[Fedora] Schwachstelle im Fedora 12 Linux Kernel - FEDORA-2010-0823

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Do Jan 21 17:20:52 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2010-0006 - Null Pointer Referenzierung in der Linux Kernelfunktion
ipv6_hop_jumbo()

  Die Linux Kernelfunktion ipv6_hop_jumbo() ueberprueft nicht, ob das
  Ergebnis des Aufrufs von skb_dst() ungleich NULL ist. Ein entfernter
  Angreifer kann diese Schwachstelle dazu ausnutzen, ine Kernel Panic
  auszuloesen (Denial of Service) in dem er entsprechend aufgebaute IPv6
  Pakete an das betroffene System sendet.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket kernel

  Fedora 12

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034166.html


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

- --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-0823
2010-01-20 23:45:22
- --------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 12
Version     : 2.6.31.12
Release     : 174.2.3.fc12
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

- --------------------------------------------------------------------------------
Update Information:

stable update for 2.6.31.12, includes fix for CVE-2010-0006 kernel: ipv6:
skb_dst() can be NULL in ipv6_hop_jumbo() (rhbz#555217)
- --------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 18 2010 Kyle McMartin <kyle at redhat.com> 2.6.31.12-174.2.3
- - Linux stable 2.6.31.12
- - CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo()
  (rhbz#555217)
* Fri Jan 15 2010 Chuck Ebbert <cebbert at redhat.com>  2.6.31.12-174.2.2.rc1
- - Linux 2.6.31.12-rc1
* Wed Jan  6 2010 Chuck Ebbert <cebbert at redhat.com>  2.6.31.9-174.2.1
- - Remove obsolete config options (generated .config files are
  unchanged.)
* Mon Dec 21 2009 Dave Airlie <airlied at redhat.com> 2.6.31.9-174
- - revert rv410 fix broke some things
* Mon Dec 21 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.9-173
- - nouveau: fix dim panel issues on certain laptops (rh#547554)
- - nouveau: fix some issues when running without ctxprogs
- - nouveau: fix error handling in init paths
- - nouveau: add vga arbitration hooks
- - nouveau: fix nv04 sw methods
* Fri Dec 18 2009 Kyle McMartin <kyle at redhat.com> 2.6.31.9-172
- - stable update 2.6.31.9
* Thu Dec 17 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.8-171
- - drm-nouveau.patch: add support for GF7100 (NV63)
* Wed Dec 16 2009 Adam Jackson <ajax at redhat.com>
- - drm-edid-9340d8cf.patch: Sync DRM EDID with Linus master.
- - drm-conservative-fallback-modes.patch, drm-edid-retry.patch,
  drm-edid-header-fixup.patch, drm-default-mode.patch: Drop, merged into
  the above.
* Mon Dec 14 2009 Kyle McMartin <kyle at redhat.com> 2.6.31.8-169
- - 2.6.31.8
* Thu Dec 10 2009 Kyle McMartin <kyle at redhat.com>
- - ipv4-fix-null-ptr-deref-in-ip_fragment.patch: upstream.
- - nuke highmem patches now in stable.
- - crypto-via-padlock-fix-nano-aes.patch: upstream.
- - fix up drm-next-$sha.patch
* Wed Dec  9 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.31.6-167
- - Linux 2.6.31.7
- - NOTE: drm patch still needs fixing.
* Wed Dec  9 2009 Kyle McMartin <kyle at redhat.com> 2.6.31.6-166
- - ext4-fix-insufficient-checks-in-EXT4_IOC_MOVE_EXT.patch: CVE-2009-4131
  fix insufficient permission checking which could result in arbitrary
  data corruption by a local unprivileged user.
* Tue Dec  8 2009 Steve Dickson <steved at redhat.com> 2.6.31.6-165
- - nfsd: Updated to latest pseudo root code fixing rhbz# 538609
* Mon Dec  7 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.6-164
- - nouveau: fix NV17 breakage caused by NVA8 fixes
- - nouveau: use ratelimit for GPU error message
* Fri Dec  4 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.6-163
- - nouveau: reduce debug level of some warning messages (rh#543883)
- - nouveau: modesetting fixes on nva5/nva8
- - nouveau: suspend/resume fixes on nva5/nva8 (bios opcode 0x8d)
- - nouveau: cleanup chipset/arch handling, fail init on unknown chipsets
- - nouveau: fix failure to detect some outputs when dcb table is odd
- - nouveau: eliminate unnecessary cursor state changes on nv50
* Thu Dec  3 2009 Kyle McMartin <kyle at redhat.com> 2.6.31.6-162
- - ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
  bug fix.
* Thu Dec  3 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-161
- - rv410 LVDS on resume test fix from AMD (#541562)
* Wed Dec  2 2009 John W. Linville <linville at redhat.com> 2.6.31.6-160
- - ath9k: add fixes suggested by upstream maintainer
* Wed Dec  2 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-159
- - drm-radeon-misc-fixes.patch: r400 LVDS, r600 digital dpms, cursor fix, tv property
* Wed Dec  2 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.6-158
- - nouveau: more complete lvds script selection on >=G80 (rh#522690, rh#529859)
- - nouveau: more complete tmds script selection on >=G80 (rh#537853)
- - nouveau: TV detection fixes
* Tue Dec  1 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-157
- - div/0 fix harder (#540593) - also ignore unposted GPUs with no BIOS
* Tue Dec  1 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-156
- - drm-next: fixes LVDS resume on r4xx, div/0 on no bios (#540593)
  lockup on tv-out only startup.
* Mon Nov 30 2009 Kyle McMartin <kyle at redhat.com>
- - drm-i915-fix-sync-to-vbl-when-vga-is-off.patch: add (rhbz#541670)
* Sun Nov 29 2009 Kyle McMartin <kyle at redhat.com>
- - Drop linux-2.6-sysrq-c.patch, made consistent upstream.
* Fri Nov 27 2009 Jarod Wilson <jarod at redhat.com> 2.6.31.6-153
- - add device name to lirc_zilog, fixes issues w/multiple target devices
- - add lirc_imon pure input mode support for onboard decode devices
* Thu Nov 26 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.31.6-152
- - Fix intel_tv_mode_set oops (#540218)
* Thu Nov 26 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.31.6-151
- - VT-d: Work around yet more HP BIOS brokenness (#536675)
* Wed Nov 25 2009 Kyle McMartin <kyle at redhat.com>
- - dlm: fix connection close handling.
  Fix by lmb, requested by fabio.
* Wed Nov 25 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.31.6-149
- - VT-d: Work around more HP BIOS brokenness.
* Tue Nov 24 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-148
- - radeon: flush HDP cache on rendering wait - fixes r600 rendercheck failure
* Mon Nov 23 2009 Adam Jackson <ajax at redhat.com>
- - drm-default-mode.patch: Default to 1024x768 to match UMS. (#538761)
* Mon Nov 23 2009 Roland McGrath <roland at redhat.com> 2.6.31.6-146
- - Fix oops in x86-32 kernel's iret handling for bogus user %cs. (#540580)
* Sat Nov 21 2009 Kyle McMartin <kyle at redhat.com>
- - Fix up ssp' highmem fixes with fixes for arm & ppc.
* Fri Nov 20 2009 Chris Wright <chrisw at redhat.com> 2.6.31.6-144
- - VT-d: another fallback for another BIOS bug (#524808)
* Thu Nov 19 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.6-142
- - Oops, add new patch to spec file
* Thu Nov 19 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.6-141
- - Lower debug level of fbcon handover messages (rh#538526)
* Thu Nov 19 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-140
- - drm-next-44c83571.patch: oops pulled the wrong tree into my f12 tree
* Thu Nov 19 2009 Ben Skeggs <bskeggs at redhat.com> 2.6.31.6-139
- - nouveau: s/r fixes on chipsets using bios opcode 0x87
- - nouveau: fixes to bios opcode 0x8e
- - nouveau: hopefully fix nv1x context switching issues (rh#526577)
- - nouveau: support for NVA5 (GeForce G220)
- - nouveau: fixes for NVAA support
* Thu Nov 19 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-138
- - drm-next-d56672a9.patch: fix some rn50 cloning issues
* Wed Nov 18 2009 David Woodhouse <David.Woodhouse at intel.com> 2.6.31.6-137
- - Actually force the IOMMU not to be used when we detect the HP/Acer bug.
* Tue Nov 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.31.6-136
- - ACPI embedded controller fixes from Fedora 11.
* Tue Nov 17 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.31.6-135
- - Scheduler fixes and latency tuning patches from F-11.
* Tue Nov 17 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-134
- - glad to see edid retry patch was compiled.
* Tue Nov 17 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-133
- - drm-next-984d1f3c.patch: rebase with upstream fixes - drop all merged
* Thu Nov 12 2009 Adam Jackson <ajax at redhat.com>
- - Actually apply the EDID retry patch
- - drm-edid-header-fixup.patch: Fix up some broken EDID headers (#534120)
* Thu Nov 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.31.6-130
- - Use ApplyOptionalPatch for v4l and firewire updates.
- - Drop unused v4l ABI fix.
* Thu Nov 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.31.6-129
- - Linux 2.6.31.6
- - Drop merged patches:
  linux-2.6-iwlwifi-reduce-noise-when-skb-allocation-fails.patch
  linux-2.6-libertas-crash.patch
  pci-increase-alignment-to-make-more-space.patch
  acpi-revert-attach-device-to-handle-early.patch
  ahci-revert-restore-sb600-sata-controller-64-bit-dma.patch
  acpi-pci-fix-null-pointer-dereference-in-acpi-get-pci-dev.patch
  af_unix-fix-deadlock-connecting-to-shutdown-socket.patch
  keys-get_instantiation_keyring-should-inc-the-keyring-refcount.patch
  netlink-fix-typo-in-initialization.patch
  fs-pipe-null-ptr-deref-fix.patch
* Wed Nov 11 2009 Justin M. Forbes <jforbes at redhat.com> 2.6.31.5-128
- - Fix KSM for i686 users. (#532215)
- - Add KSM fixes from 2.6.32
- --------------------------------------------------------------------------------
References:

  [ 1 ] Bug #555217 - CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo()
        https://bugzilla.redhat.com/show_bug.cgi?id=555217
- --------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
- --------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD4DBQFLWH7kWmhIvjFb90URAu0BAJiTkPFHbN23estGlpv+iJevHx5QAJ9+CA5A
vrYH4Y893aKI0Mc9w5WWNA==
=/AWP
-----END PGP SIGNATURE-----