Ranjivosti jezgre operacijskog sustava

Detalji os-a: FED
Važnost: IMP
Operativni sustavi: L
Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-12437
2015-07-31 05:37:51
——————————————————————————–

Name : kernel
Product : Fedora 22
Version : 4.1.3
Release : 201.fc22
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

——————————————————————————–
Update Information:

Fixes for CVE-2015-3290 CVE-2015-3291 CVE-2015-1333 in the kernel.

Also fixes for a minor warning in pcmcia.
——————————————————————————–
ChangeLog:

* Wed Jul 29 2015 Laura Abbott <labbott@redhat.com> – 4.1.3-201
– tag and build for CVE fixes
* Mon Jul 27 2015 Laura Abbott <labbott@fedoraproject.org>
– CVE-2015-3290 CVE-2015-3291 NMI issues (rhbz 1243465 1245927)
* Mon Jul 27 2015 Josh Boyer <jwboyer@fedoraproject.org>
– CVE-2015-1333 add_key memory leak (rhbz 1244171)
* Thu Jul 23 2015 Laura Abbott <labbott@fedoraproject.org>
– Fix warning from pcmcia (rhbz 1180920 1206724)
* Wed Jul 22 2015 Laura Abbott <labbott@fedoraproject.org> – 4.1.3-200
– Add patches for Ideapad RF switches (rhbz 1192270)
* Wed Jul 22 2015 Laura Abbott <labbott@fedoraproject.org>
– Linux v4.1.3
* Wed Jul 15 2015 Laura Abbott <labbott@fedoraproject.org> – 4.1.2-200
– Linux v4.1.2 rebase
* Fri Jul 10 2015 Laura Abbott <labbott@redhat.com> – 4.0.8-300
– Linux v4.0.8
* Tue Jul 7 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Drop incorrect patches for now (rhbz 1212230)
* Mon Jun 29 2015 Laura Abbott <labbott@fedoraproject.org> – 4.0.7-300
– Linux v4.0.7
* Tue Jun 23 2015 Justin M. Forbes <jforbes@fedoraproject.org> – 4.0.6-300
– Linux v4.0.6
* Thu Jun 18 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Add patch to fix touchpad issues on Razer machines (rhbz 1227891)
* Fri Jun 12 2015 Josh Boyer <jwboyer@fedoraproject.org>
– CVE-2015-XXXX kvm: NULL ptr deref in kvm_apic_has_events (rhbz 1230770 1230774)
* Thu Jun 11 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Backport fixes for synaptic 3 finger tap (rhbz 1212230)
– Backport btrfs fixes queued for stable (rhbz 1217191)
* Tue Jun 9 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Fix touchpad for Thinkpad S540 (rhbz 1223051)
* Mon Jun 8 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Linux v4.0.5
* Thu Jun 4 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Backport commit to fix block spew (rhbz 1226621)
– Add patch to fix SMT guests on POWER7 (rhbz 1227877)
– Add patch to turn of WC mmaps on i915 from airlied (rhbz 1226743)
* Wed Jun 3 2015 Laura Abbott <labbott@fedoraproject.org>
– Fix del_timer_sync in mwifiex
* Wed Jun 3 2015 Laura Abbott <labbott@fedoraproject.org>
– Drop that blasted firwmare warning until we get a real fix (rhbz 1133378)
* Wed Jun 3 2015 Laura Abbott <labbott@fedoraproject.org>
– Fix auditing of canonical mode (rhbz 1188695)
* Wed Jun 3 2015 Josh Boyer <jwboyer@fedoraproject.org>
– CVE-2015-1420 fhandle race condition (rhbz 1187534 1227417)
* Tue Jun 2 2015 Laura Abbott <labbott@fedoraproject.org>
– Fix fd_do_rw error (rhbz 1218882)
* Tue Jun 2 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Fix middle button issues on external Lenovo keyboards (rhbz 1225563)
* Thu May 28 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Add quirk for Mac Pro backlight (rhbz 1217249)
* Thu May 28 2015 Josh Boyer <jwboyer@fedoraproject.org> – 4.0.4-303
– Add patch to avoid vmmouse being classified as a joystic (rhbz 1214474)
* Wed May 27 2015 Josh Boyer <jwboyer@fedoraproject.org> -4.0.4-302
– Apply queued fixes for crasher reported by Alex Larsson
– Enable in-kernel vmmouse driver (rhbz 1214474)
* Tue May 26 2015 Laura Abbott <labbott@fedoraproject.org>
– Fix signed division error (rhbz 1200353)
* Tue May 26 2015 Josh Boyer <jwboyer@fedoraproject.org>
– Backport patch to fix might_sleep splat (rhbz 1220519)
——————————————————————————–
References:

[ 1 ] Bug #1243465 – CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1243465
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update kernel’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Autor	Tomislav Protega
Cert id	NCERT-REF-2015-08-0016-ADV
Cve	CVE-2015-3290 CVE-2015-3291 CVE-2015-1333 CVE-2015-1420
ID izvornika	FEDORA-2015-12437
Proizvod	kernel
Izvor	http://www.redhat.com

Ranjivosti jezgre operacijskog sustava

Archives

More in Preporuke

Sigurnosni propust programskog paketa cinder