—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
CVE-2011-1161 – Schwachstelle im Linux Kernel (TPM)
Im Kernel wird bei einem Aufruf der Funktion tpm_transmit eine feste
Groesse fuer einen Puffer verwendet. Einem lokalen Angreifer ist es
dadurch moeglich, den Speicher zu korrumpieren, falls der uebergebene
Puffer groesser ist als TPM_BUFSIZE.
CVE-2011-3191 – Schwachstelle im CIFS-Kernelmodul
Im CIFS-Kernelmodul wird in der Funktion CIFSFindNext() die Variable
name_len als vorzeichenbehafteter Integer deklariert und in der
Datenstruktur cifs_search_info als Variable result_name_len als
vorzeichenfreier Integer uebernommen. Sendet der CIFS-Server einen hohen
Wert, so kann ein Ueberlauf auftreten, sodass die Variable
result_name_len eine negative, ganze Zahl erhaelt. Nun wird bei einem
memcpy() result_name_len verwendet, wodurch die falschen
Speicherbereiche ueberschrieben werden. Ein entfernter Angreifer kann
dies ausnutzen, um mithilfe eines praeparierten CIFS-Server verbundene
Clients zum Absturz zu bringen.
CVE-2011-1162 – Schwachstelle im Linux Kernel (TPM)
Die Implementierung von TPM im Linux Kernel setzt nicht die Werte in
einem Puffer zurueck, nachdem dieser in den “userspace”-Bereich kopiert
wurde. Dadurch ist es anderen Treibern und Komponenten schlimmstenfalls
moeglich, die sensiblen Informationen aus diesem Puffer auszulesen.
CVE-2011-2905 – Schwachstelle im Linux Kernel
Bei der Verarbeitung von Konfigurationsdateien durch das Programm “perf”
wird keine vollstaendige Ueberpruefung der Syntax der Datei vorgenommen.
Gelingt es einem lokalen Angreifer einen Nutzer dazu zu bringen, das
Programm in einem Verzeichnis aufzurufen in dem eine manipulierte
Konfigurationsdatei liegt, kann er schlimmstenfalls beliebige Befehle
zur Ausfuehrung bringen.
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket kernel
Fedora 15
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Timo Schulz
– —
Timo Schulz, M.Sc. (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen: https://www.cert.dfn.de/autowarn
– ——————————————————————————–
Fedora Update Notification
FEDORA-2011-13809
2011-10-05 03:12:12
– ——————————————————————————–
Name : kernel
Product : Fedora 15
Version : 2.6.40.6
Release : 0.fc15
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
– ——————————————————————————–
Update Information:
Update to the latest stable 3.0.6 kernel release.
This includes fixes for CVEs 2011-1161, 2011-1162, and 2011-3191
– ——————————————————————————–
ChangeLog:
* Mon Oct 3 2011 Josh Boyer
– – Linux 3.0.6 stable release
* Mon Oct 3 2011 Josh Boyer
– – Add patch to fix PIE execution when ASLR is disabled at runtime (rhbz 708563)
* Thu Sep 29 2011 Josh Boyer
– – Backport two upstream patches to fix rhbz 700718
* Wed Sep 28 2011 Josh Boyer
– – Backport upstream block patch to try and fix a number of oopses we’re seeing
with USB drive removals
– – Update usb-add-quirk-for-logitech-webcams.patch (rhbz 742010)
* Tue Sep 27 2011 Josh Boyer
– – Backport support for Samsung n150 class machines (rhbz 496975)
* Mon Sep 26 2011 Chuck Ebbert
– – Fix breakage of Apple MagicMouse/Trackpad (rhbz #714381)
* Fri Sep 23 2011 Josh Boyer
– – Add patch to fix 1 second delay from MD driver during shutdown (rhbz 740645)
– – CVE-2011-1161 CVE-2011-1162: tpm: infoleaks
* Thu Sep 22 2011 Dennis Gilmore
– – build a vmlinux image on sparc64
* Thu Sep 15 2011 Josh Boyer
– – CVE-2011-3191: cifs: fix possible memory corruption in CIFSFindNext
* Wed Sep 7 2011 Josh Boyer
– – Add patch to fix oops when linking entities in ucvideo (rhbz 735437)
* Wed Aug 31 2011 Dave Jones
– – Reinstate some conflicts: that disappeared during the rebase (rhbz 710646)
* Tue Aug 30 2011 Josh Boyer
– – Fix kconfig error in patch for rhbz 606017
* Tue Aug 30 2011 Chuck Ebbert
– – Fix unsafe pointer access in sendmsg/sendmmsg
* Tue Aug 30 2011 Josh Boyer
– – Add patch to fix rhbz 606017
* Mon Aug 29 2011 Chuck Ebbert
– – Linux 3.0.4
* Sat Aug 27 2011 Dave Jones
– – Fix get_gate_vma usage in 32bit NX emulation.
