CVE-2010-0003: [SECURITY] Fedora 11 Update: kernel-2.6.30.10-105.2.4.fc11

updates at fedoraproject.org updates at fedoraproject.org
Fri Jan 22 22:36:26 UTC 2010

• Previous message: Fedora 11 Update: cclive-0.5.8-1.fc11
• Next message: Fedora 12 Update: mono-2.4.3.1-1.fc12
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-0919 2010-01-22 22:11:51

---

Name : kernel Product : Fedora 11 Version : 2.6.30.10 Release : 105.2.4.fc11 URL : http://www.kernel.org/ Summary : The Linux kernel Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

---

Update Information:

Security update: CVE-2010-0003 CVE-2010-0006 CVE-2010-0007

ChangeLog:

* Tue Jan 19 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-105.2.4

• CVE-2010-0003: kernel: infoleak if print-fatal-signals=1 * Tue Jan 19 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-105.2.3
• CVE-2010-0007: kernel: normal users can modify ebtables rules (#555238) * Tue Jan 19 2010 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-105.2.2
• Backport fix for CVE-2010-0006: kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() (rhbz#555217) * Fri Dec 25 2009 Dan Williams <dcbw at redhat.com> 2.6.30.10-105.2.1
• libertas: fix crash on 64-bit platforms with >= 4GB RAM * Thu Dec 24 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.10-105
• fuse: fix kunmap in fuse_ioctl_copy_user, #549400 * Tue Dec 8 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.10-104
• Copy fix for #540580 from F-12. * Fri Dec 4 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.10-103
• 2.6.30.10
• nuke ipv4-fix-null-ptr-deref-in-ip_fragment.patch, it’s in the latest stable release. * Thu Dec 3 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.9-102
• ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref bug fix. * Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
• fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse when low on memory. rhbz#538734. * Thu Nov 19 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.30.9-100
• Re-enable CONFIG_DMAR_GFX_WA on x86_64. * Tue Nov 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-99
• Silence pointless DRM warning message (#537196) * Tue Nov 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-98
• More sata_nv fixes (#524756). * Mon Nov 16 2009 Eric Sandeen <sandeen at redhat.com> 2.6.30.9-97
• Fix ext4 preallocation-related corruption (#513221) * Tue Nov 3 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.9-96
• fs/pipe.c: fix null pointer dereference (CVE-2009-3547) * Sun Oct 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-95
• Disable the stack protector on functions that don’t have onstack arrays. * Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-94
• Fix overflow in KVM cpuid code. (CVE-2009-3638) * Thu Oct 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-93
• Fix exploitable oops in keyring code (CVE-2009-3624) * Wed Oct 21 2009 Kyle McMartin <kyle at redhat.com>
• shut-up-LOCK_TEST_WITH_RETURN.patch: sort out #445331… or paper bag over it for now until the lock warnings can be killed. * Mon Oct 19 2009 Kyle McMartin <kyle at redhat.com>
• af_unix-fix-deadlock-connecting-to-shutdown-socket.patch: fix for rhbz#529626 local DoS. (CVE-2009-3621) * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-90
• Fix null deref in r128 (F10#487546) (CVE-2009-3620) * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-89
• Keyboard and mouse fixes from 2.6.32 (#522126) * Sat Oct 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-88
• Scheduler wakeup patch, fixes high latency on wakeup (sched-update-the-clock-of-runqueue-select-task-rq-selected.patch) * Fri Oct 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-87
• Fix uninitialized data leak in netlink (CVE-2009-3612) * Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-86
• AX.25 security fix (CVE-2009-2909) * Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-85
• Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it causes failure to boot from USB disks using Cypress bridges (#524998) * Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-84
• Copy libata drive detection fix from 2.6.31.4 (#524756) * Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-83
• Networking fixes taken from 2.6.31-stable * Tue Oct 13 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-82
• Fix boot hang with ACPI on some systems. * Mon Oct 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-81
• Critical ftrace fixes: ftrace-use-module-notifier-for-function-tracer.patch ftrace-check-for-failure-for-all-conversions.patch tracing-correct-module-boundaries-for-ftrace_release.patch * Thu Oct 8 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.30.9-80
• ppc: compile nvidiafb as a module only, nvidiafb+nouveau = bang! (rh#491308) * Wed Oct 7 2009 Dave Jones <davej at redhat.com> 2.6.30.9-78
• Disable IRQSOFF tracer. (Adds unnecessary overhead when unused) * Wed Oct 7 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-77
• eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908) * Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-76
• fix race in forcedeth network driver (#526546) * Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-75
