---------------------------------------------------------------------Fedora Update Notification
FEDORA-2004-582
2005-01-03
---------------------------------------------------------------------Product     : Fedora Core 3
Name        : kernel
Version     : 2.6.9
Release     : 1.724_FC3
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CAN-2004-1016:
  Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"
  function which handles the sending of UDP network packets. A wrong validity
  check of the cmsghdr structure allowed a local attacker to modify kernel
  memory, thus causing an endless loop (Denial of Service) or possibly even
  root privilege escalation.

CAN-2004-1017:
  Alan Cox reported two potential buffer overflows with the io_edgeport driver.

CAN-2004-1068:
  A race condition was discovered in the handling of AF_UNIX network packets.
  This reportedly allowed local users to modify arbitrary kernel memory,
  facilitating privilege escalation, or possibly allowing code execution in the
  context of the kernel.

CAN-2004-1137:
  Paul Starzetz discovered several flaws in the IGMP handling code. This
  allowed users to provoke a Denial of Service, read kernel memory, and execute
  arbitrary code with root privileges. This flaw is also exploitable remotely
  if an application has bound a multicast socket.

CAN-2004-1151:
  Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall()
  and sys32_vm86_warning() functions. This could possibly be exploited to
  overwrite kernel memory with attacker-supplied code and cause root privilege
  escalation.

NO-CAN-ASSIGNED:
- Fix memory leak in ip_conntrack_ftp (local DoS)
- Do not leak IP options. (local DoS)
- fix missing security_*() check in net/compat.c
- ia64/x86_64/s390 overlapping vma fix
- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
- Make sure VC resizing fits in s16.
  Georgi Guninski reported a buffer overflow with vc_resize().
- Clear ebp on sysenter return.
  A small information leak was found by Brad Spengler.

---------------------------------------------------------------------* Sat Jan 01 2005 Dave Jones 
- Fix probing of vesafb. (#125890)
- Enable PCILynx driver. (#142173)

* Fri Dec 31 2004 Dave Jones 
- Drop 4g/4g patch completely.

* Tue Dec 28 2004 Dave Jones 
- Drop bogus ethernet slab cache.

* Thu Dec 23 2004 Dave Jones 
- Fix bio error propagation.
- Clear ebp on sysenter return.
- Extra debugging info on OOM kill.
- exit() race fix.
- Fix refcounting order in sd/sr, fixing cable pulls on USB storage.
- IGMP source filter fixes.
- Fix ext2/3 leak on umount.
- fix missing wakeup in ipc/sem
- Fix another tux corner case bug.

* Wed Dec 22 2004 Dave Jones 
- Add another ipod to the unusual usb devices list. (#142779)

* Tue Dec 21 2004 Dave Jones 
- Fix two silly bugs in the AGP posting fixes.

* Thu Dec 16 2004 Dave Jones 
- Better version of the PCI Posting fixes for agpgart.
- Add missing cache flush to the AGP code.

* Sun Dec 12 2004 Dave Jones 
- fix false ECHILD result from wait* with zombie group leader.

* Sat Dec 11 2004 Dave Jones 
- Workaround broken pci posting in AGPGART.
- Make sure VC resizing fits in s16.

* Fri Dec 10 2004 Dave Jones 
- Prevent block device queues from being shared in viocd. (#139018)
- Libata updates. (#132848, #138405)
- aacraid: remove aac_handle_aif (#135527)
- fix uninitialized variable in waitid(2). (#142505)
- Fix CMSG validation checks wrt. signedness.
- Fix memory leak in ip_conntrack_ftp
- [IPV4]: Do not leak IP options.
- ppc64: Align PACA buffer for hypervisor's use. (#141817)
- ppc64: Indicate that the veth link is always up. (#135402)
- ppc64: Quiesce OpenFirmware stdin device at boot. (#142009)
- SELinux: Fix avc_node_update oops. (#142353)
- Fix CCISS ioctl return code.
- Make ppc64's pci_alloc_consistent() conform to documentation. (#140047)
- Disable tiglusb module. (#142102)
- E1000 64k-alignment fix. (#140047)
- Disable tiglusb module. (#142102)
- ID updates for cciss driver.
- Fix overflows in USB Edgeport-IO driver. (#142258)
- Fix wrong TASK_SIZE for 32bit processes on x86-64. (#141737)
- Fix ext2/ext3 xattr/mbcache race. (#138951)
- Fix bug where __getblk_slow can loop forever when pages are partially mapped. (#140424)
- Add missing cache flushes in agpgart code.

* Wed Dec 08 2004 Dave Jones 
- Enable EDD
- Enable ETH1394. (#138497)
- Workaround E1000 post-maturely writing back to TX descriptors. (#133261)
- Fix the previous E1000 errata workaround.
- Several IDE fixes from 2.6.9-ac
- vm pageout throttling. (#133858)
- Fix Tux from oopsing. (#140918)
- Fix Tux/SELinux incompatability (#140916)
- Fix Tux/IPV6 problem. (#140916)
- ide: Fix possible oops on boot.
- Make spinlock debugging panic instead of printk.
- Update Emulex lpfc driver to 8.0.16
- Selected patches from 2.6.9-ac12
- ppc64: Fix inability to find space for TCE table (#138844)
- Fix compat fcntl F_GETLK{,64} (#141680)
- blkdev_get_blocks(): handle eof
- Another card reader for the whitelist. (#134094)

* Sat Dec 04 2004 Dave Jones 
- Enable both old and new megaraid drivers.
- Add yet another card reader to usb scsi whitelist. (#141367)
- Fix oops in conntrack on rmmod.