* Fri Aug 26 2011 Chuck Ebbert
– – Add fixes for cifs mount oopses (rhbz#727927 rhbz#731278 rhbz#732934)
* Thu Aug 25 2011 Chuck Ebbert
– – Reduce severity of host bridge window conflict warnings (rhbz#729652)
* Thu Aug 25 2011 Chuck Ebbert
– – Add patches queued for 3.0.4
– – Comment out xen-blkfront-name-adjust.patch, now queued for -stable
* Thu Aug 25 2011 Chuck Ebbert
– – VFS: Fix automount for negative autofs dentries (rhbz#719607)
* Thu Aug 25 2011 Ben Skeggs
– – nouveau: add patch fixing ttm issues that lead to oopses/corruption (rhbz#699551)
* Wed Aug 24 2011 Chuck Ebbert
– – Automate the kernel version faking.
* Tue Aug 23 2011 Ben Skeggs
– – nouveau: pull patches from 3.1 to fix some suspend/hibernate problems (rhbz#730582)
* Mon Aug 22 2011 Dave Jones
– – Revert ‘iwlwifi: advertise max aggregate size’. (rhbz 708747)
* Mon Aug 22 2011 Chuck Ebbert
– – Update to 3.0.3-final
* Mon Aug 22 2011 Dave Jones
– – Avoid false quiescent states in rcutree with CONFIG_RCU_FAST_NO_HZ. (rhbz 577968)
* Fri Aug 19 2011 Josh Boyer
– – Add patch to fix race between cryptd and aesni (rhbz 721002)
* Wed Aug 17 2011 Dennis Gilmore
– – add patch to correctly initialise usb on trimslice systems
– – build in usb-storage on tegra, internal ssd on trimslice is connected to usb
* Tue Aug 16 2011 Dennis Gilmore
– – add patch to work around gcc bug on arm
* Mon Aug 15 2011 Dave Jones
– – Apply patches from 3.0.3-rc1
* Mon Aug 15 2011 Dave Jones
– – Apply patches from 3.0.2
* Mon Aug 15 2011 Dave Jones
– – CVE-2011-2905 perf tools may parse user-controlled config file. (rhbz 729809)
* Sat Aug 13 2011 Dave Jones
– – Apply patches from 3.0.2rc1
* Thu Aug 11 2011 Dennis Gilmore
– – add config for arm tegra devices
– – setup kernel to build omap image (patch from David Marlin)
– – setup kernel to build tegra image based on omap work
– – add arm device tree patches
* Thu Aug 11 2011 Josh Boyer
– – Add munged together patch for rhbz 729269
* Thu Aug 11 2011 Dave Jones
– – Fix Xen blk device naming (rhbz 729340)
* Tue Aug 9 2011 Josh Boyer
– – Add Makefile.config and ARM config changes from David Marlin
* Tue Aug 9 2011 Dave Jones
– – ptrace_report_syscall: check if TIF_SYSCALL_EMU is defined
* Tue Aug 9 2011 Dave Jones
– – Enable CONFIG_SAMSUNG_LAPTOP (rhbz 729363)
* Tue Aug 9 2011 Dave Jones
– – Fix stray block put after queue teardown (rhbz 728872)
* Sun Aug 7 2011 Dave Jones
– – Utrace fixes. (rhbz 728379)
* Fri Aug 5 2011 Dave Jones
– – Revert f16-only change that made IPV6 built-in.
* Fri Aug 5 2011 Dave Jones
– – Final 3.0.1 diff.
