Fedora 21: kernel Security Update

    Date22 Apr 2015
    CategoryFedora
    115
    Posted ByLinuxSecurity Advisories
    The 3.19.4 stable release contains a number of important fixes across the tree.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2015-6320
    2015-04-18 05:41:41
    --------------------------------------------------------------------------------
    
    Name        : kernel
    Product     : Fedora 21
    Version     : 3.19.4
    Release     : 200.fc21
    URL         : http://www.kernel.org/
    Summary     : The Linux kernel
    Description :
    The kernel meta package
    
    --------------------------------------------------------------------------------
    Update Information:
    
    The 3.19.4 stable release contains a number of important fixes across the tree.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Apr 13 2015 Justin M. Forbes  - 3.19.4-200
    - Linux v3.19.4
    * Thu Apr  2 2015 Josh Boyer 
    - DoS against IPv6 stacks due to improper handling of RA (rhbz 1203712 1208491)
    * Wed Apr  1 2015 Josh Boyer 
    - Backport patch to fix tg3 deadlock (rhbz 1207789)
    - Fix gssproxy (rhbz 1203913)
    - CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
    * Thu Mar 26 2015 Justin M. Forbes  - 3.19.3-200
    - Linux v3.19.3
    * Thu Mar 26 2015 Peter Robinson 
    - Disable the broken CONFIG_MSM_IOMMU
    * Tue Mar 24 2015 Josh Boyer 
    - Fix tun bug causing Juniper VPN failure (rhbz 1204512)
    * Mon Mar 23 2015 Josh Boyer  - 3.19.2-201
    - Enable CONFIG_SND_BEBOB (rhbz 1204342)
    - Validate iovec range in sys_sendto/sys_recvfrom
    - CVE-2015-2666 execution in the early microcode loader (rhbz 1204724 1204722)
    * Mon Mar 23 2015 Peter Robinson 
    - Refix Panda on ARMv7 crash on boot
    * Fri Mar 20 2015 Josh Boyer 
    - Fix brightness on Lenovo Ideapad Z570 (rhbz 1187004)
    * Thu Mar 19 2015 Justin M. Forbes  - 3.19.2-200
    - Linux v3.19.2
    * Wed Mar 18 2015 Peter Robinson 
    - Add upstream aarch64 patch to fix hang due to cache invalidation bug
    - Fix aarch64 DTBs now they're in vendor sub dirs
    * Tue Mar 17 2015 Justin M. Forbes  - 3.19.1-201
    - Re-add patch to quiet i915 state machine
    * Mon Mar 16 2015 Justin M. Forbes  - 3.19.1-200
    - Linux v3.19.1
    * Fri Mar 13 2015 Kyle McMartin 
    - arm64-revert-tlb-rcu_table_free.patch: revert 5e5f6dc1 which causes
      lockups on arm64 machines.
    - Add kernel-4* to .gitignore.
    - arm64-fix-ooo-descriptor-read.patch: fix an xgene-enet crash.
    * Fri Mar 13 2015 Josh Boyer 
    - Add patch to support clickpads (rhbz 1201532)
    * Thu Mar 12 2015 Josh Boyer 
    - CVE-2014-8159 infiniband: uverbs: unprotected physical memory access (rhbz 1181166 1200950)
    * Wed Mar 11 2015 Josh Boyer 
    - Fix blank screen after resume with various radeon devices (rhbz 1069027)
    - CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
    - Patch series to fix Lenovo *40 and Carbon X1 touchpads (rhbz 1200777 1200778)
    * Tue Mar 10 2015 Josh Boyer 
    - CVE-2015-2042 rds: information handling flaw in sysctl (rhbz 1195355 1199365)
    * Mon Mar  9 2015 Justin M. Forbes  - 3.18.9-200
    - Linux v3.18.9
    * Mon Mar  2 2015 Josh Boyer 
    - Add patch to fix nfsd soft lockup (rhbz 1185519)
    - Enable ET131X driver (rhbz 1197842)
    * Sat Feb 28 2015 Peter Robinson 
    - Fix Panda on ARMv7 crash on boot
    * Fri Feb 27 2015 Kyle McMartin  - 3.18.8-201
    - Fix up aarch64 build... mis-merge in kernel-arm64.patch.
    * Fri Feb 27 2015 Josh Boyer  - 3.18.8-200
    - Linux v3.18.8
    * Thu Feb 26 2015 Josh Boyer 
    - CVE-2015-1421 sctp: slab corruption from use after free on INIT collisions (rhbz 1196581 1196595)
    * Wed Feb 25 2015 Josh Boyer 
    - Add support for AR5B195 devices from Alexander Ploumistos (rhbz 1190947)
    * Tue Feb 24 2015 Josh Boyer 
    - Fix ext4 remount with journal_checksum option (rhbz 1190933)
    * Mon Feb 23 2015 Josh Boyer 
    - Add patch for HID i2c from Seth Forshee (rhbz 1188439)
    - CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178)
    * Fri Feb 20 2015 Josh Boyer 
    - Move mtpspi and related mods to kernel-core for VMWare guests (rhbz 1194612)
    * Mon Feb 16 2015 Josh Boyer 
    - CVE-XXXX-XXXX potential memory corruption in vhost/scsi driver (rhbz 1189864 1192079)
    - CVE-2015-1593 stack ASLR integer overflow (rhbz 1192519 1192520)
    * Wed Feb 11 2015 Justin M. Forbes  - 3.18.7-200
    - Linux v3.18.7
    - Add disable_native_backlight quirk for Samsung 510R (rhbz 1186097)
    * Fri Feb  6 2015 Justin M. Forbes  - 3.18.6-200
    - Linux v3.18.6
    * Mon Feb  2 2015 Justin M. Forbes  - 3.18.5-201
    - Fixup adjtimex freq validation on 32bit systems (rhbz 1188074)
    * Mon Feb  2 2015 Josh Boyer 
    - CVE-XXXX-XXX DoS due to routing packets to too many different dsts/too fast (rhbz 1183744 1188347)
    * Fri Jan 30 2015 Justin M. Forbes  - 3.18.5-200
    - Linux v3.18.5
    * Thu Jan 29 2015 Josh Boyer 
    - Backport patch from Rob Clark to toggle i915 state machine checks
    - Disable i915 state checks
    * Tue Jan 27 2015 Justin M. Forbes  - 3.18.4-200
    - Linux v3.18.4
    * Tue Jan 27 2015 Josh Boyer 
    - CVE-2015-0239 kvm: insufficient sysenter emulation from 16-bit (rhbz 1186448 1186453)
    * Mon Jan 19 2015 Justin M. Forbes  - 3.18.3-201
    - Add fixes from 3.18.4 queue to fix i915 issues (rhbz 1183232)
    - xhci: Check if slot is already in default state before moving it there (rhbz 1183289)
    * Fri Jan 16 2015 Justin M. Forbes  - 3.18.3-200
    - Linux v3.18.3
    * Thu Jan 15 2015 Justin M. Forbes 
    - Build fixes for big-endian arches
    * Tue Jan 13 2015 Justin M. Forbes  - 3.18.2-200
    - Linux v3.18.2
    * Mon Jan 12 2015 Josh Boyer 
    - CVE-2014-9585 ASLR brute-force possible for vdso (rhbz 1181054 1181056)
    - Backlight fixes for Samsung and Dell machines (rhbz 1094948 1115713 1163574)
    - Add various UAS quirks (rhbz 1124119)
    - Add patch to fix loop in VDSO (rhbz 1178975)
    * Thu Jan  8 2015 Justin M. Forbes  - 3.17.8-300
    - Linux v3.17.8
    * Wed Jan  7 2015 Josh Boyer 
    - CVE-2014-9529 memory corruption or panic during key gc (rhbz 1179813 1179853)
    - Enable POWERCAP and INTEL_RAPL
    * Tue Jan  6 2015 Josh Boyer 
    - CVE-2014-9419 partial ASLR bypass through TLS base addr leak (rhbz 1177260 1177263)
    - CVE-2014-9428 remote DoS via batman-adv (rhbz 1178826 1178833)
    - Fix CIFS login issue (rhbz 1163927)
    * Mon Dec 29 2014 Josh Boyer 
    - Enable F2FS (rhbz 972446)
    * Thu Dec 18 2014 Josh Boyer 
    - CVE-2014-8989 userns can bypass group restrictions (rhbz 1170684 1170688)
    - Fix dm-cache crash (rhbz 1168434)
    - Fix blk-mq crash on CPU hotplug (rhbz 1175261)
    * Wed Dec 17 2014 Josh Boyer 
    - Enable USBIP in modules-extra from Johnathan Dieter (rhbz 1169478)
    - CVE-2014-XXXX isofs: infinite loop in CE record entries (rhbz 1175235 1175250)
    * Tue Dec 16 2014 Josh Boyer 
    - Linux v3.17.7
    - CVE-2014-8559 deadlock due to incorrect usage of rename_lock (rhbz 1159313 1173814)
    - Add patch from Josh Stone to restore var-tracking via Kconfig (rhbz 1126580)
    * Mon Dec 15 2014 Josh Boyer 
    - Fix ppc64 boot with smt-enabled=off (rhbz 1173806)
    - CVE-2014-8133 x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS (rhbz 1172797 1174374)
    * Fri Dec 12 2014 Kyle McMartin 
    - build in ahci_platform on aarch64 temporarily.
    * Fri Dec 12 2014 Josh Boyer 
    - Remove pointless warning in cfg80211 (rhbz 1172543)
    * Wed Dec 10 2014 Josh Boyer 
    - Fix MSI issues on another Samsung pci-e SSD (rhbz 1084928)
    - Fix UAS crashes with Seagate and Fresco Logic drives (rhbz 1164945)
    - CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769)
    * Mon Dec  8 2014 Justin M. Forbes  - 3.17.6-300
    - Linux v3.17.6
    * Fri Dec  5 2014 Kyle McMartin  - 3.17.4-303
    - arm64-fix-xgene_enet_process_ring.patch: fix a panic under load.
    * Thu Dec  4 2014 Josh Boyer  - 3.17.4-302
    - CVE-2014-9090 local DoS via do_double_fault due to improper SS faults (rhbz 1170691)
    * Thu Dec  4 2014 Kyle McMartin 
    - kernel-arm64.patch: update.
    - arm64-force-serial-to-be-active-consdev.patch: force serial consoles
      to be the primary console device instead of defaulting to tty0. No
      changes to drivers outside of ARM-land.
    - arm64-vgic-error-to-info.patch: change an error to a warning so that
      kvm will work.
    * Mon Dec  1 2014 Josh Boyer 
    - Add patch to quiet i915 driver on long hdps
    - Add patch to fix oops when using xpad (rhbz 1094048)
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1196266 - CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120)
            https://bugzilla.redhat.com/show_bug.cgi?id=1196266
      [ 2 ] Bug #1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
            https://bugzilla.redhat.com/show_bug.cgi?id=1203712
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use
    su -c 'yum update kernel' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://admin.fedoraproject.org/mailman/listinfo/package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.