* Fri Dec 03 2004 Dave Jones 
- Pull in bits of -ac12
  Should fix the smbfs & visor issues among others.

* Thu Dec 02 2004 Dave Jones 
- Drop the futex debug patch, it served its purpose.
- XFRM layer bug fixes
- ppc64: Convert to using ibm,read-slot-reset-state2 RTAS call
- ide: Make CSB6 driver support configurations.
- ide: Handle early EOF on CDs.
- Fix sx8 device naming in sysfs
- e100/e1000: return -EINVAL when setting rx-mini or rx-jumbo. (#140793)

* Wed Dec 01 2004 Dave Jones 
- Disable 4G/4G for i686.
- Workaround for the E1000 erratum 23 (#140047)
- Remove bogus futex warning. (#138179)
- x86_64: Fix lost edge triggered irqs on UP kernel.
- x86_64: Reenable DRI for MGA.
- Workaround E1000 post-maturely writing back to TX descriptors (#133261)
- 3c59x: add EEPROM_RESET for 3c900 Boomerang
- Fix buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
- ext3: improves ext3's error logging when we encounter an on-disk corruption.
- ext3: improves ext3's ability to deal with corruption on-disk
- ext3: Handle double-delete of indirect blocks.
- Disable SCB2 flash driver for RHEL4. (#141142)

* Tue Nov 30 2004 Dave Jones 
- x86_64: add an option to configure oops stack dump
- x86[64]: display phys_proc_id only when it is initialized
- x86_64: no TIOCSBRK/TIOCCBRK in ia32 emulation
- via-rhine: references __init code during resume
- Add barriers to generic timer code to prevent race. (#128242)
- ppc64: Add PURR and version data to /proc/ppc64/lparcfg
- Prevent xtime value becoming incorrect.
- scsi: return full SCSI status byte in SG_IO
- Fix show_trace() in irq context with CONFIG_4KSTACKS
- Adjust alignment of pagevec structure.
- md: make sure md always uses rdev_dec_pending properly.
- Make proc_pid_status not dereference dead task structs.
- sg: Fix oops of sg_cmd_done and sg_release race (#140648)
- fix bad segment coalescing in blk_recalc_rq_segments()
- fix missing security_*() check in net/compat.c
- ia64/x86_64/s390 overlapping vma fix
- Update Emulex lpfc to 8.0.15

* Mon Nov 29 2004 Dave Jones 
- Add another card reader to whitelist. (#141022)
- Fix possible hang in do_wait() (#140042)
- Fix ps showing wrong ppid. (#132030)
- Print advice to use -hugemem if >=16GB of memory is detected.
- Enable ICOM serial driver. (#136150)
- Enable acpi hotplug driver for IA64.
- SCSI: fix USB forced remove oops.
- ia64: add missing sn2 timer mask in time_interpolator code. (#140580)
- ia64: Fix hang reading /proc/pal/cpu0/tr_info (#139571)
- ia64: bump number of UARTS. (#139100)
- Fix ACPI debug level (#141292)
- Make EDD runtime configurable, and reenable.
- ppc64: IBM VSCSI driver race fix. (#138725)
- ppc64: Ensure PPC64 interrupts don't end up hard-disabled. (#139020, #131590)
- ppc64: Yet more sigsuspend/singlestep fixing. (#140102, #137931)
- x86-64: Implement ACPI based reset mechanism. (#139104)
- Backport 2.6.10rc sysfs changes needed for IBM hotplug driver. (#140372)
- Update Emulex lpfc driver to v8.0.14
- Optimize away the unconditional write to debug registers on signal delivery path.
- Fix up scsi_test_unit_ready() to work correctly with CD-ROMs.
- md: fix two little bugs in raid10
- Remove incorrect ELF check from module loading. (#140954)
- Plug leaks in error paths of aic driver.
- Add refcounting to scsi command allocation.
- Taint oopses on machine checks, bad_page()'s calls and forced rmmod's.
- Share Intel cache descriptors between x86 & x86-64.
- rx checksum support for gige nForce ethernet
- vm: vm_dirty_ratio initialisation fix

* Sun Nov 28 2004 Dave Jones 
- Move 4g/4g kernel into -hugemem.

* Sat Nov 27 2004 Dave Jones 
- Recognise Shuttle SN85G4 card reader. (#139163)

* Tue Nov 23 2004 Dave Jones 
- Add futex debug patch.

