Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora: 2008-1423 Critical: Kernel Local Root Escalation Fixes

Update to Linux kernel 2.6.23.15: Fix vmsplice local root vulnerability: CVE-2008-0009: Fixed by update to 2.6.23.15. CVE-2008-0010: Fixed by update to 2.6.23.15. CVE-2008-0600: Extra fix from upstream applied. Fix memory leak in netlabel code. Work around broken Seagate LBA48 disks. (#429364) Fix futex oops on uniprocessor machine. (#429412) Add support for new Macbook touchpads. (#426574) Fix the initio driver broken in 2.6.23. (#390531) Fix segfaults from using vdso=2. (#427641) FireWire updates, fixing multiple problems. (#429598) ACPI: fix multiple problems with brightness controls (#427518) Fix Megahertz PCMCIA Ethernet adapter (#233255) Fix oops in netfilter. (#430663) ACPI: fix early init of EC (#426480) ALSA: fix audio on some systems with STAC codec (#431360) Atheros L2 fast Ethernet driver (atl2) for ASUS Eeepc. ASUS Eeepc ACPI hotkey driver. Wireless driver updates from upstream.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2008-1423 2008-02-11 20:30:09.696513 --------------------------------------------------------------------------------Name : kernel Product : Fedora 8 Version : 2.6.23.15 Release : 137.fc8 URL : https://www.kernel.org/ Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------------------Update Information: Update to Linux kernel 2.6.23.15: Fix vmsplice local root vulnerability: CVE-2008-0009: Fixed by update to 2.6.23.15. CVE-2008-0010: Fixed by update to 2.6.23.15. CVE-2008-0600: Extra fix from upstream applied. Fix memory leak in netlabel code. Work around broken Seagate LBA48 disks. (#429364) Fixfutex oops on uniprocessor machine. (#429412) Add support for new Macbook touchpads. (#426574) Fix the initio driver broken in 2.6.23. (#390531) Fix segfaults from using vdso=2. (#427641) FireWire updates, fixing multiple problems. (#429598) ACPI: fix multiple problems with brightness controls (#427518) Fix Megahertz PCMCIA Ethernet adapter (#233255) Fix oops in netfilter. (#430663) ACPI: fix early init of EC (#426480) ALSA: fix audio on some systems with STAC codec (#431360) Atheros L2 fast Ethernet driver (atl2) for ASUS Eeepc. ASUS Eeepc ACPI hotkey driver. Wireless driver updates from upstream. --------------------------------------------------------------------------------ChangeLog: * Sun Feb 10 2008 Dave Airlie 2.6.23.15-137 - CVE-2008-0600 - remote root vulnerability in vmsplice * Fri Feb 8 2008 Chuck Ebbert 2.6.23.15-136 - Linux 2.6.23.15 - Fix Megahertz PCMCIA Ethernet adapter (#233255) * Wed Feb 6 2008 Chuck Ebbert 2.6.23.14-135 - Bump version. * Wed Feb 6 2008 Chuck Ebbert 2.6.23.14-134 - Use the upstream fix for futex locking. - Fix oops in netfilter (#430663) * Tue Feb 5 2008 Chuck Ebbert 2.6.23.14-133 - ACPI: fix early init of EC (#426480) * Tue Feb 5 2008 Chuck Ebbert 2.6.23.14-132 - ACPI: fix multiple problems with brightness controls (#427518) * Tue Feb 5 2008 Chuck Ebbert 2.6.23.14-131 - ALSA: fix audio on some systems with STAC codec (#431360) * Tue Feb 5 2008 Jarod Wilson 2.6.23.14-130 - Pull in additional firewire fixes from upstream. Should resolve most 'giving up on config rom' problems (#429598). * Tue Feb 5 2008 Chuck Ebbert 2.6.23.14-129 - ASUS Eeepc hotkey ACPI driver. * Thu Jan 31 2008 Chuck Ebbert 2.6.23.14-128 - Strip extra leading slashes from path names in selinux. * Thu Jan 31 2008 Chuck Ebbert 2.6.23.14-127 - Added Atheros L2 fast Ethernet driver (atl2). * Wed Jan 