Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 14 Update: kernel-2.6.35.14-103.fc14
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Friday 4th November 2011 20:29:13 UTC (over 5 years ago)
---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-15241
2011-11-02 06:37:26
---------------------------------------------------------------------------=
-----

Name        : kernel
Product     : Fedora 14
Version     : 2.6.35.14
Release     : 103.fc14
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

---------------------------------------------------------------------------=
-----
Update Information:

Security update for various issues.
---------------------------------------------------------------------------=
-----
ChangeLog:

* Thu Oct 27 2011 Josh Boyer <[email protected]> 2.6.35.14-103
- Fix backport of xfs patch
- CVE-2011-4081 crypto: ghash: null pointer deref if no key is set (rhbz
74=
9484)
* Wed Oct 26 2011 Josh Boyer <[email protected]>
- CVE-2011-4077: Add patch to fix XFS memory corruption (rhbz 749166)
* Tue Oct 25 2011 Josh Boyer <[email protected]>
- CVE-2011-1083: excessive in kernel CPU consumption when creating large
ne=
sted epoll structures (rhbz 748668)
* Tue Oct 25 2011 Chuck Ebbert 
- Fix NULL dereference in udp6_ufo_fragment(), caused by
  fix for CVE-2011-2699.
* Fri Oct 21 2011 Dave Jones  2.6.35.14-100
- Lower severity of Radeon lockup messages.
* Thu Oct 20 2011 Josh Boyer <[email protected]>
- Add fix for ext4 BUG_ON backtrace (rhbz 747948)
* Wed Oct 19 2011 Dave Jones 
- Add Sony VGN-FW21E to nonvs blacklist. (rhbz 641789)
* Fri Oct 14 2011 Josh Boyer <[email protected]>
- Add patches to fix RHBZ #663186
* Tue Oct 11 2011 Dave Jones 
- acer-wmi: Fix capitalisation of GUID in module alias (rhbz 661322)
* Tue Oct 11 2011 Dave Jones 
- usb-wwan: implement TIOCGSERIAL and TIOCSSERIAL to avoid blocking
close(2=
) (rhbz 725724)
* Fri Sep 23 2011 Josh Boyer <[email protected]> 2.6.35.14-98
- CVE-2011-1161 CVE-2011-1161: tpm: infoleaks
* Tue Sep 20 2011 Josh Boyer <[email protected]>
- CVE-2011-3353: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
* Fri Sep 16 2011 Josh Boyer <[email protected]> 2.6.35.14-97
- CVE-2011-2918: perf: Fix software event overflow
- CVE-2011-3188: net: improve sequence number generation
* Thu Sep 15 2011 Josh Boyer <[email protected]>
- CVE-2011-2723: gro: Only reset frag0 when skb can be pulled
- CVE-2011-2928: befs: Validate length of long symbolic links
- CVE-2011-3191: cifs: fix possible memory corruption in CIFSFindNext
- CVE-2011-1833: ecryptfs: mount source TOCTOU race
* Mon Sep 12 2011 Josh Boyer <[email protected]>
- Backport 5336377d to fix RHBZ #648571
* Wed Aug 31 2011 Josh Boyer <[email protected]> 2.6.35.14-96
- Add patch to fix RHBZ #665109
* Mon Aug 29 2011 Josh Boyer <[email protected]>
- Add fix from Oleg Nesterov for RHBZ #573210
- Add patch for RHBZ #672056
* Wed Aug 24 2011 Chuck Ebbert 
- Add fix for RHBZ #699684: System freeze with 2.6.35.12-*.fc14.i686.PAE
* Mon Aug 22 2011 Dave Jones 
- Avoid false quiescent states in rcutree with CONFIG_RCU_FAST_NO_HZ.
