—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
CVE-2009-3290 – Schwachstelle in der KVM Funktion
kvm_emulate_hypercall()
Die Funktion kvm_emulate_hypercall() in der Kernel-based Virtual
Machine (KVM) des Linux Kernel auf x86 Systemen verhindert Zugriffe
auf MMU Hypercalls aus dem Gastbetriebssystem nicht. Lokale Angreifer
koennen diese Schwachstelle ausnutzen, um einen Absturz des
Gastbetriebssystems auszuloesen (Denial of Service) oder Lese- und
Schreibzugriffe auf nicht naeher spezifizierte ‘zufaellige’
Speicherbereiche des Gastkernels durchzufuehren.
CVE-2009-2903 – Schwachstelle in der AppleTalk unterstuetzung des Linux
Kernels
Das AppleTalk Subsystem des Linux-Kernels enthaelt ein Speicherleck.
Das Leck tritt auf, wenn das AppleTalk-Kernelmodul sowie das von
diesem verwendete Modul zur Unterstuetzung des Data Delivery Protocols
(DDP) geladen sind, ohne das bestimmte Virtuelle Devices initialisiert
worden sind. Ein Angreifer kann diese Schwachstelle fuer
Denial-Of-Service Angriffe ausnutzen.
CVE-2009-2847 – Linux Kernelfunktion do_sigaltstack() saeubert Padding
Daten nicht
Auf 64-Bit Architekturen enthaelt die Datenstruktur des Signal Stacks
einige Padding Bytes. Diese werden von der Linux Kernelfunktion
do_sigaltstack() nicht geloescht, wenn die Datenstruktur nach dem
Aufruf an den Benutzer zurueckgegeben wird. Lokale Angreifer koennen
dadurch einen Teil des Kernel Speicherbereichs auslesen und so an
evtl. vertrauliche Informationen gelangen.
CVE-2009-3612 – Nicht initialisierter Speicher in der Linux
Kernelfunktion tcf_fill_node()
Die tcf_fill_node() Funktion aus dem netlink Subsystem des Linux
Kernels initialisiert bestimmte Felder aus der tcm_pad2 Datenstruktur
nicht, die zum Padding verwendet werden. Lokale Angreifer koennen
dadurch an evtl. vertrauliche Daten aus dem Kernelspeicher gelangen.
Die Schwachstelle existiert aufgrund einer unvollstaendigen Korrektur
der Schwachstelle CVE-2005-4881.
CVE-2009-2909 – Buffer Overflow im Linux ax25 Treiber
Aufgrund einer fehlerhaften Ueberpruefung eines Laengenwertes kann im
Linux ax25 Treiber ein Buffer Overflow ausgeloest werden, was lokalen
Angreifern die Moeglichkeit eroeffnet, beliebigen Code mit den Rechten
des Kernels auszufuehren.
CVE-2009-2910 – Preisgabe von Informationen aus 64-Bit Registern im
Linux Kernel
Der Linux Kernel loescht nicht in allen Faellen den Inhalt der
hoeherwertigen Bits von 64-Bit Registern, wenn er auf x86_64
Plattformen im 32-Bit Modus laeuft. Lokale Angreifer koennen dadurch
an evtl. vertrauliche Informationen gelangen.
CVE-2009-2908 – Null Pointer Referenzierung in der eCryptfs Funktion
d_delete()
Unter bestimmten Umstaenden wird in der eCryptfs Funktion d_delete()
des Linux Kernels ein Null Pointer referenziert. Ein lokaler Angreifer
kann diese Schwachstelle dazu ausnutzen, einen Kernel OOPS auszuloesen
(Denial of Service).
