Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 14 Update: kernel-2.6.35.14-95.fc14
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Tuesday 23rd August 2011 04:37:17 UTC (over 5 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11103
2011-08-18 01:39:57
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 14
Version     : 2.6.35.14
Release     : 95.fc14
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

Update to kernel 2.6.35.14:  

http://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog-2.6.35.14

NOTE: These upstream commits from 2.6.35.14 were already in the previous
Fedora 14 kernel 2.6.35.13-92:

b934c20de1398d4a82d2ecfeb588a214a910f13f  
3cd01976e702ccaffb907727caff4f8789353599  
9c047157a20521cd525527947b13b950d168d2e6  
6b4e81db2552bad04100e7d5ddeed7e848f53b48  
3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f  
b522f02184b413955f3bc952e3776ce41edc6355  
194b3da873fd334ef183806db751473512af29ce  
a1f74ae82d133ebb2aabb19d181944b4e83e9960  
e9cdd343a5e42c43bcda01e609fa23089e026470  
14fb57dccb6e1defe9f89a66f548fcb24c374c1d  
221d1d797202984cb874e3ed9f1388593d34ee22  
a294865978b701e4d0d90135672749531b9a900d  

--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 15 2011 Chuck Ebbert  2.6.35.14-95
- CVE-2011-2905: perf tools: may parse user-controlled configuration file
- CVE-2011-2695: ext4: kernel panic when writing data to the last block of
sparse file
- CVE-2011-2497: bluetooth: buffer overflow in l2cap config request
- CVE-2011-2517: nl80211: missing check for valid SSID size in scan
operations
- CVE-2011-2699: ipv6: make fragment identifications less predictable
* Wed Aug  3 2011 Chuck Ebbert  2.6.35.14-94
- Linux 2.6.35.14
- Drop merged patches:
    flexcop-fix-xlate_proc_name-warning.patch
    btusb-macbookpro-6-2.patch
    btusb-macbookpro-7-1.patch
    fix-i8k-inline-asm.patch
    virtio_net-add-schedule-check-to-napi_enable-call.patch
    agp-fix-arbitrary-kernel-memory-writes.patch
    agp-fix-oom-and-buffer-overflow.patch
    scsi-mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch
    x86-amd-arat-bug-on-sempron-workaround.patch
    x86-amd-fix-arat-feature-setting-again.patch
    cifs-add-fallback-in-is_path_accessible-for-old-servers.patch
    dccp-handle-invalid-feature-options-length.patch
* Mon Jun 20 2011 Kyle McMartin  2.6.35.13-93
- [sgruszka@] iwlwifi: fix general 11n instability (#648732,#666646)
* Fri May 20 2011 Chuck Ebbert  2.6.35.13-92
- Add the rest of the fix for bug #704059
- dccp: handle invalid feature options length (CVE-2011-1770)
- Fix address wrapping in stack expansion code.
* Wed May 18 2011 Chuck Ebbert 
- Fix cifs bug in 2.6.35.13 with old Windows servers (#704125)
- Revert broken fixes for #704059, add proper partial fix.
* Fri May 13 2011 Kyle McMartin 
- [fabbione@] Fix a deadlock when using hp_sw with an HP san.
  (7a1e9d82 upstream)
* Thu May 12 2011 Chuck Ebbert 
- Fix stalls on AMD machines with C1E caused by 2.6.35.13 (#704059)
* Tue May  3 2011 Chuck Ebbert  2.6.35.13-91
- [SCSI] mpt2sas: prevent heap overflows and unchecked reads
  (CVE-2011-1494, CVE-2011-1495)
- agp: fix arbitrary kernel memory writes (CVE-2011-1745)
- agp: fix OOM and buffer overflow (CVE-2011-1746)
- Fix credentials leakage regression (#700637)
* Fri Apr 29 2011 Chuck Ebbert 
- Linux 2.6.35.13
* Fri Apr 22 2011 Kyle McMartin  2.6.35.12-90
- iwlagn-support-new-5000-microcode.patch: stable submission patch from
  sgruszka to support newer microcode versions with the iwl5000 hardware.
