[SECURITY] Fedora 11 Update: kernel-2.6.29.6-217.2.16.fc11

updates at fedoraproject.org updates at fedoraproject.org
Thu Aug 27 02:19:22 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9044
2009-08-27 00:48:36
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 11
Version     : 2.6.29.6
Release     : 217.2.16.fc11
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

Security fixes:  - CVE-2009-2691: Information disclosure in proc filesystem  -
CVE-2009-2848: execve: must clear current->child_tid  - CVE-2009-2849: md: null
pointer dereference  - CVE-2009-2847: Information leak in do_sigaltstack
Restore missing LIRC drivers, dropped in previous release.    Backport upstream
fixes that further improve the security of mmap of low addresses.
(CVE-2009-2695)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 24 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-217.2.16
- Fix CVE-2009-2691: local information disclosure in /proc
* Fri Aug 21 2009 David Woodhouse <David.Woodhouse at intel.com>
- Fix b43 on iMac G5 (#514787)
* Tue Aug 18 2009 Kyle McMartin <kyle at redhat.com>
- CVE-2009-2848: execve: must clear current->clear_child_tid
- Cherry pick upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd
  which improve mmap_min_addr.
- CVE-2009-2849: md: avoid dereferencing null ptr when accessing suspend
  sysfs attributes.
- CVE-2009-2847: do_sigaltstack: avoid copying 'stack_t' as a structure
  to userspace
* Mon Aug 17 2009 Jarod Wilson <jarod at redhat.com> 2.6.29.6-217.2.9
- Fix flub in prior lirc patch update that resulted in no lirc
  drivers getting built
* Sat Aug 15 2009 Kyle McMartin <kyle at redhat.com> 2.6.29.6-217.2.8
- CVE-2009-2767: Fix clock_nanosleep NULL ptr deref.
* Fri Aug 14 2009 Kyle McMartin <kyle at redhat.com> 2.6.29.6-217.2.7
- CVE-2009-2692: Fix sock sendpage NULL ptr deref.
* Thu Aug 13 2009 Kristian Høgsberg <krh at redhat.com> - 2.6.29.6-217.2.6
- Backport 0e7ddf7e to fix bad BUG_ON() in i915 gem fence management
  code.  Adds drm-i915-gem-bad-bug-on.patch, fixes #514091.
* Wed Aug 12 2009 John W. Linville <linville at redhat.com> 2.6.29.6-217.2.5
- iwlwifi: fix TX queue race
* Mon Aug 10 2009 Jarod Wilson <jarod at redhat.com> 2.6.29.6-217.2.4
- Add tunable pad threshold support to lirc_imon
- Blacklist all iMON devices in usbhid driver so lirc_imon can bind
- Add new device ID to lirc_mceusb (#512483)
- Enable IR transceiver on the HD PVR
* Wed Jul 29 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-217.2.3
- Don't optimize away NULL pointer tests where pointer is used before the test.
  (CVE-2009-1897)
* Wed Jul 29 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-217.2.2
- Fix mmap_min_addr security bugs (CVE-2009-1895)
* Wed Jul 29 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-217.2.1
- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)
* Thu Jul 23 2009 Kyle McMartin <kyle at redhat.com> 2.6.29.6-217
- Apply three patches requested by sgruszka at redhat.com:
 - iwl3945-release-resources-before-shutting-down.patch
 - iwl3945-add-debugging-for-wrong-command-queue.patch
 - iwl3945-fix-rfkill-sw-and-hw-mishmash.patch
* Thu Jul 23 2009 Jarod Wilson <jarod at redhat.com>
- virtio_blk: don't bounce highmem requests, works around a frequent
  oops in kvm guests using virtio block devices (#510304)
* Wed Jul 22 2009 Tom "spot" Callaway <tcallawa at redhat.com>
- We have to override the new %install behavior because, well... the kernel is
special.
* Wed Jul 22 2009 Ben Skeggs <bskeggs at redhat.com>
- drm-nouveau.patch: Fix DPMS off for DAC outputs, NV4x PFIFO typo
* Tue Jul  7 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-213
- Drop the correct patch to fix bug #498858
* Mon Jul  6 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-212
- Additional fixes for bug #498854
* Thu Jul  2 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-211
- Fix NFSD null credentials bug (#494067)
- Remove null credentials debugging patch.
