[UPDATED] Fedora Legacy Test Update Notification: kernel (rh73 and rh9)

Marc Deslauriers marcdeslauriers at videotron.ca
Sun Mar 5 19:20:53 UTC 2006 

These packages were updated to fix an incorrect patch that caused
instability under heavy load.

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-157459-1
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
2006-03-05
---------------------------------------------------------------------

Name        : kernel
Versions    : rh7.3: kernel-2.4.20-46.7.legacy
Versions    : rh9: kernel-2.4.20-46.9.legacy
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.

---------------------------------------------------------------------
Update Information:

Updated kernel packages that fix several security issues are now
available.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)

- a recent Internet Draft by Fernando Gont recommended that ICMP Source
Quench messages be ignored by hosts. A patch to ignore these messages is
included. (CVE-2004-0791)

- flaws in the coda module that allowed denial-of-service attacks
(crashes) or local privilege escalations (CVE-2005-0124)

- a flaw between execve() syscall handling and core dumping of
ELF-format executables allowed local unprivileged users to cause a
denial of service (system crash) or possibly gain privileges
(CVE-2005-1263)

- a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458)

- a flaw in sendmsg() syscall handling on 64-bit systems that allowed
a local user to cause a denial of service or potentially gain
privileges (CAN-2005-2490)

- a flaw in exec() handling on some 64-bit architectures that allowed
a local user to cause a denial of service (crash) (CVE-2005-2708)

- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)

- a flaw in IPv6 network UDP port hash table lookups that allowed a
local user to cause a denial of service (hang) (CVE-2005-2973)

- a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data (CVE-2005-3180)

- a flaw in the packet radio ROSE protocol that allowed a user to
trigger out-of-bounds errors. (CVE-2005-3273)

- a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash) (CVE-2005-3275)

- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data (CVE-2005-3276)

- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)

- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)

All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.

---------------------------------------------------------------------
Changelogs

rh73:
* Thu Mar 02 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-46.9.legacy
- Fixed the broken CVE-2005-0749 patch that was causing unstability

* Sat Feb 04 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-45.9.legacy
- Removed CVE-2005-3044 patch (it was 64-bit only)
- Fixed CVE-2005-2709 patch
- Added patch for CVE-2002-2185 (potential IGMP DoS)

* Fri Feb 03 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-44.9.legacy
- Added patches for:
  CVE-2004-0791 (source quench DoS)
  CVE-2005-0124 (coda fs flaw)
  CVE-2005-1263 (ELF core dump privilege elevation)
  CVE-2005-2458 (gzip/zlib flaws)
  CVE-2005-2490 (compat layer sendmsg() races)
  CVE-2005-2708 (user code panics kernel in exec.c)
  CVE-2005-2709 (sysctl races)
  CVE-2005-2973 (ipv6 infinite loop)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3180 (orinoco driver information leakage)
  CVE-2005-3273 (ROSE ndigis verification)
  CVE-2005-3275 (NAT DoS)
  CVE-2005-3276 (sys_get_thread_area minor info leak)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)

rh9:
* Thu Mar 02 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-46.9.legacy
- Fixed the broken CVE-2005-0749 patch that was causing unstability

* Sat Feb 04 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-45.9.legacy
- Removed CVE-2005-3044 patch (it was 64-bit only)
- Fixed CVE-2005-2709 patch
- Added patch for CVE-2002-2185 (potential IGMP DoS)