30 2008 Chuck Ebbert 2.6.23.14-125 - Fix segfaults from using vdso=2 (#427641) * Fri Jan 25 2008 Chuck Ebbert 2.6.23.14-124 - UnsetCONFIG_USB_DEVICE_CLASS (#362221) * Fri Jan 25 2008 Chuck Ebbert 2.6.23.14-123 - Fix the initio driver broken in 2.6.23. (#390531) * Fri Jan 25 2008 Chuck Ebbert 2.6.23.14-122 - Drop obsolete ptrace patch. * Fri Jan 25 2008 Chuck Ebbert 2.6.23.14-121 - Add support for new Macbook touchpads (#426574) * Wed Jan 23 2008 John W. Linville 2.6.23.14-120 - bump release to get around Koji wierdness * Wed Jan 23 2008 John W. Linville 2.6.23.14-119 - Latest wireless updates from upstream - Remove obsolete ath5k and rtl8180 patches - Add rndis_wext driver * Tue Jan 22 2008 Chuck Ebbert 2.6.23.14-118 - Fix futex oops on uniprocessor machine. (#429412) * Tue Jan 22 2008 Chuck Ebbert 2.6.23.14-117 - Work around broken Seagate LBA48 disks (#429364) * Tue Jan 22 2008 Chuck Ebbert 2.6.23.14-116 - Fix memory leak in netlabel code (F7#352281) * Mon Jan 21 2008 Chuck Ebbert 2.6.23.14-115 - No change, just increment release. * Sat Jan 19 2008 Kyle McMartin 2.6.23.14-114 - Revert CONFIG_PHYSICAL_START on x86_64. * Fri Jan 18 2008 Chuck Ebbert 2.6.23.14-113 - Fix loss of mouse sync on some systems (#427697) - Revert "libata: allow short SCSI commands for ATAPI devices" (F7#429353) * Thu Jan 17 2008 Chuck Ebbert 2.6.23.14-112 - Set x86 CONFIG_PHYSICAL_START=0x400000 * Thu Jan 17 2008 John W. Linville 2.6.23.14-111 - More wireless fixes headed for 2.6.24 - More wireless updates headed for 2.6.25 * Thu Jan 17 2008 Dave Airlie 2.6.23.14-108 - update r500 patch to not have duplicate pciids. * Mon Jan 14 2008 Kyle McMartin 2.6.23.14-107 - Linux 2.6.23.14 * Fri Jan 11 2008 Jarod Wilson 2.6.23.13-106 - FireWire update, should enable iidc reception on all controllers - Update lirc bits to latest upstream * Thu Jan 10 2008 John W. Linville 2.6.23.13-105 - rt2500usb thinko fix - b43 N phy pre-support updates - ath5k cleanups and beacon fixes * Wed Jan 9 2008 John W. Linville 2.6.23.13-104 - More wireless fixes for 2.6.24 - More wireless update for 2.6.25 - EnableCONFIG_NL80211 * Wed Jan 9 2008 Chuck Ebbert 2.6.23.13-103 - Linux 2.6.23.13 * Tue Jan 8 2008 Chuck Ebbert 2.6.23.12-102 - Restore /proc/slabinfo (#396041) * Fri Jan 4 2008 John W. Linville 2.6.23.12-101 - Another round of wireless fixes headed for 2.6.24 - Another round of wireless updates headed for 2.6.25 * Fri Dec 21 2007 Chuck Ebbert 2.6.23.12-100 - USB: Use upstream version of the Huawei USB modem fix. * Wed Dec 19 2007 John W. Linville 2.6.23.12-99 - Some wireless fixes headed for 2.6.24 - Some wireless updates headed for 2.6.25 * Tue Dec 18 2007 Chuck Ebbert 2.6.23.12-98 - Linux 2.6.23.12 - Add fixed version of APM emulation patch removed in 2.6.23.10 * Sat Dec 15 2007 David Woodhouse 2.6.23.10-97 - Fix IPv6 checksums for pasemi-mac * Fri Dec 14 2007 Chuck Ebbert 2.6.23.10-96 - Linux 2.6.23.10 * Fri Dec 14 2007 Chuck Ebbert 2.6.23.9-95 - Update utrace to latest. * Fri Dec 14 2007 David Woodhouse 2.6.23.9-94 - Re-enable and fix pasemi-mac (and gpio-mdio) * Fri Dec 14 2007 David Woodhouse 2.6.23.9-91 - PA Semi platform fixes - Fix OProfile on non-Cell ppc64 * Wed Dec 12 2007 Dave Airlie 2.6.23.9-90 - fixup radeon r500 patch to apply to proper function * Wed Dec 12 2007 Dave Airlie 2.6.23.9-89 - Add support for r500 DRM for making 2D accel go faster * Tue Dec 11 2007 Chuck Ebbert 2.6.23.9-88 - Enable the USB IO-Warrior driver. (#419661) - ALSA: snd-hda-intel: don't go into polling