Fedora 11 Kernel Update 2.6.30.9 Critical: Memory And DoS Issues
fedora
November 5, 2009
Summary
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
ChangeLog:
* Tue Nov 3 2009 Kyle McMartin
- fs/pipe.c: fix null pointer dereference (CVE-2009-3547)
* Sun Oct 25 2009 Chuck Ebbert
- Disable the stack protector on functions that don't have onstack arrays.
* Thu Oct 22 2009 Chuck Ebbert
- Fix overflow in KVM cpuid code. (CVE-2009-3638)
* Thu Oct 22 2009 Chuck Ebbert
- Fix exploitable oops in keyring code (CVE-2009-3624)
* Wed Oct 21 2009 Kyle McMartin
- shut-up-LOCK_TEST_WITH_RETURN.patch: sort out #445331... or paper bag
over it for now until the lock warnings can be killed.
* Mon Oct 19 2009 Kyle McMartin
- af_unix-fix-deadlock-connecting-to-shutdown-socket.patch: fix for
rhbz#529626 local DoS. (CVE-2009-3621)
* Sat Oct 17 2009 Chuck Ebbert
- Fix null deref in r128 (F10#487546) (CVE-2009-3620)
* Sat Oct 17 2009 Chuck Ebbert
- Keyboard and mouse fixes from 2.6.32 (#522126)
* Sat Oct 17 2009 Chuck Ebbert
- Scheduler wakeup patch, fixes high latency on wakeup
(sched-update-the-clock-of-runqueue-select-task-rq-selected.patch)
* Fri Oct 16 2009 Chuck Ebbert
- Fix uninitialized data leak in netlink (CVE-2009-3612)
* Thu Oct 15 2009 Chuck Ebbert
- AX.25 security fix (CVE-2009-2909)
* Thu Oct 15 2009 Chuck Ebbert
- Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it causes failure
to boot from USB disks using Cypress bridges (#524998)
* Tue Oct 13 2009 Chuck Ebbert
- Copy libata drive detection fix from 2.6.31.4 (#524756)
* Tue Oct 13 2009 Chuck Ebbert
- Networking fixes taken from 2.6.31-stable
* Tue Oct 13 2009 Chuck Ebbert
- Fix boot hang with ACPI on some systems.
* Mon Oct 12 2009 Chuck Ebbert
- Critical ftrace fixes:
ftrace-use-module-notifier-for-function-tracer.patch
ftrace-check-for-failure-for-all-conversions.patch
tracing-correct-module-boundaries-for-ftrace_release.patch
* Thu Oct 8 2009 Ben Skeggs
- ppc: compile nvidiafb as a module only, nvidiafb+nouveau = bang! (rh#491308)
* Wed Oct 7 2009 Dave Jones
- Disable IRQSOFF tracer. (Adds unnecessary overhead when unused)
* Wed Oct 7 2009 Chuck Ebbert
- eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908)
* Tue Oct 6 2009 Chuck Ebbert
- fix race in forcedeth network driver (#526546)
* Tue Oct 6 2009 Chuck Ebbert
- x86: Don't leak 64-bit reg contents to 32-bit tasks.
* Tue Oct 6 2009 Chuck Ebbert
- ACPI EC bug fixes taken from kernel 2.6.32 (#492699, #525681)
* Mon Oct 5 2009 Chuck Ebbert
- Linux 2.6.30.9
* Sun Oct 4 2009 Chuck Ebbert
- Copy stack randomization fix from 2.6.31.2 (F10#526882)
* Sun Oct 4 2009 Chuck Ebbert
- Linux 2.6.30.9-rc3
- Drop merged upstream patches:
linux-2.6-cifs-reenable-lanman-security.patch
kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch
kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch
kvm-vmx-check-cpl-before-emulating-debug-register-access.patch
kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch
kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch
linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch
* Fri Oct 2 2009 Justin M. Forbes
- Add linux-2.6-virtio-net-refill-on-out-of-memory.patch, from 2.6.31
to prevent page allocation failures in guests. (#520119)
* Mon Sep 28 2009 Chuck Ebbert
- Add linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch, from
2.6.32-rc, fixes bug #525743
* Mon Sep 28 2009 Chuck Ebbert
- Drop sched-disable-NEW-FAIR-SLEEPERS-for-now.patch, reported to
cause problems on 2.6.30.
* Sat Sep 26 2009 Chuck Ebbert
- Scheduler fixes cherry-picked from 2.6.32
* Sat Sep 26 2009 Chuck Ebbert
- Backport "appletalk: Fix skb leak when ipddp interface is not loaded"
(fixes CVE-2009-2903)
* Sat Sep 26 2009 Chuck Ebbert
- KVM fixes from 2.6.31.1, including fix for CVE-2009-3290
* Fri Sep 25 2009 Chuck Ebbert
- Fix serious CFQ performance regression.