(rhbz=
 577968)
* Mon Aug 15 2011 Chuck Ebbert  2.6.35.14-95
- CVE-2011-2905: perf tools: may parse user-controlled configuration file
- CVE-2011-2695: ext4: kernel panic when writing data to the last block of
=
sparse file
- CVE-2011-2497: bluetooth: buffer overflow in l2cap config request
- CVE-2011-2517: nl80211: missing check for valid SSID size in scan
operati=
ons
- CVE-2011-2699: ipv6: make fragment identifications less predictable
* Wed Aug  3 2011 Chuck Ebbert  2.6.35.14-94
- Linux 2.6.35.14
- Drop merged patches:
    flexcop-fix-xlate_proc_name-warning.patch
    btusb-macbookpro-6-2.patch
    btusb-macbookpro-7-1.patch
    fix-i8k-inline-asm.patch
    virtio_net-add-schedule-check-to-napi_enable-call.patch
    agp-fix-arbitrary-kernel-memory-writes.patch
    agp-fix-oom-and-buffer-overflow.patch
    scsi-mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch
    x86-amd-arat-bug-on-sempron-workaround.patch
    x86-amd-fix-arat-feature-setting-again.patch
    cifs-add-fallback-in-is_path_accessible-for-old-servers.patch
    dccp-handle-invalid-feature-options-length.patch
* Mon Jun 20 2011 Kyle McMartin  2.6.35.13-93
- [sgruszka@] iwlwifi: fix general 11n instability (#648732,#666646)
* Fri May 20 2011 Chuck Ebbert  2.6.35.13-92
- Add the rest of the fix for bug #704059
- dccp: handle invalid feature options length (CVE-2011-1770)
- Fix address wrapping in stack expansion code.
* Wed May 18 2011 Chuck Ebbert 
- Fix cifs bug in 2.6.35.13 with old Windows servers (#704125)
- Revert broken fixes for #704059, add proper partial fix.
* Fri May 13 2011 Kyle McMartin 
- [fabbione@] Fix a deadlock when using hp_sw with an HP san.
  (7a1e9d82 upstream)
* Thu May 12 2011 Chuck Ebbert 
- Fix stalls on AMD machines with C1E caused by 2.6.35.13 (#704059)
* Tue May  3 2011 Chuck Ebbert  2.6.35.13-91
- [SCSI] mpt2sas: prevent heap overflows and unchecked reads
  (CVE-2011-1494, CVE-2011-1495)
- agp: fix arbitrary kernel memory writes (CVE-2011-1745)
- agp: fix OOM and buffer overflow (CVE-2011-1746)
- Fix credentials leakage regression (#700637)
* Fri Apr 29 2011 Chuck Ebbert 
- Linux 2.6.35.13
* Fri Apr 22 2011 Kyle McMartin  2.6.35.12-90
- iwlagn-support-new-5000-microcode.patch: stable submission patch from
  sgruszka to support newer microcode versions with the iwl5000 hardware.
* Wed Apr 20 2011 Chuck Ebbert  2.6.35.12-89
- Revert TPM patches from -stable (c4ff4b829, 9b29050f8) that caused
  timeouts and suspend failures (#695953)
- Revert extra fix for credentials leak (#683568)
* Thu Mar 31 2011 Kyle McMartin  2.6.35.12-88
- Update to longterm 2.6.35.12, drop upstream patches.
* Wed Mar 23 2011 Kyle McMartin 
- Backport 3e9d08e: "virtio_net: Add schedule check to napi_enable call"
* Wed Mar 23 2011 Ben Skeggs  2.6.35.11-87
- nouveau: fix s/r on some boards (f14 port of #688569)
* Wed Mar 16 2011 Kyle McMartin  2.6.35.11-86
- Fix a regression in cfg80211 ht40 support from 2.6.35, patch from
  Mark Mentovai and Stanislaw Gruszka. Thanks!
