LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 12 kernel-2.6.31.6-166.fc12 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora CVE-2009-4131: EXT4 - fix insufficient permission checking which could result in arbitrary data corruption by a local unprivileged user.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-13039
2009-12-10 16:35:30.934288
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 12
Version     : 2.6.31.6
Release     : 166.fc12
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

CVE-2009-4131:  EXT4 - fix insufficient permission checking which could result
in arbitrary data corruption by a local unprivileged user.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  9 2009 Kyle McMartin  2.6.31.6-166
- ext4-fix-insufficient-checks-in-EXT4_IOC_MOVE_EXT.patch: CVE-2009-4131
  fix insufficient permission checking which could result in arbitrary
  data corruption by a local unprivileged user.
* Tue Dec  8 2009 Steve Dickson  2.6.31.6-165
- nfsd: Updated to latest pseudo root code fixing rhbz# 538609
* Mon Dec  7 2009 Ben Skeggs  2.6.31.6-164
- nouveau: fix NV17 breakage caused by NVA8 fixes
- nouveau: use ratelimit for GPU error message
* Fri Dec  4 2009 Ben Skeggs  2.6.31.6-163
- nouveau: reduce debug level of some warning messages (rh#543883)
- nouveau: modesetting fixes on nva5/nva8
- nouveau: suspend/resume fixes on nva5/nva8 (bios opcode 0x8d)
- nouveau: cleanup chipset/arch handling, fail init on unknown chipsets
- nouveau: fix failure to detect some outputs when dcb table is odd
- nouveau: eliminate unnecessary cursor state changes on nv50
* Thu Dec  3 2009 Kyle McMartin  2.6.31.6-162
- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
  bug fix.
* Thu Dec  3 2009 Dave Airlie  2.6.31.6-161
- rv410 LVDS on resume test fix from AMD (#541562)
* Wed Dec  2 2009 John W. Linville  2.6.31.6-160
- ath9k: add fixes suggested by upstream maintainer
* Wed Dec  2 2009 Dave Airlie  2.6.31.6-159
- drm-radeon-misc-fixes.patch: r400 LVDS, r600 digital dpms, cursor fix, tv property
* Wed Dec  2 2009 Ben Skeggs  2.6.31.6-158
- nouveau: more complete lvds script selection on >=G80 (rh#522690, rh#529859)
- nouveau: more complete tmds script selection on >=G80 (rh#537853)
- nouveau: TV detection fixes
* Tue Dec  1 2009 Dave Airlie  2.6.31.6-157
- div/0 fix harder (#540593) - also ignore unposted GPUs with no BIOS
* Tue Dec  1 2009 Dave Airlie  2.6.31.6-156
- drm-next: fixes LVDS resume on r4xx, div/0 on no bios (#540593)
  lockup on tv-out only startup.
* Mon Nov 30 2009 Kyle McMartin 
- drm-i915-fix-sync-to-vbl-when-vga-is-off.patch: add (rhbz#541670)
* Sun Nov 29 2009 Kyle McMartin 
- Drop linux-2.6-sysrq-c.patch, made consistent upstream.
* Fri Nov 27 2009 Jarod Wilson  2.6.31.6-153
- add device name to lirc_zilog, fixes issues w/multiple target devices
- add lirc_imon pure input mode support for onboard decode devices
* Thu Nov 26 2009 David Woodhouse  2.6.31.6-152
- Fix intel_tv_mode_set oops (#540218)
* Thu Nov 26 2009 David Woodhouse  2.6.31.6-151
- VT-d: Work around yet more HP BIOS brokenness (#536675)
* Wed Nov 25 2009 Kyle McMartin 
- dlm: fix connection close handling.
  Fix by lmb, requested by fabio.
* Wed Nov 25 2009 David Woodhouse  2.6.31.6-149
- VT-d: Work around more HP BIOS brokenness.