* Thu Jul  2 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-210
- Linux 2.6.29.6
* Wed Jul  1 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-209.rc1
- Linux 2.6.29.6-rc1
- Enable CONFIG_DEBUG_CREDENTIALS in debug kernels only.
- Dropped patches merged upstream:
    linux-2.6-netdev-r8169-fix-lg-pkt-crash.patch
    linux-2.6-input-atkbd-forced-release.patch
* Wed Jul  1 2009 Dave Airlie <airlied at redhat.com> 2.6.29.5-208
- drm-intel-a17-fix.patch, drm-pnp-add-resource-range-checker.patch,
  drm-i915-enable-mchbar.patch:
    backport upstream fixes for 915/945 tiling slowness.
* Tue Jun 30 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-207
- Fix stalled NFS writes (#508174)
- Fix broken TSC-based delay.
* Tue Jun 30 2009 Jarod Wilson <jarod at redhat.com> 2.6.29.5-206
- Fix busticated lirc_serial (#504402)
* Tue Jun 30 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.29.5-205
- nouveau: Forcibly DPMS on DAC/SORs during modeset
* Mon Jun 29 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-204
- Fix "port=" option in CIFS mount calls. (#506574)
* Mon Jun 29 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-203
- Add support for Apple mini keyboard (#507517)
* Mon Jun 29 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-202
- New debug patch for null selinux credentials (for bug #494067)
* Fri Jun 26 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.29.5-201
- nouveau: bump timeout up a bit, some people hitting false hangs
* Fri Jun 26 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.29.5-200
- nouveau: backport nv50 output script fixes from upstream
* Fri Jun 26 2009 Ben Skeggs <bskeggs at redhat.com>
- nouveau: fix GT200 context control, will allow use of 3D engine now
* Wed Jun 24 2009 Jarod Wilson <jarod at redhat.com> 2.6.29.5-198
- Fix lirc_i2c functionality (#507047)
- Add ability to disable lirc_imon mouse mode
* Wed Jun 24 2009 Kyle McMartin <kyle at redhat.com>
- config changes:
 - generic:
  - CONFIG_SCSI_DEBUG=m (was off, requested by davidz.)
* Mon Jun 22 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-196
- Fix oopses in a bunch of USB serial devices (#500954)
* Sat Jun 20 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-195
- Add linux-2.6-drivers-char-low-latency-removal.patch
  to fix oops in nozomi driver (#507005)
* Thu Jun 18 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.29.5-194
- drm-nouveau.patch: un-break DPMS after DRM changes
* Thu Jun 18 2009 Dave Airlie <airlied at redhat.com> 2.6.29.5-193
- drm-radeon-cs-oops-fix.patch: fix oops if CS path called from non-kms
* Wed Jun 17 2009 Jarod Wilson <jarod at redhat.com>
- New lirc_imon hotness:
  * support dual-interface devices with a single lirc device
  * directional pad functions as an input device mouse
  * touchscreen devices finally properly supported
  * support for using MCE/RC-6 protocol remotes
  * fix oops in RF remote association code (F10 bug #475496)
  * fix re-enabling case/panel buttons and/or knobs
- Add some misc additional lirc_mceusb2 transceiver IDs
- Add missing unregister_chrdev_region() call to lirc_dev exit
- Add it8720 support to lirc_it87
* Tue Jun 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-191
- Copy latest version of the -mm streaming IO and executable pages patches from F-10
- Copy the saner-vm-settings patch from F-10:
    change writeback interval from 5,30 seconds to 3,10 seconds
- Comment out the null credentials debugging patch (bug #494067)
* Tue Jun 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-190
- Two r8169 driver updates from 2.6.30
- Update via-sdmmc driver
* Tue Jun 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-189
- New debug patch for bug #494067, now enabled for non-debug kernels too.
* Tue Jun 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-188
- Avoid lockup on OOM with /dev/zero
* Tue Jun 16 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.5-187
- Drop the disable of mwait on VIA Nano processor. The lockup bug is
  fixed by BIOS updates.
* Tue Jun 16 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.29.5-186
- nouveau: Use VBIOS image from PRAMIN in preference to PROM (#492658)
* Tue Jun 16 2009 Dave Airlie <airlied at redhat.com> 2.6.29.5-185
- drm-connector-dpms-fix.patch - allow hw to dpms off
- drm-dont-frob-i2c.patch - don't play with i2c bits just do EDID
- drm-intel-tv-fix.patch - fixed intel tv after connector dpms
- drm-modesetting-radeon-fixes.patch - fix AGP issues (go faster) (otaylor)
- drm-radeon-fix-ring-commit.patch - fix stability on some radeons
- drm-radeon-new-pciids.patch - add rv770/790 support
- drm-intel-vmalloc.patch - fix vmalloc patch
* Mon Jun 15 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.5-184
- Get rid of the annoying parport sysctl registration warning (#503773)
  (linux-2.6-parport-quickfix-the-proc-registration-bug.patch)
* Mon Jun 15 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.5-183
- Linux 2.6.29.5
* Mon Jun 15 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.5-182.rc1
- Add support for touchpad on MacBook 5 (Unibody) (#504197)
* Mon Jun 15 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.5-181.rc1
- Fix reporting of short writes to the NFS client (#493500)
* Mon Jun 15 2009 John W. Linville <linville at redhat.com>
- neigh: fix state transition INCOMPLETE->FAILED via Netlink request
* Fri Jun 12 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.5-179.rc1
- VIA Nano / VX800 fixes
    Padlock 64-bit fixes
    Disable mwait on the Nano
    Add via-sdmmc driver
    Enable the VIA random number generator on 64-bit
- Enable the userspace ARP daemon (#502844)
* Wed Jun 10 2009 Ben Skeggs <bskeggs at redhat.com>
- drm-nouveau.patch: fill in modes derived from VBIOS tables better
* Tue Jun  9 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.5-177.rc1
- 2.6.29.5-rc1
- Reverted from stable, patch already in drm-next:
    drm-r128-fix-r128-ioremaps-to-use-ioremap_wc.patch
- Dropped patches, merged in -stable:
    hpet-fixes.patch
    keys-Handle-there-being-no-fallback-destination-key.patch
    kvm-Fix-PDPTR-reloading-on-CR4-writes.patch
    kvm-Make-paravirt-tlb-flush-also-reload-the-PAE-PDP.patch
    linux-2.6-ptrace-fix-possible-zombie-leak.patch
    linux-2.6-usb-cdc-acm-remove-low-latency-flag.patch
    linux-2.6-xen-xenbus_state_transition_when_not_connected.patch
    linux-2.6.29.5-ext4-stable-fixes.patch
* Tue Jun  9 2009 John W. Linville <linville at tuxdriver.com>
- Clean-up some wireless bits in config-generic
* Tue Jun  9 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-175
- Add ext4 stable patch queue, 18 patches submitted for 2.6.29.5
  (adds 10 patches that weren't already in F-11.)
* Tue Jun  9 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-174
- Add support for ACPI P-states on VIA processors.
- Disable the e_powersaver driver.
* Mon Jun  8 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-173
- Add linux-2.6-ptrace-fix-possible-zombie-leak.patch
  Fixes bug #481753, ptraced processes fail to deliver exit notification to parent
* Mon Jun  8 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-172
- Add linux-2.6-netdev-ehea-fix-circular-locking.patch (#498854)
* Mon Jun  8 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-171
- Add AT keyboard forced key release quirks for four more notebooks.
  (Fixes Samsung NC20/Q45, Fujitsu PA1510/Xi3650)
* Mon Jun  8 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-170
- Drop ALSA jiffies-based PCM boundary checking (#498858)
* Mon Jun  8 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-169
- Add debug patch for finding null security credentials. (494067)
* Tue Jun  2 2009 Roland McGrath <roland at redhat.com> - 2.6.29.4-168
- utrace update (fixes stap PR10185)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #516171 - CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading
        https://bugzilla.redhat.com/show_bug.cgi?id=516171
  [ 2 ] Bug #515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid
        https://bugzilla.redhat.com/show_bug.cgi?id=515423
  [ 3 ] Bug #518132 - CVE-2009-2849 kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes
        https://bugzilla.redhat.com/show_bug.cgi?id=518132
  [ 4 ] Bug #515392 - CVE-2009-2847 kernel: information leak in sigaltstack
        https://bugzilla.redhat.com/show_bug.cgi?id=515392
  [ 5 ] Bug #517830 - CVE-2009-2695 SELinux and mmap_min_addr
        https://bugzilla.redhat.com/show_bug.cgi?id=517830
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list