* Mon Nov 22 2004 Dave Jones 
- Update -ac patch to 2.6.9-ac11
- make tulip_stop_rxtx() wait for DMA to fully stop. (#138240)
- ACPI: Make LEqual less strict about operand types matching.
- scsi: avoid extra 'put' on devices in __scsi_iterate_device() (#138135)
- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
- Reenable token ring drivers. (#119345)
- SELinux: Map Unix seqpacket sockets to appropriate security class
- SELinux: destroy avtab node cache in policy load error path.
- AF_UNIX: Serialize dgram read using semaphore just like stream.
- lockd: NLM blocks locks don't sleep
- NFS lock recovery fixes
- Add more MODULE_VERSION tags (#136403)
- Update qlogic driver to 2.6.10rc2 level.
- cciss: fixes for clustering
- ieee802.11 update.
- ipw2100: update to ver 1.0.0
- ipw2200: update to ver 1.0.0
- Enable promisc mode on ipw2100
- 3c59x: reload EEPROM values at rmmod for needy cards
- ppc64: Prevent sigsuspend stomping on r4 and r5
- ppc64: Alternative single-step fix.
- fix for recursive netdump oops on x86_64
- ia64: Fix IRQ routing fix when booted with maxcpus=  (#138236)
- ia64: search the iommu for the correct size
- Deal with fraglists correctly on ipv4/ipv6 output
- Various statm accounting fixes (#139447)
- Reenable CMM /proc interface for s390 (#137397)

* Fri Nov 19 2004 Dave Jones 
- e100: fix improper enabling of interrupts. (#139706)
- autofs4: allow map update recognition
- Various TCP fixes from 2.6.10rc
- Various netlink fixes from 2.6.10rc
- [IPV4]: Do not try to unhash null-netdev nexthops.
- ppc64: Make NUMA map CPU->node before bringing up the CPU (#128063)
- ppc64: sched domains / cpu hotplug cleanup. (#128063)
- ppc64: Add a CPU_DOWN_PREPARE hotplug CPU notifier (#128063)
- ppc64: Register a cpu hotplug notifier to reinitialize the
  scheduler domains hierarchy (#128063)
- ppc64: Introduce CPU_DOWN_FAILED notifier (#128063)
- ppc64: Make arch_destroy_sched_domains() conditional (#128063)
- ppc64: Use CPU_DOWN_FAILED notifier in the sched-domains hotplug code (#128063)
- Various updates to the SCSI midlayer from 2.6.10rc.
- vlan_dev: return 0 on vlan_dev_change_mtu success. (#139760)
- Update Emulex lpfc driver to v8013
- Fix problem with b44 driver and 4g/4g patch. (#118165)
- Prevent oops when loading aic79xx on machine without hardware. (#125982)
- Use correct spinlock functions in token ring net code. (#135462)
- scsi: Add reset ioctl capability to ULDs
- scsi: update ips driver to 7.10.18
- Reenable ACPI hotplug driver. (#139976, #140130, #132691)


---------------------------------------------------------------------This update can be downloaded from:
  
01aa0e2568d7804a869dc8468a5b1605  SRPMS/kernel-2.6.9-1.724_FC3.src.rpm
47776539f4ccb70a3d2b0d641e24cebf  x86_64/kernel-2.6.9-1.724_FC3.x86_64.rpm
0188ac33f1a39b81fc94947c3d7be55d  x86_64/kernel-smp-2.6.9-1.724_FC3.x86_64.rpm
8ee1e74c68022d98268f8cd809f9751d  x86_64/debug/kernel-debuginfo-2.6.9-1.724_FC3.x86_64.rpm
b2c333acd8dc04c099fdf5ec8a4784b5  x86_64/kernel-doc-2.6.9-1.724_FC3.noarch.rpm
df2397cdd4380ecc7874df9489b48065  i386/kernel-2.6.9-1.724_FC3.i586.rpm
e5c97e06c0dbf0efe75ffe664e46c26e  i386/kernel-smp-2.6.9-1.724_FC3.i586.rpm
f6cb0feb9b9caff301dfd3a48fba821c  i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i586.rpm
c90b493037812e5b6f46e67256c2db43  i386/kernel-2.6.9-1.724_FC3.i686.rpm
cd699aa17ba07e66f062fad6f6b586df  i386/kernel-smp-2.6.9-1.724_FC3.i686.rpm
b6a14462b7daaf0400fe6c6fa9a4d808  i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i686.rpm
b2c333acd8dc04c099fdf5ec8a4784b5  i386/kernel-doc-2.6.9-1.724_FC3.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
-----------------------------------------------------------------------fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora: kernel-2.6.9-1.724_FC3 update

January 3, 2005
A large change over previous kernels has been made

Summary

The kernel package contains the Linux kernel (vmlinuz), the core of any

Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

A large change over previous kernels has been made. The 4G:4G memory

split patch has been dropped, and Fedora kernels now revert back to

the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CAN-2004-1016:

Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"

function which handles the sending of UDP network packets. A wrong validity

check of the cmsghdr structure allowed a local attacker to modify kernel

memory, thus causing an endless loop (Denial of Service) or possibly even

root privilege escalation.

CAN-2004-1017:

Alan Cox reported two potential buffer overflows with the io_edgeport driver.

CAN-2004-1068:

A race condition was discovered in the handling of AF_UNIX network packets.

This reportedly allowed local users to modify arbitrary kernel memory,

facilitating privilege escalation, or possibly allowing code execution in the

context of the kernel.

CAN-2004-1137:

Paul Starzetz discovered several flaws in the IGMP handling code. This

allowed users to provoke a Denial of Service, read kernel memory, and execute

arbitrary code with root privileges. This flaw is also exploitable remotely

if an application has bound a multicast socket.

