Fedora Test Update Notification: kernel
Jesse Keating
jkeating at j2solutions.net
Thu Jul 8 03:17:36 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1484
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1484
2004-07-07
- ---------------------------------------------------------------------
Name : kernel
Version 7.3 : 2.4.20-35.7.legacy
Version 9 : 2.4.20-35.9.legacy
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Red Hat Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
- ---------------------------------------------------------------------
Update Information:
CAN-2004-0427:
The do_fork function in Linux 2.4.x and 2.6.x does not properly
decrement the mm_count counter when an error occurs after the mm_struct
for a child process has been activated, which triggers a memory leak that
allows local users to cause a denial of service (memory exhaustion) via
the clone (CLONE_VM) system call.
CAN-2004-0535:
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly
initialize memory before using it, which allows local users to read
portions of kernel memory. NOTE: this issue was originally incorrectly
reported as a "buffer overflow" by some sources.
CAN-2004-0003:
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to
gain privileges, related to "R128 DRI limits checking."
CAN-2004-0109:
Buffer overflow in the ISO9660 file system component for Linux kernel
2.4.x, 2.5.x and 2.6.x , allows local users with physical access to
overflow kernel memory and execute arbitrary code via a malformed CD
containing a long symbolic link entry.
CAN-2004-0178:
The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly
handle certain sample sizes, which allows local users to cause a denial of
service (crash).
CAN-2004-0181:
The JFS file system code in Linux 2.4.x has an information leak in
which in-memory data is written to the device for an ext3 file system,
which allows local users to obtain sensitive information by reading the
raw device.
CAN-2004-0394:
A "potential" buffer overflow exists in the panic() function in Linux
2.4.x, although it may not be exploitable due to the functionality of
panic.
A few bugfixes related to Nforce2 chipsets.
- ---------------------------------------------------------------------
Changelog:
7.3:
* Fri Jun 18 2004 Dominic Hargreaves <dom at earth.li>
- - Fix memory leak in kernel/fork.c. (CAN-2004-0427)
- - Numerous userspace pointer reference bugs found with the sparse
tool by Al Viro. (CAN-2004-0495)
- - Fix e1000 driver information leak. (CAN-2004-0535)
* Tue Jun 15 2004 Dominic Hargreaves <dom at earth.li>
- - Fix local DoS in "clear_cpu()" macro. (CAN-2004-0554)
* Thu May 13 2004 Dominic Hargreaves <dom at earth.li>
- - Fix information leak in cpufreq userspace ioctl. (CAN-2004-0228)
- - Fix for C1 Halt Disconnect problem on nForce2 systems.
* Wed May 05 2004 Dominic Hargreaves <dom at earth.li>
- - Fix potential local denial of service in sb16 driver (CAN-2004-0178)
- - Fix information leak in JFS (CAN-2004-0181)
- - Add range checking to i810_dma() in DRM driver.
- - Make ioctl(FBIOGETCMAP) use copy_to_user() rather than memcpy()
- - Fix possible buffer overflow in panic() (CAN-2004-0394)
* Tue Apr 13 2004 Dave Jones <davej at redhat.com>
- - Yet another additional r128 DRM check. (CAN-2004-0003)
- - Bounds checking in ISO9660 filesystem. (CAN-2004-0109)
- - Fix Information leak in EXT3 (CAN-2004-0133)
- - Fix local DoS in mremap()
* Tue Feb 17 2004 Dave Jones <davej at redhat.com>
- - Additional r128 DRM checks. (CAN-2004-0003)
9:
* Fri Jun 18 2004 Dominic Hargreaves <dom at earth.li>
- - Fix memory leak in kernel/fork.c. (CAN-2004-0427)
- - Numerous userspace pointer reference bugs found with the sparse
tool by Al Viro. (CAN-2004-0495)
- - Fix e1000 driver information leak. (CAN-2004-0535)
* Tue Jun 15 2004 Dominic Hargreaves <dom at earth.li>
- - Fix local DoS in "clear_cpu()" macro. (CAN-2004-0554)
* Thu May 13 2004 Dominic Hargreaves <dom at earth.li>
- - Fix information leak in cpufreq userspace ioctl. (CAN-2004-0228)
- - Fix for C1 Halt Disconnect problem on nForce2 systems.
* Wed May 05 2004 Dominic Hargreaves <dom at earth.li>
- - Fix potential local denial of service in sb16 driver (CAN-2004-0178)
- - Fix information leak in JFS (CAN-2004-0181)
- - Add range checking to i810_dma() in DRM driver.
