[SECURITY] Fedora 9 Update: kernel-2.6.26.6-79.fc9

updates at fedoraproject.org updates at fedoraproject.org
Thu Oct 23 16:39:28 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8929
2008-10-23 16:03:31
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 9
Version     : 2.6.26.6
Release     : 79.fc9
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

Update kernel from version 2.6.26.5 to 2.6.26.6:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.6    CVE-2008-3831
An IOCTL in the i915 driver was not properly restricted to users with the
proper capabilities to use it.    CVE-2008-4410  The vmi_write_ldt_entry
function in arch/x86/kernel/vmi_32.c in the Virtual  Machine Interface (VMI) in
the Linux kernel 2.6.26.5 invokes write_idt_entry  where write_ldt_entry was
intended, which allows local users to cause a  denial of service (persistent
application failure) via crafted function calls,  related to the Java Runtime
Environment (JRE) experiencing improper LDT  selector state, a different
vulnerability than CVE-2008-3247.    CVE-2008-3525  The sbni_ioctl function in
drivers/net/wan/sbni.c in the wan subsystem in  the Linux kernel 2.6.26.3 does
not check for the CAP_NET_ADMIN capability  before processing a (1)
SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3)  SIOCDEVENSLAVE, or (4)
SIOCDEVEMANSIPATE ioctl request, which allows local  users to bypass intended
capability restrictions.    CVE-2008-4554  The do_splice_from function in
fs/splice.c in the Linux kernel before 2.6.27  does not reject file descriptors
that have the O_APPEND flag set, which allows  local users to bypass append mode
and make arbitrary changes to other locations  in the file.    CVE-2008-4576
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial
of service (OOPS) via an INIT-ACK that states the peer does not support AUTH,
which causes the sctp_process_init function to clean up active transports and
triggers the OOPS when the T1-Init timer expires.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 17 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-79
- Fix IOCTL permission checking in sbni WAN adapter (CVE-2008-3525).
* Fri Oct 17 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-78
- DRM: fix ioctl security issue (CVE-2008-3831).
* Thu Oct 16 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-77
- Fix RTC on systems that don't describe it in PnP (#451188)
* Wed Oct 15 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-76
- Actually apply the syscall_get_arguments() fix.
* Wed Oct 15 2008 Roland McGrath <roland at redhat.com> 2.6.26.6-75
- fix x86 syscall_get_arguments() order
* Tue Oct 14 2008 Roland McGrath <roland at redhat.com> 2.6.26.6-74
- utrace update
* Mon Oct 13 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-71
- Fix namespace clash in ATI timer patch.
* Mon Oct 13 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-70
- x86, early_ioremap: fix fencepost error
- x86: SB450: skip IRQ0 override if it is not routed to INT2 of IOAPIC
* Mon Oct 13 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-69
- libata: always do follow-up SRST if hardreset returned -EAGAIN
- libata: fix EH action overwriting in ata_eh_reset()
- libata: sata_nv: SWNCQ should be disabled by default (#463034)
* Sat Oct 11 2008 Dennis Gilmore <dennis at ausil.us> 2.6.26.6-68
- disable atl1e on sparc64
- backport syscall tracing to use the new tracehook.h entry points on sparc64
- syscall tracing patch is already upstream in 2.6.27
* Fri Oct 10 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-67
- libata: pata_marvell: use the upstream patch for playing nice with ahci
* Fri Oct 10 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-66
- x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
* Fri Oct 10 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-65
- pci: check range on sysfs mmapped resources
* Fri Oct 10 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-64
- Don't allow splice to files opened with O_APPEND.
* Fri Oct 10 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-63
- Fix buffer overflow in uvcvideo driver.
* Fri Oct 10 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-62
- Fix possible oops in get_wchan()
* Thu Oct  9 2008 Kyle McMartin <kyle at redhat.com> 2.6.26.6-61
- add e1000e: write protect nvram to prevent corruption patch from upstream
* Thu Oct  9 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-60
- x86: switch to UP mode when only one CPU is present at boot time
* Thu Oct  9 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-59
- 2.6.26.6
* Wed Oct  8 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-58.rc1
- Copy dwmw2's build fixes from rawhide:
    Include arch/$ARCH/include/ directories in kernel-devel (F10#465486)
    Include arch/powerpc/lib/crtsavres.[So] too (#464613)
* Tue Oct  7 2008 Roland McGrath <roland at redhat.com> 2.6.26.6-57.rc1
- Fix build ID fiddling magic. (#465873)
* Tue Oct  7 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.6-56.rc1
- 2.6.26.6-rc1
  Dropped patches:
    linux-2.6-sched-fix-process-time-monotonicity.patch
    linux-2.6-x86-64-fix-overlap-of-modules-and-fixmap-areas.patch
    linux-2.6-x86-fdiv-bug-detection-fix.patch
    linux-2.6-x86-io-delay-add-hp-f700-quirk.patch
    linux-2.6-x86-fix-oprofile-and-hibernation-issues.patch
    linux-2.6-x86-32-amd-c1e-force-timer-broadcast-late.patch
    linux-2.6-x86-pat-proper-tracking-of-set_memory_uc.patch
    linux-2.6-x86-hpet-01-fix-moronic-32-64-bit-thinko.patch
    linux-2.6-x86-hpet-02-read-back-compare-register.patch
    linux-2.6-x86-hpet-03-make-minimum-reprogramming-delta-useful.patch
    linux-2.6-x86-fix-memmap-exactmap-boot-argument.patch
    linux-2.6-usb-fix-hcd-interrupt-disabling.patch
    linux-2.6-acpi-processor-use-signed-int.patch
    linux-2.6-mm-dirty-page-tracking-race-fix.patch
    linux-2.6-mm-mark-correct-zone-full-when-scanning-zonelists.patch
    linux-2.6-block-submit_bh-discards-barrier-flag.patch
    linux-2.6-pcmcia-fix-broken-abuse-of-dev-driver_data.patch
* Mon Oct  6 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-55
- Fix more fallout from the WARN() macro.
* Mon Oct  6 2008 John W. Linville <linville at redhat.com> 2.6.26.5-54
- Re-revert at76_usb to version from before attempted mac80211 port
* Mon Oct  6 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-53
- Add missing WARN() macro.
* Fri Oct  3 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-52
- Disable the snd-aw2 module: it conflicts with video drivers. (#462919)
* Fri Oct  3 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-51
- Support building -stable RC kernels.
  Kernel versioning example: 2.6.26.6-52.rc1.fc9
* Wed Oct  1 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-50
- Add config option to disallow adding CPUs after booting.
* Mon Sep 29 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-49
- Don't oops if no IRQ stack is available (#461846)
* Mon Sep 29 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-48
- Two patches to help make kerneloops bug reports more useful.
  (requested by Arjan)
* Tue Sep 23 2008 Kyle McMartin <kyle at redhat.com> 2.6.26.5-47
- two more wireless fixes from John
   p54: Fix regression due to "net: Delete NETDEVICES_MULTIQUEUE kconfig option
   Revert "b43/b43legacy: add RFKILL_STATE_HARD_BLOCKED support"
* Mon Sep 22 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.26.5-46
- pcmcia: Fix broken abuse of dev->driver_data (#462178)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #465873 - kernel build-id note corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=465873
  [ 2 ] Bug #466303 - IPSec kernel lockup.
        https://bugzilla.redhat.com/show_bug.cgi?id=466303
  [ 3 ] Bug #462156 - Kernel 2.6.26.3-14 hangs fairly early in boot
        https://bugzilla.redhat.com/show_bug.cgi?id=462156
  [ 4 ] Bug #464613 - 11143 unconditional linker option arch/powerpc/lib/crtsavres.o causes external module buildfailure
        https://bugzilla.redhat.com/show_bug.cgi?id=464613
  [ 5 ] Bug #463034 - [sata_nv swncq] kernel 2.6.26.3-29 raid errors: "md: super_written gets error=-5, uptodate=0"
        https://bugzilla.redhat.com/show_bug.cgi?id=463034
  [ 6 ] Bug #460550 - Insert key does not work on console since 2.6.26
        https://bugzilla.redhat.com/show_bug.cgi?id=460550
  [ 7 ] Bug #438606 - at76  stops working with port to mac80211
        https://bugzilla.redhat.com/show_bug.cgi?id=438606
  [ 8 ] Bug #466511 - Kernel crash when using openswan
        https://bugzilla.redhat.com/show_bug.cgi?id=466511
  [ 9 ] Bug #462919 - kernel 2.6.26.3-19.fc9.x86_64 TT-budget C-1500 DVB card is not longer working
        https://bugzilla.redhat.com/show_bug.cgi?id=462919
  [ 10 ] Bug #462178 - PCMCIA CF adaptor causes kernel hang at "Starting UDEV:"
        https://bugzilla.redhat.com/show_bug.cgi?id=462178
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list