Fedora Test Update Notification: kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1484
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1484
2004-07-07
- ---------------------------------------------------------------------
 
Name        : kernel
Version 7.3 : 2.4.20-35.7.legacy
Version 9   : 2.4.20-35.9.legacy
Summary     : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Red Hat Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.
 
- ---------------------------------------------------------------------
Update Information:
 
CAN-2004-0427:
        The do_fork function in Linux 2.4.x and 2.6.x does not properly 
decrement the mm_count counter when an error occurs after the mm_struct 
for a child process has been activated, which triggers a memory leak that 
allows local users to cause a denial of service (memory exhaustion) via 
the clone (CLONE_VM) system call.
 
CAN-2004-0535:
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly 
initialize memory before using it, which allows local users to read 
portions of kernel memory. NOTE: this issue was originally incorrectly 
reported as a "buffer overflow" by some sources.
 
CAN-2004-0003:
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to 
gain privileges, related to "R128 DRI limits checking."
 
CAN-2004-0109:
Buffer overflow in the ISO9660 file system component for Linux kernel 
2.4.x, 2.5.x and 2.6.x , allows local users with physical access to 
overflow kernel memory and execute arbitrary code via a malformed CD 
containing a long symbolic link entry.
 
CAN-2004-0178:
The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly 
handle certain sample sizes, which allows local users to cause a denial of 
service (crash).
 
CAN-2004-0181:
        The JFS file system code in Linux 2.4.x has an information leak in 
which in-memory data is written to the device for an ext3 file system, 
which allows local users to obtain sensitive information by reading the 
raw device.
 
CAN-2004-0394:
A "potential" buffer overflow exists in the panic() function in Linux 
2.4.x, although it may not be exploitable due to the functionality of 
panic.
 
A few bugfixes related to Nforce2 chipsets.
- ---------------------------------------------------------------------
Changelog:
 
7.3:
 
* Fri Jun 18 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix memory leak in kernel/fork.c. (CAN-2004-0427)
- - Numerous userspace pointer reference bugs found with the sparse
  tool by Al Viro. (CAN-2004-0495)
- - Fix e1000 driver information leak. (CAN-2004-0535)
                                                                                
                                                                             
* Tue Jun 15 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix local DoS in "clear_cpu()" macro. (CAN-2004-0554)
                                                                                
                                                                             
* Thu May 13 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix information leak in cpufreq userspace ioctl. (CAN-2004-0228)
- - Fix for C1 Halt Disconnect problem on nForce2 systems.
                                                                                
                                                                             
* Wed May 05 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix potential local denial of service in sb16 driver (CAN-2004-0178)
- - Fix information leak in JFS (CAN-2004-0181)
- - Add range checking to i810_dma() in DRM driver.
- - Make ioctl(FBIOGETCMAP) use copy_to_user() rather than memcpy()
- - Fix possible buffer overflow in panic() (CAN-2004-0394)
                                                                                
                                                                             
* Tue Apr 13 2004 Dave Jones <davej@xxxxxxxxxx>
                                                                                
                                                                             
- - Yet another additional r128 DRM check. (CAN-2004-0003)
- - Bounds checking in ISO9660 filesystem. (CAN-2004-0109)
- - Fix Information leak in EXT3 (CAN-2004-0133)
- - Fix local DoS in mremap()
                                                                                
                                                                             
* Tue Feb 17 2004 Dave Jones <davej@xxxxxxxxxx>
                                                                                
                                                                             
- - Additional r128 DRM checks. (CAN-2004-0003)

 
9:
 
* Fri Jun 18 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix memory leak in kernel/fork.c. (CAN-2004-0427)
- - Numerous userspace pointer reference bugs found with the sparse
  tool by Al Viro. (CAN-2004-0495)
- - Fix e1000 driver information leak. (CAN-2004-0535)
                                                                                
                                                                             
* Tue Jun 15 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix local DoS in "clear_cpu()" macro. (CAN-2004-0554)
                                                                                
                                                                             
* Thu May 13 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix information leak in cpufreq userspace ioctl. (CAN-2004-0228)
- - Fix for C1 Halt Disconnect problem on nForce2 systems.
                                                                                
                                                                             
* Wed May 05 2004 Dominic Hargreaves <dom@xxxxxxxx>
                                                                                
                                                                             
- - Fix potential local denial of service in sb16 driver (CAN-2004-0178)
- - Fix information leak in JFS (CAN-2004-0181)
- - Add range checking to i810_dma() in DRM driver.
- - Make ioctl(FBIOGETCMAP) use copy_to_user() rather than memcpy()
- - Fix possible buffer overflow in panic() (CAN-2004-0394)
                                                                                