* Thu Aug 4 2011 Dave Jones
– – Drop neuter_intel_microcode_load.patch (rhbz 690930)
* Wed Aug 3 2011 Dave Jones
– – iwlagn: check for !priv->txq in iwlagn_wait_tx_queue_empty (rhbz 728044)
* Wed Aug 3 2011 Dave Jones
– – Apply patches from patch-3.0.1-rc1
* Wed Aug 3 2011 John W. Linville
* Wed Aug 3 2011 Josh Boyer
– – rt2x00: Add device ID for RT539F device. (rhbz 720594)
– – Add patch to fix backtrace in cdc_ncm driver (rhbz 720128)
– – Add patch to fix backtrace in usm-realtek driver (rhbz 720054)
* Tue Aug 2 2011 Josh Boyer
– – Fix epoll recursive lockdep warnings (rhbz 722472)
* Tue Aug 2 2011 Josh Boyer
– – Add patch to fix HFSPlus filesystem mounting (rhbz 720771)
* Tue Aug 2 2011 Dave Jones
– – Change USB_SERIAL_OPTION back to modular. (rhbz 727680)
* Tue Aug 2 2011 Josh Boyer
– – Add change from Yanko Kaneti to get the rt2x00 drivers in modules.networking
(rhbz 708314)
* Fri Jul 29 2011 Dave Jones
– – Re-add utrace, which got accidentally dropped during the rebase.
* Thu Jul 28 2011 Dave Jones
– – Fix module-init-tools conflict:
* Thu Jul 28 2011 Dave Jones
– – fix crash in scsi_dispatch_cmd()
* Thu Jul 28 2011 Dave Jones
– – Turn off debugging options. (make release)
* Tue Jul 26 2011 Dave Jones
– – Rebase to final 3.0 (munge to 2.6.40-0)
* Thu Jun 30 2011 Kyle McMartin
– – More than meets the eye, it’s Linux 3.0-rc5 in disguise.
* Mon Jun 27 2011 Dave Jones
– – Disable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, as this also disables FIPS (rhbz 716942)
* Thu Jun 23 2011 Kyle McMartin
– – Linux 3.0-rc4-git3
– – Drop linux-3.0-fix-uts-release.patch, and instead just perl the Makefile
– – linux-2.6-silence-noise.patch: fix context
– – iwlagn-fix-dma-direction.patch: fix DMAR errors (for me at least)
* Wed Jun 22 2011 Kyle McMartin
– – Re-enable debuginfo generation. Thanks to Richard Jones for noticing… no
wonder builds had been so quick lately.
* Tue Jun 21 2011 Kyle McMartin
– – Linux 3.0-rc4 (getting closer…)
* Fri Jun 17 2011 Kyle McMartin
– – Update to 3.0-rc3-git6
* Fri Jun 17 2011 Dave Jones
– – drop qcserial ‘compile fix’ that was just duplicating an include.
– – drop struct sizeof debug patch. (no real value. not upstreamable)
– – drop linux-2.6-debug-always-inline-kzalloc.patch.
Can’t recall why this was added. Can easily re-add if deemed necessary.
* Fri Jun 17 2011 Kyle McMartin
– – linux-2.6-defaults-pci_no_msi.patch: drop, haven’t toggled the default
in many moons.
– – linux-2.6-defaults-pci_use_crs.patch: ditto.
– – linux-2.6-selinux-mprotect-checks.patch: upstream a while ago.
– – drm-i915-gen4-has-non-power-of-two-strides.patch: drop buggy bugfix
– – drop some more unapplied crud.
– – We haven’t applied firewire patches in a dogs age.
* Fri Jun 17 2011 Kyle McMartin
– – Try updating to a git snapshot for the first time in 3.0-rc,
update to 3.0-rc3-git5
– – Fix a subtle bug I introduced in 3.0-rc1, “patch-3.” is 9 letters, not 10.
* Thu Jun 16 2011 Kyle McMartin
– – Disable mm patches which had been submitted against 2.6.39, as Rik reports
they seem to aggravate a VM_BUG_ON. More investigation is necessary.
* Wed Jun 15 2011 Kyle McMartin
– – Conflict with pre-3.2.1-5 versions of mdadm. (#710646)
* Wed Jun 15 2011 Kyle McMartin
– – Build in aesni-intel on i686 for symmetry with 64-bit.
* Tue Jun 14 2011 Kyle McMartin
– – Fix libdm conflict (whose bright idea was it to give subpackages differing
version numbers?)
* Tue Jun 14 2011 Kyle McMartin
– – Update to 3.0-rc3, add another conflicts to deal with 2 digit
versions (libdm.)