• x86: Don’t leak 64-bit reg contents to 32-bit tasks. * Tue Oct 6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-74
• ACPI EC bug fixes taken from kernel 2.6.32 (#492699, #525681) * Mon Oct 5 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-73
• Linux 2.6.30.9 * Sun Oct 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-72.rc3
• Copy stack randomization fix from 2.6.31.2 (F10#526882) * Sun Oct 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-71.rc3
• Linux 2.6.30.9-rc3
• Drop merged upstream patches: linux-2.6-cifs-reenable-lanman-security.patch kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch kvm-vmx-check-cpl-before-emulating-debug-register-access.patch kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch * Fri Oct 2 2009 Justin M. Forbes <jforbes at redhat.com> 2.6.30.8-70
• Add linux-2.6-virtio-net-refill-on-out-of-memory.patch, from 2.6.31 to prevent page allocation failures in guests. (#520119) * Mon Sep 28 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-69
• Add linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch, from 2.6.32-rc, fixes bug #525743 * Mon Sep 28 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-68
• Drop sched-disable-NEW-FAIR-SLEEPERS-for-now.patch, reported to cause problems on 2.6.30. * Sat Sep 26 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-67
• Scheduler fixes cherry-picked from 2.6.32 * Sat Sep 26 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-66
• Backport “appletalk: Fix skb leak when ipddp interface is not loaded” (fixes CVE-2009-2903) * Sat Sep 26 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-65
• KVM fixes from 2.6.31.1, including fix for CVE-2009-3290 * Fri Sep 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-64
• Fix serious CFQ performance regression. * Fri Sep 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-63
• Disable the GEM graphics manager on i686 PAE kernels (fixes modesetting on Intel graphics.) * Fri Sep 25 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-62
• Fix breakage in hostap driver (#522269) * Thu Sep 24 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-61
• Backport the cpuidle-faster-io fix from Fedora 12 to fix I/O performance problems when reading/writing multiple disks. * Thu Sep 24 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.8-60
• Linux 2.6.30.8 * Thu Sep 24 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-59
• Disable sound powersave by default; it still pops when playing sounds. (#523836) * Wed Sep 16 2009 Justin M. Forbes <jforbes at redhat.com> 2.6.30.7-58
• Revert virtio_blk to rotational mode. (#509383) * Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-57
• Linux 2.6.30.7 * Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-56.rc1
• Fix CIFS security flags mask broken in 2.6.30 (#523173) * Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-55.rc1
• Fix cpufreq lockdep warnings (#522685) * Sat Sep 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-54.rc1
• 2.6.30.7-rc1
• Drop patches merged in -stable: linux-2.6-slub-fix-destroy-by-rcu.patch * Thu Sep 10 2009 Dennis Gilmore <dennis at ausil.us> 2.6.30.6-53
• kgdb only works on sparc64 smp kernels so disable on the up one and enable on the smp one
• update to 256 cpus supported on sparc64 smp * Wed Sep 9 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.6-52
• Add linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.30.4) * Wed Sep 9 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.6-51
• 2.6.30.6
• Drop patches merged in -stable: do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch linux-2.6-x86-dont-send-ipi-to-empty-set-cpus.patch linux-2.6-bitmap-make-ops-return-result.patch linux-2.6-x86-dont-call-send-ipi-mask-with-empty-mask.patch linux-2.6-clone-fix-race-between-copy-process-and-de-thread.patch linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch linux-2.6-xen-x86-dont-probe-if-apics-are-disabled.patch * Tue Sep 8 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-50
• Disable Amiga One support to fix powerpc coherency bug (#521703) * Fri Sep 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-49
• Fix build system getting confused during firmware install. * Fri Sep 4 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-48
• Added additional fixes needed for #514787: linux-2.6-ppc64-vs-broadcom-lmb-no-init-*.patch
• Fix up lirc patch context so it applies. * Wed Sep 2 2009 Jarod Wilson <jarod at redhat.com>
• Make it possible to rmmod lirc_zilog w/o it hanging indefinitely
• Add transmit support (via port 2 only) on 1st-gen mceusb transceiver * Tue Sep 1 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-46
• Fix yet another Xen boot crash (#520517) * Tue Sep 1 2009 Jarod Wilson <jarod at redhat.com> 2.6.30.5-45
• Refresh lirc patches, add new lirc_ene0100 driver
• Fix up hdpvr driver for use with modular i2c so that lirc_zilog can actually bind to it
• Make lirc_zilog IR transmit and receive work on the hdpvr
• Fix audio on PVR-500 when used in same system as HVR-1800 (#480728) * Fri Aug 28 2009 David Woodhouse <David.Woodhouse at intel.com>
• Enable Solos DSL driver * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-43
• Don’t load the floppy driver automatically: linux-2.6-defaults-die-floppy-die.patch * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-42