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket kernel
Fedora 11
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00656.html
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Torsten Voss
– —
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
– ——————————————————————————–
Fedora Update Notification
FEDORA-2009-10639
2009-10-21 00:10:43
– ——————————————————————————–
Name : kernel
Product : Fedora 11
Version : 2.6.30.9
Release : 90.fc11
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
– ——————————————————————————–
Update Information:
Update to kernel 2.6.30.9. Upstream change logs:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.9 Also fixes:
– – Kernel stack randomization bug – NULL dereference in r128 driver – ftrace
memory corruption on module unload – boot hanging on some systems – some
latency problems caused by scheduler bugs
– ——————————————————————————–
ChangeLog:
* Sat Oct 17 2009 Chuck Ebbert
– – Fix null deref in r128 (F10#487546)
* Sat Oct 17 2009 Chuck Ebbert
– – Keyboard and mouse fixes from 2.6.32 (#522126)
* Sat Oct 17 2009 Chuck Ebbert
– – Scheduler wakeup patch, fixes high latency on wakeup
(sched-update-the-clock-of-runqueue-select-task-rq-selected.patch)
* Fri Oct 16 2009 Chuck Ebbert
– – Fix uninitialized data leak in netlink (CVE-2009-3612)
* Thu Oct 15 2009 Chuck Ebbert
– – AX.25 security fix (CVE-2009-2909)
* Thu Oct 15 2009 Chuck Ebbert
– – Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it causes failure
to boot from USB disks using Cypress bridges (#524998)
* Tue Oct 13 2009 Chuck Ebbert
– – Copy libata drive detection fix from 2.6.31.4 (#524756)
* Tue Oct 13 2009 Chuck Ebbert
– – Networking fixes taken from 2.6.31-stable
* Tue Oct 13 2009 Chuck Ebbert
– – Fix boot hang with ACPI on some systems.
* Mon Oct 12 2009 Chuck Ebbert
– – Critical ftrace fixes:
ftrace-use-module-notifier-for-function-tracer.patch
ftrace-check-for-failure-for-all-conversions.patch
tracing-correct-module-boundaries-for-ftrace_release.patch
* Thu Oct 8 2009 Ben Skeggs
– – ppc: compile nvidiafb as a module only, nvidiafb+nouveau = bang! (rh#491308)
* Wed Oct 7 2009 Dave Jones
– – Disable IRQSOFF tracer. (Adds unnecessary overhead when unused)
* Wed Oct 7 2009 Chuck Ebbert
– – eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908)
* Tue Oct 6 2009 Chuck Ebbert
– – fix race in forcedeth network driver (#526546)
* Tue Oct 6 2009 Chuck Ebbert
– – x86: Don’t leak 64-bit reg contents to 32-bit tasks.
* Tue Oct 6 2009 Chuck Ebbert
– – ACPI EC bug fixes taken from kernel 2.6.32 (#492699, #525681)
* Mon Oct 5 2009 Chuck Ebbert
– – Linux 2.6.30.9
* Sun Oct 4 2009 Chuck Ebbert
– – Copy stack randomization fix from 2.6.31.2 (F10#526882)
* Sun Oct 4 2009 Chuck Ebbert
– – Linux 2.6.30.9-rc3
– – Drop merged upstream patches:
linux-2.6-cifs-reenable-lanman-security.patch
kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch
kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch
kvm-vmx-check-cpl-before-emulating-debug-register-access.patch
kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch
kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch
linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch
* Fri Oct 2 2009 Justin M. Forbes
– – Add linux-2.6-virtio-net-refill-on-out-of-memory.patch, from 2.6.31
to prevent page allocation failures in guests. (#520119)
* Mon Sep 28 2009 Chuck Ebbert
– – Add linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch, from
2.6.32-rc, fixes bug #525743
* Mon Sep 28 2009 Chuck Ebbert
– – Drop sched-disable-NEW-FAIR-SLEEPERS-for-now.patch, reported to
cause problems on 2.6.30.
* Sat Sep 26 2009 Chuck Ebbert
– – Scheduler fixes cherry-picked from 2.6.32
* Sat Sep 26 2009 Chuck Ebbert
– – Backport “appletalk: Fix skb leak when ipddp interface is not loaded”
(fixes CVE-2009-2903)
* Sat Sep 26 2009 Chuck Ebbert
– – KVM fixes from 2.6.31.1, including fix for CVE-2009-3290
* Fri Sep 25 2009 Chuck Ebbert
– – Fix serious CFQ performance regression.
* Fri Sep 25 2009 Chuck Ebbert
– – Disable the GEM graphics manager on i686 PAE kernels
(fixes modesetting on Intel graphics.)
* Fri Sep 25 2009 Chuck Ebbert
– – Fix breakage in hostap driver (#522269)
* Thu Sep 24 2009 Chuck Ebbert
– – Backport the cpuidle-faster-io fix from Fedora 12 to fix I/O
performance problems when reading/writing multiple disks.
