You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa acpica-tools

Sigurnosni nedostaci programskog paketa acpica-tools

——————————————————————————–
Fedora Update Notification
FEDORA-2018-7c2e0a998d
2018-04-01 03:28:15.910093
——————————————————————————–

Name : acpica-tools
Product : Fedora 27
Version : 20180209
Release : 1.fc27
URL : https://www.acpica.org/
Summary : ACPICA tools for the development and debug of ACPI tables
Description :
The ACPI Component Architecture (ACPICA) project provides an OS-independent
reference implementation of the Advanced Configuration and Power Interface
Specification (ACPI). ACPICA code contains those portions of ACPI meant to
be directly integrated into the host OS as a kernel-resident subsystem, and
a small set of tools to assist in developing and debugging ACPI tables.

This package contains only the user-space tools needed for ACPI table
development, not the kernel implementation of ACPI. The following commands
are installed:
— iasl: compiles ASL (ACPI Source Language) into AML (ACPI Machine
Language), suitable for inclusion as a DSDT in system firmware.
It also can disassemble AML, for debugging purposes.
— acpibin: performs basic operations on binary AML files (e.g.,
comparison, data extraction)
— acpidump: write out the current contents of ACPI tables
— acpiexec: simulate AML execution in order to debug method definitions
— acpihelp: display help messages describing ASL keywords and op-codes
— acpinames: display complete ACPI name space from input AML
— acpisrc: manipulate the ACPICA source tree and format source files
for specific environments
— acpixtract: extract binary ACPI tables from acpidump output (see
also the pmtools package)

This version of the tools is being released under GPLv2 license.

——————————————————————————–
Update Information:

Security fix for CVE-2017-13693, CVE-2017-13694, CVE-2017-13695. This provides
fixes for the user space ACPICA tools only. Any kernel updates are handled
separately. This update also includes the upgrade to the 20190209 version of
the upstream source. —————————————- 09 February
2018. Summary of changes for version 20180209: 1) ACPICA kernel-resident
subsystem: Completed the final integration of the recent changes to Package
Object handling and the module-level AML code support. This allows forward
references from individual package elements when the package object is declared
from within module-level code blocks. Provides compatibility with other ACPI
implementations. The new architecture for the AML module-level code has been
completed and is now the default for the ACPICA code. This new architecture
executes the module-level code in-line as the ACPI table is loaded/parsed
instead of the previous architecture which deferred this code until after the
table was fully loaded. This solves some ASL code ordering issues and provides
compatibility with other ACPI implementations. At this time, there is an option
to fallback to the earlier architecture, but this support is deprecated and is
planned to be completely removed later this year. Added a compile-time option
to ignore AE_NOT_FOUND exceptions during resolution of named reference elements
within Package objects. Although this is potentially a serious problem, it can
generate a lot of noise/errors on platforms whose firmware carries around a
bunch of unused Package objects. To disable these errors, define
ACPI_IGNORE_PACKAGE_RESOLUTION_ERRORS in the OS-specific header. All errors are
always reported for ACPICA applications such as AcpiExec. Fixed a regression
related to the explicit type-conversion AML operators (ToXXXX). The regression
was introduced early in 2017 but was not seen until recently because these
operators are not fully supported by other ACPI implementations and are thus
rarely used by firmware developers. The operators are defined by the ACPI
specification to not implement the “implicit result object conversion”. The
regression incorrectly introduced this object conversion for the following
explicit conversion operators: * ToInteger * ToString * ToBuffer *
ToDecimalString * ToHexString * ToBCD * FromBCD 2) iASL
Compiler/Disassembler and Tools: iASL: Fixed a problem with the compiler
constant folding feature as related to the ToXXXX explicit conversion operators.
These operators do not support the “implicit result object conversion” by
definition. Thus, ASL expressions that use these operators cannot be folded to a
simple Store operator because Store implements the implicit conversion. This
change uses the CopyObject operator for the ToXXXX operator folding instead.
CopyObject is defined to not implement implicit result conversions and is thus
appropriate for folding the ToXXXX operators. iASL: Changed the severity of an
error condition to a simple warning for the case where a symbol is declared both
locally and as an external symbol. This accommodates existing ASL code.
AcpiExec: The -ep option to enable the new architecture for module-level code
has been removed. It is replaced by the -dp option which instead has the
opposite effect: it disables the new architecture (the default) and enables the
legacy architecture. When the legacy code is removed in the future, the -dp
option will be removed also.
——————————————————————————–
References:

[ 1 ] Bug #1485355 – CVE-2017-13693 CVE-2017-13694 CVE-2017-13695 acpica-tools: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1485355
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade acpica-tools’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa python-paramiko

Otkrivena je kritična ranjivost u programskom paketu python-paramiko za operacijski sustav Fedora. Otkrivena ranjivost potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....

Close