Fedora Legacy Test Update Notification: kernel (fc2)

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Feb 21 00:57:54 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-157459-3
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
2006-02-20
---------------------------------------------------------------------

Name        : kernel
Versions    : fc2: kernel-2.6.10-2.3.legacy_FC2
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.

---------------------------------------------------------------------
Update Information:

Updated kernel packages that fix several security issues are now
available.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)

- flaws in ptrace() syscall handling on 64-bit systems that allowed a
local user to cause a denial of service (crash) (CVE-2005-0756,
CVE-2005-1761, CVE-2005-1762, CVE-2005-1763)

- a flaw when setting the line discipline on a serial tty that allowed a
local user to inject mouse movements or keystrokes when another user is
logged in. (CVE-2005-0839)

- an integer overflow flaw when writing to a sysfs file that allowed a
local user to overwrite kernel memory, causing a denial of service
(system crash) or arbitrary code execution. (CVE-2005-0867)

- a flaw in the futex functions that allowed a local user to cause a
denial of service (system crash). (CVE-2005-0937)

- a flaw in the tmpfs file system that allowed a local user to cause a
denial of service (system crash). (CVE-2005-0977)

- a flaw in the fib_seq_start function that allowed a local user to
cause a denial of service (system crash) via /proc/net/route.
(CVE-2005-1041)

- a flaw between execve() syscall handling and core dumping of
ELF-format executables allowed local unprivileged users to cause a
denial of service (system crash) or possibly gain privileges
(CVE-2005-1263)

- a flaw in the servicing of a raw device ioctl that allowed a local
user who has access to raw devices to write to kernel memory and cause a
denial of service or potentially gain privileges (CVE-2005-1264)

- a flaw that prevented the topdown allocator from allocating mmap areas
all the way down to address zero (CVE-2005-1265)

- a flaw in the key_user_lookup function in security/keys/key.c that
allowed a user to cause a denial of service (crash) (CVE-2005-1368)

- a flaw in the it87 and via686a drivers in I2C that allowed a locl user
to cause a denial of service (crash) (CVE-2005-1369)

- flaws dealing with keyrings that could cause a local denial of service
(CVE-2005-2098, CVE-2005-2099)

- flaws in IPSEC network handling that allowed a local user to cause a
denial of service or potentially gain privileges (CVE-2005-2456,
CVE-2005-2555)

- a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458)

- a flaw in sendmsg() syscall handling on 64-bit systems that allowed
a local user to cause a denial of service or potentially gain
privileges (CVE-2005-2490)

- a flaw in sendmsg() syscall handling that allowed a local user to
cause a denial of service by altering hardware state (CVE-2005-2492)

- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)

- a flaw in the SCSI procfs interface that allowed a local user to cause
a denial of service (crash) (CVE-2005-2800)

- a xattr sharing bug in the ext2 and ext3 file systems that could cause
default ACLs to disappear (CVE-2005-2801)

- a flaw in the ipt_recent module on 64-bit architectures which could
allow a remote denial of service (CVE-2005-2872)

- a flaw in IPv6 network UDP port hash table lookups that allowed a
local user to cause a denial of service (hang) (CVE-2005-2973)

- a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash) (CVE-2005-3044)

- a flaw in the set_mempolicy system call that allowed a local user to
cause a denial of service (system panic). (CVE-2005-3053)

- a race condition when threads share memory mapping that allowed local
users to cause a denial of service (deadlock) (CVE-2005-3106)

- a flaw when trying to mount a non-hfsplus filesystem using hfsplus
that allowed local users to cause a denial of service (crash)
(CVE-2005-3109)

- a race condition in the ebtables netfilter module that may allow
remote attackers to cause a denial of service (crash) on a SMP system
that is operating under a heavy load (CVE-2005-3110)

- a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data (CVE-2005-3180)

- a memory leak was found in the audit system that allowed an
unprivileged local user to cause a denial of service. (CVE-2005-3181)

- a race condition in ip_vs_conn_flush that allowed a local user to
cause a denial of service (CVE-2005-3274)

- a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash) (CVE-2005-3275)

- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data (CVE-2005-3276)

- a flaw in mq_open system call that allowed a local user to cause a
denial of service (crash) (CVE-2005-3356)

- a flaw in set_mempolicy that allowed a local user on some 64-bit
architectures to cause a denial of service (crash) (CVE-2005-3358)

- a flaw in the auto-reap of child processes that allowed a local user
to cause a denial of service (crash) (CVE-2005-3784)

- a flaw in the POSIX timer cleanup handling that allowed a local user
to cause a denial of service (crash) (CVE-2005-3805)

- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)

- a memory leak in the VFS file lease handling that allowed a local user
to cause a denial of service (CVE-2005-3807)

- a flaw in network ICMP processing that allowed a local user to cause
a denial of service (memory exhaustion) (CVE-2005-3848)

- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)

- a flaw in network IPv6 xfrm handling that allowed a local user to
cause a denial of service (memory exhaustion) (CVE-2005-3858)

- a flaw in procfs handling that allowed a local user to read kernel
memory (CVE-2005-4605)

- a memory disclosure flaw in dm-crypt that allowed a local user to
obtain sensitive information about a cryptographic key (CVE-2006-0095)

All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.

---------------------------------------------------------------------
Changelogs

fc2:
* Fri Feb 10 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.6.10-2.3.legacy_FC2
- Added patches for:
  CVE-2002-2185 (IGMP DoS)
  CVE-2005-3805 (POSIX timer cleanup handling on exit locking problem)
  CVE-2005-3807 (memory leak with file leases)
  CVE-2006-0095 (dm-crypt key leak)

* Fri Feb 03 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.6.10-2.2.legacy_FC2
- Added patches for:
  CVE-2005-2800 (/proc/scsi/scsi DoS)
  CVE-2005-2801 (ext2/3 xattr sharing bug)
  CVE-2005-2872 (ipt_recent integer handling)
  CVE-2005-2973 (ipv6 infinite loop)
  CVE-2005-3053 (sys_set_mempolicy() bounds check)
  CVE-2005-3106 (exec_mmap race DoS)
  CVE-2005-3109 (HFS oops)
  CVE-2005-3110 (race in ebtables)
  CVE-2005-3180 (etherleak in orinoco)
  CVE-2005-3181 (names_cache memory leak)
  CVE-2005-3275 (NAT DoS)
  CVE-2005-3276 (sys_get_thread_area has minor info leak)
  CVE-2005-3848 (dst_entry leak DoS)
  CVE-2005-3858 (ip6_input_finish DoS)

* Sat Jan 28 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.6.10-2.1.legacy_FC2
- Added patches for:
  CVE-2005-0756 (ptrace-check-segment x86_64 crash)
  CVE-2005-0839 (Only root should be able to set the N_MOUSE line
discipline)
  CVE-2005-0867 (signedness issue in sysfs)
  CVE-2005-0937 (futex mmap_sem deadlock)
  CVE-2005-0977 (tmpfs truncate bug)
  CVE-2005-1041 (crash while reading /proc/net/route)
  CVE-2005-1263 (ELF core dump privilege elevation)
  CVE-2005-1264 (data corruptor/local root in raw driver)
  CVE-2005-1265 (Prevent NULL mmap in topdown model)
  CVE-2005-1368 (key lookup race DoS)
  CVE-2005-1369 (i2c alarms sysfs DoS)
  CVE-2005-1761 (ia64 ptrace vulnerability)
  CVE-2005-1762 (ptrace can induce double-fault on x86_64)
  CVE-2005-1763 (x86_64-ptrace-overflow crash)
  CVE-2005-2098 (key management session can leave semaphore pinned)
  CVE-2005-2099 (Destruction of failed keyring oopses)
  CVE-2005-2456 (IPSEC overflow)
  CVE-2005-2458 (gzip/zlib flaws)
  CVE-2005-2490 (compat layer sendmsg() races)
  CVE-2005-2492 (Fix raw_sendmsg accesses)
  CVE-2005-2555 (IPSEC lacks restrictions)
  CVE-2005-2709 (sysctl races)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3274 (ip_vs_conn_flush race condition DoS)
  CVE-2005-3356 (double decrement of mqueue_mnt->mnt_count in sys_mq_open)
  CVE-2005-3358 (prevent panic caused by invalid arguments to set_mempolicy)
  CVE-2005-3784 (auto-reap DoS)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)
  CVE-2005-4605 (kernel memory disclosure via /proc exploit)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc2:
68999cdecf0bb3c6cda09edbe2cedd57fff709ad
fedora/2/updates-testing/i386/kernel-2.6.10-2.3.legacy_FC2.i586.rpm
85de0ac6c22acb127c7bfae0c8b6e8067fd60442
fedora/2/updates-testing/i386/kernel-2.6.10-2.3.legacy_FC2.i686.rpm
631a71b16611758af3db18da17205422deb41c30
fedora/2/updates-testing/i386/kernel-doc-2.6.10-2.3.legacy_FC2.noarch.rpm
6f5010188ca24a79d5fb6323a687c5cdc9611d24
fedora/2/updates-testing/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i586.rpm
4beec907750088ff917855a7e5ec8a31bb752358
fedora/2/updates-testing/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i686.rpm
1a33e38fa69b09fb80e6a5d334aad72e963820eb
fedora/2/updates-testing/i386/kernel-sourcecode-2.6.10-2.3.legacy_FC2.noarch.rpm
85eee44769a3a0ca55221b93d9386563798961a7
fedora/2/updates-testing/SRPMS/kernel-2.6.10-2.3.legacy_FC2.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060220/2f97afb3/attachment.sig>

More information about the fedora-legacy-list mailing list