[SECURITY] Fedora 21 Update: kernel-3.17.8-300.fc21

updates at fedoraproject.org updates at fedoraproject.org
Sun Jan 11 02:58:06 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-0517
2015-01-10 02:00:32
--------------------------------------------------------------------------------

Name        : kernel
Product     : Fedora 21
Version     : 3.17.8
Release     : 300.fc21
URL         : http://www.kernel.org/
Summary     : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 3.17.8 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  8 2015 Justin M. Forbes <jforbes at fedoraproject.org> - 3.17.8-300
- Linux v3.17.8
* Wed Jan  7 2015 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-9529 memory corruption or panic during key gc (rhbz 1179813 1179853)
- Enable POWERCAP and INTEL_RAPL
* Tue Jan  6 2015 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-9419 partial ASLR bypass through TLS base addr leak (rhbz 1177260 1177263)
- CVE-2014-9428 remote DoS via batman-adv (rhbz 1178826 1178833)
- Fix CIFS login issue (rhbz 1163927)
* Mon Dec 29 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Enable F2FS (rhbz 972446)
* Thu Dec 18 2014 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-8989 userns can bypass group restrictions (rhbz 1170684 1170688)
- Fix dm-cache crash (rhbz 1168434)
- Fix blk-mq crash on CPU hotplug (rhbz 1175261)
* Wed Dec 17 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Enable USBIP in modules-extra from Johnathan Dieter (rhbz 1169478)
- CVE-2014-XXXX isofs: infinite loop in CE record entries (rhbz 1175235 1175250)
* Tue Dec 16 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Linux v3.17.7
- CVE-2014-8559 deadlock due to incorrect usage of rename_lock (rhbz 1159313 1173814)
- Add patch from Josh Stone to restore var-tracking via Kconfig (rhbz 1126580)
* Mon Dec 15 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Fix ppc64 boot with smt-enabled=off (rhbz 1173806)
- CVE-2014-8133 x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS (rhbz 1172797 1174374)
* Fri Dec 12 2014 Kyle McMartin <kyle at fedoraproject.org>
- build in ahci_platform on aarch64 temporarily.
* Fri Dec 12 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Remove pointless warning in cfg80211 (rhbz 1172543)
* Wed Dec 10 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Fix MSI issues on another Samsung pci-e SSD (rhbz 1084928)
- Fix UAS crashes with Seagate and Fresco Logic drives (rhbz 1164945)
- CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769)
* Mon Dec  8 2014 Justin M. Forbes <jforbes at fedoraproject.org> - 3.17.6-300
- Linux v3.17.6
* Fri Dec  5 2014 Kyle McMartin <kyle at fedoraproject.org> - 3.17.4-303
- arm64-fix-xgene_enet_process_ring.patch: fix a panic under load.
* Thu Dec  4 2014 Josh Boyer <jwboyer at fedoraproject.org> - 3.17.4-302
- CVE-2014-9090 local DoS via do_double_fault due to improper SS faults (rhbz 1170691)
* Thu Dec  4 2014 Kyle McMartin <kyle at fedoraproject.org>
- kernel-arm64.patch: update.
- arm64-force-serial-to-be-active-consdev.patch: force serial consoles
  to be the primary console device instead of defaulting to tty0. No
  changes to drivers outside of ARM-land.
- arm64-vgic-error-to-info.patch: change an error to a warning so that
  kvm will work.
* Mon Dec  1 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Add patch to quiet i915 driver on long hdps
- Add patch to fix oops when using xpad (rhbz 1094048)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1179813 - CVE-2014-9529 kernel: memory corruption or panic during key garbage collection
        https://bugzilla.redhat.com/show_bug.cgi?id=1179813
  [ 2 ] Bug #1177260 - CVE-2014-9419 kernel: partial ASLR bypass through TLS base addresses leak
        https://bugzilla.redhat.com/show_bug.cgi?id=1177260
  [ 3 ] Bug #1178826 - CVE-2014-9428 kernel: remote denial of service via batman-adv module
        https://bugzilla.redhat.com/show_bug.cgi?id=1178826
  [ 4 ] Bug #1170684 - CVE-2014-8989 kernel: Linux user namespaces can bypass group-based restrictions
        https://bugzilla.redhat.com/show_bug.cgi?id=1170684
  [ 5 ] Bug #1175235 - CVE-2014-9420 Kernel: fs: isofs: infinite loop in CE record entries
        https://bugzilla.redhat.com/show_bug.cgi?id=1175235
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update kernel' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list