat.com>
- DRM patch sync-up with F-11-2.6.29.y, ABI probably isn’t right yet though…
- drm-modesetting-radeon.patch
- drm-nouveau.patch
- drm-no-gem-on-i8xx.patch
- drm-i915-resume-force-mode.patch
- drm-intel-big-hammer.patch
- drm-intel-gen3-fb-hack.patch
- drm-intel-hdmi-edid-fix.patch
- drm-modesetting-radeon-fixes.patch
- drm-radeon-new-pciids.patch
- drm-dont-frob-i2c.patch
- drm-intel-tv-fix.patch
- drm-radeon-cs-oops-fix.patch
- drm-pnp-add-resource-range-checker.patch
- drm-i915-enable-mchbar.patch
- The rest were merged upstream. * Wed Aug 12 2009 John W. Linville <linville at redhat.com>
- iwlwifi: fix TX queue race * Mon Aug 10 2009 Kyle McMartin <kyle at redhat.com>
- Patch sync-up with F-11-2.6.29.y:
- linux-2.6-x86-delay-tsc-barrier.patch
- linux-2.6-fs-cifs-fix-port-numbers.patch
- linux-2.6-kvm-skip-pit-check.patch
- linux-2.6.29-xen-disable-gbpages.patch
- linux-2.6-virtio_blk-dont-bounce-highmem-requests.patch
- linux-2.6-drivers-char-low-latency-removal.patch
- linux-2.6-serial-add-txen-test-param.patch
- linux-2.6-input-wacom-bluetooth.patch
- linux-2.6-defaults-saner-vm-settings.patch
- linux-2.6-mm-lru-evict-streaming-io-pages-first.patch
- linux-2.6-mm-lru-report-vm-flags-in-page-referenced.patch
- linux-2.6-mm-lru-dont-evict-mapped-executable-pages.patch
- linux-2.6-utrace.patch
- linux-2.6-utrace-ftrace.patch
- linux-2.6-tracehook.patch * Mon Aug 10 2009 Jarod Wilson <jarod at redhat.com>
- Add tunable pad threshold support to lirc_imon
- Blacklist all iMON devices in usbhid driver so lirc_imon can bind
- Add new device ID to lirc_mceusb (#512483)
- Enable IR transceiver on the HD PVR * Wed Aug 5 2009 Kyle McMartin <kyle at redhat.com>
- Update to released 2.6.30.4.
- Drop now-unneeded upstream reverts. * Wed Jul 29 2009 Chuck Ebbert <cebbert at redhat.com>
- Linux 2.6.30.4-rc1 * Mon Jul 27 2009 Neil Horman <nhorman at redhat.com>
- Backport xfrm gc_thresh export code (bz 503124) * Fri Jul 24 2009 Kyle McMartin <kyle at redhat.com>
- CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 [i386 x86_64], 4096 elsewhere, as per defconfigs.
- Blat patches from other tag, now to rebase fixes, splat in the changelog, and tag it for building. * Fri Jul 24 2009 Kyle McMartin <kyle at redhat.com>
- Copy over release configs from devel-2.6.30 tag.
- Fix up some spec deviations. * Fri Jul 24 2009 Kyle McMartin <kyle at redhat.com>
- Linux 2.6.30.3 rebase for Fedora 11.
- Fedora 11 2.6.29 branch is on tag private-fedora-11-2_6_29_6.
References:
[ 1 ] Bug #554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1 https://bugzilla.redhat.com/show_bug.cgi?id=554578 [ 2 ] Bug #555217 - CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() https://bugzilla.redhat.com/show_bug.cgi?id=555217 [ 3 ] Bug #555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN https://bugzilla.redhat.com/show_bug.cgi?id=555238
This update can be installed with the “yum” update program. Use su -c ‘yum update kernel’ at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys
- Previous message: Fedora 11 Update: cclive-0.5.8-1.fc11
- Next message: Fedora 12 Update: mono-2.4.3.1-1.fc12
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the package-announce mailing list
Related news
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.
net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.