* Wed Apr 20 2011 Chuck Ebbert  2.6.35.12-89
- Revert TPM patches from -stable (c4ff4b829, 9b29050f8) that caused
  timeouts and suspend failures (#695953)
- Revert extra fix for credentials leak (#683568)
* Thu Mar 31 2011 Kyle McMartin  2.6.35.12-88
- Update to longterm 2.6.35.12, drop upstream patches.
* Wed Mar 23 2011 Kyle McMartin 
- Backport 3e9d08e: "virtio_net: Add schedule check to napi_enable call"
* Wed Mar 23 2011 Ben Skeggs  2.6.35.11-87
- nouveau: fix s/r on some boards (f14 port of #688569)
* Wed Mar 16 2011 Kyle McMartin  2.6.35.11-86
- Fix a regression in cfg80211 ht40 support from 2.6.35, patch from
  Mark Mentovai and Stanislaw Gruszka. Thanks!
* Tue Mar  1 2011 Jarod Wilson <[email protected]> 2.6.35.11-85
- Fix IR wakeup on nuvoton-cir-driven hardware
- Make mceusb only bind to the IR interface on Realtek multifuction thingy
- Kill the crappy old lirc_it* drivers, add new ite_cir driver
- Fix HVR-1950 (and possibly other) device bring-up (#680450)
* Mon Feb 28 2011 Chuck Ebbert 
- Fix stuck bits in md bitmaps (#680791)
* Thu Feb 24 2011 Chuck Ebbert 
- iwl3945-remove-plcp-check.patch: fix slow speed on some iwl3945
  (#654599)
- Copy fix for bonding error message from F13 (#604630)
* Wed Feb 16 2011 Chuck Ebbert 
- Add support for additional Logitech Rumblepad model (#676577)
* Sat Feb 12 2011 Chuck Ebbert 
- Fix 32-bit guest hang on 32-bit PAE host (#677167)
* Sat Feb 12 2011 Chuck Ebbert 
- bridge: Fix mglist corruption that leads to memory corruption
(F13#650151)
* Fri Feb 11 2011 Matthew Garrett  2.6.35.11-84
- linux-2.6-acpi-fix-alias.patch: Fix ACPI object aliasing (#608648)
* Sun Feb  6 2011 Chuck Ebbert   2.6.35.11-83
- Linux 2.6.35.11
* Tue Feb  1 2011 Chuck Ebbert   2.6.35.11-82.rc1
- Linux 2.6.35.11-rc1
- Revert patches we already have in the big v4l update:
    gspca-sonixj-add-a-flag-in-the-driver_info-table.patch
    gspca-sonixj-set-the-flag-for-some-devices.patch
- Comment out patches merged upstream:
    sched-cure-more-NO_HZ-load-average-woes.patch
    posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
    mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
* Sun Jan 30 2011 Chuck Ebbert 
- Fix oops in sunrpc code (#673207)
* Tue Jan 25 2011 Jarod Wilson <[email protected]> 2.6.35.10-81
- Further improvements to ir-kbd-i2c when used with zilog chips
- Finally hopefully fix annoying mceusb keybounce issue
* Wed Jan 19 2011 Jarod Wilson <[email protected]> 2.6.35.10-80
- Make lirc_zilog behave correctly with hdpvr again, and for the first
  time ever, with pvrusb2-driven HVR-1950 (#635045)
- Call dib0700 rc bug whacked (#667157)
- Call saa7134-based i2c IR registration bug whacked (#665870)
* Tue Jan 18 2011 Jarod Wilson <[email protected]> 2.6.35.10-79
- Generally, its a good idea to actually apply the patches you were
  intending to include in the build, and enable their Kconfig options
* Tue Jan 18 2011 Kyle McMartin 
- sgruszka: hostap_cs: fix sleeping function called in invalid
  context (#643758)
* Tue Jan 18 2011 Jarod Wilson <[email protected]> 2.6.35.10-78
- Rebase v4l/dvb/rc bits to 2.6.38-rc1 code
- Fix lirc_serial transmit (#658600)
* Sun Jan 16 2011 Chuck Ebbert 
- Fix wrong file allocation size in btrfs (#669511)
* Mon Jan 10 2011 Jarod Wilson <[email protected]> 2.6.35.10-77
- Add support for local rebuild config option overrides
- Add missing --with/--without pae build flag support
- Restore imon mce default proto modparam, since ir-keytable currently
  won't work with the 2.6.35.x input layer ioctls
- mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka,
#667459)
* Mon Jan 10 2011 Chuck Ebbert 
- CVE-2010-4668: kernel panic with 0-length IOV
* Thu Jan  6 2011 Chuck Ebbert 
- Fix failure to get link with e1000e model 82576DC (#652744)
* Wed Jan  5 2011 Jarod Wilson <[email protected]> 2.6.35.10-76
- Restore functional audio on PVR-150 video capture cards (#666456)
- Fix another mceusb regression cropping up mostly with rc5 signals
(#662071)
- Add back some ir-lirc-codec debug spew
* Thu Dec 30 2010 Jarod Wilson <[email protected]> 2.6.35.10-75
- Fix imon 0xffdc device detection and oops on probe
* Thu Dec 23 2010 Matthew Garrett  2.6.35.10-74
- Backport the ACPI battery notification patch (#656738)
* Wed Dec 22 2010 Kyle McMartin  2.6.35.10-73
- Fix ene_ir bugs (jumping off a null dev->rdev pointer) (#664145)
* Mon Dec 20 2010 Kyle McMartin  2.6.35.10-72
- Backport some of the radeon r600_cs.c fixes between .35 and master.
(#664206)
* Mon Dec 20 2010 Jarod Wilson <[email protected]> 2.6.35.10-71
- Restore v4l/dvb/rc rebase, now with prospective fixes for the bttv and
  ene_ir issues that showed up in -67 and -68
* Sun Dec 19 2010 Kyle McMartin  2.6.35.10-70
- Revert Jarod's v4l-dvb-ir rebase, due to several issues reported against
  the 2.6.35.10-68 update.
  https://admin.fedoraproject.org/updates/kernel-2.6.35.10-68.fc14
* Sat Dec 18 2010 Kyle McMartin 
- Patch from nhorman against f13:
  Enhance AF_PACKET to allow non-contiguous buffer alloc (#637619)
* Sat Dec 18 2010 Kyle McMartin 
- Fix SELinux issues with NFS/btrfs and/or xfsdump. (#662344)
* Thu Dec 16 2010 Jarod Wilson <[email protected]> 2.6.35.10-68
- Additional mceusb updates just sent upstream, hopefully to fix
  keybounce/excessive buffering issues
* Wed Dec 15 2010 Jarod Wilson <[email protected]> 2.6.35.10-67
- Rebase v4l/dvb/rc code to latest upstream, should fix a fair
  number of ir/rc-related issues, including bugzilla #662071
* Wed Dec 15 2010 Chuck Ebbert 
- Linux 2.6.35.10
- Remove merged patches and fix up conflicts:
   drm-polling-fixes.patch
   linux-2.6-v4l-dvb-hdpvr-updates.patch
   kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch
- Drop merged patches:
   linux-2.6-rcu-sched-warning.patch
   pnpacpi-cope-with-invalid-device-ids.patch
   ipc-zero-struct-memory-for-compat-fns.patch
   ipc-shm-fix-information-leak-to-user.patch
   r8169-01-fix-rx-checksum-offload.patch
   r8169-02-_re_init-phy-on-resume.patch
   r8169-03-fix-broken-checksum-for-invalid-sctp_igmp-packets.patch
   hda_realtek-handle-unset-external-amp-bits.patch
* Fri Dec 10 2010 Kyle McMartin 
- pci-disable-aspm-if-bios-asks-us-to.patch: Patch from mjg59 to disable
  ASPM if the BIOS has disabled it, but enabled it already on some devices.
* Fri Dec 10 2010 Kyle McMartin 
- Fix some issues mounting btrfs devices with subvolumes (#656465)
* Fri Dec 10 2010 Kyle McMartin 
- Fix jbd2 warnings when using quotas. (#578674)
* Thu Dec  9 2010 Kyle McMartin 
- Snarf patch from wireless-next to fix mdomsch's orinico wifi.
  (orinoco: initialise priv->hw before assigning the interrupt)
  [229bd792]
* Thu Dec  9 2010 Kyle McMartin 
- Copy tpm-fix-stall-on-boot.patch from rawhide tree. (#530393)
* Thu Dec  9 2010 Chuck Ebbert   2.6.35.9-65
- Require newt-devel for building perf, to enable the perf TUI (#661180)
* Wed Dec  8 2010 Kyle McMartin 
- sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints
  in 2.6.35+ about load average with dynticks. (rhbz#650934)
* Sat Dec  4 2010 Kyle McMartin 
- Enable C++ symbol demangling with perf by linking against libiberty.a,
  which is LGPL2.
* Fri Dec  3 2010 Kyle McMartin  2.6.35.9-64
- Enable hpilo.ko on x86_64 (#571329)
* Thu Dec  2 2010 Kyle McMartin 
- Grab some of Mel's fixes from -mmotm to hopefully sort out #649694.
* Mon Nov 29 2010 Kyle McMartin 
- PNP: log PNP resources, as we do for PCI [c1f3f281]
  should help us debug resource conflicts (requested by bjorn.)
* Mon Nov 29 2010 Kyle McMartin 
- drm/ttm: Fix two race conditions + fix busy codepaths [1df6a2eb]
(#615505)
* Fri Nov 26 2010 Kyle McMartin 
- Quiet a build warning the previous INET_DIAG fix caused.
* Fri Nov 26 2010 Kyle McMartin 
- Plug stack leaks in tty/serial drivers. (#648663, #648660)
* Fri Nov 26 2010 Kyle McMartin 
- r8169 fixes from [email protected] (#502974)
- hda/realtek: handle unset external amp bits (#657388)
* Wed Nov 24 2010 John W. Linville 
- rtl8180: improve signal reporting for rtl8185 hardware
- rtl8180: improve signal reporting for actual rtl8180 hardware
* Tue Nov 23 2010 Kyle McMartin 
- zero struct memory in ipc compat (CVE-2010-4073) (#648658)
- zero struct memory in ipc shm (CVE-2010-4072) (#648656)
- fix logic error in INET_DIAG bytecode auditing (CVE-2010-3880) (#651264)
- posix-cpu-timers: workaround to suppress the problems with mt exec
  (rhbz#656264)
* Tue Nov 23 2010 Kyle McMartin 
- fix-i8k-inline-asm.patch: backport gcc miscompilation fix from git
  [22d3243d, 6b4e81db] (rhbz#647677)
* Mon Nov 22 2010 Jarod Wilson <[email protected]> 2.6.35.9-62
- Linux 2.6.35.9
- IR driver fixes from upstream
  * fix keybounce/buffer parsing oddness w/mceusb
  * properly wire up sysfs entries for mceusb and streamzap
  * fix repeat w/streamzap
  * misc lirc_dev fixes
* Sat Nov 20 2010 Chuck Ebbert  2.6.35.9-61.rc1
- Linux 2.6.35.9-rc1
- Comment out upstreamed patches:
  kvm-fix-regression-with-cmpxchg8b-on-i386-hosts.patch
* Fri Nov 19 2010 Ben Skeggs  2.6.35.8-60
- nouveau: add quirk for iMac G4 (rhbz#505161)
- nouveau: add workaround for display hang on GF8+ (rhbz#537065)
- nouveau: don't reject 3D object creation on NVAF (MBA3)
* Mon Nov 15 2010 Kyle McMartin 
- rhbz#651019: pull in support for MBA3.
* Thu Nov 11 2010 [email protected] - 2.6.35.8-55
- drm: fix EDID issues
* Wed Nov 10 2010 Justin M. Forbes <[email protected]> 2.6.35.8-54
- fix regression with cmpxchg8b on i386 hosts (rhbz#650215)
* Wed Nov 10 2010 Jarod Wilson <[email protected]> 2.6.35.8-53
- Linux 2.6.35.8
- Drop patches upstreamed in 2.6.35.8
- More ir-core and lirc updates
- HD-PVR driver updates
* Tue Nov  9 2010 Dave Airlie  - 2.6.35.6-52
- add i915 polling s/r patch
* Mon Nov  8 2010 Dave Airlie  - 2.6.35.6-51
- Backport polling fixes + radeon hang fixes from upstream
* Tue Nov  2 2010 Ben Skeggs  2.6.35.6-50
- nouveau: add potential workaround for NV86 hardware quirk
- fix issue that occurs in certain dual-head configurations (rhbz#641524)
* Sat Oct 23 2010 Jarod Wilson <[email protected]> 2.6.35.6-49
- Fix brown paper bag bug in imon driver
* Fri Oct 22 2010 Chuck Ebbert  2.6.35.6-48
- drm-i915-sanity-check-pread-pwrite.patch;
   fix CVE-2010-2962, arbitrary kernel memory write via i915 GEM ioctl
- kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch;
   fix CVE-2010-3698, kvm: invalid selector in fs/gs causes kernel panic
- v4l1-fix-32-bit-compat-microcode-loading-translation.patch;
   fixes CVE-2010-2963, v4l: VIDIOCSMICROCODE arbitrary write
* Fri Oct 22 2010 Kyle McMartin  2.6.35.6-47
- tpm-autodetect-itpm-devices.patch: Auto-fix TPM issues on various
  laptops which prevented suspend/resume.
- depessimize-rds_copy_page_user.patch: Fix CVE-2010-3904, local
  privilege escalation via RDS protocol.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #729808 - CVE-2011-2905 kernel: perf tools: may parse
user-controlled configuration file
        https://bugzilla.redhat.com/show_bug.cgi?id=729808
  [ 2 ] Bug #722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing
data to the last block of sparse file
        https://bugzilla.redhat.com/show_bug.cgi?id=722557
  [ 3 ] Bug #716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in
l2cap config request
        https://bugzilla.redhat.com/show_bug.cgi?id=716805
  [ 4 ] Bug #718152 - CVE-2011-2517 kernel: nl80211: missing check for
valid SSID size in scan operations
        https://bugzilla.redhat.com/show_bug.cgi?id=718152
  [ 5 ] Bug #723429 - CVE-2011-2699 kernel: ipv6: make fragment
identifications less predictable
        https://bugzilla.redhat.com/show_bug.cgi?id=723429
  [ 6 ] Bug #698057 - CVE-2011-1598 CVE-2011-1748 kernel: missing check in
can/bcm and can/raw socket releases
        https://bugzilla.redhat.com/show_bug.cgi?id=698057
  [ 7 ] Bug #714536 - CVE-2011-2213 kernel: inet_diag: insufficient
validation
        https://bugzilla.redhat.com/show_bug.cgi?id=714536
  [ 8 ] Bug #715436 - CVE-2011-2484 kernel: taskstats: duplicate entries in
listener mode can lead to DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=715436
  [ 9 ] Bug #710338 - CVE-2011-2183 kernel: ksm: race between ksmd and
exiting task
        https://bugzilla.redhat.com/show_bug.cgi?id=710338
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
 
CD: 4ms