dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Security Digest: January 4, 2005

Jan 05, 2005, 05:00 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 623-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 4th, 2004 http://www.debian.org/security/faq


Package : nasm
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-1287
Debian Bug : 285889

Jonathan Rockway discovered a buffer overflow in nasm, the general-purpose x86 assembler, which could lead to the execution of arbitrary code when compiling a maliciously crafted assembler source file.

For the stable distribution (woody) this problem has been fixed in version 0.98.28cvs-1woody2.

For the unstable distribution (sid) this problem has been fixed in version 0.98.38-1.1.

We recommend that you upgrade your nasm package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2.dsc
Size/MD5 checksum: 591 ccf378a52d5e0acca8180cd2a898c23f
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2.diff.gz
Size/MD5 checksum: 26048 2108831b98639b53b09aa4548915e4cc
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs.orig.tar.gz
Size/MD5 checksum: 537305 1d2465d345d51f1c2ce2c9c076438bc6

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_alpha.deb
Size/MD5 checksum: 759992 9206150e538f1fb3098ac5481f495366

ARM architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_arm.deb
Size/MD5 checksum: 701838 098f440e19c005de6df393bc4c132f7d

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_i386.deb
Size/MD5 checksum: 694292 c5b8b4143097dc9c7f3544406059cd73

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_ia64.deb
Size/MD5 checksum: 819652 6a1af7503971f6882995591f976d583a

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_hppa.deb
Size/MD5 checksum: 751016 74aeea3854ac5a644c722cc571e11960

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_m68k.deb
Size/MD5 checksum: 687534 107d93d7afc41d9dabe64ddf9ff83ef6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_mips.deb
Size/MD5 checksum: 743282 3aafdf6822bbb53dcd58df688d3a033b

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_mipsel.deb
Size/MD5 checksum: 737590 0918c72ca36528b94080db4647610b42

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_powerpc.deb
Size/MD5 checksum: 713496 3ed0c9adb99e5023ac208fcd6cae5d57

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_s390.deb
Size/MD5 checksum: 709216 b2a9af593f7180ca8706c43738e684d6

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_sparc.deb
Size/MD5 checksum: 735074 64a6e597c849353ae1ea0f720ff14061

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

LBA-Linux


LBA-Linux Security Advisory

Subject: Updated openssl package for LBA-Linux R1
Advisory ID: LBASA-2004:49
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1


Problem description:

CAN-2004-0975
The der_chop script allows local users to overwrite files via a symlink attack on temporary files.

CAN-2004-0079
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CAN-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/openssl-0.9.7a-30.lba.3.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/openssl-devel-0.9.7a-30.lba.3.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/openssl-perl-0.9.7a-30.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named openssl to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated libtiff package for LBA-Linux R1
Advisory ID: LBASA-2004:48
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1


Problem description:

CAN-2004-0803
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

CAN-2004-0804
Vulnerability in in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero.

CAN-2004-0886
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/libtiff-3.5.7-16.lba.3.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/libtiff-devel-3.5.7-16.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named libtiff to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated imlib package for LBA-Linux R1
Advisory ID: LBASA-2004:47
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1


Problem description:

CAN-2004-1025
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

CAN-2004-1026
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/imlib-1.9.13-15.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/imlib-cfgeditor-1.9.13-15.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/imlib-devel-1.9.13-15.lba.4.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named imlib to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated samba package for LBA-Linux R1
Advisory ID: LBASA-2004:46
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1


Problem description:

CAN-2004-0930
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

CAN-2004-0882
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

CAN-2004-1154
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/samba-3.0.10-1.lba.1.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/samba-client-3.0.10-1.lba.1.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/samba-common-3.0.10-1.lba.1.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/samba-swat-3.0.10-1.lba.1.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named samba to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated squid package for LBA-Linux R1
Advisory ID: LBASA-2004:45
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1


Problem description:

CAN-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that causes a memory allocation error.

CAN-2004-0832
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.

Squid Malformed Host Name Error Message Information Leakage.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/squid-2.5.STABLE5-5.lba.4.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named squid to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0918
http://www.squid-cache.org/bugs/show_bug.cgi?id=1143

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated httpd package for LBA-Linux R1
Advisory ID: LBASA-2004:44
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1


Problem description:

CAN-2004-0885
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

CAN-2004-0942
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-2.0.48-16.lba.14.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-devel-2.0.48-16.lba.14.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-manual-2.0.48-16.lba.14.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mod_ssl-2.0.48-16.lba.14.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named httpd to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated XFree86 package for LBA-Linux R1
Advisory ID: LBASA-2004:43
Date: Tuesday, January 4, 2005
Product: LBA-Linux R1


Problem description:

Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-100dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-75dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-14-100dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-14-75dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-15-100dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-15-75dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-2-100dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-2-75dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-9-100dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-ISO8859-9-75dpi-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-Mesa-libGL-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-Mesa-libGLU-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-Xnest-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-Xvfb-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-base-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-cyrillic-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-devel-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-doc-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-font-utils-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-libs-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-libs-data-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-sdk-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-syriac-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-tools-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-truetype-fonts-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-twm-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-xauth-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-xdm-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-xf86cfg-4.3.0-62.lba.71.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/XFree86-xfs-4.3.0-62.lba.71.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named XFree86 to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688

Copyright(c) 2001-2004 SOT

KDE


KDE Security Advisory: ftp kioslave command injection
Original Release Date: 2005-01-01
URL: http://www.kde.org/info/security/advisory-20050101-1.txt

0. References

http://www.securityfocus.com/bid/11827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165

1. Systems affected:

All KDE releases up to including KDE 3.3.2.

2. Overview:

KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session.

Due to similiarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email.

3. Impact:

The FTP kioslave can be misused to execute any ftp command on the server or be a vector for sending out unsolicited email.

4. Solution:

Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages.

5. Patch:

Patch for KDE 3.2.3 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
a639b7b592f005e911c454a0a8c9c542 post-3.2.3-kdelibs-kioslave.patch Patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
fe67157b26a8cdf5bcfa1898cdf3b154 post-3.3.2-kdelibs-kioslave.patch

6. Time line and credits:

26/12/2004 Public bug report filed against kio_ftp by Thiago Macieira about being able to send email via kio_ftp CR/LF injection.
26/12/2004 Patches developed by Thiago Macieira developed and applied to CVS.
01/01/2005 Advisory released.

Fedora Core


Fedora Update Notification
FEDORA-2004-582
2005-01-03

Product : Fedora Core 3
Name : kernel
Version : 2.6.9
Release : 1.724_FC3
Summary : The Linux kernel (the core of the Linux operating system)

Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CAN-2004-1016:
Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send" function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation.

CAN-2004-1017:
Alan Cox reported two potential buffer overflows with the io_edgeport driver.

CAN-2004-1068:
A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.

CAN-2004-1137:
Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket.

CAN-2004-1151:
Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation.

NO-CAN-ASSIGNED:

  • Fix memory leak in ip_conntrack_ftp (local DoS)
  • Do not leak IP options. (local DoS)
  • fix missing security_*() check in net/compat.c
  • ia64/x86_64/s390 overlapping vma fix
  • Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
  • Make sure VC resizing fits in s16. Georgi Guninski reported a buffer overflow with vc_resize().
  • Clear ebp on sysenter return. A small information leak was found by Brad Spengler.

