LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 11 kernel-2.6.30.9-102.fc11 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora CVE-2009-1298 null ptr deref in ipv4 ip_frag_reasm.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-12786
2009-12-07 06:16:34
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 11
Version     : 2.6.30.9
Release     : 102.fc11
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

CVE-2009-1298 null ptr deref in ipv4 ip_frag_reasm.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  3 2009 Kyle McMartin  2.6.30.9-102
- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
  bug fix.
* Thu Nov 19 2009 Kyle McMartin 
- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse
  when low on memory. rhbz#538734.
* Thu Nov 19 2009 David Woodhouse  2.6.30.9-100
- Re-enable CONFIG_DMAR_GFX_WA on x86_64.
* Tue Nov 17 2009 Chuck Ebbert  2.6.30.9-99
- Silence pointless DRM warning message (#537196)
* Tue Nov 17 2009 Chuck Ebbert  2.6.30.9-98
- More sata_nv fixes (#524756).
* Mon Nov 16 2009 Eric Sandeen  2.6.30.9-97
- Fix ext4 preallocation-related corruption (#513221)
* Tue Nov  3 2009 Kyle McMartin  2.6.30.9-96
- fs/pipe.c: fix null pointer dereference (CVE-2009-3547)
* Sun Oct 25 2009 Chuck Ebbert   2.6.30.9-95
- Disable the stack protector on functions that don't have onstack arrays.
* Thu Oct 22 2009 Chuck Ebbert   2.6.30.9-94
- Fix overflow in KVM cpuid code. (CVE-2009-3638)
* Thu Oct 22 2009 Chuck Ebbert   2.6.30.9-93
- Fix exploitable oops in keyring code (CVE-2009-3624)
* Wed Oct 21 2009 Kyle McMartin 
- shut-up-LOCK_TEST_WITH_RETURN.patch: sort out #445331... or paper bag
  over it for now until the lock warnings can be killed.
* Mon Oct 19 2009 Kyle McMartin 
- af_unix-fix-deadlock-connecting-to-shutdown-socket.patch: fix for
  rhbz#529626 local DoS. (CVE-2009-3621)
* Sat Oct 17 2009 Chuck Ebbert   2.6.30.9-90
- Fix null deref in r128 (F10#487546) (CVE-2009-3620)
* Sat Oct 17 2009 Chuck Ebbert  2.6.30.9-89
- Keyboard and mouse fixes from 2.6.32 (#522126)
* Sat Oct 17 2009 Chuck Ebbert  2.6.30.9-88
- Scheduler wakeup patch, fixes high latency on wakeup
  (sched-update-the-clock-of-runqueue-select-task-rq-selected.patch)
* Fri Oct 16 2009 Chuck Ebbert  2.6.30.9-87
- Fix uninitialized data leak in netlink (CVE-2009-3612)
* Thu Oct 15 2009 Chuck Ebbert  2.6.30.9-86
- AX.25 security fix (CVE-2009-2909)
* Thu Oct 15 2009 Chuck Ebbert  2.6.30.9-85
- Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it causes failure
  to boot from USB disks using Cypress bridges (#524998)
* Tue Oct 13 2009 Chuck Ebbert  2.6.30.9-84
- Copy libata drive detection fix from 2.6.31.4 (#524756)
* Tue Oct 13 2009 Chuck Ebbert  2.6.30.9-83
- Networking fixes taken from 2.6.31-stable
* Tue Oct 13 2009 Chuck Ebbert  2.6.30.9-82
- Fix boot hang with ACPI on some systems.
* Mon Oct 12 2009 Chuck Ebbert   2.6.30.9-81
- Critical ftrace fixes:
  ftrace-use-module-notifier-for-function-tracer.patch
  ftrace-check-for-failure-for-all-conversions.patch
  tracing-correct-module-boundaries-for-ftrace_release.patch
* Thu Oct  8 2009 Ben Skeggs      2.6.30.9-80
- ppc: compile nvidiafb as a module only, nvidiafb+nouveau = bang! (rh#491308)
* Wed Oct  7 2009 Dave Jones        2.6.30.9-78
- Disable IRQSOFF tracer. (Adds unnecessary overhead when unused)
* Wed Oct  7 2009 Chuck Ebbert   2.6.30.9-77
- eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908)
* Tue Oct  6 2009 Chuck Ebbert   2.6.30.9-76
- fix race in forcedeth network driver (#526546)
* Tue Oct  6 2009 Chuck Ebbert   2.6.30.9-75
- x86: Don't leak 64-bit reg contents to 32-bit tasks.