                                                                             
* Tue Apr 13 2004 Dave Jones <davej@xxxxxxxxxx>
                                                                                
                                                                             
- - Yet another additional r128 DRM check. (CAN-2004-0003)
- - Bounds checking in ISO9660 filesystem. (CAN-2004-0109)
- - Fix Information leak in EXT3 (CAN-2004-0133)
- - Fix local DoS in mremap()
                                                                                
                                                                             
* Tue Feb 17 2004 Dave Jones <davej@xxxxxxxxxx>
                                                                                
                                                                             
- - Additional r128 DRM checks. (CAN-2004-0003)

 
- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
9344cffa6802c7ebffa6a631d4eaa7306617df59  
7.3/updates-testing/SRPMS/kernel-2.4.20-35.7.legacy.src.rpm
8cf4a7c4044c367bd2ef3956870e23196af255bb  
7.3/updates-testing/i386/kernel-2.4.20-35.7.legacy.athlon.rpm
75e49a453639b57ca295ed687915df718ca4683d  
7.3/updates-testing/i386/kernel-2.4.20-35.7.legacy.i586.rpm
deb026a34bc1f79446e76880611d2a494084f6e9  
7.3/updates-testing/i386/kernel-2.4.20-35.7.legacy.i686.rpm
0330c909d885e223f86116542d3e06cd6cd954e1  
7.3/updates-testing/i386/kernel-bigmem-2.4.20-35.7.legacy.i686.rpm
cec2602052a215bb0706427c3eb3d21f8798faea  
7.3/updates-testing/i386/kernel-BOOT-2.4.20-35.7.legacy.i386.rpm
263bbfab412699eafdb0156044e09026e3a4e9de  
7.3/updates-testing/i386/kernel-doc-2.4.20-35.7.legacy.i386.rpm
eccb21775efcdf0cdbc2e9d9877d42b8df1f5c13  
7.3/updates-testing/i386/kernel-smp-2.4.20-35.7.legacy.athlon.rpm
5da9d54d2e071ee30036f78402f2c88fd69da6e1  
7.3/updates-testing/i386/kernel-smp-2.4.20-35.7.legacy.i586.rpm
83a88ed2172fb2bf5d5c05dd6cf11e7a96e350e3  
7.3/updates-testing/i386/kernel-smp-2.4.20-35.7.legacy.i686.rpm
65a7083bea4412afa29da8e91d0ba3a03e0f3ac2  
7.3/updates-testing/i386/kernel-source-2.4.20-35.7.legacy.i386.rpm

b9d094e0be2665affff9c2dab8211c948c38ccf6  
9/updates-testing/SRPMS/kernel-2.4.20-35.9.legacy.src.rpm
6374592090c07112200494e9361db824edb4511a  
9/updates-testing/i386/kernel-2.4.20-35.9.legacy.athlon.rpm
811b325582853788f37524c4549fd079e2ffc4a6  
9/updates-testing/i386/kernel-2.4.20-35.9.legacy.i586.rpm
2050252b57943da552fc17873331d702585488a4  
9/updates-testing/i386/kernel-2.4.20-35.9.legacy.i686.rpm
8fb30ead64197f7be966016609ac9a8e8c14b222  
9/updates-testing/i386/kernel-bigmem-2.4.20-35.9.legacy.i686.rpm
86becf2d0d1043913374e314b571fd004b005101  
9/updates-testing/i386/kernel-BOOT-2.4.20-35.9.legacy.i386.rpm
4a713fdd4c90d3542cd5c9763b3662c0c2b82865  
9/updates-testing/i386/kernel-doc-2.4.20-35.9.legacy.i386.rpm
69326a68b8084e09bcc9ab93909b535c2586da2c  
9/updates-testing/i386/kernel-smp-2.4.20-35.9.legacy.athlon.rpm
83b867f5d18bbd70c125dbdff6accc661de0dc47  
9/updates-testing/i386/kernel-smp-2.4.20-35.9.legacy.i586.rpm
6e4fa22a1d46b0d42a3837a4ce5e3e65fba9ebfe  
9/updates-testing/i386/kernel-smp-2.4.20-35.9.legacy.i686.rpm
83d7da718554b818c4828720ead16ba4001260b2  
9/updates-testing/i386/kernel-source-2.4.20-35.9.legacy.i386.rpm
 
Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE      (http://geek.j2solutions.net)
Fedora Legacy Team      (http://www.fedoralegacy.org)
GPG Public Key          (http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA7LzU4v2HLvE71NURAmXVAJ0T0iZ1rodP7Wq5PYg+IoUoBtd1hQCfSDPu
Jp/8ZC0nRG71Ky5R0LgZORo=
=6LLc
-----END PGP SIGNATURE-----


--
fedora-legacy-list mailing list
fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list