Am 20.06.2017 um 01:30 schrieb Laura Abbott:
Hi,
If you haven't seen it, a new kernel vulnerability was announced
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Updates have been filed in bodhi with the fix
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1225995344
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b93e6de389
https://bodhi.fedoraproject.org/updates/FEDORA-2017-79f099cbba
Please test and leave karma if this update works for you. This
is especially important for F24 which has seen a falloff in
karma recently
giving karma would be so much more easy when fedora-easy-karma wouldn't
break regualry and people get tired to delete hidden folders/files
================================================================================
kernel-4.11.6-100.fc24
================================================================================
Update ID: FEDORA-2017-79f099cbba
Release: Fedora 24
Status: pending
Type: unapproved critpath security
Karma: 0/3
Request: testing
Bugs: https://bugzilla.redhat.com/1462833 - CVE-2017-1000379
kernel: Incorrectly mapped contents of PIE executable [fedora-all]
: https://bugzilla.redhat.com/1462829 - CVE-2017-1000371
kernel: offset2lib allows for the stack guard page to be jumped over
[fedora-all]
: https://bugzilla.redhat.com/1462828 - CVE-2017-1000370
kernel: offset2lib patch protection bypass [fedora-all]
: https://bugzilla.redhat.com/1462819 - CVE-2017-1000364
kernel: heap/stack gap jumping via unbounded stack allocations [fedora-all]
: https://bugzilla.redhat.com/1462827 - CVE-2017-1000365
kernel: RLIMIT_STACK/RLIMIT_INFINITY string size limitation bypass
[fedora-all]
: https://bugzilla.redhat.com/1442912 - Kernels > 4.10
enable extra debugging on b43
: https://bugzilla.redhat.com/1459326 - BUG: audit records
being sent to the console even when auditd is running
: https://bugzilla.redhat.com/1461333 - CVE-2017-1000364
kernel: heap/stack gap jumping via unbounded stack allocations
Test Cases: https://fedoraproject.org/wiki/QA%3ATestcase_kernel_regression
Notes: The 4.11.6 update contains a number of important fixes
across the
: tree, including the recently announced "stack clash"
Submitter: labbott
Submitted: 2017-06-19 23:09:35
Comments: bodhi - 2017-06-19 23:09:35 (karma 0)
This update has been submitted for testing by labbott.
https://bodhi.fedoraproject.org/updates/FEDORA-2017-79f099cbba
inst. RPMS: kernel-core-4.11.6-100.fc24.x86_64 - The Linux kernel
(installed 0 days ago)
: kernel-modules-4.11.6-100.fc24.x86_64 - kernel modules to
match the core kernel (installed 0 days ago)
: kernel-headers-4.11.6-100.fc24.x86_64 - Header files for
the Linux kernel for use by glibc (installed 0 days ago)
Comment? -1/0/1 -> karma, 'i' -> ignore, other -> skip> 1
Comment> works for me
Traceback (most recent call last):
File "/usr/bin/fedora-easy-karma", line 831, in <module>
fek = FedoraEasyKarma()
File "/usr/bin/fedora-easy-karma", line 690, in __init__
karma)
File "/usr/bin/fedora-easy-karma", line 815, in send_comment
res = bc.comment(update["title"], comment, karma=karma)
File "/usr/lib/python2.7/site-packages/fedora/client/bodhi.py", line
118, in wrapper
raise BodhiClientException(problems)
fedora.client.bodhi.BodhiClientException: You must provide a captcha_key.
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