– – Simplify linux-3.0-fix-uts-release.patch now that SUBLEVEL is optional.
– – revert-ftrace-remove-unnecessary-disabling-of-irqs.patch: drop upstreamed
patch.
– – drm-intel-eeebox-eb1007-quirk.patch: ditto.
– – ath5k-disable-fast-channel-switching-by-default.patch: ditto.
* Thu Jun 9 2011 Kyle McMartin
– – ath5k-disable-fast-channel-switching-by-default.patch (rhbz#709122)
(korgbz#34992) [a99168ee in wireless-next]
* Thu Jun 9 2011 Kyle McMartin
– – rhbz#710921: revert-ftrace-remove-unnecessary-disabling-of-irqs.patch
* Wed Jun 8 2011 Kyle McMartin
– – Update to 3.0-rc2, rebase utsname fix.
– – Build IPv6 into the kernel for a variety of reasons
(http://lists.fedoraproject.org/pipermail/kernel/2011-June/003105.html)
* Mon Jun 6 2011 Kyle McMartin
– – Conflict with module-init-tools older than 3.13 to ensure the
3.0 transition is handled correctly.
* Wed Jun 1 2011 Kyle McMartin
– – Fix utsname for 3.0-rc1
* Mon May 30 2011 Kyle McMartin
– – Linux 3.0-rc1 (won’t build until module-init-tools gets an update.)
* Mon May 30 2011 Kyle McMartin
– – Trimmed changelog, see fedpkg git for earlier history.
– ——————————————————————————–
References:
[ 1 ] Bug #708563 – 2.6.38.6-27.fc15.x86_64 kernel doesn’t work with PIE when ASLR is disabled
https://bugzilla.redhat.com/show_bug.cgi?id=708563
[ 2 ] Bug #700718 – [abrt] kernel: WARNING: at arch/x86/kernel/dumpstack_64.c:129 dump_trace+0x2b9/0x305()
https://bugzilla.redhat.com/show_bug.cgi?id=700718
[ 3 ] Bug #742010 – Logitech WebCam C300 microphone produces squeaky “chipmunk” audio
https://bugzilla.redhat.com/show_bug.cgi?id=742010
[ 4 ] Bug #496975 – gnome-power-manager: “Cannot get laptop panel brightness”
https://bugzilla.redhat.com/show_bug.cgi?id=496975
[ 5 ] Bug #714381 – Kernel 2.6.38.8 breaks Apple Magic Mouse and Trackpad
https://bugzilla.redhat.com/show_bug.cgi?id=714381
[ 6 ] Bug #740645 – md driver imposes an unconditional 1 second sleep in the shutdown path
https://bugzilla.redhat.com/show_bug.cgi?id=740645
[ 7 ] Bug #735437 – Kernel stops working since version 2.6.40-x | kernel BUG at drivers/media/media-entity.c:346!
https://bugzilla.redhat.com/show_bug.cgi?id=735437
[ 8 ] Bug #710646 – raid 10 PV not being assembled within dracut
https://bugzilla.redhat.com/show_bug.cgi?id=710646
[ 9 ] Bug #708777 – Using USB hard drive WDBAAA500ASL (My Passport) the O.S. freezes when “Safely remove drive” is selected.
https://bugzilla.redhat.com/show_bug.cgi?id=708777
– ——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update kernel’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
– ——————————————————————————–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)
iQEcBAEBAgAGBQJOjZojAAoJEJtyb8U7iGZBnWcH/jIuTcRFuNuW5Hbf38uxH86N
85VJx9sgausQvjdmc2GyjD0Jm6YRF+OaCGhdTxIkQ2+oZMwfXCnq/pNcAL4s6kuP
tQAdG6GxJJy2TY6dSK7my+ztX+Qnvz+dESbfAhRbITjgFO4UU5aJVee5gDFy7mTG
Wgyr6TIhdnHMO52Krjihn6Bf6KcStE9UHxxmMj6F72rh/+sZtO+Yjav7OJffbJ2m
eHFy5mZxANblzm3Z5x4XvcRSmpgWulxTjHXl3xhHKuTAqGGWNKyt6fYVBJwUZqVt
RiRoofpkVVk0JySqlnGJR/gQ9qFq/I1jgk6fEm2pC6s1gqbkg0GcojvXxhN6IAc=
=vDVG
—–END PGP SIGNATURE—–