* Tue Oct  6 2009 Chuck Ebbert   2.6.30.9-74
- ACPI EC bug fixes taken from kernel 2.6.32 (#492699, #525681)
* Mon Oct  5 2009 Chuck Ebbert   2.6.30.9-73
- Linux 2.6.30.9
* Sun Oct  4 2009 Chuck Ebbert   2.6.30.9-72.rc3
- Copy stack randomization fix from 2.6.31.2 (F10#526882)
* Sun Oct  4 2009 Chuck Ebbert   2.6.30.9-71.rc3
- Linux 2.6.30.9-rc3
- Drop merged upstream patches:
  linux-2.6-cifs-reenable-lanman-security.patch
  kvm-guest-fix-bogus-wallclock-physical-address-calculation.patch
  kvm-mmu-make-__kvm_mmu_free_some_pages-handle-empty-list.patch
  kvm-vmx-check-cpl-before-emulating-debug-register-access.patch
  kvm-vmx-fix-cr8-exiting-control-clobbering-by-ept.patch
  kvm-x86-disallow-hypercalls-for-guest-callers-in-rings-0.patch
  linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch
* Fri Oct  2 2009 Justin M. Forbes   2.6.30.8-70
- Add linux-2.6-virtio-net-refill-on-out-of-memory.patch, from 2.6.31
  to prevent page allocation failures in guests. (#520119)
* Mon Sep 28 2009 Chuck Ebbert   2.6.30.8-69
- Add linux-2.6-kvm-revert-x86-check-for-cr3-validity.patch, from
  2.6.32-rc, fixes bug #525743
* Mon Sep 28 2009 Chuck Ebbert   2.6.30.8-68
- Drop sched-disable-NEW-FAIR-SLEEPERS-for-now.patch, reported to
  cause problems on 2.6.30.
* Sat Sep 26 2009 Chuck Ebbert   2.6.30.8-67
- Scheduler fixes cherry-picked from 2.6.32
* Sat Sep 26 2009 Chuck Ebbert   2.6.30.8-66
- Backport "appletalk: Fix skb leak when ipddp interface is not loaded"
  (fixes CVE-2009-2903)
* Sat Sep 26 2009 Chuck Ebbert  2.6.30.8-65
- KVM fixes from 2.6.31.1, including fix for CVE-2009-3290
* Fri Sep 25 2009 Chuck Ebbert  2.6.30.8-64
- Fix serious CFQ performance regression.
* Fri Sep 25 2009 Chuck Ebbert  2.6.30.8-63
- Disable the GEM graphics manager on i686 PAE kernels
  (fixes modesetting on Intel graphics.)
* Fri Sep 25 2009 Chuck Ebbert  2.6.30.8-62
- Fix breakage in hostap driver (#522269)
* Thu Sep 24 2009 Chuck Ebbert  2.6.30.8-61
- Backport the cpuidle-faster-io fix from Fedora 12 to fix I/O
  performance problems when reading/writing multiple disks.