* Fri Sep 25 2009 Chuck Ebbert
- Disable the GEM graphics manager on i686 PAE kernels
(fixes modesetting on Intel graphics.)
* Fri Sep 25 2009 Chuck Ebbert
- Fix breakage in hostap driver (#522269)
* Thu Sep 24 2009 Chuck Ebbert
- Backport the cpuidle-faster-io fix from Fedora 12 to fix I/O
performance problems when reading/writing multiple disks.
* Thu Sep 24 2009 Chuck Ebbert
- Linux 2.6.30.8
* Thu Sep 24 2009 Chuck Ebbert
- Disable sound powersave by default; it still pops when playing sounds. (#523836)
* Wed Sep 16 2009 Justin M. Forbes
- Revert virtio_blk to rotational mode. (#509383)
* Tue Sep 15 2009 Chuck Ebbert
- Linux 2.6.30.7
* Tue Sep 15 2009 Chuck Ebbert
- Fix CIFS security flags mask broken in 2.6.30 (#523173)
* Tue Sep 15 2009 Chuck Ebbert
- Fix cpufreq lockdep warnings (#522685)
* Sat Sep 12 2009 Chuck Ebbert
- 2.6.30.7-rc1
- Drop patches merged in -stable:
linux-2.6-slub-fix-destroy-by-rcu.patch
* Thu Sep 10 2009 Dennis Gilmore
- kgdb only works on sparc64 smp kernels so disable on the up one and enable on the smp one
- update to 256 cpus supported on sparc64 smp
* Wed Sep 9 2009 Chuck Ebbert
- Add linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.30.4)
* Wed Sep 9 2009 Chuck Ebbert
- 2.6.30.6
- Drop patches merged in -stable:
do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
linux-2.6-x86-dont-send-ipi-to-empty-set-cpus.patch
linux-2.6-bitmap-make-ops-return-result.patch
linux-2.6-x86-dont-call-send-ipi-mask-with-empty-mask.patch
linux-2.6-clone-fix-race-between-copy-process-and-de-thread.patch
linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch
linux-2.6-xen-x86-dont-probe-if-apics-are-disabled.patch
* Tue Sep 8 2009 Chuck Ebbert
- Disable Amiga One support to fix powerpc coherency bug (#521703)
* Fri Sep 4 2009 Chuck Ebbert
- Fix build system getting confused during firmware install.
* Fri Sep 4 2009 Chuck Ebbert
- Added additional fixes needed for #514787:
linux-2.6-ppc64-vs-broadcom-lmb-no-init-*.patch
- Fix up lirc patch context so it applies.
* Wed Sep 2 2009 Jarod Wilson
- Make it possible to rmmod lirc_zilog w/o it hanging indefinitely
- Add transmit support (via port 2 only) on 1st-gen mceusb transceiver
* Tue Sep 1 2009 Chuck Ebbert
- Fix yet another Xen boot crash (#520517)
* Tue Sep 1 2009 Jarod Wilson
- Refresh lirc patches, add new lirc_ene0100 driver
- Fix up hdpvr driver for use with modular i2c so that
lirc_zilog can actually bind to it
- Make lirc_zilog IR transmit and receive work on the hdpvr
- Fix audio on PVR-500 when used in same system as HVR-1800 (#480728)
* Fri Aug 28 2009 David Woodhouse
- Enable Solos DSL driver
* Thu Aug 27 2009 Chuck Ebbert
- Don't load the floppy driver automatically:
linux-2.6-defaults-die-floppy-die.patch
* Thu Aug 27 2009 Chuck Ebbert
- Fix stackprotector problems with Xen on x86_64.
- Disable stackprotector on i386 until 32-bit Xen gets fixed.
* Thu Aug 27 2009 Chuck Ebbert
- linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch:
fix race in kthreads.
* Thu Aug 27 2009 Justin M. Forbes
- xen: Fix guest crash when trying to debug. (#458385)
* Thu Aug 27 2009 John W. Linville
- zd1211rw: adding 083a:e503 as a ZD1211B device (#518538)
* Thu Aug 27 2009 Chuck Ebbert
- Fix string overflows found by stackprotector:
hda-check-strcpy-length.patch
linux-2.6-v4l-dvb-af9015-fix-stack-corruption.patch
* Thu Aug 27 2009 Chuck Ebbert
- Fix race in clone() syscall.
* Thu Aug 27 2009 Chuck Ebbert
- Fix hangs on older x86 systems with 440*X chipsets.
* Fri Aug 21 2009 David Woodhouse
- Fix b43 on iMac G5 (#514787)
* Tue Aug 18 2009 Kyle McMartin
- Backport several upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd
to improve mmap_min_addr.