* Thu Sep 24 2009 Chuck Ebbert
– – Linux 2.6.30.8
* Thu Sep 24 2009 Chuck Ebbert
– – Disable sound powersave by default; it still pops when playing sounds. (#523836)
* Wed Sep 16 2009 Justin M. Forbes
– – Revert virtio_blk to rotational mode. (#509383)
* Tue Sep 15 2009 Chuck Ebbert
– – Linux 2.6.30.7
* Tue Sep 15 2009 Chuck Ebbert
– – Fix CIFS security flags mask broken in 2.6.30 (#523173)
* Tue Sep 15 2009 Chuck Ebbert
– – Fix cpufreq lockdep warnings (#522685)
* Sat Sep 12 2009 Chuck Ebbert
– – 2.6.30.7-rc1
– – Drop patches merged in -stable:
linux-2.6-slub-fix-destroy-by-rcu.patch
* Thu Sep 10 2009 Dennis Gilmore
– – kgdb only works on sparc64 smp kernels so disable on the up one and enable on the smp one
– – update to 256 cpus supported on sparc64 smp
* Wed Sep 9 2009 Chuck Ebbert
– – Add linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.30.4)
* Wed Sep 9 2009 Chuck Ebbert
– – 2.6.30.6
– – Drop patches merged in -stable:
do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
linux-2.6-x86-dont-send-ipi-to-empty-set-cpus.patch
linux-2.6-bitmap-make-ops-return-result.patch
linux-2.6-x86-dont-call-send-ipi-mask-with-empty-mask.patch
linux-2.6-clone-fix-race-between-copy-process-and-de-thread.patch
linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch
linux-2.6-xen-x86-dont-probe-if-apics-are-disabled.patch
* Tue Sep 8 2009 Chuck Ebbert
– – Disable Amiga One support to fix powerpc coherency bug (#521703)
* Fri Sep 4 2009 Chuck Ebbert
– – Fix build system getting confused during firmware install.
* Fri Sep 4 2009 Chuck Ebbert
– – Added additional fixes needed for #514787:
linux-2.6-ppc64-vs-broadcom-lmb-no-init-*.patch
– – Fix up lirc patch context so it applies.
* Wed Sep 2 2009 Jarod Wilson
– – Make it possible to rmmod lirc_zilog w/o it hanging indefinitely
– – Add transmit support (via port 2 only) on 1st-gen mceusb transceiver
* Tue Sep 1 2009 Chuck Ebbert
– – Fix yet another Xen boot crash (#520517)
* Tue Sep 1 2009 Jarod Wilson
– – Refresh lirc patches, add new lirc_ene0100 driver
– – Fix up hdpvr driver for use with modular i2c so that
lirc_zilog can actually bind to it
– – Make lirc_zilog IR transmit and receive work on the hdpvr
– – Fix audio on PVR-500 when used in same system as HVR-1800 (#480728)
* Fri Aug 28 2009 David Woodhouse
– – Enable Solos DSL driver
* Thu Aug 27 2009 Chuck Ebbert
– – Don’t load the floppy driver automatically:
linux-2.6-defaults-die-floppy-die.patch
* Thu Aug 27 2009 Chuck Ebbert
– – Fix stackprotector problems with Xen on x86_64.
– – Disable stackprotector on i386 until 32-bit Xen gets fixed.
* Thu Aug 27 2009 Chuck Ebbert
– – linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch:
fix race in kthreads.
* Thu Aug 27 2009 Justin M. Forbes
– – xen: Fix guest crash when trying to debug. (#458385)
* Thu Aug 27 2009 John W. Linville
– – zd1211rw: adding 083a:e503 as a ZD1211B device (#518538)
* Thu Aug 27 2009 Chuck Ebbert
– – Fix string overflows found by stackprotector:
hda-check-strcpy-length.patch
linux-2.6-v4l-dvb-af9015-fix-stack-corruption.patch
* Thu Aug 27 2009 Chuck Ebbert
– – Fix race in clone() syscall.
* Thu Aug 27 2009 Chuck Ebbert
– – Fix hangs on older x86 systems with 440*X chipsets.
* Fri Aug 21 2009 David Woodhouse
– – Fix b43 on iMac G5 (#514787)
* Tue Aug 18 2009 Kyle McMartin
– – Backport several upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd
to improve mmap_min_addr.
– – CVE-2009-2847: do_sigaltstack: avoid copying ‘stack_t’ as a
structure to user space
* Mon Aug 17 2009 Chuck Ebbert
– – Change config options:
CONFIG_SCSI_DEBUG=m
CONFIG_PCI_MSI_DEFAULT_ON=y
* Mon Aug 17 2009 Jarod Wilson
– – Fix flub in prior lirc patch update that resulted in no lirc
drivers getting built
* Sun Aug 16 2009 Chuck Ebbert
– – Linux 2.6.30.5
* Fri Aug 14 2009 Chuck Ebbert
– – Linux 2.6.30.5-rc2
– – Dropped drm-intel-tv-fix.patch, merged in -stable now.
* Wed Aug 12 2009 Kyle McMartin
– – drm-no-gem-on-i8xx.patch: fix misspelled IS_8XX & IS_I845G, sigh.
* Wed Aug 12 2009 Kyle McMartin
– – DRM patch sync-up with F-11-2.6.29.y, ABI probably isn’t right yet though…
– drm-modesetting-radeon.patch
– drm-nouveau.patch
– drm-no-gem-on-i8xx.patch
– drm-i915-resume-force-mode.patch
– drm-intel-big-hammer.patch
– drm-intel-gen3-fb-hack.patch
– drm-intel-hdmi-edid-fix.patch
– drm-modesetting-radeon-fixes.patch
– drm-radeon-new-pciids.patch
– drm-dont-frob-i2c.patch
– drm-intel-tv-fix.patch
– drm-radeon-cs-oops-fix.patch
– drm-pnp-add-resource-range-checker.patch
– drm-i915-enable-mchbar.patch
– – The rest were merged upstream.
* Wed Aug 12 2009 John W. Linville
* Mon Aug 10 2009 Kyle McMartin
– – Patch sync-up with F-11-2.6.29.y:
– linux-2.6-x86-delay-tsc-barrier.patch
– linux-2.6-fs-cifs-fix-port-numbers.patch
– linux-2.6-kvm-skip-pit-check.patch
– linux-2.6.29-xen-disable-gbpages.patch
– linux-2.6-virtio_blk-dont-bounce-highmem-requests.patch
– linux-2.6-drivers-char-low-latency-removal.patch
– linux-2.6-serial-add-txen-test-param.patch
– linux-2.6-input-wacom-bluetooth.patch
– linux-2.6-defaults-saner-vm-settings.patch
– linux-2.6-mm-lru-evict-streaming-io-pages-first.patch
– linux-2.6-mm-lru-report-vm-flags-in-page-referenced.patch
– linux-2.6-mm-lru-dont-evict-mapped-executable-pages.patch
– linux-2.6-utrace.patch
– linux-2.6-utrace-ftrace.patch
– linux-2.6-tracehook.patch
* Mon Aug 10 2009 Jarod Wilson
– – Add tunable pad threshold support to lirc_imon
– – Blacklist all iMON devices in usbhid driver so lirc_imon can bind
– – Add new device ID to lirc_mceusb (#512483)
– – Enable IR transceiver on the HD PVR
* Wed Aug 5 2009 Kyle McMartin
– – Update to released 2.6.30.4.
– – Drop now-unneeded upstream reverts.
* Wed Jul 29 2009 Chuck Ebbert
– – Linux 2.6.30.4-rc1
* Mon Jul 27 2009 Neil Horman
– – Backport xfrm gc_thresh export code (bz 503124)
* Fri Jul 24 2009 Kyle McMartin
– – CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 [i386 x86_64], 4096 elsewhere, as
per defconfigs.
– – Blat patches from other tag, now to rebase fixes, splat in the changelog,
and tag it for building.
* Fri Jul 24 2009 Kyle McMartin
– – Copy over release configs from devel-2.6.30 tag.
– – Fix up some spec deviations.
* Fri Jul 24 2009 Kyle McMartin
– – Linux 2.6.30.3 rebase for Fedora 11.
– – Fedora 11 2.6.29 branch is on tag private-fedora-11-2_6_29_6.
– ——————————————————————————–
References:
[ 1 ] Bug #524124 – CVE-2009-3290 kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0
https://bugzilla.redhat.com/show_bug.cgi?id=524124
[ 2 ] Bug #528868 – CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
https://bugzilla.redhat.com/show_bug.cgi?id=528868
[ 3 ] Bug #522331 – CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams
https://bugzilla.redhat.com/show_bug.cgi?id=522331
[ 4 ] Bug #527534 – CVE-2009-2908 kernel ecryptfs NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=527534
[ 5 ] Bug #528887 – CVE-2009-2909 kernel: ax25 stack overflow
https://bugzilla.redhat.com/show_bug.cgi?id=528887
[ 6 ] Bug #526788 – CVE-2009-2910 kernel: x86_64 32 bit process register leak
https://bugzilla.redhat.com/show_bug.cgi?id=526788
– ——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update kernel’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
– ——————————————————————————–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFK6BUzk0kIxZMiiQ8RAkGEAKCFp8Hp/TJ8GX4b9RWqaPXIvgnytgCgmyKI
jkC5ao76f7Kw0Wlscrj4U1s=
=wJ1m
—–END PGP SIGNATURE—–