  • Sat Jan 01 2005 Dave Jones <davej@redhat.com>
    • Fix probing of vesafb. (#125890)
    • Enable PCILynx driver. (#142173)
  • Fri Dec 31 2004 Dave Jones <davej@redhat.com>
    • Drop 4g/4g patch completely.
  • Tue Dec 28 2004 Dave Jones <davej@redhat.com>
    • Drop bogus ethernet slab cache.
  • Thu Dec 23 2004 Dave Jones <davej@redhat.com>
    • Fix bio error propagation.
    • Clear ebp on sysenter return.
    • Extra debugging info on OOM kill.
    • exit() race fix.
    • Fix refcounting order in sd/sr, fixing cable pulls on USB storage.
    • IGMP source filter fixes.
    • Fix ext2/3 leak on umount.
    • fix missing wakeup in ipc/sem
    • Fix another tux corner case bug.
  • Wed Dec 22 2004 Dave Jones <davej@redhat.com>
    • Add another ipod to the unusual usb devices list. (#142779)
  • Tue Dec 21 2004 Dave Jones <davej@redhat.com>
    • Fix two silly bugs in the AGP posting fixes.
  • Thu Dec 16 2004 Dave Jones <davej@redhat.com>
    • Better version of the PCI Posting fixes for agpgart.
    • Add missing cache flush to the AGP code.
  • Sun Dec 12 2004 Dave Jones <davej@redhat.com>
    • fix false ECHILD result from wait* with zombie group leader.
  • Sat Dec 11 2004 Dave Jones <davej@redhat.com>
    • Workaround broken pci posting in AGPGART.
    • Make sure VC resizing fits in s16.
  • Fri Dec 10 2004 Dave Jones <davej@redhat.com>
    • Prevent block device queues from being shared in viocd. (#139018)
    • Libata updates. (#132848, #138405)
    • aacraid: remove aac_handle_aif (#135527)
    • fix uninitialized variable in waitid(2). (#142505)
    • Fix CMSG validation checks wrt. signedness.
    • Fix memory leak in ip_conntrack_ftp
    • [IPV4]: Do not leak IP options.
    • ppc64: Align PACA buffer for hypervisor's use. (#141817)
    • ppc64: Indicate that the veth link is always up. (#135402)
    • ppc64: Quiesce OpenFirmware stdin device at boot. (#142009)
    • SELinux: Fix avc_node_update oops. (#142353)
    • Fix CCISS ioctl return code.
    • Make ppc64's pci_alloc_consistent() conform to documentation. (#140047)
    • Disable tiglusb module. (#142102)
    • E1000 64k-alignment fix. (#140047)
    • Disable tiglusb module. (#142102)
    • ID updates for cciss driver.
    • Fix overflows in USB Edgeport-IO driver. (#142258)
    • Fix wrong TASK_SIZE for 32bit processes on x86-64. (#141737)
    • Fix ext2/ext3 xattr/mbcache race. (#138951)
    • Fix bug where __getblk_slow can loop forever when pages are partially mapped. (#140424)
    • Add missing cache flushes in agpgart code.
  • Wed Dec 08 2004 Dave Jones <davej@redhat.com>
    • Enable EDD
    • Enable ETH1394. (#138497)
    • Workaround E1000 post-maturely writing back to TX descriptors. (#133261)
    • Fix the previous E1000 errata workaround.
    • Several IDE fixes from 2.6.9-ac
    • vm pageout throttling. (#133858)
    • Fix Tux from oopsing. (#140918)
    • Fix Tux/SELinux incompatability (#140916)
    • Fix Tux/IPV6 problem. (#140916)
    • ide: Fix possible oops on boot.
    • Make spinlock debugging panic instead of printk.
    • Update Emulex lpfc driver to 8.0.16
    • Selected patches from 2.6.9-ac12
    • ppc64: Fix inability to find space for TCE table (#138844)
    • Fix compat fcntl F_GETLK{,64} (#141680)
    • blkdev_get_blocks(): handle eof
    • Another card reader for the whitelist. (#134094)
  • Sat Dec 04 2004 Dave Jones <davej@redhat.com>
    • Enable both old and new megaraid drivers.
    • Add yet another card reader to usb scsi whitelist. (#141367)
    • Fix oops in conntrack on rmmod.
  • Fri Dec 03 2004 Dave Jones <davej@redhat.com>
    • Pull in bits of -ac12 Should fix the smbfs & visor issues among others.
  • Thu Dec 02 2004 Dave Jones <davej@redhat.com>
    • Drop the futex debug patch, it served its purpose.
    • XFRM layer bug fixes
    • ppc64: Convert to using ibm,read-slot-reset-state2 RTAS call
    • ide: Make CSB6 driver support configurations.
    • ide: Handle early EOF on CDs.
    • Fix sx8 device naming in sysfs
    • e100/e1000: return -EINVAL when setting rx-mini or rx-jumbo. (#140793)
  • Wed Dec 01 2004 Dave Jones <davej@redhat.com>
    • Disable 4G/4G for i686.
    • Workaround for the E1000 erratum 23 (#140047)
    • Remove bogus futex warning. (#138179)
    • x86_64: Fix lost edge triggered irqs on UP kernel.
    • x86_64: Reenable DRI for MGA.
    • Workaround E1000 post-maturely writing back to TX descriptors (#133261)
    • 3c59x: add EEPROM_RESET for 3c900 Boomerang
    • Fix buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
    • ext3: improves ext3's error logging when we encounter an on-disk corruption.
    • ext3: improves ext3's ability to deal with corruption on-disk
    • ext3: Handle double-delete of indirect blocks.
    • Disable SCB2 flash driver for RHEL4. (#141142)
  • Tue Nov 30 2004 Dave Jones <davej@redhat.com>
    • x86_64: add an option to configure oops stack dump
    • x86[64]: display phys_proc_id only when it is initialized
    • x86_64: no TIOCSBRK/TIOCCBRK in ia32 emulation
    • via-rhine: references __init code during resume
    • Add barriers to generic timer code to prevent race. (#128242)
    • ppc64: Add PURR and version data to /proc/ppc64/lparcfg
    • Prevent xtime value becoming incorrect.
    • scsi: return full SCSI status byte in SG_IO
    • Fix show_trace() in irq context with CONFIG_4KSTACKS
    • Adjust alignment of pagevec structure.
    • md: make sure md always uses rdev_dec_pending properly.
    • Make proc_pid_status not dereference dead task structs.
    • sg: Fix oops of sg_cmd_done and sg_release race (#140648)
    • fix bad segment coalescing in blk_recalc_rq_segments()
    • fix missing security_*() check in net/compat.c
    • ia64/x86_64/s390 overlapping vma fix
    • Update Emulex lpfc to 8.0.15
  • Mon Nov 29 2004 Dave Jones <davej@redhat.com>
    • Add another card reader to whitelist. (#141022)
    • Fix possible hang in do_wait() (#140042)
    • Fix ps showing wrong ppid. (#132030)
    • Print advice to use -hugemem if >=16GB of memory is detected.
    • Enable ICOM serial driver. (#136150)
    • Enable acpi hotplug driver for IA64.
    • SCSI: fix USB forced remove oops.
    • ia64: add missing sn2 timer mask in time_interpolator code. (#140580)
    • ia64: Fix hang reading /proc/pal/cpu0/tr_info (#139571)
    • ia64: bump number of UARTS. (#139100)
    • Fix ACPI debug level (#141292)
    • Make EDD runtime configurable, and reenable.
    • ppc64: IBM VSCSI driver race fix. (#138725)
    • ppc64: Ensure PPC64 interrupts don't end up hard-disabled. (#139020, #131590)
    • ppc64: Yet more sigsuspend/singlestep fixing. (#140102, #137931)
    • x86-64: Implement ACPI based reset mechanism. (#139104)
    • Backport 2.6.10rc sysfs changes needed for IBM hotplug driver. (#140372)
    • Update Emulex lpfc driver to v8.0.14
    • Optimize away the unconditional write to debug registers on signal delivery path.
    • Fix up scsi_test_unit_ready() to work correctly with CD-ROMs.
    • md: fix two little bugs in raid10
    • Remove incorrect ELF check from module loading. (#140954)
    • Plug leaks in error paths of aic driver.
    • Add refcounting to scsi command allocation.
    • Taint oopses on machine checks, bad_page()'s calls and forced rmmod's.
    • Share Intel cache descriptors between x86 & x86-64.
    • rx checksum support for gige nForce ethernet
    • vm: vm_dirty_ratio initialisation fix
  • Sun Nov 28 2004 Dave Jones <davej@redhat.com>
    • Move 4g/4g kernel into -hugemem.
  • Sat Nov 27 2004 Dave Jones <davej@redhat.com>
    • Recognise Shuttle SN85G4 card reader. (#139163)
  • Tue Nov 23 2004 Dave Jones <davej@redhat.com>
    • Add futex debug patch.
  • Mon Nov 22 2004 Dave Jones <davej@redhat.com>
    • Update -ac patch to 2.6.9-ac11
    • make tulip_stop_rxtx() wait for DMA to fully stop. (#138240)
    • ACPI: Make LEqual less strict about operand types matching.
    • scsi: avoid extra 'put' on devices in __scsi_iterate_device() (#138135)
    • Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
    • Reenable token ring drivers. (#119345)
    • SELinux: Map Unix seqpacket sockets to appropriate security class
    • SELinux: destroy avtab node cache in policy load error path.
    • AF_UNIX: Serialize dgram read using semaphore just like stream.
    • lockd: NLM blocks locks don't sleep
    • NFS lock recovery fixes
    • Add more MODULE_VERSION tags (#136403)
    • Update qlogic driver to 2.6.10rc2 level.
    • cciss: fixes for clustering
    • ieee802.11 update.
    • ipw2100: update to ver 1.0.0
    • ipw2200: update to ver 1.0.0
    • Enable promisc mode on ipw2100
    • 3c59x: reload EEPROM values at rmmod for needy cards
    • ppc64: Prevent sigsuspend stomping on r4 and r5
    • ppc64: Alternative single-step fix.
    • fix for recursive netdump oops on x86_64
    • ia64: Fix IRQ routing fix when booted with maxcpus= (#138236)
    • ia64: search the iommu for the correct size
    • Deal with fraglists correctly on ipv4/ipv6 output
    • Various statm accounting fixes (#139447)
    • Reenable CMM /proc interface for s390 (#137397)
  • Fri Nov 19 2004 Dave Jones <davej@redhat.com>
    • e100: fix improper enabling of interrupts. (#139706)
    • autofs4: allow map update recognition
    • Various TCP fixes from 2.6.10rc
    • Various netlink fixes from 2.6.10rc
    • [IPV4]: Do not try to unhash null-netdev nexthops.
    • ppc64: Make NUMA map CPU->node before bringing up the CPU (#128063)
    • ppc64: sched domains / cpu hotplug cleanup. (#128063)
    • ppc64: Add a CPU_DOWN_PREPARE hotplug CPU notifier (#128063)
    • ppc64: Register a cpu hotplug notifier to reinitialize the scheduler domains hierarchy (#128063)
    • ppc64: Introduce CPU_DOWN_FAILED notifier (#128063)
    • ppc64: Make arch_destroy_sched_domains() conditional (#128063)
    • ppc64: Use CPU_DOWN_FAILED notifier in the sched-domains hotplug code (#128063)
    • Various updates to the SCSI midlayer from 2.6.10rc.
    • vlan_dev: return 0 on vlan_dev_change_mtu success. (#139760)
    • Update Emulex lpfc driver to v8013
    • Fix problem with b44 driver and 4g/4g patch. (#118165)
    • Prevent oops when loading aic79xx on machine without hardware. (#125982)
    • Use correct spinlock functions in token ring net code. (#135462)
    • scsi: Add reset ioctl capability to ULDs
    • scsi: update ips driver to 7.10.18
    • Reenable ACPI hotplug driver. (#139976, #140130, #132691)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

01aa0e2568d7804a869dc8468a5b1605 SRPMS/kernel-2.6.9-1.724_FC3.src.rpm
47776539f4ccb70a3d2b0d641e24cebf x86_64/kernel-2.6.9-1.724_FC3.x86_64.rpm
0188ac33f1a39b81fc94947c3d7be55d x86_64/kernel-smp-2.6.9-1.724_FC3.x86_64.rpm
8ee1e74c68022d98268f8cd809f9751d x86_64/debug/kernel-debuginfo-2.6.9-1.724_FC3.x86_64.rpm
b2c333acd8dc04c099fdf5ec8a4784b5 x86_64/kernel-doc-2.6.9-1.724_FC3.noarch.rpm
df2397cdd4380ecc7874df9489b48065 i386/kernel-2.6.9-1.724_FC3.i586.rpm
e5c97e06c0dbf0efe75ffe664e46c26e i386/kernel-smp-2.6.9-1.724_FC3.i586.rpm
f6cb0feb9b9caff301dfd3a48fba821c i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i586.rpm
c90b493037812e5b6f46e67256c2db43 i386/kernel-2.6.9-1.724_FC3.i686.rpm
cd699aa17ba07e66f062fad6f6b586df i386/kernel-smp-2.6.9-1.724_FC3.i686.rpm
b6a14462b7daaf0400fe6c6fa9a4d808 i386/debug/kernel-debuginfo-2.6.9-1.724_FC3.i686.rpm
b2c333acd8dc04c099fdf5ec8a4784b5 i386/kernel-doc-2.6.9-1.724_FC3.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Fedora Update Notification
FEDORA-2004-581
2005-01-03

Product : Fedora Core 2
Name : kernel
Version : 2.6.9
Release : 1.11_FC2
Summary : The Linux kernel (the core of the Linux operating system)

Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CAN-2004-1016:
Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send" function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation.

CAN-2004-1017:
Alan Cox reported two potential buffer overflows with the io_edgeport driver.

CAN-2004-1068:
A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.

CAN-2004-1137:
Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket.

CAN-2004-1151:
Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation.

NO-CAN-ASSIGNED:

  • Fix memory leak in ip_conntrack_ftp (local DoS)
  • Do not leak IP options. (local DoS)
  • fix missing security_*() check in net/compat.c
  • ia64/x86_64/s390 overlapping vma fix
  • Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
  • Make sure VC resizing fits in s16. Georgi Guninski reported a buffer overflow with vc_resize().
  • Clear ebp on sysenter return. A small information leak was found by Brad Spengler.

  • Sat Jan 01 2005 Dave Jones <davej@redhat.com>
    • Fix probing of vesafb. (#125890)
    • Enable PCILynx driver. (#142173)
  • Fri Dec 31 2004 Dave Jones <davej@redhat.com>
    • Drop 4g/4g patch completely.
  • Tue Dec 28 2004 Dave Jones <davej@redhat.com>
    • Drop bogus ethernet slab cache.
  • Thu Dec 23 2004 Dave Jones <davej@redhat.com>
    • Fix bio error propagation.
    • Clear ebp on sysenter return.
    • Extra debugging info on OOM kill.
    • exit() race fix.
    • Fix refcounting order in sd/sr, fixing cable pulls on USB storage.
    • IGMP source filter fixes.
    • Fix ext2/3 leak on umount.
    • fix missing wakeup in ipc/sem
    • Fix another tux corner case bug.
  • Wed Dec 22 2004 Dave Jones <davej@redhat.com>
    • Add another ipod to the unusual usb devices list. (#142779)
  • Tue Dec 21 2004 Dave Jones <davej@redhat.com>
    • Fix two silly bugs in the AGP posting fixes.
  • Thu Dec 16 2004 Dave Jones <davej@redhat.com>
    • Better version of the PCI Posting fixes for agpgart.
    • Add missing cache flush to the AGP code.
  • Sun Dec 12 2004 Dave Jones <davej@redhat.com>
    • fix false ECHILD result from wait* with zombie group leader.
  • Sat Dec 11 2004 Dave Jones <davej@redhat.com>
    • Workaround broken pci posting in AGPGART.
    • Make sure VC resizing fits in s16.
  • Fri Dec 10 2004 Dave Jones <davej@redhat.com>
    • Prevent block device queues from being shared in viocd. (#139018)
    • Libata updates. (#132848, #138405)
    • aacraid: remove aac_handle_aif (#135527)
    • fix uninitialized variable in waitid(2). (#142505)
    • Fix CMSG validation checks wrt. signedness.
    • Fix memory leak in ip_conntrack_ftp
    • [IPV4]: Do not leak IP options.
    • ppc64: Align PACA buffer for hypervisor's use. (#141817)
    • ppc64: Indicate that the veth link is always up. (#135402)
    • ppc64: Quiesce OpenFirmware stdin device at boot. (#142009)
    • SELinux: Fix avc_node_update oops. (#142353)
    • Fix CCISS ioctl return code.
    • Make ppc64's pci_alloc_consistent() conform to documentation. (#140047)
    • Disable tiglusb module. (#142102)
    • E1000 64k-alignment fix. (#140047)
    • Disable tiglusb module. (#142102)
    • ID updates for cciss driver.
    • Fix overflows in USB Edgeport-IO driver. (#142258)
    • Fix wrong TASK_SIZE for 32bit processes on x86-64. (#141737)
    • Fix ext2/ext3 xattr/mbcache race. (#138951)
    • Fix bug where __getblk_slow can loop forever when pages are partially mapped. (#140424)
    • Add missing cache flushes in agpgart code.
  • Wed Dec 08 2004 Dave Jones <davej@redhat.com>
    • Enable EDD
    • Enable ETH1394. (#138497)
    • Workaround E1000 post-maturely writing back to TX descriptors. (#133261)
    • Fix the previous E1000 errata workaround.
    • Several IDE fixes from 2.6.9-ac
    • vm pageout throttling. (#133858)
    • Fix Tux from oopsing. (#140918)
    • Fix Tux/SELinux incompatability (#140916)
    • Fix Tux/IPV6 problem. (#140916)
    • ide: Fix possible oops on boot.
    • Make spinlock debugging panic instead of printk.
    • Update Emulex lpfc driver to 8.0.16
    • Selected patches from 2.6.9-ac12
    • ppc64: Fix inability to find space for TCE table (#138844)
    • Fix compat fcntl F_GETLK{,64} (#141680)
    • blkdev_get_blocks(): handle eof
    • Another card reader for the whitelist. (#134094)
  • Sat Dec 04 2004 Dave Jones <davej@redhat.com>
    • Enable both old and new megaraid drivers.
    • Add yet another card reader to usb scsi whitelist. (#141367)
    • Fix oops in conntrack on rmmod.
  • Fri Dec 03 2004 Dave Jones <davej@redhat.com>
    • Pull in bits of -ac12
      Should fix the smbfs & visor issues among others.
  • Thu Dec 02 2004 Dave Jones <davej@redhat.com>
    • Drop the futex debug patch, it served its purpose.
    • XFRM layer bug fixes
    • ppc64: Convert to using ibm,read-slot-reset-state2 RTAS call
    • ide: Make CSB6 driver support configurations.
    • ide: Handle early EOF on CDs.
    • Fix sx8 device naming in sysfs
    • e100/e1000: return -EINVAL when setting rx-mini or rx-jumbo. (#140793)
  • Wed Dec 01 2004 Dave Jones <davej@redhat.com>
    • Disable 4G/4G for i686.
    • Workaround for the E1000 erratum 23 (#140047)
    • Remove bogus futex warning. (#138179)
    • x86_64: Fix lost edge triggered irqs on UP kernel.
    • x86_64: Reenable DRI for MGA.
    • Workaround E1000 post-maturely writing back to TX descriptors (#133261)
    • 3c59x: add EEPROM_RESET for 3c900 Boomerang
    • Fix buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
    • ext3: improves ext3's error logging when we encounter an on-disk corruption.
    • ext3: improves ext3's ability to deal with corruption on-disk
    • ext3: Handle double-delete of indirect blocks.
    • Disable SCB2 flash driver for RHEL4. (#141142)
  • Tue Nov 30 2004 Dave Jones <davej@redhat.com>
    • x86_64: add an option to configure oops stack dump
    • x86[64]: display phys_proc_id only when it is initialized
    • x86_64: no TIOCSBRK/TIOCCBRK in ia32 emulation
    • via-rhine: references __init code during resume
    • Add barriers to generic timer code to prevent race. (#128242)
    • ppc64: Add PURR and version data to /proc/ppc64/lparcfg
    • Prevent xtime value becoming incorrect.
    • scsi: return full SCSI status byte in SG_IO
    • Fix show_trace() in irq context with CONFIG_4KSTACKS
    • Adjust alignment of pagevec structure.
    • md: make sure md always uses rdev_dec_pending properly.
    • Make proc_pid_status not dereference dead task structs.
    • sg: Fix oops of sg_cmd_done and sg_release race (#140648)
    • fix bad segment coalescing in blk_recalc_rq_segments()
    • fix missing security_*() check in net/compat.c
    • ia6
      4/x86_64/s390 overlapping vma fix
    • Update Emulex lpfc to 8.0.15
  • Mon Nov 29 2004 Dave Jones <davej@redhat.com>
    • Add another card reader to whitelist. (#141022)
    • Fix possible hang in do_wait() (#140042)
    • Fix ps showing wrong ppid. (#132030)
    • Print advice to use -hugemem if >=16GB of memory is detected.
    • Enable ICOM serial driver. (#136150)
    • Enable acpi hotplug driver for IA64.
    • SCSI: fix USB forced remove oops.
    • ia64: add missing sn2 timer mask in time_interpolator code. (#140580)
    • ia64: Fix hang reading /proc/pal/cpu0/tr_info (#139571)
    • ia64: bump number of UARTS. (#139100)
    • Fix ACPI debug level (#141292)
    • Make EDD runtime configurable, and reenable.
    • ppc64: IBM VSCSI driver race fix. (#138725)
    • ppc64: Ensure PPC64 interrupts don't end up hard-disabled. (#139020, #131590)
    • ppc64: Yet more sigsuspend/singlestep fixing. (#140102, #137931)
    • x86-64: Implement ACPI based reset mechanism. (#139104)
    • Backport 2.6.10rc sysfs changes needed for IBM hotplug driver. (#140372)
    • Update Emulex lpfc driver to v8.0.14
    • Optimize away the unconditional write to debug registers on signal delivery path.
    • Fix up scsi_test_unit_ready() to work correctly with CD-ROMs.
    • md: fix two little bugs in raid10
    • Remove incorrect ELF check from module loading. (#140954)
    • Plug leaks in error paths of aic driver.
    • Add refcounting to scsi command allocation.
    • Taint oopses on machine checks, bad_page()'s calls and forced rmmod's.
    • Share Intel cache descriptors between x86 & x86-64.
    • rx checksum support for gige nForce ethernet
    • vm: vm_dirty_ratio initialisation fix
  • Mon Nov 29 2004 Soeren Sandmann <sandmann@redhat.com>
    • Build FC-3 kernel in RHEL build root
  • Sun Nov 28 2004 Dave Jones <davej@redhat.com>
    • Move 4g/4g kernel into -hugemem.
  • Sat Nov 27 2004 Dave Jones <davej@redhat.com>
    • Recognise Shuttle SN85G4 card reader. (#139163)
  • Tue Nov 23 2004 Dave Jones <davej@r