mode. (#417141) * Mon Dec 10 2007 Chuck Ebbert 2.6.23.9-87 - highres-timers: update to -hrt4 (#394981); includes hang fix * Mon Dec 10 2007 John W. Linville 2.6.23.9-86 - add module alias for "zd1211rw-mac80211" * Fri Dec 7 2007 Chuck Ebbert 2.6.23.9-84 - highres-timers: fix possible hang * Thu Dec 6 2007 Chuck Ebbert 2.6.23.9-82 - libata: fix AHCI controller reset (#411171) - ACPI: don't init EC early if it has no _INI method (#334781) * Wed Dec 5 2007 Chuck Ebbert 2.6.23.9-81 - Fix some cpuidle bugs, should fix hangs on startup. * Wed Dec 52007 John W. Linville 2.6.23.9-80 - Some wireless driver bits headed for 2.6.25 * Tue Dec 4 2007 Chuck Ebbert 2.6.23.9-79 - libata: fix ATAPI tape drives (#394961) - libata: allow short SCSI commands for ATAPI devices * Mon Dec 3 2007 Jarod Wilson 2.6.23.9-78 - Fix FireWire OHCI 1.1 regression introduced by 1.0 support * Sat Dec 1 2007 John W. Linville 2.6.23.9-77 - Some wireless bits headed for 2.6.25 - Make ath5k use software WEP * Fri Nov 30 2007 Chuck Ebbert 2.6.23.9-76 - ALSA: fix missing controls on some drivers (#370821) - ACPI: send initial button state on startup (#275651) * Fri Nov 30 2007 Chuck Ebbert 2.6.23.9-75 - Disable e1000 link power management (#400561) * Fri Nov 30 2007 Jarod Wilson 2.6.23.9-74 - Improved FireWire OHCI 1.0 Isochronous Receive support (#344851) * Fri Nov 30 2007 John W. Linville 2.6.23.9-73 - Some more wireless bits headed for 2.6.24 * Thu Nov 29 2007 John W. Linville 2.6.23.9-72 - Resync wireless bits headed for 2.6.24 - Resync wireless bits headed for 2.6.25 * Wed Nov 28 2007 David Woodhouse 2.6.23.9-71 - Add support for MPC52xx FEC (again) * Wed Nov 28 2007 Chuck Ebbert 2.6.23.9-70 - Fix further bugs in init of Huawei USB modem (#253096) - Fix libata handling of IO ready test (#389971) * Wed Nov 28 2007 Chuck Ebbert 2.6.23.9-69 - Add support for SiS 7019 audio for K12LTSP project * Tue Nov 27 2007 Kyle McMartin 2.6.23.9-68 - Some USB disks spin themselves down automatically and need scsi_device.allow_restart enabled so they'll spin back up. * Tue Nov 27 2007 John W. Linville 2.6.23.9-67 - Fix NULL ptr reference in iwlwifi (CVE-2007-5938) * Tue Nov 27 2007 Chuck Ebbert 2.6.23.9-66 - ALSA 1.0.15 20071120 * Mon Nov 26 2007 Kyle McMartin 2.6.23.9-65 - Linux 2.6.23.9 * Mon Nov 26 2007 Chuck Ebbert 2.6.23.8-64 - Set CONFIG_USB_DEVICE_CLASS (#397571) * Wed Nov 21 2007 John W. Linville 2.6.23.8-63 - Revise b43 rev D support (new upstream patch) - Restore ability to add/remove virtual i/fs to mac80211devices * Tue Nov 20 2007 Chuck Ebbert 2.6.23.8-62 - Linux 2.6.23.9-rc1 * Mon Nov 19 2007 Chuck Ebbert 2.6.23.8-61 - Fix oops in netfilter NAT module (#259501) * Mon Nov 19 2007 Chuck Ebbert 2.6.23.8-60 - libata: fix resume on some systems - libata: fix pata_serverworks with some drive combinations * Mon Nov 19 2007 Chuck Ebbert 2.6.23.8-59 - Linux 2.6.23.8 * Thu Nov 15 2007 John W. Linville 2.6.23.1-56 - wireless fixes from 2.6.24 - wireless updates destined for 2.6.25 - ath5k driver updates - add rtl8180 driver - enable libertas driver - add experimental b43 rev D support * Thu Nov 15 2007 Chuck Ebbert 2.6.23.1-55 - Add DMI based autoloading for the Dell dcdbas driver (#248257) * Wed Nov 14 2007 Jarod Wilson 2.6.23.1-54 - Initial FireWire OHCI 1.0 Isochronous Receive support (#344851) * Tue Nov 13 2007 Chuck Ebbert 2.6.23.1-53 - Disable precise CPU time accounting, fixing a divide-by-zero bug. - Disable transparent PCI bridge resizing. * Tue Nov 13 2007 Chuck Ebbert 2.6.23.1-52 - Add