CAN-2004-1151:

Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall()

and sys32_vm86_warning() functions. This could possibly be exploited to

overwrite kernel memory with attacker-supplied code and cause root privilege

escalation.

NO-CAN-ASSIGNED:

- Fix memory leak in ip_conntrack_ftp (local DoS)

- Do not leak IP options. (local DoS)

- fix missing security_*() check in net/compat.c

- ia64/x86_64/s390 overlapping vma fix

- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets

- Make sure VC resizing fits in s16.

Georgi Guninski reported a buffer overflow with vc_resize().

- Clear ebp on sysenter return.

A small information leak was found by Brad Spengler.

- Fix probing of vesafb. (#125890)

- Enable PCILynx driver. (#142173)

* Fri Dec 31 2004 Dave Jones

- Drop 4g/4g patch completely.

* Tue Dec 28 2004 Dave Jones

- Drop bogus ethernet slab cache.

* Thu Dec 23 2004 Dave Jones

- Fix bio error propagation.

- Clear ebp on sysenter return.

- Extra debugging info on OOM kill.

- exit() race fix.

- Fix refcounting order in sd/sr, fixing cable pulls on USB storage.

- IGMP source filter fixes.

- Fix ext2/3 leak on umount.

- fix missing wakeup in ipc/sem

- Fix another tux corner case bug.

* Wed Dec 22 2004 Dave Jones

- Add another ipod to the unusual usb devices list. (#142779)

* Tue Dec 21 2004 Dave Jones

- Fix two silly bugs in the AGP posting fixes.

* Thu Dec 16 2004 Dave Jones

- Better version of the PCI Posting fixes for agpgart.

- Add missing cache flush to the AGP code.

* Sun Dec 12 2004 Dave Jones

- fix false ECHILD result from wait* with zombie group leader.

* Sat Dec 11 2004 Dave Jones

- Workaround broken pci posting in AGPGART.

- Make sure VC resizing fits in s16.

* Fri Dec 10 2004 Dave Jones

- Prevent block device queues from being shared in viocd. (#139018)

- Libata updates. (#132848, #138405)

- aacraid: remove aac_handle_aif (#135527)

- fix uninitialized variable in waitid(2). (#142505)

- Fix CMSG validation checks wrt. signedness.

- Fix memory leak in ip_conntrack_ftp

- [IPV4]: Do not leak IP options.

- ppc64: Align PACA buffer for hypervisor's use. (#141817)

- ppc64: Indicate that the veth link is always up. (#135402)

- ppc64: Quiesce OpenFirmware stdin device at boot. (#142009)

- SELinux: Fix avc_node_update oops. (#142353)

- Fix CCISS ioctl return code.

- Make ppc64's pci_alloc_consistent() conform to documentation. (#140047)

- Disable tiglusb module. (#142102)

- E1000 64k-alignment fix. (#140047)

- Disable tiglusb module. (#142102)

- ID updates for cciss driver.

- Fix overflows in USB Edgeport-IO driver. (#142258)

- Fix wrong TASK_SIZE for 32bit processes on x86-64. (#141737)

- Fix ext2/ext3 xattr/mbcache race. (#138951)

- Fix bug where __getblk_slow can loop forever when pages are partially mapped. (#140424)

- Add missing cache flushes in agpgart code.

* Wed Dec 08 2004 Dave Jones

- Enable EDD

- Enable ETH1394. (#138497)

- Workaround E1000 post-maturely writing back to TX descriptors. (#133261)

- Fix the previous E1000 errata workaround.

- Several IDE fixes from 2.6.9-ac

- vm pageout throttling. (#133858)

- Fix Tux from oopsing. (#140918)

- Fix Tux/SELinux incompatability (#140916)

- Fix Tux/IPV6 problem. (#140916)

- ide: Fix possible oops on boot.

- Make spinlock debugging panic instead of printk.

- Update Emulex lpfc driver to 8.0.16

- Selected patches from 2.6.9-ac12

- ppc64: Fix inability to find space for TCE table (#138844)

- Fix compat fcntl F_GETLK{,64} (#141680)

- blkdev_get_blocks(): handle eof

- Another card reader for the whitelist. (#134094)

* Sat Dec 04 2004 Dave Jones

- Enable both old and new megaraid drivers.

- Add yet another card reader to usb scsi whitelist. (#141367)

- Fix oops in conntrack on rmmod.

* Fri Dec 03 2004 Dave Jones

- Pull in bits of -ac12

Should fix the smbfs & visor issues among others.

* Thu Dec 02 2004 Dave Jones

- Drop the futex debug patch, it served its purpose.

- XFRM layer bug fixes

- ppc64: Convert to using ibm,read-slot-reset-state2 RTAS call

- ide: Make CSB6 driver support configurations.

- ide: Handle early EOF on CDs.

- Fix sx8 device naming in sysfs

- e100/e1000: return -EINVAL when setting rx-mini or rx-jumbo. (#140793)

* Wed Dec 01 2004 Dave Jones

- Disable 4G/4G for i686.

- Workaround for the E1000 erratum 23 (#140047)

- Remove bogus futex warning. (#138179)

- x86_64: Fix lost edge triggered irqs on UP kernel.

- x86_64: Reenable DRI for MGA.