- CVE-2009-2847: do_sigaltstack: avoid copying 'stack_t' as a
structure to user space
* Mon Aug 17 2009 Chuck Ebbert
- Change config options:
CONFIG_SCSI_DEBUG=m
CONFIG_PCI_MSI_DEFAULT_ON=y
* Mon Aug 17 2009 Jarod Wilson
- Fix flub in prior lirc patch update that resulted in no lirc
drivers getting built
* Sun Aug 16 2009 Chuck Ebbert
- Linux 2.6.30.5
* Fri Aug 14 2009 Chuck Ebbert
- Linux 2.6.30.5-rc2
- Dropped drm-intel-tv-fix.patch, merged in -stable now.
* Wed Aug 12 2009 Kyle McMartin
- drm-no-gem-on-i8xx.patch: fix misspelled IS_8XX & IS_I845G, sigh.
* Wed Aug 12 2009 Kyle McMartin
- DRM patch sync-up with F-11-2.6.29.y, ABI probably isn't right yet though...
- drm-modesetting-radeon.patch
- drm-nouveau.patch
- drm-no-gem-on-i8xx.patch
- drm-i915-resume-force-mode.patch
- drm-intel-big-hammer.patch
- drm-intel-gen3-fb-hack.patch
- drm-intel-hdmi-edid-fix.patch
- drm-modesetting-radeon-fixes.patch
- drm-radeon-new-pciids.patch
- drm-dont-frob-i2c.patch
- drm-intel-tv-fix.patch
- drm-radeon-cs-oops-fix.patch
- drm-pnp-add-resource-range-checker.patch
- drm-i915-enable-mchbar.patch
- The rest were merged upstream.
* Wed Aug 12 2009 John W. Linville
- iwlwifi: fix TX queue race
* Mon Aug 10 2009 Kyle McMartin
- Patch sync-up with F-11-2.6.29.y:
- linux-2.6-x86-delay-tsc-barrier.patch
- linux-2.6-fs-cifs-fix-port-numbers.patch
- linux-2.6-kvm-skip-pit-check.patch
- linux-2.6.29-xen-disable-gbpages.patch
- linux-2.6-virtio_blk-dont-bounce-highmem-requests.patch
- linux-2.6-drivers-char-low-latency-removal.patch
- linux-2.6-serial-add-txen-test-param.patch
- linux-2.6-input-wacom-bluetooth.patch
- linux-2.6-defaults-saner-vm-settings.patch
- linux-2.6-mm-lru-evict-streaming-io-pages-first.patch
- linux-2.6-mm-lru-report-vm-flags-in-page-referenced.patch
- linux-2.6-mm-lru-dont-evict-mapped-executable-pages.patch
- linux-2.6-utrace.patch
- linux-2.6-utrace-ftrace.patch
- linux-2.6-tracehook.patch
* Mon Aug 10 2009 Jarod Wilson
- Add tunable pad threshold support to lirc_imon
- Blacklist all iMON devices in usbhid driver so lirc_imon can bind
- Add new device ID to lirc_mceusb (#512483)
- Enable IR transceiver on the HD PVR
* Wed Aug 5 2009 Kyle McMartin
- Update to released 2.6.30.4.
- Drop now-unneeded upstream reverts.
* Wed Jul 29 2009 Chuck Ebbert
- Linux 2.6.30.4-rc1
* Mon Jul 27 2009 Neil Horman
- Backport xfrm gc_thresh export code (bz 503124)
* Fri Jul 24 2009 Kyle McMartin
- CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 [i386 x86_64], 4096 elsewhere, as
per defconfigs.
- Blat patches from other tag, now to rebase fixes, splat in the changelog,
and tag it for building.
* Fri Jul 24 2009 Kyle McMartin
- Copy over release configs from devel-2.6.30 tag.
- Fix up some spec deviations.
* Fri Jul 24 2009 Kyle McMartin
- Linux 2.6.30.3 rebase for Fedora 11.
- Fedora 11 2.6.29 branch is on tag private-fedora-11-2_6_29_6.
References:
[ 1 ] Bug #530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=530490
[ 2 ] Bug #530515 - CVE-2009-3638 kernel: kvm: integer overflow in kvm_dev_ioctl_get_supported_cpuid()
https://bugzilla.redhat.com/show_bug.cgi?id=530515
[ 3 ] Bug #530283 - CVE-2009-3624 kernel: get_instantiation_keyring() should inc the keyring refcount in all cases
https://bugzilla.redhat.com/show_bug.cgi?id=530283
[ 4 ] Bug #529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket
https://bugzilla.redhat.com/show_bug.cgi?id=529626
This update can be installed with the "yum" update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at .
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Topics Covered
Change Log
References
Update Instructions
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: kernel
Product: Fedora 11
Version: 2.6.30.9
Release: 96.fc11
Summary: The Linux kernel
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!