touchpad support for Dell Vostro 1400 and Thinkpad R61 (#375471) * Tue Nov 13 2007 Chuck Ebbert 2.6.23.1-51 - Fix completely broken sata_sis libata driver (#365331) * Fri Nov 9 2007 Eric Paris 2.6.23.1-50 - Fix loop iteration problem in selinux ebitmap code * Thu Nov 8 2007 John W. Linville 2.6.23.1-49 - Resync wireless bits from current upstream * Wed Nov 7 2007 Chuck Ebbert 2.6.23.1-48 - md/raid5: fix misapplication of previous patch - net: fix panic removing devices from teql secheduler - net: fix oops in l2tp transmit and receive - nfs: fix writeback race causing data corruption - x86 setup: fix boot on 486DX4 processor * Tue Nov 6 2007 Chuck Ebbert 2.6.23.1-47 - update utrace * Tue Nov 6 2007 Chuck Ebbert 2.6.23.1-46 - ALSA updates: hda: revert STAC92XX volume control changes (#354981) hda: add STAC92XX DMIC support hda: disable shared stream on AD1986A cmipci: fix wrong definitions - CIFS: fix corruption when server returns EAGAIN(#357001) - ACPI: suspend/resume fixes - drivers: restore platform driver modaliases - x86: fix tsc clocksource calibration - x86_64: fix global tlb flushing bug - hidinput: add powerbook driver to x86_64 config (#358721) - spider_net: fix hang - mm: fix invalid ptrace access causing kernel hang - direct-io: fix return of stale data after DIO write - md/raid5: fix data corruption in some failure cases - serial: add IDs for some new Wacom tablets (#352811) * Tue Nov 6 2007 David Airlie 2.6.23.1-44 - Fix bug 228414 - X hangs at startup with Radeon X800 GTO PCIe with DRI * Sat Nov 3 2007 David Woodhouse 2.6.23.1-43 - Apply PS3 EHCI workaround to make rebooting work when hci_usb is loaded --------------------------------------------------------------------------------References: [ 1 ] Bug #429364 - Seagate ata harddrive not readable, zero hardware sectors https://bugzilla.redhat.com/show_bug.cgi?id=429364 [ 2 ] Bug #429412 - System OOPS on soundserver crash https://bugzilla.redhat.com/show_bug.cgi?id=429412 [ 3 ] Bug #426574 - appletouch does not recognize trackpad in macbook 3.1 https://bugzilla.redhat.com/show_bug.cgi?id=426574 [ 4 ] Bug #390531 - initio driver does not recognize INI-9100UW card https://bugzilla.redhat.com/show_bug.cgi?id=390531 [ 5 ] Bug #427641 - exec-shield GPF handler vs fixmap vDSO https://bugzilla.redhat.com/show_bug.cgi?id=427641 [ 6 ] Bug #432229 - [SECURITY] CVE-2008-0600 local escalation of privilege https://bugzilla.redhat.com/show_bug.cgi?id=432229 [ 7 ] Bug #427518 - ACPI video driver should validate brightness level before setting it via _BCM https://bugzilla.redhat.com/show_bug.cgi?id=427518 [ 8 ] Bug #233255 - Megahertz EM1144-T pcmcia ethernet adapter doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=233255 [ 9 ] Bug #430663 - kernel crash in nf_nat_move_storage https://bugzilla.redhat.com/show_bug.cgi?id=430663 [ 10 ] Bug #426480 -2.6.23.9-85.fc8 kernel brings out more ACPI errors info in dmesg on toshiba laptop https://bugzilla.redhat.com/show_bug.cgi?id=426480 [ 11 ] Bug #431360 - no sound on a dell inspiron 1420 https://bugzilla.redhat.com/show_bug.cgi?id=431360 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update kernel' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The latest Fedora kernel update 2.6.23.15 addresses critical security issues, such as vulnerabilities that allow local root access along with numerous bug fixes.. Fedora Kernel Update, Local Root Exploit, Kernel Fixes. . Severity: Critical. LinuxSecurity.com Team

Feb 11, 2008 •Critical Fedora