* Thu Sep 24 2009 Chuck Ebbert  2.6.30.8-60
- Linux 2.6.30.8
* Thu Sep 24 2009 Chuck Ebbert  2.6.30.7-59
- Disable sound powersave by default; it still pops when playing sounds. (#523836)
* Wed Sep 16 2009 Justin M. Forbes  2.6.30.7-58
- Revert virtio_blk to rotational mode. (#509383)
* Tue Sep 15 2009 Chuck Ebbert  2.6.30.7-57
- Linux 2.6.30.7
* Tue Sep 15 2009 Chuck Ebbert  2.6.30.7-56.rc1
- Fix CIFS security flags mask broken in 2.6.30 (#523173)
* Tue Sep 15 2009 Chuck Ebbert  2.6.30.7-55.rc1
- Fix cpufreq lockdep warnings (#522685)
* Sat Sep 12 2009 Chuck Ebbert  2.6.30.7-54.rc1
- 2.6.30.7-rc1
- Drop patches merged in -stable:
   linux-2.6-slub-fix-destroy-by-rcu.patch
* Thu Sep 10 2009 Dennis Gilmore  2.6.30.6-53
- kgdb only works on sparc64 smp kernels so disable on the up one and enable on the smp one
- update to 256 cpus supported on sparc64 smp
* Wed Sep  9 2009 Chuck Ebbert   2.6.30.6-52
- Add linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.30.4)
* Wed Sep  9 2009 Chuck Ebbert  2.6.30.6-51
- 2.6.30.6
- Drop patches merged in -stable:
  do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
  linux-2.6-x86-dont-send-ipi-to-empty-set-cpus.patch
  linux-2.6-bitmap-make-ops-return-result.patch
  linux-2.6-x86-dont-call-send-ipi-mask-with-empty-mask.patch
  linux-2.6-clone-fix-race-between-copy-process-and-de-thread.patch
  linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch
  linux-2.6-xen-x86-dont-probe-if-apics-are-disabled.patch
* Tue Sep  8 2009 Chuck Ebbert  2.6.30.5-50
- Disable Amiga One support to fix powerpc coherency bug (#521703)
* Fri Sep  4 2009 Chuck Ebbert  2.6.30.5-49
- Fix build system getting confused during firmware install.
* Fri Sep  4 2009 Chuck Ebbert  2.6.30.5-48
- Added additional fixes needed for #514787:
  linux-2.6-ppc64-vs-broadcom-lmb-no-init-*.patch
- Fix up lirc patch context so it applies.
* Wed Sep  2 2009 Jarod Wilson 
- Make it possible to rmmod lirc_zilog w/o it hanging indefinitely
- Add transmit support (via port 2 only) on 1st-gen mceusb transceiver
* Tue Sep  1 2009 Chuck Ebbert  2.6.30.5-46
- Fix yet another Xen boot crash (#520517)
* Tue Sep  1 2009 Jarod Wilson  2.6.30.5-45
- Refresh lirc patches, add new lirc_ene0100 driver
- Fix up hdpvr driver for use with modular i2c so that
  lirc_zilog can actually bind to it
- Make lirc_zilog IR transmit and receive work on the hdpvr
- Fix audio on PVR-500 when used in same system as HVR-1800 (#480728)
* Fri Aug 28 2009 David Woodhouse 
- Enable Solos DSL driver
* Thu Aug 27 2009 Chuck Ebbert  2.6.30.5-43
- Don't load the floppy driver automatically:
  linux-2.6-defaults-die-floppy-die.patch
* Thu Aug 27 2009 Chuck Ebbert  2.6.30.5-42
- Fix stackprotector problems with Xen on x86_64.
- Disable stackprotector on i386 until 32-bit Xen gets fixed.
* Thu Aug 27 2009 Chuck Ebbert  2.6.30.5-41
- linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch:
  fix race in kthreads.
* Thu Aug 27 2009 Justin M. Forbes  2.6.30.5-40
- xen: Fix guest crash when trying to debug. (#458385)
* Thu Aug 27 2009 John W. Linville  2.6.30.5-39
- zd1211rw: adding 083a:e503 as a ZD1211B device (#518538)
* Thu Aug 27 2009 Chuck Ebbert  2.6.30.5-38
- Fix string overflows found by stackprotector:
  hda-check-strcpy-length.patch
  linux-2.6-v4l-dvb-af9015-fix-stack-corruption.patch
* Thu Aug 27 2009 Chuck Ebbert  2.6.30.5-37
- Fix race in clone() syscall.
* Thu Aug 27 2009 Chuck Ebbert  2.6.30.5-36
- Fix hangs on older x86 systems with 440*X chipsets.
* Fri Aug 21 2009 David Woodhouse 
- Fix b43 on iMac G5 (#514787)
* Tue Aug 18 2009 Kyle McMartin 
- Backport several upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd
  to improve mmap_min_addr.