- Workaround E1000 post-maturely writing back to TX descriptors (#133261)

- 3c59x: add EEPROM_RESET for 3c900 Boomerang

- Fix buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()

- ext3: improves ext3's error logging when we encounter an on-disk corruption.

- ext3: improves ext3's ability to deal with corruption on-disk

- ext3: Handle double-delete of indirect blocks.

- Disable SCB2 flash driver for RHEL4. (#141142)

* Tue Nov 30 2004 Dave Jones

- x86_64: add an option to configure oops stack dump

- x86[64]: display phys_proc_id only when it is initialized

- x86_64: no TIOCSBRK/TIOCCBRK in ia32 emulation

- via-rhine: references __init code during resume

- Add barriers to generic timer code to prevent race. (#128242)

- ppc64: Add PURR and version data to /proc/ppc64/lparcfg

- Prevent xtime value becoming incorrect.

- scsi: return full SCSI status byte in SG_IO

- Fix show_trace() in irq context with CONFIG_4KSTACKS

- Adjust alignment of pagevec structure.

- md: make sure md always uses rdev_dec_pending properly.

- Make proc_pid_status not dereference dead task structs.

- sg: Fix oops of sg_cmd_done and sg_release race (#140648)

- fix bad segment coalescing in blk_recalc_rq_segments()

- fix missing security_*() check in net/compat.c

- ia64/x86_64/s390 overlapping vma fix

- Update Emulex lpfc to 8.0.15

* Mon Nov 29 2004 Dave Jones

- Add another card reader to whitelist. (#141022)

- Fix possible hang in do_wait() (#140042)

- Fix ps showing wrong ppid. (#132030)

- Print advice to use -hugemem if >=16GB of memory is detected.

- Enable ICOM serial driver. (#136150)

- Enable acpi hotplug driver for IA64.

- SCSI: fix USB forced remove oops.

- ia64: add missing sn2 timer mask in time_interpolator code. (#140580)

- ia64: Fix hang reading /proc/pal/cpu0/tr_info (#139571)

- ia64: bump number of UARTS. (#139100)

- Fix ACPI debug level (#141292)

- Make EDD runtime configurable, and reenable.

- ppc64: IBM VSCSI driver race fix. (#138725)

- ppc64: Ensure PPC64 interrupts don't end up hard-disabled. (#139020, #131590)

- ppc64: Yet more sigsuspend/singlestep fixing. (#140102, #137931)

- x86-64: Implement ACPI based reset mechanism. (#139104)

- Backport 2.6.10rc sysfs changes needed for IBM hotplug driver. (#140372)

- Update Emulex lpfc driver to v8.0.14

- Optimize away the unconditional write to debug registers on signal delivery path.

- Fix up scsi_test_unit_ready() to work correctly with CD-ROMs.

- md: fix two little bugs in raid10

- Remove incorrect ELF check from module loading. (#140954)

- Plug leaks in error paths of aic driver.

- Add refcounting to scsi command allocation.

- Taint oopses on machine checks, bad_page()'s calls and forced rmmod's.

- Share Intel cache descriptors between x86 & x86-64.

- rx checksum support for gige nForce ethernet

- vm: vm_dirty_ratio initialisation fix

* Sun Nov 28 2004 Dave Jones

- Move 4g/4g kernel into -hugemem.

* Sat Nov 27 2004 Dave Jones

- Recognise Shuttle SN85G4 card reader. (#139163)

* Tue Nov 23 2004 Dave Jones

- Add futex debug patch.

* Mon Nov 22 2004 Dave Jones

- Update -ac patch to 2.6.9-ac11

- make tulip_stop_rxtx() wait for DMA to fully stop. (#138240)

- ACPI: Make LEqual less strict about operand types matching.

- scsi: avoid extra 'put' on devices in __scsi_iterate_device() (#138135)

- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets

- Reenable token ring drivers. (#119345)

- SELinux: Map Unix seqpacket sockets to appropriate security class

- SELinux: destroy avtab node cache in policy load error path.

- AF_UNIX: Serialize dgram read using semaphore just like stream.

- lockd: NLM blocks locks don't sleep

- NFS lock recovery fixes

- Add more MODULE_VERSION tags (#136403)

- Update qlogic driver to 2.6.10rc2 level.

- cciss: fixes for clustering

- ieee802.11 update.

- ipw2100: update to ver 1.0.0

- ipw2200: update to ver 1.0.0

- Enable promisc mode on ipw2100

- 3c59x: reload EEPROM values at rmmod for needy cards

- ppc64: Prevent sigsuspend stomping on r4 and r5

- ppc64: Alternative single-step fix.

- fix for recursive netdump oops on x86_64

- ia64: Fix IRQ routing fix when booted with maxcpus= (#138236)

- ia64: search the iommu for the correct size

- Deal with fraglists correctly on ipv4/ipv6 output

- Various statm accounting fixes (#139447)

- Reenable CMM /proc interface for s390 (#137397)

* Fri Nov 19 2004 Dave Jones

- e100: fix improper enabling of interrupts. (#139706)

- autofs4: allow map update recognition

- Various TCP fixes from 2.6.10rc

- Various netlink fixes from 2.6.10rc

- [IPV4]: Do not try to unhash null-netdev nexthops.