- - Make ioctl(FBIOGETCMAP) use copy_to_user() rather than memcpy()
- - Fix possible buffer overflow in panic() (CAN-2004-0394)
* Tue Apr 13 2004 Dave Jones <davej at redhat.com>
- - Yet another additional r128 DRM check. (CAN-2004-0003)
- - Bounds checking in ISO9660 filesystem. (CAN-2004-0109)
- - Fix Information leak in EXT3 (CAN-2004-0133)
- - Fix local DoS in mremap()
* Tue Feb 17 2004 Dave Jones <davej at redhat.com>
- - Additional r128 DRM checks. (CAN-2004-0003)
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/redhat/
9344cffa6802c7ebffa6a631d4eaa7306617df59
7.3/updates-testing/SRPMS/kernel-2.4.20-35.7.legacy.src.rpm
8cf4a7c4044c367bd2ef3956870e23196af255bb
7.3/updates-testing/i386/kernel-2.4.20-35.7.legacy.athlon.rpm
75e49a453639b57ca295ed687915df718ca4683d
7.3/updates-testing/i386/kernel-2.4.20-35.7.legacy.i586.rpm
deb026a34bc1f79446e76880611d2a494084f6e9
7.3/updates-testing/i386/kernel-2.4.20-35.7.legacy.i686.rpm
0330c909d885e223f86116542d3e06cd6cd954e1
7.3/updates-testing/i386/kernel-bigmem-2.4.20-35.7.legacy.i686.rpm
cec2602052a215bb0706427c3eb3d21f8798faea
7.3/updates-testing/i386/kernel-BOOT-2.4.20-35.7.legacy.i386.rpm
263bbfab412699eafdb0156044e09026e3a4e9de
7.3/updates-testing/i386/kernel-doc-2.4.20-35.7.legacy.i386.rpm
eccb21775efcdf0cdbc2e9d9877d42b8df1f5c13
7.3/updates-testing/i386/kernel-smp-2.4.20-35.7.legacy.athlon.rpm
5da9d54d2e071ee30036f78402f2c88fd69da6e1
7.3/updates-testing/i386/kernel-smp-2.4.20-35.7.legacy.i586.rpm
83a88ed2172fb2bf5d5c05dd6cf11e7a96e350e3
7.3/updates-testing/i386/kernel-smp-2.4.20-35.7.legacy.i686.rpm
65a7083bea4412afa29da8e91d0ba3a03e0f3ac2
7.3/updates-testing/i386/kernel-source-2.4.20-35.7.legacy.i386.rpm
b9d094e0be2665affff9c2dab8211c948c38ccf6
9/updates-testing/SRPMS/kernel-2.4.20-35.9.legacy.src.rpm
6374592090c07112200494e9361db824edb4511a
9/updates-testing/i386/kernel-2.4.20-35.9.legacy.athlon.rpm
811b325582853788f37524c4549fd079e2ffc4a6
9/updates-testing/i386/kernel-2.4.20-35.9.legacy.i586.rpm
2050252b57943da552fc17873331d702585488a4
9/updates-testing/i386/kernel-2.4.20-35.9.legacy.i686.rpm
8fb30ead64197f7be966016609ac9a8e8c14b222
9/updates-testing/i386/kernel-bigmem-2.4.20-35.9.legacy.i686.rpm
86becf2d0d1043913374e314b571fd004b005101
9/updates-testing/i386/kernel-BOOT-2.4.20-35.9.legacy.i386.rpm
4a713fdd4c90d3542cd5c9763b3662c0c2b82865
9/updates-testing/i386/kernel-doc-2.4.20-35.9.legacy.i386.rpm
69326a68b8084e09bcc9ab93909b535c2586da2c
9/updates-testing/i386/kernel-smp-2.4.20-35.9.legacy.athlon.rpm
83b867f5d18bbd70c125dbdff6accc661de0dc47
9/updates-testing/i386/kernel-smp-2.4.20-35.9.legacy.i586.rpm
6e4fa22a1d46b0d42a3837a4ce5e3e65fba9ebfe
9/updates-testing/i386/kernel-smp-2.4.20-35.9.legacy.i686.rpm
83d7da718554b818c4828720ead16ba4001260b2
9/updates-testing/i386/kernel-source-2.4.20-35.9.legacy.i386.rpm
Please note that this update is also available via yum and apt through
the updates-testing channel. Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- --
Jesse Keating RHCE (http://geek.j2solutions.net)
Fedora Legacy Team (http://www.fedoralegacy.org)
GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA7LzU4v2HLvE71NURAmXVAJ0T0iZ1rodP7Wq5PYg+IoUoBtd1hQCfSDPu
Jp/8ZC0nRG71Ky5R0LgZORo=
=6LLc
-----END PGP SIGNATURE-----
More information about the fedora-legacy-list
mailing list