* Tue Mar  1 2011 Jarod Wilson <[email protected]> 2.6.35.11-85
- Fix IR wakeup on nuvoton-cir-driven hardware
- Make mceusb only bind to the IR interface on Realtek multifuction thingy
- Kill the crappy old lirc_it* drivers, add new ite_cir driver
- Fix HVR-1950 (and possibly other) device bring-up (#680450)
* Mon Feb 28 2011 Chuck Ebbert 
- Fix stuck bits in md bitmaps (#680791)
* Thu Feb 24 2011 Chuck Ebbert 
- iwl3945-remove-plcp-check.patch: fix slow speed on some iwl3945
  (#654599)
- Copy fix for bonding error message from F13 (#604630)
* Wed Feb 16 2011 Chuck Ebbert 
- Add support for additional Logitech Rumblepad model (#676577)
* Sat Feb 12 2011 Chuck Ebbert 
- Fix 32-bit guest hang on 32-bit PAE host (#677167)
* Sat Feb 12 2011 Chuck Ebbert 
- bridge: Fix mglist corruption that leads to memory corruption
(F13#650151)
* Fri Feb 11 2011 Matthew Garrett  2.6.35.11-84
- linux-2.6-acpi-fix-alias.patch: Fix ACPI object aliasing (#608648)
* Sun Feb  6 2011 Chuck Ebbert   2.6.35.11-83
- Linux 2.6.35.11
* Tue Feb  1 2011 Chuck Ebbert   2.6.35.11-82.rc1
- Linux 2.6.35.11-rc1
- Revert patches we already have in the big v4l update:
    gspca-sonixj-add-a-flag-in-the-driver_info-table.patch
    gspca-sonixj-set-the-flag-for-some-devices.patch
- Comment out patches merged upstream:
    sched-cure-more-NO_HZ-load-average-woes.patch
    posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
    mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
* Sun Jan 30 2011 Chuck Ebbert 
- Fix oops in sunrpc code (#673207)
* Tue Jan 25 2011 Jarod Wilson <[email protected]> 2.6.35.10-81
- Further improvements to ir-kbd-i2c when used with zilog chips
- Finally hopefully fix annoying mceusb keybounce issue
* Wed Jan 19 2011 Jarod Wilson <[email protected]> 2.6.35.10-80
- Make lirc_zilog behave correctly with hdpvr again, and for the first
  time ever, with pvrusb2-driven HVR-1950 (#635045)
- Call dib0700 rc bug whacked (#667157)
- Call saa7134-based i2c IR registration bug whacked (#665870)
* Tue Jan 18 2011 Jarod Wilson <[email protected]> 2.6.35.10-79
- Generally, its a good idea to actually apply the patches you were
  intending to include in the build, and enable their Kconfig options
* Tue Jan 18 2011 Kyle McMartin 
- sgruszka: hostap_cs: fix sleeping function called in invalid
  context (#643758)
* Tue Jan 18 2011 Jarod Wilson <[email protected]> 2.6.35.10-78
- Rebase v4l/dvb/rc bits to 2.6.38-rc1 code
- Fix lirc_serial transmit (#658600)
* Sun Jan 16 2011 Chuck Ebbert 
- Fix wrong file allocation size in btrfs (#669511)
* Mon Jan 10 2011 Jarod Wilson <[email protected]> 2.6.35.10-77
- Add support for local rebuild config option overrides
- Add missing --with/--without pae build flag support
- Restore imon mce default proto modparam, since ir-keytable currently
  won't work with the 2.6.35.x input layer ioctls
- mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka,
#=
667459)
* Mon Jan 10 2011 Chuck Ebbert 
- CVE-2010-4668: kernel panic with 0-length IOV
* Thu Jan  6 2011 Chuck Ebbert 
- Fix failure to get link with e1000e model 82576DC (#652744)
* Wed Jan  5 2011 Jarod Wilson <[email protected]> 2.6.35.10-76
- Restore functional audio on PVR-150 video capture cards (#666456)
- Fix another mceusb regression cropping up mostly with rc5 signals
(#66207=
1)
- Add back some ir-lirc-codec debug spew
* Thu Dec 30 2010 Jarod Wilson <[email protected]> 2.6.35.10-75
- Fix imon 0xffdc device detection and oops on probe
* Thu Dec 23 2010 Matthew Garrett  2.6.35.10-74
- Backport the ACPI battery notification patch (#656738)
* Wed Dec 22 2010 Kyle McMartin  2.6.35.10-73
- Fix ene_ir bugs (jumping off a null dev->rdev pointer) (#664145)
* Mon Dec 20 2010 Kyle McMartin  2.6.35.10-72
- Backport some of the radeon r600_cs.c fixes between .35 and master.