- ppc64: Make NUMA map CPU->node before bringing up the CPU (#128063)

- ppc64: sched domains / cpu hotplug cleanup. (#128063)

- ppc64: Add a CPU_DOWN_PREPARE hotplug CPU notifier (#128063)

- ppc64: Register a cpu hotplug notifier to reinitialize the

scheduler domains hierarchy (#128063)

- ppc64: Introduce CPU_DOWN_FAILED notifier (#128063)

- ppc64: Make arch_destroy_sched_domains() conditional (#128063)

- ppc64: Use CPU_DOWN_FAILED notifier in the sched-domains hotplug code (#128063)

- Various updates to the SCSI midlayer from 2.6.10rc.

- vlan_dev: return 0 on vlan_dev_change_mtu success. (#139760)

- Update Emulex lpfc driver to v8013

- Fix problem with b44 driver and 4g/4g patch. (#118165)

- Prevent oops when loading aic79xx on machine without hardware. (#125982)

- Use correct spinlock functions in token ring net code. (#135462)

- scsi: Add reset ioctl capability to ULDs

- scsi: update ips driver to 7.10.18

- Reenable ACPI hotplug driver. (#139976, #140130, #132691)

01aa0e2568d7804a869dc8468a5b1605 SRPMS/kernel-2.6.9-1.724_FC3.src.rpm

47776539f4ccb70a3d2b0d641e24cebf x86_64/kernel-2.6.9-1.724_FC3.x86_64.rpm

0188ac33f1a39b81fc94947c3d7be55d x86_64/kernel-smp-2.6.9-1.724_FC3.x86_64.rpm

8ee1e74c68022d98268f8cd809f9751d x86_64/debug/kernel-debuginfo-2.6.9-1.724_FC3.x86_64.rpm

b2c333acd8dc04c099fdf5ec8a4784b5 x86_64/kernel-doc-2.6.9-1.724_FC3.noarch.rpm

df2397cdd4380ecc7874df9489b48065 i386/kernel-2.6.9-1.724_FC3.i586.rpm

e5c97e06c0dbf0efe75ffe664e46c26e i386/kernel-smp-2.6.9-1.724_FC3.i586.rpm

f6cb0feb9b9caff301dfd3a48fba821c i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i586.rpm

c90b493037812e5b6f46e67256c2db43 i386/kernel-2.6.9-1.724_FC3.i686.rpm

cd699aa17ba07e66f062fad6f6b586df i386/kernel-smp-2.6.9-1.724_FC3.i686.rpm

b6a14462b7daaf0400fe6c6fa9a4d808 i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i686.rpm