• Fix stackprotector problems with Xen on x86_64.
• Disable stackprotector on i386 until 32-bit Xen gets fixed. * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-41
• linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch: fix race in kthreads. * Thu Aug 27 2009 Justin M. Forbes <jforbes at redhat.com> 2.6.30.5-40
• xen: Fix guest crash when trying to debug. (#458385) * Thu Aug 27 2009 John W. Linville <linville at redhat.com> 2.6.30.5-39
• zd1211rw: adding 083a:e503 as a ZD1211B device (#518538) * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-38
• Fix string overflows found by stackprotector: hda-check-strcpy-length.patch linux-2.6-v4l-dvb-af9015-fix-stack-corruption.patch * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-37
• Fix race in clone() syscall. * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-36
• Fix hangs on older x86 systems with 440*X chipsets. * Fri Aug 21 2009 David Woodhouse <David.Woodhouse at intel.com>
• Fix b43 on iMac G5 (#514787) * Tue Aug 18 2009 Kyle McMartin <kyle at redhat.com>
• Backport several upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd to improve mmap_min_addr.
• CVE-2009-2847: do_sigaltstack: avoid copying ‘stack_t’ as a structure to user space * Mon Aug 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-32
• Change config options: CONFIG_SCSI_DEBUG=m CONFIG_PCI_MSI_DEFAULT_ON=y * Mon Aug 17 2009 Jarod Wilson <jarod at redhat.com> 2.6.30.5-31
• Fix flub in prior lirc patch update that resulted in no lirc drivers getting built * Sun Aug 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-29
• Linux 2.6.30.5 * Fri Aug 14 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-28.rc2
• Linux 2.6.30.5-rc2
• Dropped drm-intel-tv-fix.patch, merged in -stable now. * Wed Aug 12 2009 Kyle McMartin <kyle at redhat.com>
• drm-no-gem-on-i8xx.patch: fix misspelled IS_8XX & IS_I845G, sigh. * Wed Aug 12 2009 Kyle McMartin <kyle at redhat.com>
• DRM patch sync-up with F-11-2.6.29.y, ABI probably isn’t right yet though…
• drm-modesetting-radeon.patch
• drm-nouveau.patch
• drm-no-gem-on-i8xx.patch
• drm-i915-resume-force-mode.patch
• drm-intel-big-hammer.patch
• drm-intel-gen3-fb-hack.patch
• drm-intel-hdmi-edid-fix.patch
• drm-modesetting-radeon-fixes.patch
• drm-radeon-new-pciids.patch
• drm-dont-frob-i2c.patch
• drm-intel-tv-fix.patch
• drm-radeon-cs-oops-fix.patch
• drm-pnp-add-resource-range-checker.patch
• drm-i915-enable-mchbar.patch
• The rest were merged upstream. * Wed Aug 12 2009 John W. Linville <linville at redhat.com>
• iwlwifi: fix TX queue race * Mon Aug 10 2009 Kyle McMartin <kyle at redhat.com>
• Patch sync-up with F-11-2.6.29.y:
• linux-2.6-x86-delay-tsc-barrier.patch
• linux-2.6-fs-cifs-fix-port-numbers.patch
• linux-2.6-kvm-skip-pit-check.patch
• linux-2.6.29-xen-disable-gbpages.patch
• linux-2.6-virtio_blk-dont-bounce-highmem-requests.patch
• linux-2.6-drivers-char-low-latency-removal.patch
• linux-2.6-serial-add-txen-test-param.patch
• linux-2.6-input-wacom-bluetooth.patch
• linux-2.6-defaults-saner-vm-settings.patch
• linux-2.6-mm-lru-evict-streaming-io-pages-first.patch
• linux-2.6-mm-lru-report-vm-flags-in-page-referenced.patch
• linux-2.6-mm-lru-dont-evict-mapped-executable-pages.patch
• linux-2.6-utrace.patch
• linux-2.6-utrace-ftrace.patch
• linux-2.6-tracehook.patch * Mon Aug 10 2009 Jarod Wilson <jarod at redhat.com>
• Add tunable pad threshold support to lirc_imon
• Blacklist all iMON devices in usbhid driver so lirc_imon can bind
• Add new device ID to lirc_mceusb (#512483)
• Enable IR transceiver on the HD PVR * Wed Aug 5 2009 Kyle McMartin <kyle at redhat.com>
• Update to released 2.6.30.4.
• Drop now-unneeded upstream reverts. * Wed Jul 29 2009 Chuck Ebbert <cebbert at redhat.com>
• Linux 2.6.30.4-rc1 * Mon Jul 27 2009 Neil Horman <nhorman at redhat.com>
• Backport xfrm gc_thresh export code (bz 503124) * Fri Jul 24 2009 Kyle McMartin <kyle at redhat.com>
• CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 [i386 x86_64], 4096 elsewhere, as per defconfigs.
• Blat patches from other tag, now to rebase fixes, splat in the changelog, and tag it for building. * Fri Jul 24 2009 Kyle McMartin <kyle at redhat.com>
• Copy over release configs from devel-2.6.30 tag.
• Fix up some spec deviations. * Fri Jul 24 2009 Kyle McMartin <kyle at redhat.com>
• Linux 2.6.30.3 rebase for Fedora 11.
• Fedora 11 2.6.29 branch is on tag private-fedora-11-2_6_29_6.

---

References:

[ 1 ] Bug #554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1 https://bugzilla.redhat.com/show_bug.cgi?id=554578 [ 2 ] Bug #555217 - CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() https://bugzilla.redhat.com/show_bug.cgi?id=555217 [ 3 ] Bug #555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN https://bugzilla.redhat.com/show_bug.cgi?id=555238

---

This update can be installed with the “yum” update program. Use su -c ‘yum update kernel’ at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys

---

• Previous message: Fedora 11 Update: cclive-0.5.8-1.fc11
• Next message: Fedora 12 Update: mono-2.4.3.1-1.fc12
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the package-announce mailing list