(#664=
206)
* Mon Dec 20 2010 Jarod Wilson <[email protected]> 2.6.35.10-71
- Restore v4l/dvb/rc rebase, now with prospective fixes for the bttv and
  ene_ir issues that showed up in -67 and -68
* Sun Dec 19 2010 Kyle McMartin  2.6.35.10-70
- Revert Jarod's v4l-dvb-ir rebase, due to several issues reported against
  the 2.6.35.10-68 update.
  https://admin.fedoraproject.org/updates/kernel-2.6.35.10-68.fc14
* Sat Dec 18 2010 Kyle McMartin 
- Patch from nhorman against f13:
  Enhance AF_PACKET to allow non-contiguous buffer alloc (#637619)
* Sat Dec 18 2010 Kyle McMartin 
- Fix SELinux issues with NFS/btrfs and/or xfsdump. (#662344)
* Thu Dec 16 2010 Jarod Wilson <[email protected]> 2.6.35.10-68
- Additional mceusb updates just sent upstream, hopefully to fix
  keybounce/excessive buffering issues
* Wed Dec 15 2010 Jarod Wilson <[email protected]> 2.6.35.10-67
- Rebase v4l/dvb/rc code to latest upstream, should fix a fair
  number of ir/rc-related issues, including bugzilla #662071
* Wed Dec 15 2010 Chuck Ebbert 
- Linux 2.6.35.10
- Remove merged patches and fix up conflicts:
   drm-polling-fixes.patch
   linux-2.6-v4l-dvb-hdpvr-updates.patch
   kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch
- Drop merged patches:
   linux-2.6-rcu-sched-warning.patch
   pnpacpi-cope-with-invalid-device-ids.patch
   ipc-zero-struct-memory-for-compat-fns.patch
   ipc-shm-fix-information-leak-to-user.patch
   r8169-01-fix-rx-checksum-offload.patch
   r8169-02-_re_init-phy-on-resume.patch
   r8169-03-fix-broken-checksum-for-invalid-sctp_igmp-packets.patch
   hda_realtek-handle-unset-external-amp-bits.patch
* Fri Dec 10 2010 Kyle McMartin 
- pci-disable-aspm-if-bios-asks-us-to.patch: Patch from mjg59 to disable
  ASPM if the BIOS has disabled it, but enabled it already on some devices.
* Fri Dec 10 2010 Kyle McMartin 
- Fix some issues mounting btrfs devices with subvolumes (#656465)
* Fri Dec 10 2010 Kyle McMartin 
- Fix jbd2 warnings when using quotas. (#578674)
* Thu Dec  9 2010 Kyle McMartin 
- Snarf patch from wireless-next to fix mdomsch's orinico wifi.
  (orinoco: initialise priv->hw before assigning the interrupt)
  [229bd792]
* Thu Dec  9 2010 Kyle McMartin 
- Copy tpm-fix-stall-on-boot.patch from rawhide tree. (#530393)
* Thu Dec  9 2010 Chuck Ebbert   2.6.35.9-65
- Require newt-devel for building perf, to enable the perf TUI (#661180)
* Wed Dec  8 2010 Kyle McMartin 
- sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints
  in 2.6.35+ about load average with dynticks. (rhbz#650934)
* Sat Dec  4 2010 Kyle McMartin 
- Enable C++ symbol demangling with perf by linking against libiberty.a,
  which is LGPL2.
* Fri Dec  3 2010 Kyle McMartin  2.6.35.9-64
- Enable hpilo.ko on x86_64 (#571329)
* Thu Dec  2 2010 Kyle McMartin 
- Grab some of Mel's fixes from -mmotm to hopefully sort out #649694.
* Mon Nov 29 2010 Kyle McMartin 
- PNP: log PNP resources, as we do for PCI [c1f3f281]
  should help us debug resource conflicts (requested by bjorn.)
* Mon Nov 29 2010 Kyle McMartin 
- drm/ttm: Fix two race conditions + fix busy codepaths [1df6a2eb]
(#615505)
* Fri Nov 26 2010 Kyle McMartin 
- Quiet a build warning the previous INET_DIAG fix caused.