b2c333acd8dc04c099fdf5ec8a4784b5 i386/kernel-doc-2.6.9-1.724_FC3.noarch.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2004-582 2005-01-03 Name : kernel Version : 2.6.9 Release : 1.724_FC3 Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split. A number of security fixes are present in this update. CAN-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send" function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation. CAN-2004-1017: Alan Cox reported two potential buffer overflows with the io_edgeport driver. CAN-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CAN-2004-1137: Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket. CAN-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation. NO-CAN-ASSIGNED: - Fix memory leak in ip_conntrack_ftp (local DoS) - Do not leak IP options. (local DoS) - fix missing security_*() check in net/compat.c - ia64/x86_64/s390 overlapping vma fix - Fix bugs with SOCK_SEQPACKET AF_UNIX sockets - Make sure VC resizing fits in s16. Georgi Guninski reported a buffer overflow with vc_resize(). - Clear ebp on sysenter return. A small information leak was found by Brad Spengler. - Fix probing of vesafb. (#125890) - Enable PCILynx driver. (#142173) * Fri Dec 31 2004 Dave Jones - Drop 4g/4g patch completely. * Tue Dec 28 2004 Dave Jones - Drop bogus ethernet slab cache. * Thu Dec 23 2004 Dave Jones - Fix bio error propagation. - Clear ebp on sysenter return. - Extra debugging info on OOM kill. - exit() race fix. - Fix refcounting order in sd/sr, fixing cable pulls on USB storage. - IGMP source filter fixes. - Fix ext2/3 leak on umount. - fix missing wakeup in ipc/sem - Fix another tux corner case bug. * Wed Dec 22 2004 Dave Jones - Add another ipod to the unusual usb devices list. (#142779) * Tue Dec 21 2004 Dave Jones - Fix two silly bugs in the AGP posting fixes. * Thu Dec 16 2004 Dave Jones - Better version of the PCI Posting fixes for agpgart. - Add missing cache flush to the AGP code. * Sun Dec 12 2004 Dave Jones - fix false ECHILD result from wait* with zombie group leader. * Sat Dec 11 2004 Dave Jones - Workaround broken pci posting in AGPGART. - Make sure VC resizing fits in s16. * Fri Dec 10 2004 Dave Jones - Prevent block device queues from being shared in viocd. (#139018) - Libata updates. (#132848, #138405) - aacraid: remove aac_handle_aif (#135527) - fix uninitialized variable in waitid(2). (#142505) - Fix CMSG validation checks wrt. signedness. - Fix memory leak in ip_conntrack_ftp - [IPV4]: Do not leak IP options. - ppc64: Align PACA buffer for hypervisor's use. (#141817) - ppc64: Indicate that the veth link is always up. (#135402) - ppc64: Quiesce OpenFirmware stdin device at boot. (#142009) - SELinux: Fix avc_node_update oops. (#142353) - Fix CCISS ioctl return code. - Make ppc64's pci_alloc_consistent() conform to documentation. (#140047) - Disable tiglusb module. (#142102) - E1000 64k-alignment fix. (#140047) - Disable tiglusb module. (#142102) - ID updates for cciss driver. - Fix overflows in USB Edgeport-IO driver. (#142258) - Fix wrong TASK_SIZE for 32bit processes on x86-64. (#141737) - Fix ext2/ext3 xattr/mbcache race. (#138951) - Fix bug where __getblk_slow can loop forever when pages are partially mapped. (#140424) - Add missing cache flushes in agpgart code. * Wed Dec 08 2004 Dave Jones - Enable EDD - Enable ETH1394. (#138497) - Workaround E1000 post-maturely writing back to TX descriptors. (#133261) - Fix the previous E1000 errata workaround. - Several IDE fixes from 2.6.9-ac - vm pageout throttling. (#133858) - Fix Tux from oopsing. (#140918) - Fix Tux/SELinux incompatability (#140916) - Fix Tux/IPV6 problem. (#140916) - ide: Fix possible oops on boot. - Make spinlock debugging panic instead of printk. - Update Emulex lpfc driver to 8.0.16 - Selected patches from 2.6.9-ac12 - ppc64: Fix inability to find space for TCE table (#138844) - Fix compat fcntl F_GETLK{,64} (#141680) - blkdev_get_blocks(): handle eof - Another card reader for the whitelist. (#134094) * Sat Dec 04 2004 Dave Jones - Enable both old and new megaraid drivers. - Add yet another card reader to usb scsi whitelist. (#141367) - Fix oops in conntrack on rmmod. * Fri Dec 03 2004 Dave Jones - Pull in bits of -ac12 Should fix the smbfs & visor issues among others. * Thu Dec 02 2004 Dave Jones - Drop the futex debug patch, it served its purpose. - XFRM layer bug fixes - ppc64: Convert to using ibm,read-slot-reset-state2 RTAS call - ide: Make CSB6 driver support configurations. - ide: Handle early EOF on CDs. - Fix sx8 device naming in sysfs - e100/e1000: return -EINVAL when setting rx-mini or rx-jumbo. (#140793) * Wed Dec 01 2004 Dave Jones - Disable 4G/4G for i686. - Workaround for the E1000 erratum 23 (#140047) - Remove bogus futex warning. (#138179) - x86_64: Fix lost edge triggered irqs on UP kernel. - x86_64: Reenable DRI for MGA. - Workaround E1000 post-maturely writing back to TX descriptors (#133261) - 3c59x: add EEPROM_RESET for 3c900 Boomerang - Fix buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall() - ext3: improves ext3's error logging when we encounter an on-disk corruption. - ext3: improves ext3's ability to deal with corruption on-disk - ext3: Handle double-delete of indirect blocks. - Disable SCB2 flash driver for RHEL4. (#141142) * Tue Nov 30 2004 Dave Jones - x86_64: add an option to configure oops stack dump - x86[64]: display phys_proc_id only when it is initialized - x86_64: no TIOCSBRK/TIOCCBRK in ia32 emulation - via-rhine: references __init code during resume - Add barriers to generic timer code to prevent race. (#128242) - ppc64: Add PURR and version data to /proc/ppc64/lparcfg - Prevent xtime value becoming incorrect. - scsi: return full SCSI status byte in SG_IO - Fix show_trace() in irq context