[SECURITY] Fedora 20 Update: kernel-3.12.5-302.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Sat Dec 21 02:24:51 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-23445
2013-12-16 06:30:59
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 20
Version : 3.12.5
Release : 302.fc20
URL : http://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
--------------------------------------------------------------------------------
Update Information:
The 3.12.5 kernel contains support for new devices, and a number of bug fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 17 2013 Josh Boyer <jwboyer at fedoraproject.org> - 3.12.5-302
- Add patch to avoid using queued trim on M500 SSD (rhbz 1024002)
* Mon Dec 16 2013 Josh Boyer <jwboyer at fedoraproject.org>
- Fix host lockup in bridge code when starting from virt guest (rhbz 1025770)
* Fri Dec 13 2013 Josh Boyer <jwboyer at fedoraproject.org> 3.12.5-301
- More keys fixes from upstream to fix keyctl_get_persisent crash (rhbz 1043033)
* Fri Dec 13 2013 Justin M. Forbes <jforbes at fedoraproject.org - 3.12.5-300
- Linux v3.12.5 rebase
* Thu Dec 12 2013 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2013-4587 kvm: out-of-bounds access (rhbz 1030986 1042071)
- CVE-2013-6376 kvm: BUG_ON in apic_cluster_id (rhbz 1033106 1042099)
- CVE-2013-6368 kvm: cross page vapic_addr access (rhbz 1032210 1042090)
- CVE-2013-6367 kvm: division by 0 in apic_get_tmcct (rhbz 1032207 1042081)
* Wed Dec 11 2013 Josh Boyer <jwboyer at fedoraproject.org>
- Add patches to support ETPS/2 Elantech touchpads (rhbz 1030802)
* Tue Dec 10 2013 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2013-XXXX net: memory leak in recvmsg (rhbz 1039845 1039874)
* Fri Dec 6 2013 Peter Robinson <pbrobinson at fedoraproject.org>
- Fix up ARM usb gadget config to make it useful
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1030986 - CVE-2013-4587 kernel: kvm: rtc_status.dest_map out-of-bounds access
https://bugzilla.redhat.com/show_bug.cgi?id=1030986
[ 2 ] Bug #1033106 - CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id()
https://bugzilla.redhat.com/show_bug.cgi?id=1033106
[ 3 ] Bug #1032210 - CVE-2013-6368 kvm: cross page vapic_addr access
https://bugzilla.redhat.com/show_bug.cgi?id=1032210
[ 4 ] Bug #1032207 - CVE-2013-6367 kvm: division by zero in apic_get_tmcct()
https://bugzilla.redhat.com/show_bug.cgi?id=1032207
[ 5 ] Bug #1039845 - Kernel: net: information leak in recvmsg handler msg_name & msg_namelen logic
https://bugzilla.redhat.com/show_bug.cgi?id=1039845
[ 6 ] Bug #1035875 - CVE-2013-6405 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls
https://bugzilla.redhat.com/show_bug.cgi?id=1035875
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list