* Fri Nov 26 2010 Kyle McMartin 
- Plug stack leaks in tty/serial drivers. (#648663, #648660)
* Fri Nov 26 2010 Kyle McMartin 
- r8169 fixes from [email protected] (#502974)
- hda/realtek: handle unset external amp bits (#657388)
* Wed Nov 24 2010 John W. Linville 
- rtl8180: improve signal reporting for rtl8185 hardware
- rtl8180: improve signal reporting for actual rtl8180 hardware
* Tue Nov 23 2010 Kyle McMartin 
- zero struct memory in ipc compat (CVE-2010-4073) (#648658)
- zero struct memory in ipc shm (CVE-2010-4072) (#648656)
- fix logic error in INET_DIAG bytecode auditing (CVE-2010-3880) (#651264)
- posix-cpu-timers: workaround to suppress the problems with mt exec
  (rhbz#656264)
* Tue Nov 23 2010 Kyle McMartin 
- fix-i8k-inline-asm.patch: backport gcc miscompilation fix from git
  [22d3243d, 6b4e81db] (rhbz#647677)
* Mon Nov 22 2010 Jarod Wilson <[email protected]> 2.6.35.9-62
- Linux 2.6.35.9
- IR driver fixes from upstream
  * fix keybounce/buffer parsing oddness w/mceusb
  * properly wire up sysfs entries for mceusb and streamzap
  * fix repeat w/streamzap
  * misc lirc_dev fixes
* Sat Nov 20 2010 Chuck Ebbert  2.6.35.9-61.rc1
- Linux 2.6.35.9-rc1
- Comment out upstreamed patches:
  kvm-fix-regression-with-cmpxchg8b-on-i386-hosts.patch
* Fri Nov 19 2010 Ben Skeggs  2.6.35.8-60
- nouveau: add quirk for iMac G4 (rhbz#505161)
- nouveau: add workaround for display hang on GF8+ (rhbz#537065)
- nouveau: don't reject 3D object creation on NVAF (MBA3)
* Mon Nov 15 2010 Kyle McMartin 
- rhbz#651019: pull in support for MBA3.
* Thu Nov 11 2010 [email protected] - 2.6.35.8-55
- drm: fix EDID issues
* Wed Nov 10 2010 Justin M. Forbes <[email protected]> 2.6.35.8-54
- fix regression with cmpxchg8b on i386 hosts (rhbz#650215)
* Wed Nov 10 2010 Jarod Wilson <[email protected]> 2.6.35.8-53
- Linux 2.6.35.8
- Drop patches upstreamed in 2.6.35.8
- More ir-core and lirc updates
- HD-PVR driver updates
* Tue Nov  9 2010 Dave Airlie  - 2.6.35.6-52
- add i915 polling s/r patch
* Mon Nov  8 2010 Dave Airlie  - 2.6.35.6-51
- Backport polling fixes + radeon hang fixes from upstream
* Tue Nov  2 2010 Ben Skeggs  2.6.35.6-50
- nouveau: add potential workaround for NV86 hardware quirk
- fix issue that occurs in certain dual-head configurations (rhbz#641524)
* Sat Oct 23 2010 Jarod Wilson <[email protected]> 2.6.35.6-49
- Fix brown paper bag bug in imon driver
* Fri Oct 22 2010 Chuck Ebbert  2.6.35.6-48
- drm-i915-sanity-check-pread-pwrite.patch;
   fix CVE-2010-2962, arbitrary kernel memory write via i915 GEM ioctl
- kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch;
   fix CVE-2010-3698, kvm: invalid selector in fs/gs causes kernel panic
- v4l1-fix-32-bit-compat-microcode-loading-translation.patch;
   fixes CVE-2010-2963, v4l: VIDIOCSMICROCODE arbitrary write
* Fri Oct 22 2010 Kyle McMartin  2.6.35.6-47
- tpm-autodetect-itpm-devices.patch: Auto-fix TPM issues on various
  laptops which prevented suspend/resume.
- depessimize-rds_copy_page_user.patch: Fix CVE-2010-3904, local
  privilege escalation via RDS protocol.
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #749484 - CVE-2011-4081 kernel: crypto: ghash: null pointer
der=
ef if no key is set [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=3D749484
  [ 2 ] Bug #748668 - CVE-2011-1083 kernel: excessive in kernel CPU
consump=
tion when creating large nested epoll structures [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=3D748668
  [ 3 ] Bug #749166 - CVE-2011-4077 kernel: xfs: potential buffer overflow
=
in xfs_readlink() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=3D749166
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 5ms