* Tue Nov 24 2009 Dave Airlie  2.6.31.6-148
- radeon: flush HDP cache on rendering wait - fixes r600 rendercheck failure
* Mon Nov 23 2009 Adam Jackson 
- drm-default-mode.patch: Default to 1024x768 to match UMS. (#538761)
* Mon Nov 23 2009 Roland McGrath  2.6.31.6-146
- Fix oops in x86-32 kernel's iret handling for bogus user %cs. (#540580)
* Sat Nov 21 2009 Kyle McMartin 
- Fix up ssp' highmem fixes with fixes for arm & ppc.
* Fri Nov 20 2009 Chris Wright  2.6.31.6-144
- VT-d: another fallback for another BIOS bug (#524808)
* Thu Nov 19 2009 Ben Skeggs  2.6.31.6-142
- Oops, add new patch to spec file
* Thu Nov 19 2009 Ben Skeggs  2.6.31.6-141
- Lower debug level of fbcon handover messages (rh#538526)
* Thu Nov 19 2009 Dave Airlie  2.6.31.6-140
- drm-next-44c83571.patch: oops pulled the wrong tree into my f12 tree
* Thu Nov 19 2009 Ben Skeggs  2.6.31.6-139
- nouveau: s/r fixes on chipsets using bios opcode 0x87
- nouveau: fixes to bios opcode 0x8e
- nouveau: hopefully fix nv1x context switching issues (rh#526577)
- nouveau: support for NVA5 (GeForce G220)
- nouveau: fixes for NVAA support
* Thu Nov 19 2009 Dave Airlie  2.6.31.6-138
- drm-next-d56672a9.patch: fix some rn50 cloning issues
* Wed Nov 18 2009 David Woodhouse  2.6.31.6-137
- Actually force the IOMMU not to be used when we detect the HP/Acer bug.
* Tue Nov 17 2009 Chuck Ebbert  2.6.31.6-136
- ACPI embedded controller fixes from Fedora 11.
* Tue Nov 17 2009 Chuck Ebbert  2.6.31.6-135
- Scheduler fixes and latency tuning patches from F-11.
* Tue Nov 17 2009 Dave Airlie  2.6.31.6-134
- glad to see edid retry patch was compiled.
* Tue Nov 17 2009 Dave Airlie  2.6.31.6-133
- drm-next-984d1f3c.patch: rebase with upstream fixes - drop all merged
* Thu Nov 12 2009 Adam Jackson 
- Actually apply the EDID retry patch
- drm-edid-header-fixup.patch: Fix up some broken EDID headers (#534120)
* Thu Nov 12 2009 Chuck Ebbert  2.6.31.6-130
- Use ApplyOptionalPatch for v4l and firewire updates.
- Drop unused v4l ABI fix.
* Thu Nov 12 2009 Chuck Ebbert  2.6.31.6-129
- Linux 2.6.31.6
- Drop merged patches:
  linux-2.6-iwlwifi-reduce-noise-when-skb-allocation-fails.patch
  linux-2.6-libertas-crash.patch
  pci-increase-alignment-to-make-more-space.patch
  acpi-revert-attach-device-to-handle-early.patch
  ahci-revert-restore-sb600-sata-controller-64-bit-dma.patch
  acpi-pci-fix-null-pointer-dereference-in-acpi-get-pci-dev.patch
  af_unix-fix-deadlock-connecting-to-shutdown-socket.patch
  keys-get_instantiation_keyring-should-inc-the-keyring-refcount.patch
  netlink-fix-typo-in-initialization.patch
  fs-pipe-null-ptr-deref-fix.patch
* Wed Nov 11 2009 Justin M. Forbes  2.6.31.5-128
- Fix KSM for i686 users. (#532215)
- Add KSM fixes from 2.6.32
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #544471 - CVE-2009-4131 EMBARGOED kernel: ext4: Fix insufficient checks in EXT4_IOC_MOVE_EXT
        https://bugzilla.redhat.com/show_bug.cgi?id=544471
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.