[SECURITY] Fedora 16 Update: kernel-3.2.1-3.fc16

Tue Jan 24 07:57:29 UTC 2012

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0876
2012-01-24 01:29:48
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 16
Version     : 3.2.1
Release     : 3.fc16
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

--------------------------------------------------------------------------------
Update Information:

Rebase F16 to the 3.2.1 stable release.  Also fixes CVEs:

- CVE-2012-0056
- CVE-2011-4127
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 23 2012 Josh Boyer <jwboyer at redhat.com> 3.2.1-3
- Fix oops in iwlwifi/iwlagn driver (rhbz 766071)
- Fix NULL pointer dereference in sym53c8xx module (rhbz 781625)
* Fri Jan 20 2012 Dave Jones <davej at redhat.com>
- net: reintroduce missing rcu_assign_pointer() calls
* Fri Jan 20 2012 Josh Boyer <jwboyer at redhat.com>
- Add mac80211 deauth fix pointed out by Stanislaw Gruszka
* Thu Jan 19 2012 Dave Jones <davej at redhat.com> 3.2.1-1
- Rebase to Linux 3.2.1
* Thu Jan 19 2012 John W. Linville <linville at redhat.com>
- Pass the same make options to compat-wireless as to the base kernel
* Wed Jan 18 2012 Josh Boyer <jwboyer at redhat.com> 3.1.10-2
- Fix broken procfs backport (rhbz 782961)
* Wed Jan 18 2012 Josh Boyer <jwboyer at redhat.com> 3.1.10-1
- Linux 3.1.10
- /proc/pid/* information leak (rhbz 782686)
- CVE-2012-0056 proc: clean up and fix /proc/<pid>/mem (rhbz 782681)
- loop: prevent information leak after failed read (rhbz 782687)
* Tue Jan 17 2012 Josh Boyer <jwboyer at redhat.com>
- CVE-2011-4127 possible privilege escalation via SG_IO ioctl (rhbz 769911)
* Mon Jan 16 2012 John W. Linville <linville at redhat.com>
- Re-apply patch to revert mac80211 scan optimizations (rhbz #731365, #773271)
* Sun Jan 15 2012 Josh Boyer <jwboyer at redhat.com>
- Avoid packaging symlinks for kernel-doc files (rhbz 767351)
- Apply mac80211 NULL ptr deref fix to compat-wireless too (rhbz 769766)
* Fri Jan 13 2012 Josh Boyer <jwboyer at redhat.com>
- Fix verbose logging messages in the rtl8192cu driver (rhbz 728740)
* Fri Jan 13 2012 Josh Boyer <jwboyer at redhat.com> 3.1.9-1
- Linux 3.1.9
- CVE-2012-0045 kvm: syscall instruction induced guest panic (rhbz 773392)
* Wed Jan 11 2012 Josh Boyer <jwboyer at redhat.com>
- Patch from Stanislaw Gruszka to fix NULL ptr deref in mac80211 (rhbz 769766)
* Tue Jan 10 2012 John W. Linville <linville at redhat.com>
- Update compat-wireless snapshot to version 3.2-1
* Tue Jan 10 2012 Josh Boyer <jwboyer at redhat.com>
- Add patch to fix ext4 compatibility with ext2 mount option (rhbz 770172)
- Fix ext4 corrupted bitmap error path (pointed out by Eric Sandeen)
* Sat Jan  7 2012 Josh Boyer <jwboyer at redhat.com> 3.1.8-2
- Add iwlwifi-allow-to-switch-to-HT40-if-not-associated.patch back to
  compat-wireless
* Fri Jan  6 2012 Josh Boyer <jwboyer at redhat.com> 3.1.8-1
- Disable backports on arches where we don't actually build a kernel (or config)
- Linux 3.1.8
* Thu Jan  5 2012 John W. Linville <linville at redhat.com>
- Patch compat-wireless build to avoid "pr_fmt redefined" warnings
- Include compat-wireless in removal of files resulting from patch fuzz
* Thu Jan  5 2012 Josh Boyer <jwboyer at redhat.com>
- Move the depmod file removal below the compat-wireless build to make sure we
  clean them all out
* Wed Jan  4 2012 Neil Horman <nhorman at redhat.com>
- Fix warning about msi sysfs refcount (bz 771058)
* Wed Jan  4 2012 Dave Jones <davej at redhat.com>
- Disable PCI CRS blacklist patch
- Try alternative approach from Bjorn Helgaas to work around
  MCFG quirks on some laptops.
* Wed Jan  4 2012 Dave Jones <davej at redhat.com>
- Add Dell Studio 1557 to pci=nocrs blacklist. (rhbz 769657)
* Wed Jan  4 2012 Josh Boyer <jwboyer at redhat.com>
- CVE-2011-4347 kvm: device assignment DoS (rhbz 771678)
* Tue Jan  3 2012 Josh Boyer <jwboyer at redhat.com> 3.1.7-1
- Linux 3.1.7
* Tue Jan  3 2012 John W. Linville <linville at redhat.com> 
- Avoid unnecessary modprobe invocations during compat-wireless build
* Tue Jan  3 2012 Dave Jones <davej at redhat.com>
- Add Thinkpad SL510 to the pci=nocrs blacklist.
* Tue Jan  3 2012 Josh Boyer <jwboyer at redhat.com>
- CVE-2011-4622 kvm: pit timer with no irqchip crashes the system (rhbz 771387)
- Add bluetooth support for BCM20102A0 (rhbz 770233)
* Tue Jan  3 2012 Dave Jones <davej at redhat.com>
- thp: reduce khugepaged freezing latency (rhbz 771006)
* Tue Jan  3 2012 John W. Linville <linville at redhat.com> 
- Re-enable CONFIG_RT2800PCI_RT53XX in compat-wireless build (rhbz #720594)
* Thu Dec 29 2011 Dave Jones <davej at redhat.com> 3.1.6-2
- Create a blacklist for pci=nocrs
  Add Dell Studio 1536 to it.
* Fri Dec 23 2011 Dennis Gilmore <dennis at ausil.us>
- build imx highbank and kirkwood kernels for arm
* Thu Dec 22 2011 John W. Linville <linville at redhat.com> 
- iwlwifi: do not set the sequence control bit is not needed
- ath9k: fix max phy rate at rate control init
- mwifiex: avoid double list_del in command cancel path
- iwlwifi: update SCD BC table for all SCD queues
* Wed Dec 21 2011 Dave Jones <davej at redhat.com> 3.1.6-1
- Linux 3.1.6
* Wed Dec 21 2011 John W. Linville <linville at redhat.com> 
- Apply some iwlwifi regression fixes not in the 3.2-rc6 wireless snapshot
- Turn-off with_backports for s390x
* Wed Dec 21 2011 Dave Jones <davej at redhat.com> 3.1.5-11
- Reinstate the route cache garbage collector.
* Wed Dec 21 2011 John W. Linville <linville at redhat.com> 
- Revise compat-wireless configuration
- Enable with-backports by default
- Update compat-wireless snaptshot from verstion 3.2-rc6-3
* Tue Dec 20 2011 Dave Jones <davej at redhat.com> 3.1.5-10
- Delay after aborting command in tpm_tis (rhbz #746097)
* Tue Dec 20 2011 Josh Boyer <jwboyer at redhat.com>
- Backport upstream fix for b44_poll oops (rhbz #741117)
- Include crtsaves.o for ppc64 as well (rhbz #769415)
- Drop EDID headers patch from 751589 for now (rhbz #769103)
* Mon Dec 19 2011 Kyle McMartin <kyle at redhat.com> - 3.1.5-8
- Add versioned Obsoletes and Provides for kernel-tools -> perf, hopefully
  this should allow upgrades from kernel-tools to perf+kernel-tools in rawhide
  from F-16.
* Mon Dec 19 2011 Dave Jones <davej at redhat.com>
- x86, dumpstack: Fix code bytes breakage due to missing KERN_CONT
* Fri Dec 16 2011 Ben Skeggs <bskeggs at redhat.com> - 3.1.5-7
- Add patch to do a better job of dealing with busted EDID headers (rhbz#751589)
* Thu Dec 15 2011 Josh Boyer <jwboyer at redhat.com> - 3.1.5-6
- Add patch to fix Intel wifi regression in 3.1.5 (rhbz 767173)
* Thu Dec 15 2011 Dave Jones <davej at redhat.com> - 3.1.5-5
- Change configfs to be built-in. (rhbz 767857)
* Thu Dec 15 2011 Dave Jones <davej at redhat.com> - 3.1.5-4
- Disable Intel IOMMU by default.
* Tue Dec 13 2011 Josh Boyer <jwboyer at redhat.com>
- Remove extraneous settings and enable Radeon KMS for powerpc (via Will Woods)
* Mon Dec 12 2011 Josh Boyer <jwboyer at redhat.com>
- Add patch from Jeff Layton to fix suspend with NFS (rhbz #717735)
- Backport ALPS touchpad patches from input/next branch (rhbz #590880)
* Fri Dec  9 2011 Josh Boyer <jwboyer at redhat.com> 3.1.5-1
- Linux 3.1.5
* Thu Dec  8 2011 Chuck Ebbert <cebbert at redhat.com> 3.1.5-0.rc2.1
- Linux 3.1.5-rc2
- Drop obsolete changelog, set rcrev and gitrev to 0 so they're
  less distracting.
- Fix wrong link speed on some sky2 network adapters (rhbz #757839)
* Thu Dec  8 2011 Ben Skeggs <bskeggs at redhat.com> 3.1.5-0.rc1.2
- nouveau: fix accel on GF108 and enable on GF108/GF110
* Wed Dec  7 2011 Chuck Ebbert <cebbert at redhat.com>
- Linux 3.1.5-rc1
- Comment out merged patches:
  xfs-Fix-possible-memory-corruption-in-xfs_readlink.patch
  rtlwifi-fix-lps_lock-deadlock.patch
* Tue Dec  6 2011 Chuck Ebbert <cebbert at redhat.com>
- Disable uas until someone can fix it (rhbz #717633)
* Tue Dec  6 2011 Josh Boyer <jwboyer at redhat.com>
- Add reworked pci ASPM patch from Matthew Garrett
* Mon Dec  5 2011 Josh Boyer <jwboyer at redhat.com>
- Only print the apm_cpu_idle message once (rhbz #760341)
* Mon Dec  5 2011 Dave Jones <davej at redhat.com>
- Switch from -Os to -O2
* Thu Dec  1 2011 Josh Boyer <jwboyer at redhat.com>
- Apply patch to revert mac80211 scan optimizations (rhbz #731365)
- Disable the existing brcm80211 staging drivers (rhbz #759109)
* Wed Nov 30 2011 Josh Boyer <jwboyer at redhat.com>
- Include commit 3940d6185 from JJ Ding in elantech.patch
* Tue Nov 29 2011 Josh Boyer <jwboyer at redhat.com>
- Add patch to fix deadlock in rtlwifi (rhbz #755154)
- Drop drm-intel-make-lvds-work.patch (rhbz #731296)
* Mon Nov 28 2011 Chuck Ebbert <cebbert at redhat.com> 3.1.4-1
- Linux 3.1.4
* Mon Nov 28 2011 Chuck Ebbert <cebbert at redhat.com>
- Fix IRQ error preventing load of cciss module (rhbz#754907)
* Mon Nov 28 2011 Ben Skeggs <bskeggs at redhat.com> 3.1.3-2
- nouveau: fix two instances of an oops in ttm clear() (rhbz#751753)
* Sun Nov 27 2011 Chuck Ebbert <cebbert at redhat.com> 3.1.3-1
- Linux 3.1.3
* Wed Nov 23 2011 Chuck Ebbert <cebbert at redhat.com> 3.1.3-0.rc1.1
- Linux 3.1.3-rc1
- Comment out merged patches:
  usb-add-quirk-for-logitech-webcams.patch
  ip6_tunnel-copy-parms.name-after-register_netdevice.patch
* Tue Nov 22 2011 Chuck Ebbert <cebbert at redhat.com> 3.1.2-1
- Linux 3.1.2
* Sat Nov 19 2011 Chuck Ebbert <cebbert at redhat.com> 3.1.2-0.rc1.1
- Linux 3.1.2-rc1
* Wed Nov 16 2011 John W. Linville <linville at redhat.com>
- Add compat-wireless as an option for kernel build
* Tue Nov 15 2011 Dave Jones <davej at redhat.com>
- mm: Do not stall in synchronous compaction for THP allocations
* Tue Nov 15 2011 Dave Jones <davej at redhat.com>
- Backport asus-laptop changes from 3.2 (rhbz 754214)
* Mon Nov 14 2011 Josh Boyer <jwboyer at redhat.com>
- Patch from Joshua Roys to add rtl8192* to modules.networking (rhbz 753645)
- Add patch for wacom tablets for Bastien Nocera (upstream 3797ef6b6)
- Add patch to fix ip6_tunnel naming (rhbz 751165)
- Quite warning in apm_cpu_idle (rhbz 753776)
* Mon Nov 14 2011 Josh Boyer <jwboyer at redhat.com> 3.1.1-2
- CVE-2011-4131: nfs4_getfacl decoding kernel oops (rhbz 753236)
- CVE-2011-4132: jbd/jbd2: invalid value of first log block leads to oops (rhbz 753346)
* Fri Nov 11 2011 Chuck Ebbert <cebbert at redhat.com>
- Use the same naming scheme as rawhide for -stable RC kernels
  (e.g. 3.1.1-0.rc1.1 instead of 3.1.1-1.rc1)
* Fri Nov 11 2011 Josh Boyer <jwboyer at redhat.com> 3.1.1-1
- Linux 3.1.1
* Fri Nov 11 2011 John W. Linville <linville at redhat.com>
- Remove overlap between bcma/b43 and brcmsmac and reenable bcm4331
* Thu Nov 10 2011 Chuck Ebbert <cebbert at redhat.com>
- Sync samsung-laptop driver with what's in 3.2 (rhbz 747560)
* Wed Nov  9 2011 Chuck Ebbert <cebbert at redhat.com> 3.1.1-1.rc1
- Linux 3.1.1-rc1
- Comment out merged patches, will drop when release is final:
   ums-realtek-driver-uses-stack-memory-for-DMA.patch
   epoll-fix-spurious-lockdep-warnings.patch
   crypto-register-cryptd-first.patch
   add-macbookair41-keyboard.patch
   powerpc-Fix-deadlock-in-icswx-code.patch
   iwlagn-fix-ht_params-NULL-pointer-dereference.patch
   mmc-Always-check-for-lower-base-frequency-quirk-for-.patch
   media-DiBcom-protect-the-I2C-bufer-access.patch
   media-dib0700-protect-the-dib0700-buffer-access.patch
   WMI-properly-cleanup-devices-to-avoid-crashes.patch
   mac80211-fix-remain_off_channel-regression.patch
   mac80211-config-hw-when-going-back-on-channel.patch
* Wed Nov  9 2011 John W. Linville <linville at redhat.com>
- Backport brcm80211 from 3.2-rc1
* Tue Nov  8 2011 Neil Horman <nhorman at redhat.com>
- Add msi irq ennumeration per device in sysfs (rhbz 752176)
* Mon Nov  7 2011 Josh Boyer <jwboyer at redhat.com>
- Add two patches to fix mac80211 issues (rhbz 731365)
* Thu Nov  3 2011 Josh Boyer <jwboyer at redhat.com>
- Add commits queued for 3.2 for elantech driver (rhbz 728607)
- Fix crash when setting brightness via Fn keys on ideapads (rhbz 748210)
* Wed Nov  2 2011 Josh Boyer <jwboyer at redhat.com>
- Add patch to fix oops when removing wmi module (rhbz 706574)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #766071 - [abrt] kernel: WARNING: at drivers/net/wireless/iwlwifi/iwl-agn-lib.c:1766 iwlagn_set_rxon_chain+0x113/0x233 [iwlagn]()
        https://bugzilla.redhat.com/show_bug.cgi?id=766071
  [ 2 ] Bug #781625 - kernel-3.1.7 crash due to sym53c8xx module
        https://bugzilla.redhat.com/show_bug.cgi?id=781625
  [ 3 ] Bug #782961 - Kernel panic: kernel-3.1.10-1.fc16.x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=782961
  [ 4 ] Bug #782686 - kernel: /proc/pid/* information leak [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=782686
  [ 5 ] Bug #782681 - CVE-2012-0056 kernel: proc: /proc/<pid>/mem mem_write insufficient permission checking [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=782681
  [ 6 ] Bug #782687 - kernel: loop: prevent information leak after failed read [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=782687
  [ 7 ] Bug #769911 - CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=769911
  [ 8 ] Bug #731365 - WARNING: at include/net/mac80211.h:3081 rate_control_send_low+0x86/0x102 [mac80211](): TAINTED ---------W
        https://bugzilla.redhat.com/show_bug.cgi?id=731365
  [ 9 ] Bug #773271 - [abrt] kernel: WARNING: at include/net/mac80211.h:3345 rate_control_send_low+0x111/0x190 [mac80211]()
        https://bugzilla.redhat.com/show_bug.cgi?id=773271
  [ 10 ] Bug #767351 - kernel-doc contains /builddir/ symlinks
        https://bugzilla.redhat.com/show_bug.cgi?id=767351
  [ 11 ] Bug #769766 - tcpdump on wlan0 crashes system
        https://bugzilla.redhat.com/show_bug.cgi?id=769766
  [ 12 ] Bug #728740 - Constant Logging Of rtl8192c Notice To Console & /var/log/messages
        https://bugzilla.redhat.com/show_bug.cgi?id=728740
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------