Custom Query (4874 matches)

Would someone please allow read access to 'md5sums' in the release candidate of 7.2 ? Thanks!

23. F. Muthmann.

Can't compile kernel. The latest patch from Fedora git might fix this issue but I haven't tried it yet.

  PASYMS  arch/x86/realmode/rm/pasyms.h
*** Error in `uniq': free(): invalid next size (fast): 0x00000000010f4340 ***
======= Backtrace: =========    
/lib/libc.so.6(+0x72ddf)[0x2b2dc18abddf]
/lib/libc.so.6(+0x785ae)[0x2b2dc18b15ae]
/lib/libc.so.6(+0x79287)[0x2b2dc18b2287]
uniq[0x402d42]                  
uniq[0x4024ab]                  
/lib/libc.so.6(__libc_start_main+0xf5)[0x2b2dc185aad5]
uniq[0x40261a]                  
======= Memory map: ========    
00400000-0040a000 r-xp 00000000 08:01 3419053                            /usr/bin/uniq
00609000-0060a000 rw-p 00009000 08:01 3419053                            /usr/bin/uniq
010cd000-0110f000 rw-p 00000000 00:00 0                                  [heap]
2b2dc1617000-2b2dc1637000 r-xp 00000000 08:01 3801195                    /lib/ld-2.18.so
2b2dc1637000-2b2dc163a000 rw-p 00000000 00:00 0
2b2dc163a000-2b2dc163d000 rw-p 00000000 00:00 0
2b2dc1836000-2b2dc1837000 r--p 0001f000 08:01 3801195                    /lib/ld-2.18.so
2b2dc1837000-2b2dc1838000 rw-p 00020000 08:01 3801195                    /lib/ld-2.18.so
2b2dc1838000-2b2dc1839000 rw-p 00000000 00:00 0
2b2dc1839000-2b2dc19d9000 r-xp 00000000 08:01 3801138                    /lib/libc-2.18.so
2b2dc19d9000-2b2dc1bd8000 ---p 001a0000 08:01 3801138                    /lib/libc-2.18.so
2b2dc1bd8000-2b2dc1bdc000 r--p 0019f000 08:01 3801138                    /lib/libc-2.18.so
2b2dc1bdc000-2b2dc1bde000 rw-p 001a3000 08:01 3801138                    /lib/libc-2.18.so
2b2dc1bde000-2b2dc1be2000 rw-p 00000000 00:00 0
2b2dc1be2000-2b2dc258d000 r--p 00000000 08:01 3412246                    /usr/lib/locale/locale-archive
2b2dc258d000-2b2dc25a2000 r-xp 00000000 08:01 3410870                    /usr/lib/libgcc_s.so.1
2b2dc25a2000-2b2dc27a2000 ---p 00015000 08:01 3410870                    /usr/lib/libgcc_s.so.1
2b2dc27a2000-2b2dc27a3000 rw-p 00015000 08:01 3410870                    /usr/lib/libgcc_s.so.1
7fff7e0e9000-7fff7e10b000 rw-p 00000000 00:00 0                          [stack]
7fff7e1ff000-7fff7e200000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/bin/sh: line 1:  1475 Done                    nm arch/x86/realmode/rm/header.o arch/x86/realmode/rm/trampoline_64.o arch/x86/realmode/rm/stack.o arch/x86/realmode/rm/reb
oot.o arch/x86/realmode/rm/wakeup_asm.o arch/x86/realmode/rm/wakemain.o arch/x86/realmode/rm/video-mode.o arch/x86/realmode/rm/copy.o arch/x86/realmode/rm/bioscall.o arch
/x86/realmode/rm/regs.o arch/x86/realmode/rm/video-vga.o arch/x86/realmode/rm/video-vesa.o arch/x86/realmode/rm/video-bios.o
      1476                       | sed -n -r -e 's/^([0-9a-fA-F]+) [ABCDGRSTVW] (.+)$/pa_\2 = \2;/p'
      1477                       | sort
      1478 Aborted                 | uniq > arch/x86/realmode/rm/pasyms.h
/sources/LFS/linux-3.12.6/arch/x86/realmode/rm/Makefile:40: recipe for target 'arch/x86/realmode/rm/pasyms.h' failed
make[3]: *** [arch/x86/realmode/rm/pasyms.h] Error 134
/sources/LFS/linux-3.12.6/arch/x86/realmode/Makefile:18: recipe for target 'arch/x86/realmode/rm/realmode.bin' failed
make[2]: *** [arch/x86/realmode/rm/realmode.bin] Error 2
scripts/Makefile.build:455: recipe for target 'arch/x86/realmode' failed
make[1]: *** [arch/x86/realmode] Error 2
Makefile:795: recipe for target 'arch/x86' failed
make: *** [arch/x86] Error 2

New minor version.

Security update with some critical fixes.

​http://seclists.org/oss-sec/2016/q4/644

CVE-2016-7596: Linux Kernel use-after-free in SCSI generic device interface

The linux kernel contains a bug where a fragmented IPv6 packet causes a panic after a timeout (seems to be roughly 60 seconds). This can be triggered remotely via the internet and results in a DoS (kernel panic).

​http://seclists.org/oss-sec/2016/q4/640

​http://seclists.org/oss-sec/2016/q4/641

CVE-2016-9919

CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE

Memory corruption.

​http://seclists.org/oss-sec/2016/q4/573

​http://seclists.org/oss-sec/2016/q4/574

Affects all kernels back to 3.5 series, with a different CVE being assigned all the way back to 2.6.x.

Use CVE-2016-9793. This affects, for example, 4.8.12.


We might not completely understand the CVE implications of the "Note
that before
https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b
the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were
vulnerable" comment within the
b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 commit message.
82981930125abfd39d7c8378a9cfdf5e1be2002b is a commit from 2012. The
3.5 release has this, whereas the 3.4 release does not.

For now, we are assigning CVE-2012-6704 to mean the analogous
vulnerability involving SO_SNDBUF and SO_RCVBUF that affects "before
3.5" kernels.

CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync

​http://seclists.org/oss-sec/2016/q4/575

​http://seclists.org/oss-sec/2016/q4/576

CVE-2016-9794

CVE Request: -- Linux kernel: double free in netlink_dump

​http://seclists.org/oss-sec/2016/q4/577

​http://seclists.org/oss-sec/2016/q4/580

CVE-2016-9806

My personal advice is to put out an advisory to the list as soon as we are done updating this package, and make a change to the errata for both books. This is serious and is worse than Dirty CoW.