* Fri Feb 03 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-44.9.legacy
- Added patches for:
  CVE-2004-0791 (source quench DoS)
  CVE-2005-0124 (coda fs flaw)
  CVE-2005-1263 (ELF core dump privilege elevation)
  CVE-2005-2458 (gzip/zlib flaws)
  CVE-2005-2490 (compat layer sendmsg() races)
  CVE-2005-2708 (user code panics kernel in exec.c)
  CVE-2005-2709 (sysctl races)
  CVE-2005-2973 (ipv6 infinite loop)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3180 (orinoco driver information leakage)
  CVE-2005-3273 (ROSE ndigis verification)
  CVE-2005-3275 (NAT DoS)
  CVE-2005-3276 (sys_get_thread_area minor info leak)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
13d96ec3b350e2fe08a0b2daea0fbc903b55dba6
redhat/7.3/updates-testing/i386/kernel-2.4.20-46.7.legacy.athlon.rpm
dd2a0de51955f130914b97e54002999398594e78
redhat/7.3/updates-testing/i386/kernel-2.4.20-46.7.legacy.i386.rpm
c2a33858f1863b5aa8fc61812620bd538416eec1
redhat/7.3/updates-testing/i386/kernel-2.4.20-46.7.legacy.i586.rpm
82f9abe5137fe60c379e54ed4c30102e77a3d7ce
redhat/7.3/updates-testing/i386/kernel-2.4.20-46.7.legacy.i686.rpm
2b7d00492c0bdd1c42f8e1fd60c69aa06d2af5b2
redhat/7.3/updates-testing/i386/kernel-bigmem-2.4.20-46.7.legacy.i686.rpm
18b774d3bbe7bc2c3b1326b31cf653fc4ec3dd02
redhat/7.3/updates-testing/i386/kernel-BOOT-2.4.20-46.7.legacy.i386.rpm
53e150d66bcd19881e6d3375b3921cbdcc19f9da
redhat/7.3/updates-testing/i386/kernel-doc-2.4.20-46.7.legacy.i386.rpm
8451d90ea0f882cc95635eac07ad794fe3a80b73
redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-46.7.legacy.athlon.rpm
70cbb1233156b94cb7adf05a9a60932bdebd01a7
redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-46.7.legacy.i586.rpm
df9078043ff5fb7a46de6c664c6009d1a17591d3
redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-46.7.legacy.i686.rpm
d41ae5e41700ea15838560c1ab4cff28b405ebc6
redhat/7.3/updates-testing/i386/kernel-source-2.4.20-46.7.legacy.i386.rpm
21f35ccaf8e57e440c3019b34feb9d9505400b35
redhat/7.3/updates-testing/SRPMS/kernel-2.4.20-46.7.legacy.src.rpm

rh9:
109e959e391c02665c2683714476641b512b1d2a
redhat/9/updates-testing/i386/kernel-2.4.20-46.9.legacy.athlon.rpm
bf329aff38c0cc9c6976994ba8b4fecf23f9a842
redhat/9/updates-testing/i386/kernel-2.4.20-46.9.legacy.i386.rpm
c805fe8f45b96104ad70e1886bd46de107dee452
redhat/9/updates-testing/i386/kernel-2.4.20-46.9.legacy.i586.rpm
8bd381c660a26da151afbd1e3fc732b83c2becc4
redhat/9/updates-testing/i386/kernel-2.4.20-46.9.legacy.i686.rpm
70e9a8644eee9902c0d19ebf6b73b382909f178b
redhat/9/updates-testing/i386/kernel-bigmem-2.4.20-46.9.legacy.i686.rpm
d6f9e20636ac96af35f9c001b51b0be121aed44f
redhat/9/updates-testing/i386/kernel-BOOT-2.4.20-46.9.legacy.i386.rpm
f6c3109670d2cea5c47f78f1852ad28764ac5f4f
redhat/9/updates-testing/i386/kernel-doc-2.4.20-46.9.legacy.i386.rpm
4c6803f8075e975ce898fabd55cc1534db98e0e8
redhat/9/updates-testing/i386/kernel-smp-2.4.20-46.9.legacy.athlon.rpm
79c7bda4bfe36807fdd4144146e728ffe20e1a9a
redhat/9/updates-testing/i386/kernel-smp-2.4.20-46.9.legacy.i586.rpm
833c41272f7836354359194344de076e566c7eb4
redhat/9/updates-testing/i386/kernel-smp-2.4.20-46.9.legacy.i686.rpm
f56721c762dcf68d1021213cae598765d53b710f
redhat/9/updates-testing/i386/kernel-source-2.4.20-46.9.legacy.i386.rpm
665d140e5dacf04a703408634be6619e6878112a
redhat/9/updates-testing/SRPMS/kernel-2.4.20-46.9.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060305/a8789263/attachment.sig>

More information about the fedora-legacy-list mailing list