- CVE-2009-2847: do_sigaltstack: avoid copying 'stack_t' as a
  structure to user space
* Mon Aug 17 2009 Chuck Ebbert  2.6.30.5-32
- Change config options:
  CONFIG_SCSI_DEBUG=m
  CONFIG_PCI_MSI_DEFAULT_ON=y
* Mon Aug 17 2009 Jarod Wilson  2.6.30.5-31
- Fix flub in prior lirc patch update that resulted in no lirc
  drivers getting built
* Sun Aug 16 2009 Chuck Ebbert  2.6.30.5-29
- Linux 2.6.30.5
* Fri Aug 14 2009 Chuck Ebbert  2.6.30.5-28.rc2
- Linux 2.6.30.5-rc2
- Dropped drm-intel-tv-fix.patch, merged in -stable now.
* Wed Aug 12 2009 Kyle McMartin 
- drm-no-gem-on-i8xx.patch: fix misspelled IS_8XX & IS_I845G, sigh.
* Wed Aug 12 2009 Kyle McMartin 
- DRM patch sync-up with F-11-2.6.29.y, ABI probably isn't right yet though...
 - drm-modesetting-radeon.patch
 - drm-nouveau.patch
 - drm-no-gem-on-i8xx.patch
 - drm-i915-resume-force-mode.patch
 - drm-intel-big-hammer.patch
 - drm-intel-gen3-fb-hack.patch
 - drm-intel-hdmi-edid-fix.patch
 - drm-modesetting-radeon-fixes.patch
 - drm-radeon-new-pciids.patch
 - drm-dont-frob-i2c.patch
 - drm-intel-tv-fix.patch
 - drm-radeon-cs-oops-fix.patch
 - drm-pnp-add-resource-range-checker.patch
 - drm-i915-enable-mchbar.patch
- The rest were merged upstream.
* Wed Aug 12 2009 John W. Linville 
- iwlwifi: fix TX queue race
* Mon Aug 10 2009 Kyle McMartin 
- Patch sync-up with F-11-2.6.29.y:
 - linux-2.6-x86-delay-tsc-barrier.patch
 - linux-2.6-fs-cifs-fix-port-numbers.patch
 - linux-2.6-kvm-skip-pit-check.patch
 - linux-2.6.29-xen-disable-gbpages.patch
 - linux-2.6-virtio_blk-dont-bounce-highmem-requests.patch
 - linux-2.6-drivers-char-low-latency-removal.patch
 - linux-2.6-serial-add-txen-test-param.patch
 - linux-2.6-input-wacom-bluetooth.patch
 - linux-2.6-defaults-saner-vm-settings.patch
 - linux-2.6-mm-lru-evict-streaming-io-pages-first.patch
 - linux-2.6-mm-lru-report-vm-flags-in-page-referenced.patch
 - linux-2.6-mm-lru-dont-evict-mapped-executable-pages.patch
 - linux-2.6-utrace.patch
 - linux-2.6-utrace-ftrace.patch
 - linux-2.6-tracehook.patch
* Mon Aug 10 2009 Jarod Wilson 
- Add tunable pad threshold support to lirc_imon
- Blacklist all iMON devices in usbhid driver so lirc_imon can bind
- Add new device ID to lirc_mceusb (#512483)
- Enable IR transceiver on the HD PVR
* Wed Aug  5 2009 Kyle McMartin 
- Update to released 2.6.30.4.
- Drop now-unneeded upstream reverts.
* Wed Jul 29 2009 Chuck Ebbert 
- Linux 2.6.30.4-rc1
* Mon Jul 27 2009 Neil Horman 
- Backport xfrm gc_thresh export code (bz 503124)
* Fri Jul 24 2009 Kyle McMartin 
- CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 [i386 x86_64], 4096 elsewhere, as
  per defconfigs.
- Blat patches from other tag, now to rebase fixes, splat in the changelog,
  and tag it for building.
* Fri Jul 24 2009 Kyle McMartin 
- Copy over release configs from devel-2.6.30 tag.
- Fix up some spec deviations.
* Fri Jul 24 2009 Kyle McMartin 
- Linux 2.6.30.3 rebase for Fedora 11.
- Fedora 11 2.6.29 branch is on tag private-fedora-11-2_6_29_6.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #544144 - CVE-2009-1298 kernel: ip_frag_reasm() NULL pointer dereference
        https://bugzilla.redhat.com/show_bug.cgi?id=544144
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How to weed out the next Heartbleed bug: ENISA details crypto worries
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.