with CONFIG_4KSTACKS - Adjust alignment of pagevec structure. - md: make sure md always uses rdev_dec_pending properly. - Make proc_pid_status not dereference dead task structs. - sg: Fix oops of sg_cmd_done and sg_release race (#140648) - fix bad segment coalescing in blk_recalc_rq_segments() - fix missing security_*() check in net/compat.c - ia64/x86_64/s390 overlapping vma fix - Update Emulex lpfc to 8.0.15 * Mon Nov 29 2004 Dave Jones - Add another card reader to whitelist. (#141022) - Fix possible hang in do_wait() (#140042) - Fix ps showing wrong ppid. (#132030) - Print advice to use -hugemem if >=16GB of memory is detected. - Enable ICOM serial driver. (#136150) - Enable acpi hotplug driver for IA64. - SCSI: fix USB forced remove oops. - ia64: add missing sn2 timer mask in time_interpolator code. (#140580) - ia64: Fix hang reading /proc/pal/cpu0/tr_info (#139571) - ia64: bump number of UARTS. (#139100) - Fix ACPI debug level (#141292) - Make EDD runtime configurable, and reenable. - ppc64: IBM VSCSI driver race fix. (#138725) - ppc64: Ensure PPC64 interrupts don't end up hard-disabled. (#139020, #131590) - ppc64: Yet more sigsuspend/singlestep fixing. (#140102, #137931) - x86-64: Implement ACPI based reset mechanism. (#139104) - Backport 2.6.10rc sysfs changes needed for IBM hotplug driver. (#140372) - Update Emulex lpfc driver to v8.0.14 - Optimize away the unconditional write to debug registers on signal delivery path. - Fix up scsi_test_unit_ready() to work correctly with CD-ROMs. - md: fix two little bugs in raid10 - Remove incorrect ELF check from module loading. (#140954) - Plug leaks in error paths of aic driver. - Add refcounting to scsi command allocation. - Taint oopses on machine checks, bad_page()'s calls and forced rmmod's. - Share Intel cache descriptors between x86 & x86-64. - rx checksum support for gige nForce ethernet - vm: vm_dirty_ratio initialisation fix * Sun Nov 28 2004 Dave Jones - Move 4g/4g kernel into -hugemem. * Sat Nov 27 2004 Dave Jones - Recognise Shuttle SN85G4 card reader. (#139163) * Tue Nov 23 2004 Dave Jones - Add futex debug patch. * Mon Nov 22 2004 Dave Jones - Update -ac patch to 2.6.9-ac11 - make tulip_stop_rxtx() wait for DMA to fully stop. (#138240) - ACPI: Make LEqual less strict about operand types matching. - scsi: avoid extra 'put' on devices in __scsi_iterate_device() (#138135) - Fix bugs with SOCK_SEQPACKET AF_UNIX sockets - Reenable token ring drivers. (#119345) - SELinux: Map Unix seqpacket sockets to appropriate security class - SELinux: destroy avtab node cache in policy load error path. - AF_UNIX: Serialize dgram read using semaphore just like stream. - lockd: NLM blocks locks don't sleep - NFS lock recovery fixes - Add more MODULE_VERSION tags (#136403) - Update qlogic driver to 2.6.10rc2 level. - cciss: fixes for clustering - ieee802.11 update. - ipw2100: update to ver 1.0.0 - ipw2200: update to ver 1.0.0 - Enable promisc mode on ipw2100 - 3c59x: reload EEPROM values at rmmod for needy cards - ppc64: Prevent sigsuspend stomping on r4 and r5 - ppc64: Alternative single-step fix. - fix for recursive netdump oops on x86_64 - ia64: Fix IRQ routing fix when booted with maxcpus= (#138236) - ia64: search the iommu for the correct size - Deal with fraglists correctly on ipv4/ipv6 output - Various statm accounting fixes (#139447) - Reenable CMM /proc interface for s390 (#137397) * Fri Nov 19 2004 Dave Jones - e100: fix improper enabling of interrupts. (#139706) - autofs4: allow map update recognition - Various TCP fixes from 2.6.10rc - Various netlink fixes from 2.6.10rc - [IPV4]: Do not try to unhash null-netdev nexthops. - ppc64: Make NUMA map CPU->node before bringing up the CPU (#128063) - ppc64: sched domains / cpu hotplug cleanup. (#128063) - ppc64: Add a CPU_DOWN_PREPARE hotplug CPU notifier (#128063) - ppc64: Register a cpu hotplug notifier to reinitialize the scheduler domains hierarchy (#128063) - ppc64: Introduce CPU_DOWN_FAILED notifier (#128063) - ppc64: Make arch_destroy_sched_domains() conditional (#128063) - ppc64: Use CPU_DOWN_FAILED notifier in the sched-domains hotplug code (#128063) - Various updates to the SCSI midlayer from 2.6.10rc. - vlan_dev: return 0 on vlan_dev_change_mtu success. (#139760) - Update Emulex lpfc driver to v8013 - Fix problem with b44 driver and 4g/4g patch. (#118165) - Prevent oops when loading aic79xx on machine without hardware. (#125982) - Use correct spinlock functions in token ring net code. (#135462) - scsi: Add reset ioctl capability to ULDs - scsi: update ips driver to 7.10.18 - Reenable ACPI hotplug driver. (#139976, #140130, #132691) 01aa0e2568d7804a869dc8468a5b1605 SRPMS/kernel-2.6.9-1.724_FC3.src.rpm 47776539f4ccb70a3d2b0d641e24cebf x86_64/kernel-2.6.9-1.724_FC3.x86_64.rpm 0188ac33f1a39b81fc94947c3d7be55d x86_64/kernel-smp-2.6.9-1.724_FC3.x86_64.rpm 8ee1e74c68022d98268f8cd809f9751d x86_64/debug/kernel-debuginfo-2.6.9-1.724_FC3.x86_64.rpm b2c333acd8dc04c099fdf5ec8a4784b5 x86_64/kernel-doc-2.6.9-1.724_FC3.noarch.rpm df2397cdd4380ecc7874df9489b48065 i386/kernel-2.6.9-1.724_FC3.i586.rpm e5c97e06c0dbf0efe75ffe664e46c26e i386/kernel-smp-2.6.9-1.724_FC3.i586.rpm f6cb0feb9b9caff301dfd3a48fba821c i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i586.rpm c90b493037812e5b6f46e67256c2db43 i386/kernel-2.6.9-1.724_FC3.i686.rpm cd699aa17ba07e66f062fad6f6b586df i386/kernel-smp-2.6.9-1.724_FC3.i686.rpm b6a14462b7daaf0400fe6c6fa9a4d808 i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i686.rpm b2c333acd8dc04c099fdf5ec8a4784b5 i386/kernel-doc-2.6.9-1.724_FC3.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : kernel
Version : 2.6.9
Release : 1.724_FC3
Summary : The Linux kernel (the core of the Linux operating system)

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved