--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-13039
2009-12-10 16:35:30.934288
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 12
Version     : 2.6.31.6
Release     : 166.fc12
URL         : https://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

CVE-2009-4131:  EXT4 - fix insufficient permission checking which could result
in arbitrary data corruption by a local unprivileged user.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  9 2009 Kyle McMartin  2.6.31.6-166
- ext4-fix-insufficient-checks-in-EXT4_IOC_MOVE_EXT.patch: CVE-2009-4131
  fix insufficient permission checking which could result in arbitrary
  data corruption by a local unprivileged user.
* Tue Dec  8 2009 Steve Dickson  2.6.31.6-165
- nfsd: Updated to latest pseudo root code fixing rhbz# 538609
* Mon Dec  7 2009 Ben Skeggs  2.6.31.6-164
- nouveau: fix NV17 breakage caused by NVA8 fixes
- nouveau: use ratelimit for GPU error message
* Fri Dec  4 2009 Ben Skeggs  2.6.31.6-163
- nouveau: reduce debug level of some warning messages (rh#543883)
- nouveau: modesetting fixes on nva5/nva8
- nouveau: suspend/resume fixes on nva5/nva8 (bios opcode 0x8d)
- nouveau: cleanup chipset/arch handling, fail init on unknown chipsets
- nouveau: fix failure to detect some outputs when dcb table is odd
- nouveau: eliminate unnecessary cursor state changes on nv50
* Thu Dec  3 2009 Kyle McMartin  2.6.31.6-162
- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
  bug fix.
* Thu Dec  3 2009 Dave Airlie  2.6.31.6-161
- rv410 LVDS on resume test fix from AMD (#541562)
* Wed Dec  2 2009 John W. Linville  2.6.31.6-160
- ath9k: add fixes suggested by upstream maintainer
* Wed Dec  2 2009 Dave Airlie  2.6.31.6-159
- drm-radeon-misc-fixes.patch: r400 LVDS, r600 digital dpms, cursor fix, tv property
* Wed Dec  2 2009 Ben Skeggs  2.6.31.6-158
- nouveau: more complete lvds script selection on >=G80 (rh#522690, rh#529859)
- nouveau: more complete tmds script selection on >=G80 (rh#537853)
- nouveau: TV detection fixes
* Tue Dec  1 2009 Dave Airlie  2.6.31.6-157
- div/0 fix harder (#540593) - also ignore unposted GPUs with no BIOS
* Tue Dec  1 2009 Dave Airlie  2.6.31.6-156
- drm-next: fixes LVDS resume on r4xx, div/0 on no bios (#540593)
  lockup on tv-out only startup.
* Mon Nov 30 2009 Kyle McMartin 
- drm-i915-fix-sync-to-vbl-when-vga-is-off.patch: add (rhbz#541670)
* Sun Nov 29 2009 Kyle McMartin 
- Drop linux-2.6-sysrq-c.patch, made consistent upstream.
* Fri Nov 27 2009 Jarod Wilson  2.6.31.6-153
- add device name to lirc_zilog, fixes issues w/multiple target devices
- add lirc_imon pure input mode support for onboard decode devices
* Thu Nov 26 2009 David Woodhouse  2.6.31.6-152
- Fix intel_tv_mode_set oops (#540218)
* Thu Nov 26 2009 David Woodhouse  2.6.31.6-151
- VT-d: Work around yet more HP BIOS brokenness (#536675)
* Wed Nov 25 2009 Kyle McMartin 
- dlm: fix connection close handling.
  Fix by lmb, requested by fabio.
* Wed Nov 25 2009 David Woodhouse  2.6.31.6-149
- VT-d: Work around more HP BIOS brokenness.
* Tue Nov 24 2009 Dave Airlie  2.6.31.6-148
- radeon: flush HDP cache on rendering wait - fixes r600 rendercheck failure
* Mon Nov 23 2009 Adam Jackson 
- drm-default-mode.patch: Default to 1024x768 to match UMS. (#538761)
* Mon Nov 23 2009 Roland McGrath  2.6.31.6-146
- Fix oops in x86-32 kernel's iret handling for bogus user %cs. (#540580)
* Sat Nov 21 2009 Kyle McMartin 
- Fix up ssp' highmem fixes with fixes for arm & ppc.
* Fri Nov 20 2009 Chris Wright  2.6.31.6-144
- VT-d: another fallback for another BIOS bug (#524808)
* Thu Nov 19 2009 Ben Skeggs  2.6.31.6-142
- Oops, add new patch to spec file
* Thu Nov 19 2009 Ben Skeggs  2.6.31.6-141
- Lower debug level of fbcon handover messages (rh#538526)
* Thu Nov 19 2009 Dave Airlie  2.6.31.6-140
- drm-next-44c83571.patch: oops pulled the wrong tree into my f12 tree
* Thu Nov 19 2009 Ben Skeggs  2.6.31.6-139
- nouveau: s/r fixes on chipsets using bios opcode 0x87
- nouveau: fixes to bios opcode 0x8e
- nouveau: hopefully fix nv1x context switching issues (rh#526577)
- nouveau: support for NVA5 (GeForce G220)
- nouveau: fixes for NVAA support
* Thu Nov 19 2009 Dave Airlie  2.6.31.6-138
- drm-next-d56672a9.patch: fix some rn50 cloning issues
* Wed Nov 18 2009 David Woodhouse  2.6.31.6-137
- Actually force the IOMMU not to be used when we detect the HP/Acer bug.
* Tue Nov 17 2009 Chuck Ebbert  2.6.31.6-136
- ACPI embedded controller fixes from Fedora 11.
* Tue Nov 17 2009 Chuck Ebbert  2.6.31.6-135
- Scheduler fixes and latency tuning patches from F-11.
* Tue Nov 17 2009 Dave Airlie  2.6.31.6-134
- glad to see edid retry patch was compiled.
* Tue Nov 17 2009 Dave Airlie  2.6.31.6-133
- drm-next-984d1f3c.patch: rebase with upstream fixes - drop all merged
* Thu Nov 12 2009 Adam Jackson 
- Actually apply the EDID retry patch
- drm-edid-header-fixup.patch: Fix up some broken EDID headers (#534120)
* Thu Nov 12 2009 Chuck Ebbert  2.6.31.6-130
- Use ApplyOptionalPatch for v4l and firewire updates.
- Drop unused v4l ABI fix.
* Thu Nov 12 2009 Chuck Ebbert  2.6.31.6-129
- Linux 2.6.31.6
- Drop merged patches:
  linux-2.6-iwlwifi-reduce-noise-when-skb-allocation-fails.patch
  linux-2.6-libertas-crash.patch
  pci-increase-alignment-to-make-more-space.patch
  acpi-revert-attach-device-to-handle-early.patch
  ahci-revert-restore-sb600-sata-controller-64-bit-dma.patch
  acpi-pci-fix-null-pointer-dereference-in-acpi-get-pci-dev.patch
  af_unix-fix-deadlock-connecting-to-shutdown-socket.patch
  keys-get_instantiation_keyring-should-inc-the-keyring-refcount.patch
  netlink-fix-typo-in-initialization.patch
  fs-pipe-null-ptr-deref-fix.patch
* Wed Nov 11 2009 Justin M. Forbes  2.6.31.5-128
- Fix KSM for i686 users. (#532215)
- Add KSM fixes from 2.6.32
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #544471 - CVE-2009-4131 EMBARGOED kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
        https://bugzilla.redhat.com/show_bug.cgi?id=544471
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 12: kernel Security Update

December 10, 2009
CVE-2009-4131: EXT4 - fix insufficient permission checking which could result in arbitrary data corruption by a local unprivileged user.

Summary

The kernel package contains the Linux kernel (vmlinuz), the core of any

Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

Update Information:

CVE-2009-4131: EXT4 - fix insufficient permission checking which could result in arbitrary data corruption by a local unprivileged user.

Change Log

* Wed Dec 9 2009 Kyle McMartin 2.6.31.6-166 - ext4-fix-insufficient-checks-in-EXT4_IOC_MOVE_EXT.patch: CVE-2009-4131 fix insufficient permission checking which could result in arbitrary data corruption by a local unprivileged user. * Tue Dec 8 2009 Steve Dickson 2.6.31.6-165 - nfsd: Updated to latest pseudo root code fixing rhbz# 538609 * Mon Dec 7 2009 Ben Skeggs 2.6.31.6-164 - nouveau: fix NV17 breakage caused by NVA8 fixes - nouveau: use ratelimit for GPU error message * Fri Dec 4 2009 Ben Skeggs 2.6.31.6-163 - nouveau: reduce debug level of some warning messages (rh#543883) - nouveau: modesetting fixes on nva5/nva8 - nouveau: suspend/resume fixes on nva5/nva8 (bios opcode 0x8d) - nouveau: cleanup chipset/arch handling, fail init on unknown chipsets - nouveau: fix failure to detect some outputs when dcb table is odd - nouveau: eliminate unnecessary cursor state changes on nv50 * Thu Dec 3 2009 Kyle McMartin 2.6.31.6-162 - ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref bug fix. * Thu Dec 3 2009 Dave Airlie 2.6.31.6-161 - rv410 LVDS on resume test fix from AMD (#541562) * Wed Dec 2 2009 John W. Linville 2.6.31.6-160 - ath9k: add fixes suggested by upstream maintainer * Wed Dec 2 2009 Dave Airlie 2.6.31.6-159 - drm-radeon-misc-fixes.patch: r400 LVDS, r600 digital dpms, cursor fix, tv property * Wed Dec 2 2009 Ben Skeggs 2.6.31.6-158 - nouveau: more complete lvds script selection on >=G80 (rh#522690, rh#529859) - nouveau: more complete tmds script selection on >=G80 (rh#537853) - nouveau: TV detection fixes * Tue Dec 1 2009 Dave Airlie 2.6.31.6-157 - div/0 fix harder (#540593) - also ignore unposted GPUs with no BIOS * Tue Dec 1 2009 Dave Airlie 2.6.31.6-156 - drm-next: fixes LVDS resume on r4xx, div/0 on no bios (#540593) lockup on tv-out only startup. * Mon Nov 30 2009 Kyle McMartin - drm-i915-fix-sync-to-vbl-when-vga-is-off.patch: add (rhbz#541670) * Sun Nov 29 2009 Kyle McMartin - Drop linux-2.6-sysrq-c.patch, made consistent upstream. * Fri Nov 27 2009 Jarod Wilson 2.6.31.6-153 - add device name to lirc_zilog, fixes issues w/multiple target devices - add lirc_imon pure input mode support for onboard decode devices * Thu Nov 26 2009 David Woodhouse 2.6.31.6-152 - Fix intel_tv_mode_set oops (#540218) * Thu Nov 26 2009 David Woodhouse 2.6.31.6-151 - VT-d: Work around yet more HP BIOS brokenness (#536675) * Wed Nov 25 2009 Kyle McMartin - dlm: fix connection close handling. Fix by lmb, requested by fabio. * Wed Nov 25 2009 David Woodhouse 2.6.31.6-149 - VT-d: Work around more HP BIOS brokenness. * Tue Nov 24 2009 Dave Airlie 2.6.31.6-148 - radeon: flush HDP cache on rendering wait - fixes r600 rendercheck failure * Mon Nov 23 2009 Adam Jackson - drm-default-mode.patch: Default to 1024x768 to match UMS. (#538761) * Mon Nov 23 2009 Roland McGrath 2.6.31.6-146 - Fix oops in x86-32 kernel's iret handling for bogus user %cs. (#540580) * Sat Nov 21 2009 Kyle McMartin - Fix up ssp' highmem fixes with fixes for arm & ppc. * Fri Nov 20 2009 Chris Wright 2.6.31.6-144 - VT-d: another fallback for another BIOS bug (#524808) * Thu Nov 19 2009 Ben Skeggs 2.6.31.6-142 - Oops, add new patch to spec file * Thu Nov 19 2009 Ben Skeggs 2.6.31.6-141 - Lower debug level of fbcon handover messages (rh#538526) * Thu Nov 19 2009 Dave Airlie 2.6.31.6-140 - drm-next-44c83571.patch: oops pulled the wrong tree into my f12 tree * Thu Nov 19 2009 Ben Skeggs 2.6.31.6-139 - nouveau: s/r fixes on chipsets using bios opcode 0x87 - nouveau: fixes to bios opcode 0x8e - nouveau: hopefully fix nv1x context switching issues (rh#526577) - nouveau: support for NVA5 (GeForce G220) - nouveau: fixes for NVAA support * Thu Nov 19 2009 Dave Airlie 2.6.31.6-138 - drm-next-d56672a9.patch: fix some rn50 cloning issues * Wed Nov 18 2009 David Woodhouse 2.6.31.6-137 - Actually force the IOMMU not to be used when we detect the HP/Acer bug. * Tue Nov 17 2009 Chuck Ebbert 2.6.31.6-136 - ACPI embedded controller fixes from Fedora 11. * Tue Nov 17 2009 Chuck Ebbert 2.6.31.6-135 - Scheduler fixes and latency tuning patches from F-11. * Tue Nov 17 2009 Dave Airlie 2.6.31.6-134 - glad to see edid retry patch was compiled. * Tue Nov 17 2009 Dave Airlie 2.6.31.6-133 - drm-next-984d1f3c.patch: rebase with upstream fixes - drop all merged * Thu Nov 12 2009 Adam Jackson - Actually apply the EDID retry patch - drm-edid-header-fixup.patch: Fix up some broken EDID headers (#534120) * Thu Nov 12 2009 Chuck Ebbert 2.6.31.6-130 - Use ApplyOptionalPatch for v4l and firewire updates. - Drop unused v4l ABI fix. * Thu Nov 12 2009 Chuck Ebbert 2.6.31.6-129 - Linux 2.6.31.6 - Drop merged patches: linux-2.6-iwlwifi-reduce-noise-when-skb-allocation-fails.patch linux-2.6-libertas-crash.patch pci-increase-alignment-to-make-more-space.patch acpi-revert-attach-device-to-handle-early.patch ahci-revert-restore-sb600-sata-controller-64-bit-dma.patch acpi-pci-fix-null-pointer-dereference-in-acpi-get-pci-dev.patch af_unix-fix-deadlock-connecting-to-shutdown-socket.patch keys-get_instantiation_keyring-should-inc-the-keyring-refcount.patch netlink-fix-typo-in-initialization.patch fs-pipe-null-ptr-deref-fix.patch * Wed Nov 11 2009 Justin M. Forbes 2.6.31.5-128 - Fix KSM for i686 users. (#532215) - Add KSM fixes from 2.6.32

References

[ 1 ] Bug #544471 - CVE-2009-4131 EMBARGOED kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT https://bugzilla.redhat.com/show_bug.cgi?id=544471

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update kernel' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : kernel
Product : Fedora 12
Version : 2.6.31.6
Release : 166.fc12
URL : https://www.kernel.org/
Summary : The Linux kernel

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved